Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Banking Trojaner

Banking Trojaner


Plagegeister aller Art und deren Bekämpfung: Banking Trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 23.08.2012, 16:41   #1
meik78
 
Banking Trojaner - Standard

Banking Trojaner


Hallo zusammen,

lt. meiner Sparkasse habe ich einen Trojaner mitb_3.
Das Programm SecureBanking meldet sich öffter, dass was gefunden wurde.
Aber wie werde ich das los?
Habe in der registry im /run Ordner sechs Dateien, alle löschen und dann ists vorbei? Vielleicht habt Ihr ne Idee dazu. Vielen Dank im vorraus.

Meik

Alt 24.08.2012, 02:34   #2
t'john
/// Helfer-Team
 
Banking Trojaner - Standard

Banking Trojaner




1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

2. Schritt
Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

  • Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Wähle Scanne Alle Benuzer
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
  • Unter Extra Registrierung, wähle bitte Benutze SafeList
  • Klicke nun auf Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________
Alt 24.08.2012, 15:20   #3
SecureBanking
/// Helfer-Team
 
Banking Trojaner - Standard

Banking Trojaner


Vielleicht sei noch zu erwähnen, dass der Trojaner von Secure Banking als "Citadel" identifiziert wurde.
__________________
__________________
Alt 25.08.2012, 15:20   #4
meik78
 
Banking Trojaner - Standard

Banking Trojaner


Danke für die Antworten!

Das Programm OTL kann ich nicht installieren, der download wird abgebrochen. Mit der Windows meldung, dass das Programm selten runtergeladen wird und das System beschädigen kann.

SecureBanking log:


========================================
[25.08.2012 - 13:40:21] Malware gefunden!
----------------------------------------
Malware: Citadel
----------------------------------------
Infizierter Prozess: iexplore.exe
----------------------------------------
Infizierte Funktionen:
HttpSendRequestW: RET 0x0015D7A6
HttpSendRequestA: RET 0x0015D7FB
InternetReadFile: RET 0x0015DA8D
InternetQueryDataAvailable: RET 0x0015DB94
========================================

========================================
[25.08.2012 - 13:40:51] Malware gefunden!
----------------------------------------
Malware: Citadel
----------------------------------------
Infizierter Prozess: iexplore.exe
----------------------------------------
Infizierte Funktionen:
HttpSendRequestW: RET 0x0004D7A6
HttpSendRequestA: RET 0x0004D7FB
InternetReadFile: RET 0x0004DA8D
InternetQueryDataAvailable: RET 0x0004DB94
========================================

========================================
[25.08.2012 - 13:44:08] Malware gefunden!
----------------------------------------
Malware:
----------------------------------------
Infizierter Prozess: iexplore.exe
----------------------------------------
Infizierte Funktionen:
HttpSendRequestW: RET 0x0004D7A6
HttpSendRequestA: RET 0x0004D7FB
InternetReadFile: RET 0x0004DA8D
InternetQueryDataAvailable: RET 0x0004DB94
========================================

========================================
[25.08.2012 - 13:44:29] Malware gefunden!
----------------------------------------
Malware: Unbekannt
----------------------------------------
Infizierter Prozess: iexplore.exe
----------------------------------------
Infizierte Funktionen:
HttpSendRequestW: RET 0x0004D7A6
HttpSendRequestA: RET 0x0004D7FB
InternetReadFile: RET 0x0004DA8D
InternetQueryDataAvailable: RET 0x0004DB94
========================================

========================================
[25.08.2012 - 13:49:02] Malware gefunden!
----------------------------------------
Malware: Unbekannt
----------------------------------------
Infizierter Prozess: iexplore.exe
----------------------------------------
Infizierte Funktionen:
HttpSendRequestW: RET 0x0004D7A6
HttpSendRequestA: RET 0x0004D7FB
InternetReadFile: RET 0x0004DA8D
InternetQueryDataAvailable: RET 0x0004DB94
========================================

Malewarebytes hat nichts gefunden.
Hier das log:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.25.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Meik :: HNPC4 [Administrator]

25.08.2012 13:53:06
mbam-log-2012-08-25 (13-53-06).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 692832
Laufzeit: 1 Stunde(n), 57 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


Wie werd ich das los??

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 25.08.2012 22:10:53 - Run 1
OTL by OldTimer - Version 3.2.58.1     Folder = C:\Users\Meik\Downloads
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,15 Gb Available Physical Memory | 35,32% Memory free
6,73 Gb Paging File | 4,47 Gb Available in Paging File | 66,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 9,80 Gb Free Space | 20,06% Space Free | Partition Type: NTFS
Drive D: | 882,68 Gb Total Space | 771,01 Gb Free Space | 87,35% Space Free | Partition Type: NTFS
 
Computer Name: HNPC4 | User Name: Meik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Meik\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
PRC - C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Secure Banking\SecureBanking.exe (Secure Banking)
PRC - C:\Programme\Secure Banking\sbservice.exe ()
PRC - C:\Programme\BullGuard Ltd\BullGuard\BullGuardScanner.exe (BullGuard Ltd.)
PRC - C:\Programme\BullGuard Ltd\BullGuard\BullGuardUpdate.exe (BullGuard Ltd.)
PRC - C:\Programme\Iminent\IMBooster\IMBooster.exe (Iminent)
PRC - C:\Programme\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - D:\Dateien\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - D:\Dateien\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - D:\Dateien\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.)
PRC - D:\Dateien\PDF-Viewer\PDF Viewer\PDFXCview.exe (Tracker Software Products Ltd.)
PRC - D:\Dateien\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (Advanced Micro Devices)
PRC - D:\Dateien\WinRaR\WinRAR.exe ()
PRC - C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - D:\Dateien\Sony\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Programme\Gigabyte\EasySaver\essvr.exe ()
PRC - C:\Programme\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
PRC - C:\Programme\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Programme\Brother\Brmfcmon\BrMfcMon.exe (Brother Industries, Ltd.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Mail\WinMail.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\9104e78d8897df008eed3a2af3bda6a2\WindowsFormsIntegration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\663112d3002034cf5126be253efff60d\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll ()
MOD - C:\Programme\Secure Banking\funcs.dll ()
MOD - C:\Programme\Secure Banking\SecureBanking.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\5fd0071c259b92078ced7cd752a14730\UIAutomationProvider.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\0f2b877ed16daa577f95be735a63d19c\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d81872939252c65b6f1127f331b84de0\PresentationFramework.Classic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()
MOD - C:\Programme\Secure Banking\sbservice.exe ()
MOD - C:\Programme\Iminent\IMBooster\de\Iminent.Booster.UI.resources.dll ()
MOD - C:\Programme\Iminent\IMBooster\Iminent.Windows.dll ()
MOD - C:\Programme\Iminent\IMBooster\Iminent.Workflow.dll ()
MOD - C:\Programme\Iminent\IMBooster\Iminent.Services.dll ()
MOD - C:\Programme\Iminent\IMBooster\Iminent.Business.TinyUrl.dll ()
MOD - C:\Programme\Iminent\IMBooster\Iminent.Booster.UI.dll ()
MOD - C:\Windows\System32\atitmpxx.dll ()
MOD - D:\Dateien\ATI.ACE\Fuel\Fuel.Proxy.Native.dll ()
MOD - D:\Dateien\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Programme\BullGuard Ltd\BullGuard\libxml2.dll ()
MOD - D:\Dateien\WinRaR\WinRAR.exe ()
MOD - C:\Programme\BullGuard Ltd\BullGuard\zlib1.dll ()
MOD - C:\Programme\BullGuard Ltd\BullGuard\res\de\BackupShellNamespaceRes.dll ()
MOD - C:\Programme\DeviceVM\Browser Configuration Utility\sqlite3.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (de_serv) -- C:\Program Files\Common Files\AVM\de_serv.exe File not found
SRV - (BRA_Scheduler) -- D:\Brother\bratimer.exe File not found
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Application Updater) -- C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (BsBrowser) -- C:\Programme\BullGuard Ltd\BullGuard\BsBrowser.dll (BullGuard Ltd.)
SRV - (BgRaSvc) -- C:\Programme\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe (BullGuard Ltd.)
SRV - (BsFire) -- C:\Programme\BullGuard Ltd\BullGuard\BsFire.dll (BullGuard Ltd.)
SRV - (BsScanner) -- C:\Programme\BullGuard Ltd\BullGuard\BullGuardScanner.exe (BullGuard Ltd.)
SRV - (BsMailProxy) -- C:\Programme\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll (BullGuard Ltd.)
SRV - (BsFileScan) -- C:\Programme\BullGuard Ltd\BullGuard\BsFileScan.dll (BullGuard Ltd.)
SRV - (BsMain) -- C:\Programme\BullGuard Ltd\BullGuard\BsMain.dll (BullGuard Ltd.)
SRV - (BsUpdate) -- C:\Programme\BullGuard Ltd\BullGuard\BullGuardUpdate.exe (BullGuard Ltd.)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (AMD FUEL Service) -- D:\Dateien\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (MSSQL$MYMOVIES) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (AppBoosterService) -- C:\Programme\Common Files\PCSUITE Common\BoostService.exe (MARKEMENT)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (AMD Reservation Manager) -- D:\Dateien\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (Advanced Micro Devices)
SRV - (PSI_SVC_2) -- C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (PMBDeviceInfoProvider) -- D:\Dateien\Sony\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (DfSdkS) -- C:\Programme\Ashampoo\Ashampoo WinOptimizer 8\DfSdkS.exe (mst software GmbH, Germany)
SRV - (ES lite Service) -- C:\Programme\Gigabyte\EasySaver\essvr.exe ()
SRV - (BCUService) -- C:\Programme\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (dtwmnic5) -- system32\DRIVERS\dtwmnic5.sys File not found
DRV - (aa07fov6) --  File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (BdSpy) -- C:\Windows\System32\drivers\BdSpy.sys (BullGuard Ltd.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (amdiox86) -- C:\Windows\System32\drivers\amdiox86.sys (Advanced Micro Devices)
DRV - (afwcore) -- C:\Windows\System32\drivers\afwcore.sys (Agnitum Ltd.)
DRV - (afw) -- C:\Windows\System32\drivers\afw.sys (Agnitum Ltd.)
DRV - (Trufos) -- C:\Programme\BullGuard Ltd\BullGuard\Antirootkit\trufos.sys (BitDefender S.R.L.)
DRV - (Profos) -- C:\Programme\BullGuard Ltd\BullGuard\Antirootkit\profos.sys (BitDefender S.R.L.)
DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
DRV - (nusb3xhc) -- C:\Windows\System32\drivers\nusb3xhc.sys (NEC Electronics Corporation)
DRV - (nusb3hub) -- C:\Windows\System32\drivers\nusb3hub.sys (NEC Electronics Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek                                            )
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.de/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.msn.de/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.de/
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Programme\Freecorder\prxtbFre0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3301633554-2920399333-3288498344-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.search.yahoo.com/?fr=w3i&type=W3i_SP,204,0_0,StartPage,20120418,17133,0,18,0
IE - HKU\S-1-5-21-3301633554-2920399333-3288498344-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3301633554-2920399333-3288498344-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3301633554-2920399333-3288498344-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5D 22 BA 8F A3 54 CB 01  [binary data]
IE - HKU\S-1-5-21-3301633554-2920399333-3288498344-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3301633554-2920399333-3288498344-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-3301633554-2920399333-3288498344-1000\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Programme\Freecorder\prxtbFre0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3301633554-2920399333-3288498344-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-3301633554-2920399333-3288498344-1000\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-3301633554-2920399333-3288498344-1000\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Programme\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKU\S-1-5-21-3301633554-2920399333-3288498344-1000\..\SearchScopes,DefaultScope = {D04E8F71-4D0E-4e07-8927-94EA3B1B2CA0}
IE - HKU\S-1-5-21-3301633554-2920399333-3288498344-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3301633554-2920399333-3288498344-1000\..\SearchScopes\{321DB656-B6E6-4161-8B18-6904A058FF6E}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SPLBR2&pc=SPLH
IE - HKU\S-1-5-21-3301633554-2920399333-3288498344-1000\..\SearchScopes\{3246700F-57CB-470B-A231-BCBBA6D5270D}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-3301633554-2920399333-3288498344-1000\..\SearchScopes\{5C3EE550-D9D3-4123-A80D-84AE1D42027A}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A4067623346&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A4067623346
IE - HKU\S-1-5-21-3301633554-2920399333-3288498344-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-3301633554-2920399333-3288498344-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={4D570500-FDAC-4AFC-B702-F1D9BAE07717}&mid=5c0357e61bc247d19307bdb90f984ec4-b298b7ef7a5a5d31f3f958b31a803c0e017f7381&lang=de&ds=tt014&pr=sa&d=2011-12-13 20:24:18&v=8.0.0.34&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-3301633554-2920399333-3288498344-1000\..\SearchScopes\{D04E8F71-4D0E-4e07-8927-94EA3B1B2CA0}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=STDVM
IE - HKU\S-1-5-21-3301633554-2920399333-3288498344-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://isearch.avg.com/?cid={2E2CBE43-BE95-4C72-83D8-1E30B8FCFD3E}&mid=5c0357e61bc247d19307bdb90f984ec4-b298b7ef7a5a5d31f3f958b31a803c0e017f7381&lang=de&ds=tt014&pr=sa&d=&v=&sap=hp"
FF - prefs.js..keyword.URL: "hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=827316&ilc=12&p="
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.07.13 21:46:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\antiphishing@bullguard: C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\FF\antiphishing@bullguard\ [2011.12.14 10:17:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.22 19:48:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin [2011.12.14 10:17:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\Spamfilter\TbSpamfilter [2011.12.14 22:35:29 | 000,000,000 | ---D | M]
 
