Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Commerzbank Online-Banking Phishing???

Commerzbank Online-Banking Phishing???


Plagegeister aller Art und deren Bekämpfung: Commerzbank Online-Banking Phishing???

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 23.11.2011, 21:21   #1
ShadowGhost
 
Commerzbank Online-Banking Phishing??? - Standard

Commerzbank Online-Banking Phishing???



Hallo,
ich habe ein Problem, und zwar erscheint jedes mal wenn ich aufs Commerzbank-Onlinebanking-Portal zugreifen möchte eine dubiose Meldung (siehe Anhang). Habe ich jetzt ein Trojaner/Malware/Rootkit eingefangen? Und wenn ja, wie löse ich das Problem?

System:
Vista 32-Bit
Avast AntiVir
Windows Firewall

Vielen Dank,

ShadowGhost

PS: Ich hatte schon 2 mal den BKA-Trojaner. Hat das etwas mit dem Problem zu tun.
Angehängte Grafiken
Dateityp: jpg cb.jpg (93,8 KB, 3455x aufgerufen)
Geändert von ShadowGhost (23.11.2011 um 21:21 Uhr) Grund: Rechtschreibfehler

Alt 23.11.2011, 21:32   #2
markusg
/// Malware-holic
 
Commerzbank Online-Banking Phishing??? - Standard

Commerzbank Online-Banking Phishing???


hi, keine reinigungen mehr selbst vornehmen.
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
  • Doppelklick auf die
    OTL.exe
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal
    Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan
    links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________
Alt 24.11.2011, 16:38   #3
ShadowGhost
 
Commerzbank Online-Banking Phishing??? - Standard

Commerzbank Online-Banking Phishing???


Hi,

danke für die schnelle Antwort.

OTL-Datei:
Code:
ATTFilter
OTL logfile created on: 24.11.2011 06:16:53 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\jung family\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,93 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 51,98% Memory free
4,10 Gb Paging File | 2,96 Gb Available in Paging File | 72,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,65 Gb Total Space | 6,64 Gb Free Space | 9,53% Space Free | Partition Type: NTFS
Drive D: | 69,64 Gb Total Space | 65,46 Gb Free Space | 94,00% Space Free | Partition Type: NTFS
 
Computer Name: FAMILYLAPTOP-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\jung family\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Users\jung family\AppData\Local\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\java.exe (Sun Microsystems, Inc.)
PRC - C:\Users\JUNGFA~1\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
PRC - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Acer\Mobility Center\MobilityService.exe ()
PRC - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8645de531003807d00822e03986a075d\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Users\jung family\AppData\Local\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\Java\jre6\bin\jp2native.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3006.0__3036420f80dd6947\Framework.Library.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3006.0__4df5dcab8860d239\Framework.Utility.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3006.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll ()
MOD - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll ()
MOD - C:\Program Files\Launch Manager\PowerUtl.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (SiteAdvisor Service) --  File not found
SRV - (AntiVirService) --  File not found
SRV - (AntiVirSchedulerService) --  File not found
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (AAV UpdateService) -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (ETService) -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
SRV - (o2flash) -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (AF15BDA) -- C:\Windows\System32\drivers\AF15BDA.sys (ITETech                  )
DRV - (cpuz132) -- C:\Windows\System32\drivers\cpuz132_x32.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (IntcHdmiAddService) Intel(R) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (O2MDRDR) -- C:\Windows\System32\drivers\o2media.sys (O2Micro )
DRV - (O2SDRDR) -- C:\Windows\System32\drivers\o2sd.sys (O2Micro )
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
DRV - (TpChoice) -- C:\Windows\System32\drivers\TpChoice.sys (Alps Electric Co., Ltd.)
DRV - (ZSMC302) -- C:\Windows\System32\drivers\usbVM31b.sys (VM)
DRV - (ZSMC301b) -- C:\Windows\System32\drivers\usbVM31b.sys (VM)
DRV - (RegKill) -- C:\Windows\System32\drivers\RegKill.sys (Elaborate Bytes)
DRV - (Aspi32) -- C:\Windows\System32\drivers\aspi32.BAK (Adaptec)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vb32&d=0309&m=extensa_5630
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vb32&d=0309&m=extensa_5630
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vb32&d=0309&m=extensa_5630
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..extensions.enabledItems: {6e764c17-863a-450f-bdd0-6772bd5aaa18}:1.0.3
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=971163&p="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011.11.23 21:55:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.07 14:37:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.07 14:37:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.19\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.07.22 20:26:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.19\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.07.22 20:26:40 | 000,000,000 | ---D | M]
 