[2011.07.17 19:58:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Meik\AppData\Roaming\mozilla\Extensions
[2012.08.08 20:39:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Meik\AppData\Roaming\mozilla\Firefox\Profiles\988eiaou.default\extensions
[2011.11.09 10:59:08 | 000,000,000 | ---D | M] (Complitly - Speed up your search with your personal search suggestions tool) -- C:\Users\Meik\AppData\Roaming\mozilla\Firefox\Profiles\988eiaou.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}
[2011.12.13 21:24:10 | 000,003,741 | ---- | M] () -- C:\Users\Meik\AppData\Roaming\Mozilla\Firefox\Profiles\988eiaou.default\searchplugins\avg-secure-search.xml
[2012.01.09 15:14:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.08.22 19:48:29 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
[2012.08.08 20:39:02 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF
[2012.08.22 19:48:28 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.08.01 09:34:07 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.01 09:34:07 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.08.01 09:34:07 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.01 09:34:07 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.01 09:34:07 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.01 09:34:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Meik\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)
O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Programme\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Programme\Iminent\IMBooster4Web\Iminent.WebBooster.dll (Iminent)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (BGAntiphishingBHO Class) - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Programme\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIEBHO.dll (BullGuard Ltd.)
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Programme\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKU\S-1-5-21-3301633554-2920399333-3288498344-1000\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Programme\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [BCU] C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [BullGuard] C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe (BullGuard Ltd.)
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [IMBooster] C:\Program Files\Iminent\IMBooster\imbooster.exe (Iminent)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [StartCCC] D:\Dateien\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3301633554-2920399333-3288498344-1000..\Run: [Irerevn] C:\Users\Meik\AppData\Roaming\Otyl\yqrex.exe File not found
O4 - HKU\S-1-5-21-3301633554-2920399333-3288498344-1000..\Run: [Izezdy] C:\Users\Meik\AppData\Roaming\Cipi\ybvim.exe File not found
O4 - HKU\S-1-5-21-3301633554-2920399333-3288498344-1000..\Run: [SecureBanking] C:\Programme\Secure Banking\SecureBanking.exe (Secure Banking)
O4 - HKU\S-1-5-21-3301633554-2920399333-3288498344-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Programme\BullGuard Ltd\BullGuard\Antiphishing\IE\BgAntiphishingIE.dll (BullGuard Ltd.)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Dateien\ICQ\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Dateien\ICQ\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3301633554-2920399333-3288498344-1000\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKU\S-1-5-21-3301633554-2920399333-3288498344-1000\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} https://shop.nord.aldifotos.de/shop/aurigma/ImageUploader6.cab (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.62.64.34 217.237.149.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{291AD884-C6F3-43E9-B7FD-4816D126364D}: DhcpNameServer = 212.62.64.34 217.237.149.225
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Meik\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Meik\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011.01.10 13:13:10 | 000,000,000 | ---D | M] - D:\AutoSicherung -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.25 13:51:45 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.08.25 13:51:45 | 000,000,000 | ---D | C] -- C:\Users\Meik\AppData\Roaming\Malwarebytes
[2012.08.25 13:51:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.25 13:51:22 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.08.25 13:51:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.08.21 18:47:06 | 000,000,000 | ---D | C] -- C:\Program Files\Secure Banking
[2012.08.19 11:58:57 | 000,000,000 | ---D | C] -- C:\Users\Meik\AppData\Roaming\Zipo
[2012.08.19 11:58:57 | 000,000,000 | ---D | C] -- C:\Users\Meik\AppData\Roaming\Niqeu
[2012.08.19 11:58:57 | 000,000,000 | ---D | C] -- C:\Users\Meik\AppData\Roaming\Cipi
[2012.08.17 21:12:27 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.08.17 21:12:26 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.08.17 21:12:26 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.08.17 21:12:25 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.08.17 21:12:25 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.08.17 21:12:25 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.08.17 21:12:24 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.08.17 21:12:13 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.08.16 20:27:56 | 000,000,000 | ---D | C] -- C:\Users\Meik\Documents\Adventure Game Files
[2012.08.08 20:38:58 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2012.08.08 20:38:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2012.08.08 20:38:57 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar
[2012.08.01 09:34:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.08.01 09:34:14 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.25 22:05:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.25 21:54:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.25 21:31:30 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.25 21:31:30 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.25 19:54:01 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.25 19:04:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Final Media Player Update Checker.job
[2012.08.25 16:09:28 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.08.25 13:51:24 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.25 13:36:27 | 000,678,722 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.25 13:36:27 | 000,645,410 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.25 13:36:27 | 000,144,780 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.25 13:36:27 | 000,122,238 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.25 09:31:38 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\Windows\gdrv.sys
[2012.08.25 09:31:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.23 21:58:35 | 000,000,996 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Status Monitor.lnk
[2012.08.22 21:58:36 | 000,002,521 | ---- | M] () -- C:\Users\Meik\Desktop\HiJackThis.lnk
[2012.08.21 18:47:06 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\Secure Banking.lnk
[2012.08.19 12:00:01 | 000,000,040 | ---- | M] () -- C:\ProgramData\xipbbkhvxxwzdkb
[2012.08.18 01:33:18 | 000,754,736 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.08.16 17:06:00 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.08.16 17:06:00 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.08.16 17:05:58 | 009,826,504 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2012.08.12 13:33:43 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.25 13:51:24 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.21 18:47:06 | 000,000,871 | ---- | C] () -- C:\Users\Public\Desktop\Secure Banking.lnk
[2012.08.19 12:00:01 | 000,000,040 | ---- | C] () -- C:\ProgramData\xipbbkhvxxwzdkb
[2012.04.17 15:58:12 | 000,138,608 | ---- | C] () -- C:\Windows\System32\LxDNTvmc100.dll
[2012.04.17 15:58:10 | 000,074,608 | ---- | C] () -- C:\Windows\System32\LxDNTvm100.dll
[2012.04.17 15:58:08 | 000,309,616 | ---- | C] () -- C:\Windows\System32\LxDNT100.dll
[2012.02.27 10:41:52 | 000,202,240 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll
[2012.01.07 18:03:08 | 000,000,466 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012.01.02 23:00:47 | 000,028,672 | ---- | C] () -- C:\Windows\System32\qttask.exe
[2011.10.22 17:57:01 | 000,000,410 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011.10.22 17:57:01 | 000,000,153 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011.10.22 17:56:24 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat
[2011.10.22 17:56:17 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2011.10.22 17:56:17 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2011.10.22 17:56:16 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011.10.22 17:41:58 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.10.22 17:41:58 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011.10.22 13:59:40 | 000,000,399 | ---- | C] () -- C:\Windows\Capictrl.INI
[2011.10.22 13:58:16 | 000,000,026 | ---- | C] () -- C:\Windows\HNetCtrl.INI
[2011.10.22 13:30:49 | 000,287,744 | ---- | C] () -- C:\Windows\uno364mi.dll
[2011.10.22 13:30:49 | 000,109,568 | ---- | C] () -- C:\Windows\vos364mi.dll
[2011.10.22 13:30:49 | 000,091,648 | ---- | C] () -- C:\Windows\osl364mi.dll
[2011.10.22 13:30:49 | 000,000,137 | ---- | C] () -- C:\Windows\uno.ini
[2011.10.22 13:28:06 | 000,000,039 | ---- | C] () -- C:\Windows\progman.ini
[2011.10.22 13:25:56 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011.10.22 13:25:56 | 000,000,136 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.10.22 13:24:44 | 000,000,078 | ---- | C] () -- C:\Windows\WINPHONE.INI
[2011.07.17 20:39:19 | 000,000,600 | ---- | C] () -- C:\Users\Meik\AppData\Local\PUTTY.RND
[2011.07.17 19:57:56 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.03.22 12:24:41 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.01.03 20:10:54 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2010.12.21 04:27:20 | 000,003,113 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010.12.17 18:00:44 | 000,227,587 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010.11.21 01:43:04 | 000,171,056 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010.09.14 10:35:36 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.09.03 23:10:39 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.09.02 01:53:48 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010.08.30 21:13:32 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.08.30 21:13:32 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.08.30 21:13:16 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010.08.29 14:58:53 | 000,122,880 | ---- | C] () -- C:\Users\Meik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.28 17:35:45 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.08.28 17:15:11 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010.08.28 17:12:24 | 000,146,432 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2010.08.28 17:12:24 | 000,072,704 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2010.08.28 17:09:56 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2010.08.28 17:04:50 | 000,000,680 | ---- | C] () -- C:\Users\Meik\AppData\Local\d3d9caps.dat
 