[2009.05.02 15:26:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2011.08.02 09:07:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\b8hr25zv.default\extensions
[2010.08.15 15:00:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\b8hr25zv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.07.08 09:29:06 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\b8hr25zv.default\extensions\moveplayer@movenetworks.com
[2011.07.10 21:37:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011.05.07 14:20:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.07.10 21:37:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.11.23 21:55:29 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\B8HR25ZV.DEFAULT\EXTENSIONS\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.XPI
[2011.04.14 17:40:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.01 09:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 09:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 09:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = c:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: avast! WebRep = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\
 
Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
O4 - HKLM..\Run: [RegKillElbyCheck] C:\Program Files\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10w_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{64BE58C2-7683-47C1-9A16-73099F8C2557}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{07d7b228-2280-11de-8c41-001d72e78fac}\Shell - "" = AutoRun
O33 - MountPoints2\{07d7b228-2280-11de-8c41-001d72e78fac}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.23 21:57:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011.11.23 21:56:01 | 000,020,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011.11.23 21:56:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011.11.23 21:56:00 | 000,320,856 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011.11.23 21:55:57 | 000,052,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011.11.23 21:55:57 | 000,034,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011.11.23 21:55:56 | 000,442,200 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011.11.23 21:55:55 | 000,054,616 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011.11.23 21:55:27 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011.11.23 21:55:26 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011.11.23 20:48:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.11.23 20:25:55 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011.11.23 20:25:55 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011.11.18 20:47:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011.11.16 18:21:27 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011.10.28 20:26:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011.10.25 09:54:15 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\NFS Underground 2
[2010.08.25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2009.03.13 19:55:17 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[12 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.11.24 06:19:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.11.24 06:14:08 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.11.24 06:14:08 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.11.24 06:14:08 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.11.24 06:14:08 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.11.24 06:10:33 | 000,000,441 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2011.11.24 06:10:31 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011.11.24 06:10:18 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.11.24 06:10:06 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.24 06:10:06 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.24 06:09:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.24 06:09:54 | 2072,891,392 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.23 23:43:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.11.23 21:57:39 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011.11.23 21:56:01 | 000,001,833 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011.11.23 21:55:55 | 000,002,499 | ---- | M] () -- C:\Windows\System32\CONFIG.NT
[2011.11.18 20:47:39 | 000,002,077 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011.11.01 19:19:20 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.28 20:26:37 | 000,000,863 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[12 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.11.23 22:25:02 | 2072,891,392 | -HS- | C] () -- C:\hiberfil.sys
[2011.11.23 21:57:39 | 000,001,975 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011.11.23 21:56:01 | 000,001,833 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011.11.18 20:47:39 | 000,002,077 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011.11.01 19:19:20 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.28 20:26:37 | 000,000,863 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.10.22 19:03:08 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2011.08.31 09:00:01 | 000,000,680 | ---- | C] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat
[2011.08.02 08:28:28 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll
[2010.08.25 19:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010.08.25 19:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010.08.25 19:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010.08.25 18:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010.08.25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010.08.25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010.08.13 10:42:56 | 000,023,580 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\UserTile.png
[2010.08.11 17:22:30 | 000,059,952 | ---- | C] () -- C:\Windows\KIMMWAED.DLL
[2010.07.22 20:24:19 | 000,000,028 | ---- | C] () -- C:\Windows\Disney.ini
[2009.10.17 16:38:48 | 000,001,305 | ---- | C] () -- C:\Windows\openhelp.ini
[2009.10.17 16:38:48 | 000,000,331 | ---- | C] () -- C:\Windows\WINHELP.INI
[2009.10.17 16:38:48 | 000,000,170 | ---- | C] () -- C:\Windows\TCW.INI
[2009.10.17 16:38:22 | 000,000,200 | ---- | C] () -- C:\Windows\OWL.INI
[2009.10.17 16:38:09 | 000,000,049 | ---- | C] () -- C:\Windows\workshop.ini
[2009.10.12 22:12:25 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2009.08.17 10:57:32 | 000,000,046 | ---- | C] () -- C:\Windows\System32\DonationCoder_urlsnooper_InstallInfo.dat
[2009.08.05 19:17:35 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.05 19:17:35 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.06.19 19:51:52 | 000,000,889 | ---- | C] () -- C:\Windows\unvpeye.ini
[2009.06.19 19:44:46 | 000,024,576 | ---- | C] () -- C:\Windows\System32\RunSetup.dll
[2009.06.10 20:22:43 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2009.06.05 21:58:11 | 000,010,240 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.05.03 12:23:58 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.04.09 16:34:45 | 000,028,672 | ---- | C] () -- C:\Windows\System32\qttask.exe
[2009.04.07 12:11:35 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.03.18 22:57:30 | 000,000,067 | ---- | C] () -- C:\Windows\DVDRegionFree.INI
[2009.03.15 17:27:31 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.03.13 21:26:36 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.03.13 19:45:06 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009.03.13 19:44:27 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll
[2009.03.13 19:44:27 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2009.03.13 19:44:27 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2009.03.13 11:35:21 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009.03.13 11:15:54 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2009.03.13 11:15:53 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2009.03.13 11:15:53 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2009.03.13 11:15:53 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2008.05.26 09:41:20 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.05.26 09:41:20 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.05.26 09:41:20 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.05.26 09:41:20 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.05.26 00:06:07 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008.05.26 00:02:43 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008.05.26 00:02:43 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008.05.14 09:29:02 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2008.05.14 09:29:02 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2008.05.14 09:29:01 | 000,000,041 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2006.11.02 13:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:44:53 | 000,397,040 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2002.01.03 01:09:18 | 000,000,356 | ---- | C] () -- C:\Windows\System32\AF15IrTbl.bin
[2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.08.17 11:46:34 | 000,053,248 | ---- | C] () -- C:\Windows\rmvpeye.exe
[2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[2001.06.24 10:32:44 | 000,172,032 | ---- | C] () -- C:\Windows\japi2.dll
[2000.07.28 11:48:12 | 000,102,400 | ---- | C] () -- C:\Windows\japi.dll