========== LOP Check ==========
 
[2012.06.01 16:56:21 | 000,000,000 | ---D | M] -- C:\Users\Meik\AppData\Roaming\.minecraft
[2011.10.18 14:12:31 | 000,000,000 | ---D | M] -- C:\Users\Meik\AppData\Roaming\aborange
[2011.07.06 10:36:47 | 000,000,000 | ---D | M] -- C:\Users\Meik\AppData\Roaming\Astroburn Pro
[2011.12.15 13:15:50 | 000,000,000 | ---D | M] -- C:\Users\Meik\AppData\Roaming\BullGuard
[2012.08.25 13:54:07 | 000,000,000 | ---D | M] -- C:\Users\Meik\AppData\Roaming\Cipi
[2011.11.09 10:59:08 | 000,000,000 | ---D | M] -- C:\Users\Meik\AppData\Roaming\Complitly
[2010.08.28 22:23:02 | 000,000,000 | ---D | M] -- C:\Users\Meik\AppData\Roaming\DAEMON Tools Lite
[2011.01.10 11:59:52 | 000,000,000 | ---D | M] -- C:\Users\Meik\AppData\Roaming\DataDesign
[2012.04.10 20:39:01 | 000,000,000 | ---D | M] -- C:\Users\Meik\AppData\Roaming\elsterformular
[2011.01.03 20:24:36 | 000,000,000 | ---D | M] -- C:\Users\Meik\AppData\Roaming\FILEminimizerPictures
[2012.04.30 20:54:26 | 000,000,000 | ---D | M] -- C:\Users\Meik\AppData\Roaming\FinalMediaPlayer
[2012.01.07 18:54:10 | 000,000,000 | ---D | M] -- C:\Users\Meik\AppData\Roaming\FRITZ!
[2010.12.18 16:47:21 | 000,000,000 | ---D | M] -- C:\Users\Meik\AppData\Roaming\ICQ
[2012.04.09 10:41:20 | 000,000,000 | ---D | M] -- C:\Users\Meik\AppData\Roaming\Lexware
[2010.08.28 22:03:54 | 000,000,000 | ---D | M] -- C:\Users\Meik\AppData\Roaming\LolClient
[2010.08.29 15:56:22 | 000,000,000 | ---D | M] -- C:\Users\Meik\AppData\Roaming\MAP&GUIDE
[2012.08.25 22:13:12 | 000,000,000 | ---D | M] -- C:\Users\Meik\AppData\Roaming\Niqeu
[2012.06.17 20:10:45 | 000,000,000 | ---D | M] -- C:\Users\Meik\AppData\Roaming\Olosb
[2012.06.18 20:32:42 | 000,000,000 | ---D | M] -- C:\Users\Meik\AppData\Roaming\Otyl
[2011.10.23 12:37:40 | 000,000,000 | ---D | M] -- C:\Users\Meik\AppData\Roaming\PC-FAX TX
[2012.04.08 16:49:18 | 000,000,000 | ---D | M] -- C:\Users\Meik\AppData\Roaming\TuneUp Software
[2012.06.17 09:58:43 | 000,000,000 | ---D | M] -- C:\Users\Meik\AppData\Roaming\Uhyr
[2011.12.10 21:10:59 | 000,000,000 | ---D | M] -- C:\Users\Meik\AppData\Roaming\uTorrent
[2010.11.14 21:30:04 | 000,000,000 | ---D | M] -- C:\Users\Meik\AppData\Roaming\VistaCodecs
[2012.08.19 11:58:57 | 000,000,000 | ---D | M] -- C:\Users\Meik\AppData\Roaming\Zipo
[2012.08.25 19:04:00 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\Final Media Player Update Checker.job
[2012.08.23 21:58:46 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2011.07.31 14:21:15 | 000,032,768 | -HS- | C] ()(C:\Users\Meik\Desktop\?????????????????????????????????) -- C:\Users\Meik\Desktop\㩃啜敳獲䵜牡屣灁䑰瑡屡潒浡湩屧楍牣獯景屴楗摮睯屳牐癩捡䕉楜摮硥搮瑡
[2011.07.31 14:21:14 | 000,032,768 | -HS- | M] ()(C:\Users\Meik\Desktop\?????????????????????????????????) -- C:\Users\Meik\Desktop\㩃啜敳獲䵜牡屣灁䑰瑡屡潒浡湩屧楍牣獯景屴楗摮睯屳牐癩捡䕉楜摮硥搮瑡

< End of report >
--- --- ---

OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 25.08.2012 22:10:53 - Run 1
OTL by OldTimer - Version 3.2.58.1     Folder = C:\Users\Meik\Downloads
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,15 Gb Available Physical Memory | 35,32% Memory free
6,73 Gb Paging File | 4,47 Gb Available in Paging File | 66,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 9,80 Gb Free Space | 20,06% Space Free | Partition Type: NTFS
Drive D: | 882,68 Gb Total Space | 771,01 Gb Free Space | 87,35% Space Free | Partition Type: NTFS
 