< End of report >
Extras-Datei:
Code:
ATTFilter
OTL Extras logfile created on: 24.11.2011 06:16:53 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\jung family\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,93 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 51,98% Memory free
4,10 Gb Paging File | 2,96 Gb Available in Paging File | 72,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,65 Gb Total Space | 6,64 Gb Free Space | 9,53% Space Free | Partition Type: NTFS
Drive D: | 69,64 Gb Total Space | 65,46 Gb Free Space | 94,00% Space Free | Partition Type: NTFS
 
Computer Name: FAMILYLAPTOP-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{067DA8B6-7E80-473A-84CA-A14E6D55A964}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{07EA76A4-B0E9-4922-A558-A62A0690C40B}" = lport=445 | protocol=6 | dir=in | app=system | 
"{0861C63B-D807-4D29-A3E8-45E6593B872D}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{0AD6919A-5606-4D42-AEC8-0540A1184BB8}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{11368573-E65F-4896-94CD-7349F943A4BE}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{12DCCE2F-6324-4F2B-9462-8F861240B14B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{148DA6F8-01CD-49A7-9B05-46A3F2AD3910}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{170BDAF5-CF1E-4FBD-B2B4-B4B7E73FBB0A}" = lport=137 | protocol=17 | dir=in | app=system | 
"{1A360092-F192-40CC-8630-77DDE593E21D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1DFF565F-67A1-4FD3-A86A-F0EBFDC7865A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{247FB462-3A58-493D-A68F-1E4F73FF8E0C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2945BC61-5522-4E83-8858-531523A36F59}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{2FEBE573-AAF4-4ED4-AA85-3E1DD2B71D9E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3D5934F6-9A29-4DB5-94A4-5609068EDCEE}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{4EADD348-ECEF-4135-80F7-41A52A5CE055}" = rport=139 | protocol=6 | dir=out | app=system | 
"{54019728-F4EB-4895-8FFC-B6AA1CF2B4EA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{597CAB0E-5210-486D-97FE-40BB0D0812F4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5FA46FD1-6E48-480D-A5D3-49AF58F9FB70}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{608680CD-E543-4049-A46A-34E9999596DB}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{6CB157E4-FDE6-4C4A-9368-6452F355A328}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{723F7619-1FE0-401B-9A17-06CD331598C0}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{74A8F9A7-B8E0-417D-9A12-57E1B9531D94}" = rport=445 | protocol=6 | dir=out | app=system | 
"{76E8CB36-2A0C-40D6-9DA0-2C6ADE441683}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{7BF93A7B-580B-45C9-A900-51FC48AE9327}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{800BA4B7-4C66-45DC-87B5-2009111BC593}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{830B02FE-CA99-42F2-8155-76A1F3A0F110}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{85FB28E8-23E3-4AD7-8393-B6E180410DD8}" = rport=138 | protocol=17 | dir=out | app=system | 
"{866BD2CB-3A65-4BEE-8B92-37BA3AF17AE9}" = lport=138 | protocol=17 | dir=in | app=system | 
"{8C316600-143C-4A26-8221-9849EA71C843}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{99919A9F-3384-400E-A7C7-9E69B983A715}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{9BA0252F-EFBC-4050-9D21-2792D31986AF}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{A02164EA-4041-4FBE-887C-3BE854BB0F75}" = rport=137 | protocol=17 | dir=out | app=system | 
"{A5D7889F-85F0-4F03-AB16-97CF7F382D4E}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{A6C5EB80-888F-4610-BFDE-9584F355F48E}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{A8CBD082-3BE2-4325-A0F7-DBF38E9C5923}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{A9C6151D-12E5-417A-8FE9-1F656D1A3367}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{AEDA8A68-944B-496C-9EB4-FDB066CE45BB}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{BB3B0A45-D603-456A-B502-B90E0869F4C1}" = lport=8303 | protocol=17 | dir=in | name=teeworlds_srv port | 
"{BDEC5DB9-D104-4128-9AF6-7278D4F175DA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{BE35A761-54AD-4A5B-805A-97CBD3716834}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{D0618F6C-B2CF-47C0-9C88-9AC38985EB4C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{D8D2543C-6326-4554-B69C-38E3B0673A61}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{D9D98DD6-36D3-427A-BBD9-7911B798FA65}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{DB9CA539-8ED1-4D39-93BA-0DF79C4A1FB4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E6946CA0-7704-41EF-B093-32E266CB99E1}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{E94047EF-E2BB-4D80-8462-F7D83DD2BA96}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{EBBE2318-5E4E-4A0B-BF1E-E48F3D41C1E3}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1289F94E-5FDB-44C2-A198-784138034CEE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{1305D40C-3268-4348-8D31-1DB7E0B54D50}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{13490AEB-46E9-4536-B831-421236219429}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{1C939CF6-89A6-4590-B915-B54AE49F363C}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{1DBE9FAD-B084-4447-93AA-BE2DDBF60462}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{2E507DC7-8C7D-4724-AA1E-BD7D251BE364}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{2F372A23-4714-4F11-86DE-870A5B678295}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{32D8978A-B13F-43FF-8C81-1ACE37ECEBAC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{3307D98A-1AEF-47B9-B187-42DB30C6E1DC}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{3A9CFDD2-91FB-412A-948B-75AD4DF64A83}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{3C0E730F-BB7F-4BB6-AA12-0162AB6BEBBC}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{4BB4EEA6-B83C-4190-B7E3-3DA6E36EF447}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{5C573636-4C1E-4FAD-AB53-14B26150F76B}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe | 
"{66AF7BA7-DE84-4E21-BD0E-6FC1A6B8EAAE}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{7996932F-8F4E-45BB-8B88-3F0F811B6FAC}" = protocol=6 | dir=in | app=c:\users\admin\appdata\local\temp\{0bddc15e-b78d-4536-b92f-09ba0d7eb05c}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\insttool.exe | 
"{7AEB602B-FCFB-4BBD-8B14-A45215FD0023}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{8F9FC7F5-1C26-452D-830B-983A671BBCA9}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{99BFF717-56E0-4939-BF3D-830E2B3067C4}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe | 
"{A1F0A157-58DB-44C7-9B6A-61705B11B760}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{ABF87E4B-BD31-448E-A7F4-FD06FC33A8BD}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{B64B4097-5B16-475C-92B8-5681BA2E6846}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | 
"{BC8300D5-F131-4C45-9E12-1F1FE498AECC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{BDB9EA45-BC9E-436A-95C0-1AE0B186FCE0}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | 
"{C01C3EB7-A835-4110-92BC-E7A96CB11961}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{C40B16FF-EA5D-4124-ABD8-4CB92D9515DC}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 
"{C7B42F14-88F0-4C25-9120-9C553657D0E7}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{D4364CC7-EE61-479A-9A59-28E646555194}" = protocol=6 | dir=in | app=c:\users\jung family\desktop\cod 4\cod4 singleplayer\call of duty 4 - modern warfare\iw3mp.exe | 
"{D781835E-B2BF-4D5A-B20D-3E8DD1CBC39A}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{D9695A9E-8417-448E-A853-61403A67A979}" = protocol=17 | dir=in | app=c:\users\jung family\desktop\cod 4\cod4 singleplayer\call of duty 4 - modern warfare\iw3mp.exe | 
"{D996D0B4-739A-4848-9B95-78DC331024AC}" = protocol=17 | dir=in | app=c:\users\admin\appdata\local\temp\{0bddc15e-b78d-4536-b92f-09ba0d7eb05c}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\insttool.exe | 
"{E546BA11-83FF-454D-AD95-35ECEB738483}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{E90DFAEB-0BBA-44AC-B33E-531109AFCA95}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{F04A2B9C-FCD2-4552-B728-C11D6168C434}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{F8728850-61DA-4C9D-AB9C-0FD46B726DD4}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{FBD88422-4C49-4F8B-81F7-E6FAA4E2000F}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{FD260E25-D42C-4E13-A091-51A912D53AC7}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 
"TCP Query User{05D077DE-10BF-473C-B018-FF37CC3921D0}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{3512A074-EDB8-44F3-B363-143682C03407}C:\users\jung family\desktop\teeworlds-0.5.2-win32\teeworlds_srv.exe" = protocol=6 | dir=in | app=c:\users\jung family\desktop\teeworlds-0.5.2-win32\teeworlds_srv.exe | 
"TCP Query User{5FE34025-5D15-45F6-A226-BE4F69241773}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{60512B28-8D87-4087-8A7E-6686B8F6F57F}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"TCP Query User{7CA8D743-EDBF-4575-B3D2-AF5AAC0D050A}C:\program files\cain\cain.exe" = protocol=6 | dir=in | app=c:\program files\cain\cain.exe | 
"TCP Query User{922F29D3-E3E8-4AD0-85A2-557029754B5C}C:\program files\cc2000\smartphone.exe" = protocol=6 | dir=in | app=c:\program files\cc2000\smartphone.exe | 
"TCP Query User{92676BB9-3922-474A-A003-21E68C16AC90}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{ADFDAA78-BB12-4C83-A660-915D10A4F143}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{C2F80B90-BD4F-4308-9051-8CA31459A81C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{D372E17D-518F-46E3-A7B9-062DE69CE05B}G:\icq6.5\icq.exe" = protocol=6 | dir=in | app=g:\icq6.5\icq.exe | 
"TCP Query User{D6C6270F-C61B-49D6-8125-FC9116C77230}F:\app\skypeportable\app\skype\phone\skype.exe" = protocol=6 | dir=in | app=f:\app\skypeportable\app\skype\phone\skype.exe | 