Computer Name: HNPC4 | User Name: Meik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{019B5C71-2B2C-47B5-BF8A-2C60B87402A4}" = lport=6982 | protocol=17 | dir=in | name=league of legends launcher | 
"{0263CFE1-1116-4805-B7E4-113B47ADA778}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{02E69D2D-8D32-44B9-8F9F-DE39C52C394D}" = lport=58893 | protocol=17 | dir=in | name=pando media booster | 
"{09CF01D2-50A6-4CA7-9674-D6E29B980470}" = lport=6955 | protocol=17 | dir=in | name=league of legends launcher | 
"{09E1D20D-99CE-494C-9C20-B08D06A98276}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0DE7E069-3224-4382-BFC9-5FB9A36507FC}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{0F90DC95-DCC6-4332-B007-11469EBD0680}" = lport=8381 | protocol=6 | dir=in | name=league of legends launcher | 
"{16995276-92EF-4948-9816-64B437B63E4F}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | 
"{1E4E3237-9BFF-46E7-9E47-C896988122CE}" = lport=8379 | protocol=17 | dir=in | name=league of legends launcher | 
"{1FD4DF09-4DD8-4107-83D7-2947473C123D}" = lport=8381 | protocol=17 | dir=in | name=league of legends launcher | 
"{2818281E-B1D5-4A3A-BCF2-9BF25FB38972}" = lport=8380 | protocol=17 | dir=in | name=league of legends launcher | 
"{2A1C6BAB-9AD6-4519-8571-F9C0B7264783}" = rport=139 | protocol=6 | dir=out | app=system | 
"{2A3E9349-980E-4398-8AF2-4CCC803A9CA1}" = lport=58893 | protocol=17 | dir=in | name=pando media booster | 
"{2BB0FAF7-BBE8-408D-A4B3-698A1BC796B1}" = lport=56707 | protocol=6 | dir=in | name=pando media booster | 
"{2DB840AC-2050-430B-BA48-2DC3DDE2A460}" = lport=139 | protocol=6 | dir=in | app=system | 
"{2DDA494B-062B-46B4-9FE0-7FB58193BEB7}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | 
"{30FF12BC-B02B-4508-8251-0A5EDBB38B3B}" = lport=8378 | protocol=17 | dir=in | name=league of legends launcher | 
"{32B51C37-F6F8-4025-B78A-CB3F64E422B6}" = rport=138 | protocol=17 | dir=out | app=system | 
"{34823ADB-CD38-49A3-91CB-F61D78B11BBA}" = lport=6997 | protocol=17 | dir=in | name=league of legends launcher | 
"{35A59612-193C-46E5-8BA0-2F7E457C866C}" = lport=8382 | protocol=17 | dir=in | name=league of legends launcher | 
"{36062857-4F78-4CE9-A5DD-71E81B0034F0}" = lport=56707 | protocol=17 | dir=in | name=pando media booster | 
"{3B5A4C40-6235-45ED-8161-3306E7126E2E}" = lport=8382 | protocol=6 | dir=in | name=league of legends launcher | 
"{3E76C201-B122-4FA1-98B3-2D06A7A7FDD3}" = lport=58893 | protocol=6 | dir=in | name=pando media booster | 
"{426B7AE3-E2C1-4B12-BD64-2E285C237E0C}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby | 
"{42E7C6A8-0F92-4314-9FDB-85F111EF2BBC}" = lport=8380 | protocol=6 | dir=in | name=league of legends launcher | 
"{47953D86-90AE-4B80-89E9-76F3DD88A6E3}" = rport=445 | protocol=6 | dir=out | app=system | 
"{4B9AC8A1-BEB7-4C1F-9E08-4F665E547599}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4BA5EB84-8352-4C58-A310-9F0FF09C0F20}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4EA477ED-368E-4FA5-B238-C8F3DC4E998F}" = lport=6956 | protocol=6 | dir=in | name=league of legends launcher | 
"{5446244D-FEC1-4248-8276-6185DBD3F2F8}" = lport=138 | protocol=17 | dir=in | app=system | 
"{59642D1F-506A-4B69-9520-CB95FB329FE6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{5A4DA052-5A0A-4A4E-8EC5-88B1CFE357D3}" = lport=8378 | protocol=6 | dir=in | name=league of legends launcher | 
"{5AFAC671-4092-4B04-8A76-DC9964C2B751}" = lport=6955 | protocol=6 | dir=in | name=league of legends launcher | 
"{5B145E58-0B84-4342-A66A-E9F0CA8FB401}" = lport=6884 | protocol=17 | dir=in | name=league of legends launcher | 
"{5B4D37D6-0163-4127-8E02-0B37E36266CD}" = lport=56707 | protocol=17 | dir=in | name=pando media booster | 
"{5DA0791F-8FB5-432F-B1C0-C01AA7236BC8}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client | 
"{6A1750EA-7F2C-4E13-B534-01D3CF4763A3}" = lport=6884 | protocol=6 | dir=in | name=league of legends launcher | 
"{6AD923CB-5AB3-4D27-952B-A13AD24DEE86}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{6EE8A4A7-9A02-455A-9488-7F6AA964B6CE}" = lport=6997 | protocol=6 | dir=in | name=league of legends launcher | 
"{76603D56-1335-49C7-9E59-4282AEE3DE62}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{88557CE5-2811-4DBD-A396-F182E6C4258E}" = lport=6912 | protocol=6 | dir=in | name=league of legends launcher | 
"{8FBECD52-61BC-4BDE-9029-64B3BC2B0EB1}" = lport=8379 | protocol=6 | dir=in | name=league of legends launcher | 
"{94803408-DC23-43F8-847E-314F4CB8CE24}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{9D2C1921-D37D-4A1C-8388-B16A53EB8C36}" = lport=51408 | protocol=6 | dir=in | name=my movies remote server | 
"{A4218B08-D7E7-496E-A313-D832A0FC0200}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby | 
"{A97DD320-D41C-4E66-824A-2C3F4D432FB1}" = lport=8381 | protocol=6 | dir=in | name=league of legends launcher | 
"{A9FA88D7-452C-487C-A4D5-9ED4C9CBEB5B}" = lport=137 | protocol=17 | dir=in | app=system | 
"{AE0F58DD-69BB-4466-8CF2-83C085110282}" = lport=58893 | protocol=6 | dir=in | name=pando media booster | 
"{AF0CE1AC-1EC9-4823-B38F-3E238EC32167}" = lport=8383 | protocol=6 | dir=in | name=league of legends launcher | 
"{B463E248-17A4-407B-AB19-21333782C5FD}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | 
"{B5BE99A8-7251-41C5-A2BC-E6B4AE1CFD14}" = lport=6990 | protocol=17 | dir=in | name=league of legends launcher | 
"{BA8B4C0C-D7C3-4DC5-9BF2-CDA28CEFBC8B}" = rport=137 | protocol=17 | dir=out | app=system | 
"{BC78F4AF-B52A-47DD-B31D-EFFE2A249040}" = lport=6893 | protocol=17 | dir=in | name=league of legends launcher | 
"{BF4E9FD6-671D-4C25-9C7C-D8E23CC390A1}" = lport=8381 | protocol=17 | dir=in | name=league of legends launcher | 
"{C03C7D98-BE90-40CB-983C-84A2E5E03017}" = lport=6956 | protocol=17 | dir=in | name=league of legends launcher | 
"{C59AB424-6447-486B-888B-7D04803463B7}" = lport=6893 | protocol=6 | dir=in | name=league of legends launcher | 
"{C812BCD3-9F24-48FB-8177-6D4C8CDFFEB5}" = lport=6940 | protocol=17 | dir=in | name=league of legends launcher | 
"{CB979164-B2BB-4297-B72A-B85325A3CB9A}" = lport=445 | protocol=6 | dir=in | app=system | 
"{D47871A5-ADEA-43BB-A9B7-888D6EDF6ABB}" = lport=6912 | protocol=17 | dir=in | name=league of legends launcher | 
"{D69B1E7A-EFB2-42CE-82C9-61D410E33404}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{E075DFE0-6865-49D5-A93A-2546EE84DA74}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | 
"{EC0D2883-F06A-409B-B0B7-EAB5E977ACB0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EDB1F411-4A41-4B1A-877E-7EC08650B89E}" = lport=6990 | protocol=6 | dir=in | name=league of legends launcher | 
"{EEF58A72-1FAE-4792-BE73-323B0B8623E9}" = lport=6982 | protocol=6 | dir=in | name=league of legends launcher | 
"{F54D0FBE-8E94-4CAC-BA9E-CC5F8F1EADB3}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client | 
"{F6219A3A-04A3-4E30-8C4D-C39E9BAD5BC7}" = lport=8383 | protocol=17 | dir=in | name=league of legends launcher | 
"{F69448EC-826A-46A2-8923-4A904AD0C75D}" = lport=56707 | protocol=6 | dir=in | name=pando media booster | 
"{FB163300-BF1A-4E0F-8ECF-B9E2D5DAA0D4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FCBDABAE-DA66-486C-B5DE-779A8CAD105C}" = lport=6940 | protocol=6 | dir=in | name=league of legends launcher | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04ECB360-C246-4947-9CDB-4A8BED7CBBE1}" = protocol=17 | dir=in | app=c:\program files\brother\bradmin professional 3\bradminv3.exe | 
"{06478502-F0CB-4ED7-BBCE-43840B7D99B7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{0648E42C-739C-453A-B93A-141DC181333C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{06AEC8CA-F6D0-41DF-A282-D5C858C243C4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0708567A-A22A-49B4-BAA1-0346FF33AFAC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{088A8CD1-5291-4F20-99DC-DA174BA30A66}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0BCF394E-6A64-4A07-B28B-BDB41EB8EE81}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0E244282-7687-4EE7-9A5D-5C321FF74FA6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0E534D0A-9BB8-457F-A719-DE895490C689}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0F58C66E-4797-4582-8D27-861B64C8E107}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0FB148DF-3BDD-46DC-AFE3-C5048ACDDF0D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{105A7D4A-9CD2-445D-84B0-64E7E8A5ABC4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{12213D37-E4BD-41B5-B459-D9DC729AA8C3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{12AE38AD-D960-4841-AFC1-E6F09D018697}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{12E74B0E-FF7A-4C03-BEAB-D19A6D820562}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{13837F65-6A11-447B-A51F-BF0B097BDCFF}" = protocol=6 | dir=in | app=d:\lol-us\air\lolclient.exe | 
"{1B4E8C94-446D-41C3-BB6C-3529EC15B25B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{1C0F1F57-5EEB-49DA-9188-FC534D41B350}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1C7A240E-3548-4EDE-AB43-7D14D27BB66C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1E3DD755-4573-464C-863D-5A1308ACD717}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{2088E1AD-21E7-4725-9477-C4CBF6062919}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{22BBD7BA-DC5A-4D1F-A42E-57C11F33BC9E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{243996B2-499C-4365-9D5B-0927CE7CF93E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{246F385F-1703-492D-9764-606A56BC8DE5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{288DFD7C-8B4E-4CEB-AB30-3E3D40D02287}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2B2DC6F5-8A92-4D14-980A-6725AD173241}" = protocol=17 | dir=in | app=d:\lol-eu\air\lolclient.exe | 
"{2BDBC7BB-CBD2-4C0C-9C4A-98AC75F797F3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2C7434D3-C832-4BCA-A1FD-873B4F343092}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2D0320B5-8EE4-4060-9C2C-2CC2D77F5C5A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2D510CB3-A5FD-46E3-A10B-57A2A7027B26}" = protocol=6 | dir=in | app=d:\lol\game\league of legends.exe | 
"{2D6137F6-40F8-464F-80E0-4FCF2EBE53FD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2DDE9AB2-7DCE-4E5E-A0BF-E33DB878DCAA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2E303830-8AE2-4FBD-92EC-F89DC814C486}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2FF56284-A7FF-4CA8-BD05-AA372C319576}" = dir=in | app=c:\program files\finalmediaplayer\fmpcheckforupdates.exe | 
"{326D490E-97E4-4C02-BCBF-3F5BD95286F9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{348A9DA1-3017-44CF-A663-E183371BD09C}" = protocol=6 | dir=in | app=d:\lol-eu\game\league of legends.exe | 