"TCP Query User{EDBF3AD5-56EC-4DFA-99FC-1B6ED39F7276}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{0DE1D870-B91D-469E-8D04-F328513B63C6}F:\neuer ordner\skypeportable\app\skype\phone\skype.exe" = protocol=17 | dir=in | app=f:\neuer ordner\skypeportable\app\skype\phone\skype.exe | 
"UDP Query User{10208F71-033B-4717-A092-FBB473FE5CFC}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{28344E8B-37CD-44BF-A140-B86BFBA934FB}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{38BEF3D9-A36D-4318-A208-DA11E7BE9E78}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{6121D0E4-F531-4DD3-B891-F242FB507014}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{6FB89B9A-71A6-4FF5-A978-CF15B42F7CFD}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{9EBD5EFE-EE74-4A82-8490-6A797BCBDBFB}C:\multimedia files\my media\national guard\guard shield\prism.exe" = protocol=17 | dir=in | app=c:\multimedia files\my media\national guard\guard shield\prism.exe | 
"UDP Query User{B4072CD4-40A4-45CD-BE4C-91E4B9DA50FE}C:\users\jung family\documents\dx9\cod4 singleplayer\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\users\jung family\documents\dx9\cod4 singleplayer\call of duty 4 - modern warfare\iw3mp.exe | 
"UDP Query User{BE354F1F-8E9D-4B59-A001-14424032E56A}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"UDP Query User{D33A3ACB-4F63-4E64-84AE-AFBF344864AB}C:\program files\cc2000\smartphone.exe" = protocol=17 | dir=in | app=c:\program files\cc2000\smartphone.exe | 
"UDP Query User{F6BD4D97-14EF-4928-8DBC-A6A98E27D17B}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{548AF5C1-54E3-4B74-A3E5-D5E6CB7D487C}" = O2Micro Flash Memory Card Reader Driver (x86)
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5AE3D9F1-9E9E-4015-8787-E22705AA32C5}" = msxml4
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{93E24D32-82FA-443E-9CE0-2639CE8A0AA1}" = Reflex XTR
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A64A5576-D862-44F8-89DC-2B17FCC9B86E}" = Broadcom Gigabit Integrated Controller
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}" = Steuer-Spar-Erklärung 2010
"{DF6FE172-006A-4324-AF7F-ACFE4BA290FE}" = AAVUpdateManager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"avast" = avast! Free Antivirus
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.52.2
"DVD Region Killer" = DVD Region Killer
"DVD Shrink_is1" = DVD Shrink 3.2
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"GridVista" = Acer GridVista
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MotoCalc 6.05" = MotoCalc 6.05
"MotoCalc 7_is1" = MotoCalc 7.09
"MotoCalc 8_is1" = MotoCalc 8.07
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"Mozilla Thunderbird (2.0.0.19)" = Mozilla Thunderbird (2.0.0.19)
"Mp3tag" = Mp3tag v2.46a
"New LEGO Digital Designer" = LEGO Digital Designer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.1.11
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"TuxGuitar" = TuxGuitar
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 12.09.2010 11:21:37 | Computer Name = FamilyLaptop-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 12.09.2010 13:47:21 | Computer Name = FamilyLaptop-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 12.09.2010 13:47:21 | Computer Name = FamilyLaptop-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 12.09.2010 13:47:37 | Computer Name = FamilyLaptop-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.09.2010 14:14:56 | Computer Name = FamilyLaptop-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 12.09.2010 14:14:56 | Computer Name = FamilyLaptop-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 12.09.2010 14:15:07 | Computer Name = FamilyLaptop-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.09.2010 14:26:25 | Computer Name = FamilyLaptop-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.09.2010 14:26:35 | Computer Name = FamilyLaptop-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 13.09.2010 14:26:35 | Computer Name = FamilyLaptop-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
[ System Events ]
Error - 23.11.2011 17:20:35 | Computer Name = FamilyLaptop-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 23.11.2011 17:20:35 | Computer Name = FamilyLaptop-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 23.11.2011 17:20:35 | Computer Name = FamilyLaptop-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 23.11.2011 17:25:59 | Computer Name = FamilyLaptop-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 23.11.2011 17:25:59 | Computer Name = FamilyLaptop-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 23.11.2011 17:25:59 | Computer Name = FamilyLaptop-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 23.11.2011 17:25:59 | Computer Name = FamilyLaptop-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 24.11.2011 01:10:38 | Computer Name = FamilyLaptop-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 24.11.2011 01:10:38 | Computer Name = FamilyLaptop-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 24.11.2011 01:10:38 | Computer Name = FamilyLaptop-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
MfG,

ShadowGhost
__________________
Alt 24.11.2011, 16:42   #4
markusg
/// Malware-holic
 
Commerzbank Online-Banking Phishing??? - Standard

Commerzbank Online-Banking Phishing???


Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
  • Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
    Tool

    Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Hinweis:
    Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
  • Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 24.11.2011, 18:19   #5
ShadowGhost
 
Commerzbank Online-Banking Phishing??? - Standard

Commerzbank Online-Banking Phishing???


Hi,

ComboFix.txt:
Code:
ATTFilter
ComboFix 11-11-23.03 - Admin 24.11.2011  17:39:07.3.2 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.49.1031.18.1976.904 [GMT 1:00]
ausgeführt von:: c:\users\jung family\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Vorheriger Suchlauf -------
.
c:\windows\iun6002.exe
c:\windows\system32\drivers\etc\hosts.txt
c:\windows\winhelp.ini
.
-- Vorheriger Suchlauf --
.
Infizierte Kopie von c:\windows\system32\userinit.exe wurde gefunden und desinfiziert 
Kopie von - c:\windows\ERDNT\cache\userinit.exe wurde wiederhergestellt 
.
--------
.
Infizierte Kopie von c:\windows\system32\userinit.exe wurde gefunden und desinfiziert 
Kopie von - c:\windows\ERDNT\cache\userinit.exe wurde wiederhergestellt 
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-10-24 bis 2011-11-24  ))))))))))))))))))))))))))))))
.
.
2011-11-24 16:49 . 2011-11-24 16:49	56200	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B924A5D-D784-4E8A-9217-BA14B973F024}\offreg.dll
2011-11-24 16:48 . 2011-11-24 16:58	--------	d-----w-	c:\users\Admin\AppData\Local\temp
2011-11-24 16:48 . 2011-11-24 16:57	--------	d-----w-	c:\users\jung family\AppData\Local\temp
2011-11-24 16:48 . 2011-11-24 16:48	--------	d-----w-	c:\users\Gast\AppData\Local\temp
2011-11-24 16:48 . 2011-11-24 16:48	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-11-24 08:30 . 2011-11-24 08:30	--------	d-----w-	c:\users\jung family\AppData\Local\Google
2011-11-24 05:35 . 2011-11-24 05:35	--------	d-----w-	c:\program files\MSECache
2011-11-23 20:56 . 2011-09-06 21:36	20568	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2011-11-23 20:56 . 2011-09-06 21:37	320856	----a-w-	c:\windows\system32\drivers\aswSP.sys
2011-11-23 20:55 . 2011-09-06 21:36	34392	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2011-11-23 20:55 . 2011-09-06 21:36	52568	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2011-11-23 20:55 . 2011-09-06 21:38	442200	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2011-11-23 20:55 . 2011-09-06 21:36	54616	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2011-11-23 20:55 . 2011-09-06 21:45	41184	----a-w-	c:\windows\avastSS.scr
2011-11-23 20:55 . 2011-09-06 21:45	199304	----a-w-	c:\windows\system32\aswBoot.exe
2011-11-23 20:45 . 2011-10-07 03:48	6668624	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B924A5D-D784-4E8A-9217-BA14B973F024}\mpengine.dll
2011-11-23 19:25 . 2011-11-23 19:25	--------	d-----w-	c:\programdata\AVAST Software
2011-11-23 19:25 . 2011-11-23 19:25	--------	d-----w-	c:\program files\AVAST Software
2011-11-16 17:21 . 2011-11-16 21:37	--------	d-----w-	c:\program files\7-Zip
2011-11-15 19:44 . 2011-11-15 19:52	--------	d-----w-	c:\users\Public\priiloader
2011-11-15 19:44 . 2011-11-15 19:52	--------	d-----w-	c:\users\Public\private
2011-11-15 19:43 . 2011-11-15 19:53	--------	d-----w-	c:\users\Public\hacks
2011-11-15 19:43 . 2011-11-15 19:52	--------	d-----w-	c:\users\Public\ios
2011-11-15 19:43 . 2011-11-15 19:52	--------	d-----w-	c:\users\Public\apps
2011-11-08 21:28 . 2011-10-17 11:41	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2011-11-08 21:27 . 2011-09-20 21:02	905088	----a-w-	c:\windows\system32\drivers\tcpip.sys
2011-11-08 21:27 . 2011-09-30 15:57	707584	----a-w-	c:\program files\Common Files\System\wab32.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-13 19:28 . 2011-09-13 19:28	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-06 13:30 . 2011-10-13 04:21	2043392	----a-w-	c:\windows\system32\win32k.sys