"{35F84937-7E56-43B8-8E9B-4DF8827CF826}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{363CFB3F-4E6D-411C-AA52-33D69C5B745B}" = protocol=17 | dir=in | app=d:\dateien\icq\icq7.2\icq.exe | 
"{38FC93D5-1A40-48AD-AC0D-DF08AFC0439F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3B1AD8BD-E636-4165-96C0-FA784C1EE147}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3BE806A6-7BD4-4E92-BC4A-39BDE8129E1C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3CD6700B-33C8-4182-A485-4552320C13B3}" = protocol=17 | dir=in | app=d:\dateien\icq\icq7.2\icq.exe | 
"{3E46C3F1-51C3-4728-A00D-FA0FA395AF37}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3EA30F2D-7DB1-4B8A-82C1-576A9FADA846}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3F6A9BEB-CE62-4DA3-ACD6-E856945A93E5}" = protocol=17 | dir=in | app=c:\program files\tuneup utilities 2012\oneclick.exe | 
"{4019FB37-E6F9-447D-B785-A14F1B6A09EE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4430FF4A-F23D-4E23-A443-899FF403119F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4552612D-8116-4562-957E-58323B3602EA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{45EB3158-0E08-475B-9B2D-ABB6EE118C95}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{469A890F-5383-4A7A-B963-8BDD77E11E84}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{48173430-6C3E-4C86-8BA9-89D459F786EE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4A9F22E4-45AF-48C2-8000-D9066A11895F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4AB5AB17-1E75-4CED-B06A-2F795CA2645E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4AE86BC9-D09C-4886-ABB3-3657BD95175D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4C5BB0C2-4143-4276-ACCB-71D054BF460A}" = protocol=17 | dir=in | app=d:\lol-us\lol.launcher.exe | 
"{500F1504-43A5-4456-BBEF-31BD84536953}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5011E778-A091-44F7-8BB9-D520879EB78D}" = protocol=6 | dir=in | app=d:\lol\air\lolclient.exe | 
"{50C9EA54-AA44-4219-BA95-A621050789DF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{518B77A1-A5A2-4873-818F-687E78347477}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{52D00A30-8CA0-4995-A98A-12745633BC8E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{530EBA36-3AB9-4897-9391-E3EB2E4E95AE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{53769855-8A3D-4E1A-BDF7-6CB05628FA90}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{56DF7E2C-551B-43F8-BE72-1054828AE517}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{58E1A5AD-6A1A-4ACC-A013-7C9DC7E338C0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5CAD272D-9699-47B8-AFC1-0DCD600FA360}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{5EC35E00-6E68-4A24-A538-53E50F88CCCA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{623F134E-424E-4190-A9D3-6E5146DC5775}" = protocol=6 | dir=in | app=d:\lol-eu\air\lolclient.exe | 
"{63CFD8C6-4711-4EE7-A564-1D55F0975083}" = protocol=6 | dir=in | app=d:\lol-eu\game\league of legends.exe | 
"{646CB822-078F-4539-B9B4-92636A5D43C8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{657CF6D9-79C8-4604-A905-783633FDD309}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6597654E-4A77-4921-BC0C-29F54E7A35A7}" = protocol=6 | dir=out | app=system | 
"{65D6FF2A-A3BD-4C00-9DF1-E599BF614EC8}" = protocol=6 | dir=in | app=d:\dateien\icq\icq7.2\aolload.exe | 
"{66E01189-4757-482C-830A-F0CF7209D7E9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{68FAABDD-157A-41AD-A41E-A32974F92BA0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6DE8E393-2AA6-41C6-BED4-ABEFCF7197C5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6EFFB576-161D-420E-B693-08FCA0FD5793}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6F3B4309-1AAF-42BB-9C3D-E1FF4C8305B0}" = protocol=17 | dir=in | app=d:\dateien\icq\icq7.2\aolload.exe | 
"{729E5AF6-F422-4C42-A702-BB8BE0194E17}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{76030E88-56DA-40D1-864D-BCD41551239F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{78B05F95-9CC9-4A49-8D90-FC78608C6F50}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{78DBA1F6-5C5D-42C0-A7ED-FBB30009597A}" = protocol=17 | dir=in | app=d:\lol-eu\air\lolclient.exe | 
"{7A53A79C-3A22-4856-9036-B1B4A3B98146}" = protocol=6 | dir=in | app=c:\program files\brother\bradmin professional 3\bradminv3.exe | 
"{7EB6F6C1-E7BF-4267-A4BE-410059889497}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{7FA6F244-3AFE-4011-93EB-03EC8E1384D4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{80FBC400-BFE2-4C8F-8CDB-15C61888BE73}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{84BAF3A5-84D0-43B7-8628-9C749EA590E1}" = protocol=6 | dir=in | app=c:\program files\brother\bradmin professional 3\auditorserver.exe | 
"{892474DA-1E30-4548-A5DE-EA7CD9DDCEEF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8E333859-06BD-4D0A-BF4E-666068B5EADA}" = protocol=17 | dir=in | app=d:\lol-us\game\league of legends.exe | 
"{8EC80497-DA66-4CDA-A7AD-D1C54EC09CA0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8F4A583A-F0D9-499C-A78D-32148720119D}" = protocol=17 | dir=in | app=d:\lol-eu\game\league of legends.exe | 
"{9010E751-6B2F-4366-83D9-DBAC81555A96}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{930F8E70-A977-4C5E-9FB7-5D9C8BF2E857}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{93D2B381-3DEB-4361-968B-99FFA551823A}" = protocol=6 | dir=in | app=d:\lol-eu\air\lolclient.exe | 
"{9601D7E2-5E9A-4A77-8138-F52D61340783}" = protocol=17 | dir=in | app=c:\program files\tuneup utilities 2012\integrator.exe | 
"{974FA11C-D2A0-47EE-BC9B-98C07FEF73AB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9A4E2F11-84CA-41B0-8415-0D47A8E5EF33}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{9A7F3C1C-87AC-44C5-8006-B8390AD3C6D1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9AC30792-C3B2-4A33-932B-194958610DAB}" = protocol=17 | dir=in | app=d:\lol-us\air\lolclient.exe | 
"{9AC3FC08-3DF6-4B0E-A70B-BB82AFAF234B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9E664A6F-503F-49C2-8F72-2353733045B0}" = protocol=17 | dir=in | app=d:\dateien\icq\icq7.2\aolload.exe | 
"{9EBAE886-0468-4131-A7F9-83A0CCAC8E11}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9FE14F1E-6D3F-4C33-9828-A3C0BA094E37}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A0B06A81-3B9D-47F8-AE14-A36231E7E83E}" = protocol=6 | dir=in | app=d:\dateien\icq\icq7.2\icq.exe | 
"{A170E440-F0EC-4BF1-9F89-EC32EDEE6ACD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A430947A-7886-4772-A49F-CA61CA5CC29B}" = protocol=17 | dir=in | app=d:\lol\game\league of legends.exe | 
"{A47F4D48-A604-46AA-A681-B5A08EE0AEBF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{A7FEA357-6641-403E-8339-2E7F19FD4B34}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A8832711-0425-42D9-92DD-AE27586B749C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A971889A-6648-43D6-A9D1-60A5139D68B6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A9F89CAB-18CD-44BA-AF48-A99FABD4E88E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AB4CA4CE-07E5-4094-875F-3ABBD34772AB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{ABC19917-A955-43CD-8B7B-DDC43E7A4EFD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AF39B89A-5421-4297-8B38-34CF0A62052D}" = protocol=6 | dir=in | app=d:\dateien\icq\icq7.2\icq.exe | 
"{B0F33EDA-4EE8-4C57-9DCD-D112FC1A0FB2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{B17A9D18-E369-40FA-9DE9-6F29983527D6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B1F7C896-BCB7-4790-A8A4-2C075FC3B45D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B67EA9C8-E87A-4F3D-8E80-61E3947B3B6C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B74B4467-B7C0-492B-A08C-3943C621BC0F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BB7E9ECF-3700-4A0D-99B3-BB26F5BBE84A}" = protocol=6 | dir=in | app=c:\program files\iminent\imbooster\imbooster.exe | 
"{BD68AD4C-5A47-4B24-9287-2B00D49DACFD}" = protocol=6 | dir=in | app=c:\program files\tuneup utilities 2012\oneclick.exe | 
"{BE22156B-7D81-42BD-BD42-8694F60FA2DE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BE566A25-123E-4CF4-A087-467E03B02872}" = protocol=6 | dir=out | app=c:\program files\iminent\mmserver\iminent.mmserver.exe | 
"{BE957501-C06B-42DC-AB89-D5CDAEBF3CF5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BEB288F9-FD8D-4A9B-A472-154818CE3E4A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BF2326E5-A5DE-4034-AC11-1CB9258673C4}" = protocol=17 | dir=in | app=d:\dateien\icq\icq7.2\icq.exe | 
"{BFCC45AB-19E5-4DB3-8944-16468300514B}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{BFDEF212-2089-4A52-A4B3-DDCD0F3F6479}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C1317F13-2357-4C2F-829B-8E959AD9F82D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C1669B50-9D15-47FF-A758-56F397786BBC}" = protocol=6 | dir=out | app=c:\program files\iminent\imbooster\imbooster.exe | 
"{C2632088-90CA-4FCB-81E6-6BC6FF058657}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C2D4C4B4-6505-4268-BE9C-850E6D079830}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C581A91C-B1BF-4EF7-8F06-E7727592E662}" = protocol=17 | dir=in | app=c:\program files\brother\bradmin professional 3\auditorserver.exe | 
"{C7B73CBF-1C99-4EC4-BB5E-F54D5DA365CC}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{C8F9C915-1E22-44CA-88B2-325BC24CF23C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CD4BCDEC-CCEA-4335-A4C6-389EFD6AAE8A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CE64E2BC-F0D5-4870-AF5F-9A1731AEE6D7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CEB7BB47-B602-4C41-9F69-F44B4C037130}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D1FBEB79-E947-4420-A286-128A11071834}" = protocol=6 | dir=in | app=d:\lol-us\lol.launcher.exe | 
"{D2CEF4E2-77DC-4EAC-82E1-55014C9A6F61}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D5D4FC55-10B5-4333-8D51-A44D145E80B2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D7E9FED5-3409-4809-BC71-5704D73D2EFF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D918DE9E-B6B2-48E6-890C-62F33F09FFDC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{D9EF1E8F-CF16-4030-8A77-4E3CFE03D511}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DBC3A6D7-0DB4-4B95-A55A-3E45F60E9C07}" = protocol=17 | dir=in | app=d:\lol-eu\game\league of legends.exe | 