2011-09-01 02:35 . 2011-10-14 18:58	1798144	----a-w-	c:\windows\system32\jscript9.dll
2011-09-01 02:28 . 2011-10-14 18:58	1126912	----a-w-	c:\windows\system32\wininet.dll
2011-09-01 02:22 . 2011-10-14 18:58	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2011-08-31 16:00 . 2011-06-13 15:48	22216	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-04-14 16:40 . 2011-05-07 13:37	142296	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 21:45	122512	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-21 6144000]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1037608]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-07-25 875016]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]
"eRecoveryService"="" [BU]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-09-23 6144]
"RegKillElbyCheck"="c:\program files\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe" [2002-11-02 45056]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
.
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
c:\program files\Java\jre6\bin\jusched.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9fe4594a898ea;Google Update Service (gupdate1c9fe4594a898ea);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-06 133104]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-06 133104]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-05-29 39984]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-05-03 3604720]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2009-03-18 47360]
R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [2007-12-26 17968]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 ZSMC302;VIMICRO USB PC Camera;c:\windows\system32\Drivers\usbVM31b.sys [2004-03-19 90968]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AAV UpdateService;AAV UpdateService;c:\program files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [2008-10-24 128296]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 54616]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2009-01-02 223232]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-30 112128]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-04-15 51160]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2008-04-08 43736]
S3 RegKill;RegKill;c:\windows\system32\Drivers\RegKill.sys [2002-11-27 6400]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-11-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-06 14:18]
.
2011-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-06 14:25]
.
2011-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-06 14:25]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vb32&d=0309&m=extensa_5630
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vb32&d=0309&m=extensa_5630
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b8hr25zv.default\
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=971163&p=
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-CodeBlocks - c:\program files\CodeBlocks\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-11-24 17:58
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(5652)
c:\windows\System32\SysHook.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\O2Micro Flash Memory Card Driver\o2flash.exe
c:\windows\RtHDVCpl.exe
c:\users\JUNGFA~1\AppData\Local\Temp\RtkBtMnt.exe
c:\program files\Launch Manager\LManager.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conime.exe
c:\windows\system32\conime.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\system32\Taskmgr.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\windows\system32\LogonUI.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\Launch Manager\LManager.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\windows\system32\consent.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-11-24  18:03:37 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-11-24 17:03
.
Vor Suchlauf: 13 Verzeichnis(se), 15.738.925.056 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 15.586.713.600 Bytes frei
.
- - End Of File - - 50ABE91EB21B696ABFC61AFB4EC69A36
Das Programm ist aber leider zweimal abgestürtzt.

MfG,

ShadowGhost


Alt 24.11.2011, 18:24   #6
markusg
/// Malware-holic
 
Commerzbank Online-Banking Phishing??? - Standard

Commerzbank Online-Banking Phishing???


öffne computer, c: qoobox, den ordner quarantain mit winra, zip 7zip oder anderem packer packen und nach anleitung hochladen.
http://www.trojaner-board.de/54791-a...ner-board.html
__________________
--> Commerzbank Online-Banking Phishing???

Alt 24.11.2011, 19:54   #7
markusg
/// Malware-holic
 
Commerzbank Online-Banking Phishing??? - Standard

Commerzbank Online-Banking Phishing???


hi, du hast hier einen spyeye trojaner auf dem pc.
dieses system ist nicht mehr sicher, egal wie viele programme wir nutzen.
deswegen würde ich vorschlagen, das du deine daten, wie bilder, dokumente (persönliches) sicherst.
dann, falls nötig, erkläre ich dir, wie du das system neu aufsetzt.
danach zeige ich dir, wie du es richtig absicherst.
dann müssen alle passwörter geendert werden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Commerzbank Online-Banking Phishing???
anhang, commerzbank, dubiose, e-banking, eingefangen, erschein, erscheint, gefangen, gen, malware, meldung, online-banking, phishing, problem, rootkit, troja, trojaner, zugreife, zugreifen


« Klick auf Google-Treffer führt zu falscher URL | Notepad wird immer wieder geöffnet - Windows7 - 64 - Virus? »


Ähnliche Themen: Commerzbank Online-Banking Phishing???


  1. Secure Banking - Online Banking auf der sicheren Seite!
    Archiv - 29.08.2016 (471)
  2. Online Banking vermutlich Phishing vor Login
    Plagegeister aller Art und deren Bekämpfung - 18.05.2015 (38)
  3. Online Banking KAV Plugin?
    Plagegeister aller Art und deren Bekämpfung - 03.02.2015 (5)
  4. Online Banking gesperrt wg. Phishing
    Plagegeister aller Art und deren Bekämpfung - 05.06.2014 (9)
  5. Online Banking; sms-TAN
    Plagegeister aller Art und deren Bekämpfung - 30.10.2013 (1)
  6. Commerzbank Online-Banking, Tan-Liste 100 Abfrage
    Log-Analyse und Auswertung - 17.09.2013 (7)
  7. Müll aus Secure Banking - Online Banking auf der sicheren Seite!
    Mülltonne - 04.10.2012 (0)
  8. Phishing-Attacke, Bereinigung vor Online-Banking-Entsperrung nötig
    Plagegeister aller Art und deren Bekämpfung - 07.05.2012 (8)
  9. Online Banking - TAN Abfrage beim Banking - Trojaner?
    Log-Analyse und Auswertung - 12.08.2011 (3)
  10. Phishing Trojaner Sparkasse Online Banking
    Plagegeister aller Art und deren Bekämpfung - 30.12.2010 (57)
  11. Phishing-Versuch bei Volksbank-Banking
    Plagegeister aller Art und deren Bekämpfung - 06.09.2010 (10)
  12. Phishing Online Banking Sparkasse
    Plagegeister aller Art und deren Bekämpfung - 24.03.2010 (1)
  13. online-banking gesperrt
    Plagegeister aller Art und deren Bekämpfung - 07.03.2010 (28)
  14. Online Banking
    Log-Analyse und Auswertung - 16.12.2009 (2)
  15. Verdacht auf Viren (Phishing / Online-Banking)
    Log-Analyse und Auswertung - 12.11.2009 (53)
  16. Online Banking gesperrt wegen Phishing und Trojanern
    Log-Analyse und Auswertung - 15.06.2009 (6)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Commerzbank Online-Banking Phishing??? - Hallo, ich habe ein Problem, und zwar erscheint jedes mal wenn ich aufs Commerzbank-Onlinebanking-Portal zugreifen möchte eine dubiose Meldung (siehe Anhang). Habe ich jetzt ein Trojaner/Malware/Rootkit eingefangen? Und wenn ja, - Commerzbank Online-Banking Phishing???...
Archiv
Du betrachtest: Commerzbank Online-Banking Phishing??? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131