"{DBF79EB1-B7EB-4244-AE1F-51B4B09D2FDA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DC21EEDA-0AEF-45F7-BCEB-D9391A7D14F8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DCC98600-2050-42AF-A1F1-232E5EB5B66F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DCDE1DC1-26D2-4ECC-A569-5CB34BB787FC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DE45514A-F7E1-4D81-9DD3-5D01B2D45379}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DE456D3A-33F2-4DE7-A778-D4E1C85283BF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E20C6099-6F33-4996-839B-9703347BA4C9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{E309FDA8-9B96-4B6F-B3C5-1BB89EA42299}" = protocol=17 | dir=in | app=d:\lol\air\lolclient.exe | 
"{E3CF5F83-86D3-4D30-8CFD-DE8337719292}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{E4A42EF5-8BE7-4451-8089-E871DBBC8E4F}" = protocol=6 | dir=in | app=d:\dateien\icq\icq7.2\aolload.exe | 
"{E5CB9467-F33F-4FF8-8B0A-C1A84D3F6BC7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E6501770-1316-4D22-BC50-A9775EA17C22}" = protocol=6 | dir=in | app=c:\program files\tuneup utilities 2012\integrator.exe | 
"{E6BAF120-876C-4D7E-A91D-36D1CE717A05}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E86D3E2C-9CAD-4101-A98F-C2EDFAF43418}" = protocol=6 | dir=in | app=c:\program files\brother\bradmin professional 3\discover.exe | 
"{E9B72961-5F8B-41E5-B327-0AC244D25B68}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EAAE290D-E207-4C9E-872F-7FBC2D8CF1BA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{ED9E2D27-EC18-4112-BD6A-C8A0088EA0A9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EFFAD7D7-4A27-40FB-A82E-7C72BAB43E1C}" = protocol=6 | dir=in | app=d:\lol-us\game\league of legends.exe | 
"{F00F138B-67FC-421E-98B9-C9F8E9458856}" = protocol=17 | dir=in | app=c:\program files\brother\bradmin professional 3\discover.exe | 
"{F1AB0C67-2AEC-43C7-AEDE-146AE200F366}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F1B6BB82-2083-4E44-9D44-B323406F74A0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F1F73300-6571-40B0-9CE5-B96FB8637B9C}" = protocol=17 | dir=in | app=d:\dateien\icq\icq7.2\aolload.exe | 
"{F35E8D9D-2134-4050-A2DE-582FDD27B5B1}" = protocol=6 | dir=in | app=d:\dateien\icq\icq7.2\icq.exe | 
"{F3CED88D-DE58-4036-8FBC-04A2DFA0B9F9}" = protocol=6 | dir=in | app=d:\dateien\icq\icq7.2\aolload.exe | 
"{F3DA2F2D-34FE-44BE-80E8-0B23FAB09574}" = protocol=6 | dir=in | app=c:\program files\iminent\mmserver\iminent.mmserver.exe | 
"{F574AD00-6ED3-414C-AF41-AFAEF793717C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F6567ECC-B171-46E3-8821-7058535390EF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F6C3E1C3-68D0-4071-AD16-A2CB5BAFD241}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F77CC6F2-40E6-44F4-B048-B197F79CE4DA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FB7BBF7F-A8AC-432A-9500-E361760C0600}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FCC0A1CA-346E-4E97-A770-02D374F647E8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{07CE6B65-908E-4450-BD13-ACEE73871E44}C:\windows\system32\wfs.exe" = protocol=6 | dir=in | app=c:\windows\system32\wfs.exe | 
"TCP Query User{1C29DF89-3302-47E6-B026-85AE2E63BD92}C:\windows\ehome\ehexthost.exe" = protocol=6 | dir=in | app=c:\windows\ehome\ehexthost.exe | 
"TCP Query User{2C98CAAB-CC9B-4C42-8475-DA6EC64922F5}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{5A35EE05-95A5-4D1F-B4B9-F8ED799043B6}E:\easysetupassistant\easysetupassistant.exe" = protocol=6 | dir=in | app=e:\easysetupassistant\easysetupassistant.exe | 
"TCP Query User{B934188A-32D3-4C9D-80F9-A4B9BB985166}C:\windows\ehome\ehexthost.exe" = protocol=6 | dir=in | app=c:\windows\ehome\ehexthost.exe | 
"TCP Query User{BCF599FA-903D-4D65-B3B1-E597743FC210}E:\easysetupassistant\easysetupassistant.exe" = protocol=6 | dir=in | app=e:\easysetupassistant\easysetupassistant.exe | 
"TCP Query User{E7076204-9E6C-449E-8710-E7FEC1B8EBD8}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{16428BE3-CE5C-4B87-BADE-DFD81987E563}C:\windows\ehome\ehexthost.exe" = protocol=17 | dir=in | app=c:\windows\ehome\ehexthost.exe | 
"UDP Query User{19C7D443-3D73-47B6-96A0-79F10684EC32}E:\easysetupassistant\easysetupassistant.exe" = protocol=17 | dir=in | app=e:\easysetupassistant\easysetupassistant.exe | 
"UDP Query User{322ED091-E86B-4949-BD2C-4BE0742FA825}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{4C4BC05A-31A5-407A-9D36-558B0D77C816}C:\windows\ehome\ehexthost.exe" = protocol=17 | dir=in | app=c:\windows\ehome\ehexthost.exe | 
"UDP Query User{5EB83965-4713-4CFF-BF69-A9EA4B5AA99F}E:\easysetupassistant\easysetupassistant.exe" = protocol=17 | dir=in | app=e:\easysetupassistant\easysetupassistant.exe | 
"UDP Query User{5F4F44AA-ABC9-491F-A8BF-8D4D3C2243A9}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{A551F1C4-8D5F-496C-93D3-938F4BFF71FD}C:\windows\system32\wfs.exe" = protocol=17 | dir=in | app=c:\windows\system32\wfs.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{72DB27D3-FE05-4227-AF5A-11CD101ECF09}" = Corel Graphics - Windows Shell Extension
"_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW(R) Graphics Suite X5
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0197D136-598D-4968-BEEA-91C1B764F05D}" = Lexware buchhalter 2012
"{02C6615A-A8FF-4175-8B25-9DADCE1D02B7}_is1" = Secure Banking Version 1.4.6
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.1214.1 
"{0ED38503-B69A-44B4-98BE-21BFF284A9B6}" = Brother Driver Deployment Wizard
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{136E842A-87AC-4CFA-99A0-4D5BF9114566}" = Iminent
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data
"{2511D82C-2688-41C2-ABF8-AF237795989B}" = pdfforge Toolbar v6.2
"{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.4.2499.0
"{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications (R) Core
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 26
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{28999392-5871-4A39-863A-D2A6EA3260AF}" = League of Legends
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MYMOVIES)
"{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters
"{359FCAA7-B544-4147-AE3B-8C8A526E2427}" = Sony Image Data Suite
"{36597DA3-171C-4DEF-985D-41D19D9D5F69}" = My Movies for Windows Media Center
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FFBB818-B13C-11E0-931D-B2664824019B}_is1" = Complitly
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA
"{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist
"{5968F27A-66E6-171E-5311-0A74D74AAD9B}" = ATI Catalyst Install Manager
"{5B363E1D-8C36-4458-BAE4-D5081999E094}" = Browser Configuration Utility
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{5FD89EA1-99C2-40EE-BBF5-20F8991ED756}" = Catalyst Control Center - Branding
"{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw
"{64F974D4-135B-4BB9-9791-CD94AEBDAE5C}" = WGW Deutsch 1
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B56E0F8-762D-46F8-846D-D9609116997E}" = WGW Deutsch 3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72DB27D3-FE05-4227-AF5A-11CD101ECF09}" = Corel Graphics - Windows Shell Extension
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{75C885D4-C758-4896-A3B4-90DA34B44C31}" = BRAdmin Professional 3
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7ED4E9AB-9B5D-5380-9AB7-2865CA1DA0DB}" = AMD Fuel
"{85092B90-AEB2-2E30-0EF1-432EC61F6BD1}" = Catalyst Control Center InstallProxy
"{86B247F9-1D5E-CCC6-3280-71486D9A4E70}" = ATI Stream SDK v2 Developer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial 
"{8B682C1D-A3D4-47AF-A594-C5DCCEAB7AB1}" = map&guide professional 2009
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{93FFBCB3-9DC8-4807-8E2B-D36E9C18A289}" = WGW Deutsch 4
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav
"{99E3A19C-72AF-4778-B617-E3E96F9CAD27}" = Lexware Elster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT
"{A20A58C4-6784-4B4B-86CC-94E2E3671031}" = Nero 7 Ultra Edition
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B10D4952-97EA-401D-AF22-930BA7BE2A9B}" = T.sonic Utility
"{B1D46FFA-BCA1-4810-A8C1-D091E65D544B}" = League of Legends
"{B399C91E-96F2-4265-9884-1C9A10E9FCF4}" = CorelDRAW Graphics Suite X5
"{B3B2E45F-A0FC-47C6-B399-72D9D8482C8A}" = Visual Basic for Applications (R) Core - German
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B9CA59A0-3B70-48F8-9054-67595DE6E72B}" = League of Legends
"{C7EA1AF1-F908-0832-AA52-5EDBE128FD6B}" = ccc-core-static
"{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications (R) Core - English
"{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{DCF22E37-A8B6-4F78-9D61-3BCB5ED38A50}" = CorelDRAW Graphics Suite X5 - DE
"{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM
"{E024F0D3-63D6-4C2A-BB94-7667FB125822}" = WGW Deutsch 2
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E9D4FBA9-FB46-A5CE-F52F-516C4B8F0373}" = ccc-utility
"{EB0E062C-575D-8154-2682-C84EF432CCF0}" = Catalyst Control Center Graphics Previews Common
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture
"{EEA54973-AFC8-21C8-1414-246AA9435890}" = CCC Help English
"{EFD2B53A-0520-4616-8522-ADB48FE2D49D}" = map&guide Kartendaten PTV Europe City Map Premium 3a-2008t - NQ (D:\M&G\maps\EuropePremium.geo)
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}" = Lexware Info Service
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FA9FEEDB-E4A3-4747-8AFB-A060CF8EF28D}" = Playway 1
"{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALDI NORD Bestellsoftware" = ALDI NORD Bestellsoftware 4.9
"Ashampoo WinOptimizer 8_is1" = Ashampoo WinOptimizer 8 v.8.0.2
"AVMFBox" = FRITZ!Box
"BullGuard" = BullGuard 9.0
"bwin Poker JPC_is1" = bwin Poker JPC 1.0.0
"DivX Setup" = DivX-Setup
"ElsterFormular 13.1.1.8531k" = ElsterFormular
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FILEminimizer Pictures_is1" = FILEminimizer Pictures
"FinalMediaPlayer_is1" = Final Media Player 2011
"Freecorder Toolbar" = Freecorder Toolbar
"Freecorder4.01" = Freecorder 4.01 Application
"Freecorder5.07" = Freecorder 5
"ICQToolbar" = ICQ Toolbar
"IMBoosterARP" = Iminent
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"LetsTrade" = LetsTrade Komponenten
"Lillebi" = Lillebi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"MARKEMENT_BOOSTER_PRO_is1" = PCSUITE BOOSTER
"Media Player - Codec Pack" = Media Player Codec Pack 3.9.6
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PCSUITE_SHREDDER_PRO_is1" = PCSUITE SHREDDER
"QuickTime" = QuickTime
"ST6UNST #1" = Eumex 604PC Bildschirmschoner
"TC Login" = TC Login
"WinPhone" = WinPhone
"WinRAR archiver" = WinRAR
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 15.03.2012 03:26:12 | Computer Name = Meik-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.03.2012 05:35:18 | Computer Name = Meik-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 1928  Anfangszeit: 01cd028e6aabad0c  Zeitpunkt
 der Beendigung: 26
 
Error - 17.03.2012 07:54:31 | Computer Name = Meik-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 20.03.2012 03:50:59 | Computer Name = Meik-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 20.03.2012 14:25:03 | Computer Name = Meik-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.03.2012 11:37:04 | Computer Name = Meik-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.03.2012 05:01:37 | Computer Name = Meik-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 29.03.2012 09:55:54 | Computer Name = Meik-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 30.03.2012 02:06:26 | Computer Name = Meik-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 31.03.2012 07:10:27 | Computer Name = Meik-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 20.08.2012 03:22:56 | Computer Name = Meik-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 20.08.2012 10:30:23 | Computer Name = Meik-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 21.08.2012 10:14:12 | Computer Name = Meik-PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker PDFCreator nicht unter dem Namen
 PDFCreator freigeben. Fehler: 2114. Der Drucker kann nicht von anderen Benutzern
 im Netzwerk verwendet werden.
 
Error - 21.08.2012 10:14:12 | Computer Name = Meik-PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker Brother PC-FAX v.2 nicht unter
 dem Namen Brother PC-FAX v.2 freigeben. Fehler: 2114. Der Drucker kann nicht von
 anderen Benutzern im Netzwerk verwendet werden.
 
Error - 21.08.2012 10:14:12 | Computer Name = Meik-PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker Brother MFC-490CW Printer nicht
 unter dem Namen Brother MFC-490CW Printer freigeben. Fehler: 2114. Der Drucker 
kann nicht von anderen Benutzern im Netzwerk verwendet werden.
 
Error - 21.08.2012 10:15:45 | Computer Name = Meik-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 21.08.2012 10:42:28 | Computer Name = Meik-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = 
 
Error - 22.08.2012 13:11:02 | Computer Name = Meik-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 23.08.2012 11:25:15 | Computer Name = Meik-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 25.08.2012 03:33:10 | Computer Name = Meik-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
--- --- ---

OTL ging nun doch.

Alt 29.08.2012, 04:21   #5
t'john
/// Helfer-Team
 
Banking Trojaner - Standard

Banking Trojaner


Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.


Code:
ATTFilter
:OTL
SRV - (de_serv) -- C:\Program Files\Common Files\AVM\de_serv.exe File not found 
SRV - (BRA_Scheduler) -- D:\Brother\bratimer.exe File not found 
SRV - (Application Updater) -- C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found 
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found 
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found 
DRV - (dtwmnic5) -- system32\DRIVERS\dtwmnic5.sys File not found 
DRV - (aa07fov6) -- File not found 
IE - HKLM\..\URLSearchHook: - No CLSID value found 
IE - HKLM\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Programme\Freecorder\prxtbFre0.dll (Conduit Ltd.) 
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) 
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-3301633554-2920399333-3288498344-1000\..\URLSearchHook: - No CLSID value found 
IE - HKU\S-1-5-21-3301633554-2920399333-3288498344-1000\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Programme\Freecorder\prxtbFre0.dll (Conduit Ltd.) 
IE - HKU\S-1-5-21-3301633554-2920399333-3288498344-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) 
IE - HKU\S-1-5-21-3301633554-2920399333-3288498344-1000\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.2\pdfforgeToolbarIE.dll (Spigot, Inc.) 
IE - HKU\S-1-5-21-3301633554-2920399333-3288498344-1000\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Programme\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.) 
IE - HKU\S-1-5-21-3301633554-2920399333-3288498344-1000\..\SearchScopes,DefaultScope = {D04E8F71-4D0E-4e07-8927-94EA3B1B2CA0} 
IE - HKU\S-1-5-21-3301633554-2920399333-3288498344-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKU\S-1-5-21-3301633554-2920399333-3288498344-1000\..\SearchScopes\{321DB656-B6E6-4161-8B18-6904A058FF6E}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SPLBR2&pc=SPLH 
IE - HKU\S-1-5-21-3301633554-2920399333-3288498344-1000\..\SearchScopes\{3246700F-57CB-470B-A231-BCBBA6D5270D}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} 
IE - HKU\S-1-5-21-3301633554-2920399333-3288498344-1000\..\SearchScopes\{5C3EE550-D9D3-4123-A80D-84AE1D42027A}: "URL" = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A4067623346&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A4067623346 
IE - HKU\S-1-5-21-3301633554-2920399333-3288498344-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd 
IE - HKU\S-1-5-21-3301633554-2920399333-3288498344-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={4D570500-FDAC-4AFC-B702-F1D9BAE07717}&mid=5c0357e61bc247d19307bdb90f984ec4-b298b7ef7a5a5d31f3f958b31a803c0e017f7381&lang=de&ds=tt014&pr=sa&d=2011-12-13 20:24:18&v=8.0.0.34&sap=dsp&q={searchTerms} 
IE - HKU\S-1-5-21-3301633554-2920399333-3288498344-1000\..\SearchScopes\{D04E8F71-4D0E-4e07-8927-94EA3B1B2CA0}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=STDVM 
IE - HKU\S-1-5-21-3301633554-2920399333-3288498344-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - prefs.js..browser.search.defaultenginename: "Yahoo" 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12" 
FF - prefs.js..browser.search.selectedEngine: "Google" 
FF - prefs.js..browser.startup.homepage: "http://isearch.avg.com/?cid={2E2CBE43-BE95-4C72-83D8-1E30B8FCFD3E}&mid=5c0357e61bc247d19307bdb90f984ec4-b298b7ef7a5a5d31f3f958b31a803c0e017f7381&lang=de&ds=tt014&pr=sa&d=&v=&sap=hp" 
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=827316&ilc=12&p=" 
FF - prefs.js..network.proxy.type: 0 
O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Programme\Freecorder\prxtbFre0.dll (Conduit Ltd.) 
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.2\pdfforgeToolbarIE.dll (Spigot, Inc.) 
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Programme\Freecorder\prxtbFre0.dll (Conduit Ltd.) 
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.2\pdfforgeToolbarIE.dll (Spigot, Inc.) 
O3 - HKU\S-1-5-21-3301633554-2920399333-3288498344-1000\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Programme\Freecorder\prxtbFre0.dll (Conduit Ltd.) 
O4 - HKLM..\Run: [] File not found 
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) 
O4 - HKU\S-1-5-21-3301633554-2920399333-3288498344-1000..\Run: [Irerevn] C:\Users\Meik\AppData\Roaming\Otyl\yqrex.exe File not found 
O4 - HKU\S-1-5-21-3301633554-2920399333-3288498344-1000..\Run: [Izezdy] C:\Users\Meik\AppData\Roaming\Cipi\ybvim.exe File not found 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) 
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) 
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) 
O32 - HKLM CDRom: AutoRun - 1 
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] 
[2012.08.01 09:34:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla 
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] 
[2012.08.19 12:00:01 | 000,000,040 | ---- | M] () -- C:\ProgramData\xipbbkhvxxwzdkb 

[2012.08.08 20:38:58 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater 
[2012.08.08 20:38:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot 
[2012.08.08 20:38:57 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar 

[2010.09.03 23:10:39 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat 
:Files

C:\Users\Meik\AppData\Local\{*}
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\Meik\AppData\Local\Temp\*.exe
C:\Users\Meik\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
%SystemRoot%\System32\*.tmp

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

__________________
Mfg, t'john
Das TB unterstützen

Alt 29.08.2012, 17:36   #6
meik78
 
Banking Trojaner - Standard

Banking Trojaner


Vielen Dank erstmal.
Das ist das OTL log nach dem Neustart.
Muss ich die Datei noch entfernen?
Finde den Ordner nicht mehr...

All processes killed
========== OTL ==========
Service de_serv stopped successfully!
Service de_serv deleted successfully!
File C:\Program Files\Common Files\AVM\de_serv.exe File not found not found.
Service BRA_Scheduler stopped successfully!
Service BRA_Scheduler deleted successfully!
File D:\Brother\bratimer.exe File not found not found.
Service Application Updater stopped successfully!
Service Application Updater deleted successfully!
C:\Programme\Application Updater\ApplicationUpdater.exe moved successfully.
Service NwlnkFwd stopped successfully!
Service NwlnkFwd deleted successfully!
File system32\DRIVERS\nwlnkfwd.sys File not found not found.
Service NwlnkFlt stopped successfully!
Service NwlnkFlt deleted successfully!
File system32\DRIVERS\nwlnkflt.sys File not found not found.
Service IpInIp stopped successfully!
Service IpInIp deleted successfully!
File system32\DRIVERS\ipinip.sys File not found not found.
Service dtwmnic5 stopped successfully!
Service dtwmnic5 deleted successfully!
File system32\DRIVERS\dtwmnic5.sys File not found not found.
Error: No service named aa07fov6 was found to stop!
Service\Driver key aa07fov6 not found.
File File not found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ deleted successfully.
C:\Programme\Freecorder\prxtbFre0.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
C:\Programme\ICQ6Toolbar\ICQToolBar.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3301633554-2920399333-3288498344-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3301633554-2920399333-3288498344-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.
File C:\Programme\Freecorder\prxtbFre0.dll not found.
Registry value HKEY_USERS\S-1-5-21-3301633554-2920399333-3288498344-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Programme\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_USERS\S-1-5-21-3301633554-2920399333-3288498344-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
C:\Programme\pdfforge Toolbar\IE\6.2\pdfforgeToolbarIE.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-3301633554-2920399333-3288498344-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}\ deleted successfully.
C:\Programme\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll moved successfully.
HKEY_USERS\S-1-5-21-3301633554-2920399333-3288498344-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3301633554-2920399333-3288498344-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3301633554-2920399333-3288498344-1000\Software\Microsoft\Internet Explorer\SearchScopes\{321DB656-B6E6-4161-8B18-6904A058FF6E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{321DB656-B6E6-4161-8B18-6904A058FF6E}\ not found.
Registry key HKEY_USERS\S-1-5-21-3301633554-2920399333-3288498344-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3246700F-57CB-470B-A231-BCBBA6D5270D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3246700F-57CB-470B-A231-BCBBA6D5270D}\ not found.
Registry key HKEY_USERS\S-1-5-21-3301633554-2920399333-3288498344-1000\Software\Microsoft\Internet Explorer\SearchScopes\{5C3EE550-D9D3-4123-A80D-84AE1D42027A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C3EE550-D9D3-4123-A80D-84AE1D42027A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3301633554-2920399333-3288498344-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_USERS\S-1-5-21-3301633554-2920399333-3288498344-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_USERS\S-1-5-21-3301633554-2920399333-3288498344-1000\Software\Microsoft\Internet Explorer\SearchScopes\{D04E8F71-4D0E-4e07-8927-94EA3B1B2CA0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D04E8F71-4D0E-4e07-8927-94EA3B1B2CA0}\ not found.
HKU\S-1-5-21-3301633554-2920399333-3288498344-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "Yahoo" removed from browser.search.defaultenginename
Prefs.js: "chr-greentree_ff&type=827316&ilc=12" removed from browser.search.param.yahoo-fr
Prefs.js: "Google" removed from browser.search.selectedEngine
Prefs.js: "hxxp://isearch.avg.com/?cid={2E2CBE43-BE95-4C72-83D8-1E30B8FCFD3E}&mid=5c0357e61bc247d19307bdb90f984ec4-b298b7ef7a5a5d31f3f958b31a803c0e017f7381&lang=de&ds=tt014&pr=sa&d=&v=&sap=hp" removed from browser.startup.homepage
Prefs.js: "hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=827316&ilc=12&p=" removed from keyword.URL
Prefs.js: 0 removed from network.proxy.type
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.
File C:\Programme\Freecorder\prxtbFre0.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Programme\pdfforge Toolbar\IE\6.2\pdfforgeToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.
File C:\Programme\Freecorder\prxtbFre0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Programme\pdfforge Toolbar\IE\6.2\pdfforgeToolbarIE.dll not found.
Registry value HKEY_USERS\S-1-5-21-3301633554-2920399333-3288498344-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1392B8D2-5C05-419F-A8F6-B9F15A596612} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}\ not found.
File C:\Programme\Freecorder\prxtbFre0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully.
C:\Programme\Common Files\Spigot\Search Settings\SearchSettings.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-3301633554-2920399333-3288498344-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Irerevn deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3301633554-2920399333-3288498344-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Izezdy deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
C:\ProgramData\Mozilla\logs folder moved successfully.
C:\ProgramData\Mozilla folder moved successfully.
C:\Windows\System32\ConduitEngine.tmp deleted successfully.
C:\ProgramData\xipbbkhvxxwzdkb moved successfully.
C:\Program Files\Application Updater folder moved successfully.
C:\Program Files\Common Files\Spigot\wtxpcom\components folder moved successfully.
C:\Program Files\Common Files\Spigot\wtxpcom\chrome\content folder moved successfully.
C:\Program Files\Common Files\Spigot\wtxpcom\chrome folder moved successfully.
C:\Program Files\Common Files\Spigot\wtxpcom folder moved successfully.
C:\Program Files\Common Files\Spigot\Search Settings\Res folder moved successfully.
C:\Program Files\Common Files\Spigot\Search Settings\Lang folder moved successfully.
C:\Program Files\Common Files\Spigot\Search Settings folder moved successfully.
C:\Program Files\Common Files\Spigot folder moved successfully.
C:\Program Files\pdfforge Toolbar\Res\Lang folder moved successfully.
C:\Program Files\pdfforge Toolbar\Res folder moved successfully.
C:\Program Files\pdfforge Toolbar\IE\6.2 folder moved successfully.
C:\Program Files\pdfforge Toolbar\IE folder moved successfully.
C:\Program Files\pdfforge Toolbar\FF\chrome folder moved successfully.
C:\Program Files\pdfforge Toolbar\FF folder moved successfully.
C:\Program Files\pdfforge Toolbar folder moved successfully.
C:\Windows\System32\ezsidmv.dat moved successfully.
========== FILES ==========
File\Folder C:\Users\Meik\AppData\Local\{*} not found.
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\TEMP not found.
File\Folder C:\Users\Meik\AppData\Local\Temp\*.exe not found.
C:\Users\Meik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Meik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Meik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Meik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Meik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Meik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Meik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Meik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Meik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Meik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Meik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Meik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Meik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Meik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Meik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Meik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Meik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Meik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Meik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Meik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Meik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Meik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Meik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Meik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Meik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Meik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Meik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Meik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Meik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Meik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Meik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Meik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Meik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Meik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Meik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Meik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Meik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Meik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Meik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Meik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Meik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Meik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Meik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Meik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Meik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Meik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Meik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Meik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Meik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Meik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Meik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Meik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Meik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Meik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Meik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Meik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Meik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Meik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Meik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Meik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Meik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Meik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Meik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Meik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Meik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Meik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Meik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Meik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Meik\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
File/Folder C:\Users\Meik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
File/Folder C:\Windows\System32\*.tmp not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Meik\Desktop\cmd.bat deleted successfully.
C:\Users\Meik\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Meik
->Temp folder emptied: 63731553 bytes
->Temporary Internet Files folder emptied: 158183158 bytes
->FireFox cache emptied: 70468447 bytes
->Flash cache emptied: 2349 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 119056209 bytes
RecycleBin emptied: 2229300713 bytes

Total Files Cleaned = 2.518,00 mb


OTL by OldTimer - Version 3.2.58.1 log created on 08292012_173313

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Alt 29.08.2012, 18:00   #7
t'john
/// Helfer-Team
 
Banking Trojaner - Standard

Banking Trojaner


Sehr gut!

Wie laeuft der Rechner?

1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
Mfg, t'john
Das TB unterstützen

Alt 29.08.2012, 20:37   #8
meik78
 
Banking Trojaner - Standard

Banking Trojaner


Läuft gut, bin mir nur nicht sicher ob der Trojaner jetzt weg ist

Malewarebytes log:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.25.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Meik :: HNPC4 [Administrator]

29.08.2012 19:22:27
mbam-log-2012-08-29 (19-22-27).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 691018
Laufzeit: 1 Stunde(n), 57 Minute(n), 20 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


AdwCleaner log:

# AdwCleaner v1.801 - Logfile created 08/29/2012 at 21:27:05
# Updated 14/08/2012 by Xplode
# Operating system : Windows Vista (TM) Ultimate Service Pack 2 (32 bits)
# User : Meik - HNPC4
# Boot Mode : Normal
# Running from : C:\Users\Meik\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Meik\AppData\Local\Conduit
Folder Found : C:\Users\Meik\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\Meik\AppData\LocalLow\Conduit
Folder Found : C:\Users\Meik\AppData\LocalLow\ConduitEngine
Folder Found : C:\Users\Meik\AppData\LocalLow\Freecorder
Folder Found : C:\Users\Meik\AppData\LocalLow\pdfforge
Folder Found : C:\Users\Meik\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Meik\AppData\LocalLow\Search Settings
Folder Found : C:\Users\Meik\AppData\Roaming\Complitly
Folder Found : C:\Users\Meik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freecorder
Folder Found : C:\Users\Meik\AppData\Roaming\Mozilla\Firefox\Profiles\988eiaou.default\extensions\{33E0DAA6-3AF3-D8B5-6752-10E949C61516}
Folder Found : C:\ProgramData\Iminent
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freecorder
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent
Folder Found : C:\Program Files\Complitly
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\ConduitEngine
Folder Found : C:\Program Files\Freecorder
Folder Found : C:\Program Files\Iminent
Folder Found : C:\Windows\Freecorder

***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1060933
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\pdfforge
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Ask&Record
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\Complitly
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Iminent
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Found : HKCU\Software\pdfforge
Key Found : HKCU\Software\Search Settings
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Applian Technologies\OpenCandy
Key Found : HKLM\SOFTWARE\Application Updater
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandle.1
Key Found : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandler
Key Found : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject
Key Found : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1
Key Found : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender
Key Found : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1
Key Found : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler
Key Found : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler.1
Key Found : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO
Key Found : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO.1
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Freecorder
Key Found : HKLM\SOFTWARE\Freeze.com
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda
Key Found : HKLM\SOFTWARE\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Freecorder Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Key Found : HKLM\SOFTWARE\pdfforge
Key Found : HKLM\SOFTWARE\Search Settings

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Key Found : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{26C9BBE4-6D45-4AB6-A5B4-E068C9F5EF6D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{479BF2D6-E362-4A99-B1AB-BC764D7B97AE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4B6D6E60-FBD2-4E79-BF4B-886BC98F1797}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{796D822A-C3F9-4A97-BAAB-42FE7628EA63}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C875C0A1-09E3-48D5-9F8E-BD337796FD14}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D8F01233-2DE6-4EE7-8988-37263F00651B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9E92257F-3F0A-451D-B231-6E2DB60CDC71}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6820DCA0-80B9-488D-B92A-756C15325C95}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{48DE97D4-970A-4C36-A237-53C3E4DAB536}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9E92257F-3F0A-451D-B231-6E2DB60CDC71}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9E92257F-3F0A-451D-B231-6E2DB60CDC71}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\Meik\AppData\Roaming\Mozilla\Firefox\Profiles\988eiaou.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [8400 octets] - [29/08/2012 21:27:05]

########## EOF - C:\AdwCleaner[R1].txt - [8528 octets] ##########

Alt 29.08.2012, 22:06   #9
t'john
/// Helfer-Team
 
Banking Trojaner - Standard

Banking Trojaner


Sehr gut!


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.




danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 17.10.2012, 14:54   #10
t'john
/// Helfer-Team
 
Banking Trojaner - Standard

Banking Trojaner


Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu Banking Trojaner
banking, banking trojaner, dateien, gefunde, hallo zusammen, löschen, melde, meldet, ordner, programm, registry, sparkasse, troja, trojane, trojaner, trojaner mitb, zusammen


« ZeroAccess Trojaner in der Desktop.ini gefunden | Verschlüsselungs - oder BKA Trojaner »


Ähnliche Themen: Banking Trojaner


  1. Secure Banking - Online Banking auf der sicheren Seite!
    Archiv - 29.08.2016 (471)
  2. Banking Trojaner
    Plagegeister aller Art und deren Bekämpfung - 10.06.2015 (19)
  3. Trojaner paket@dhl.de <m38609508-1> / vermutlich Banking-Trojaner
    Log-Analyse und Auswertung - 17.03.2015 (13)
  4. Trojaner im Online banking
    Lob, Kritik und Wünsche - 02.12.2014 (0)
  5. Online-Banking-Trojaner!
    Log-Analyse und Auswertung - 22.06.2013 (17)
  6. Online-Banking: Trojaner
    Log-Analyse und Auswertung - 02.05.2013 (1)
  7. Online-Banking-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 06.03.2013 (14)
  8. Trojaner im Online-Banking
    Plagegeister aller Art und deren Bekämpfung - 17.12.2012 (21)
  9. Müll aus Secure Banking - Online Banking auf der sicheren Seite!
    Mülltonne - 04.10.2012 (0)
  10. Banking Trojaner
    Plagegeister aller Art und deren Bekämpfung - 14.05.2012 (21)
  11. Online-Banking Trojaner ?
    Log-Analyse und Auswertung - 02.03.2012 (20)
  12. Online-Banking Trojaner
    Log-Analyse und Auswertung - 23.12.2011 (3)
  13. TAN / Online-Banking Trojaner!
    Log-Analyse und Auswertung - 29.11.2011 (35)
  14. Online Banking - TAN Abfrage beim Banking - Trojaner?
    Log-Analyse und Auswertung - 12.08.2011 (3)
  15. Fieser E-Banking-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 06.04.2011 (10)
  16. 40 Tan-Trojaner bei DKB Online-Banking
    Plagegeister aller Art und deren Bekämpfung - 23.09.2010 (28)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Banking Trojaner - Hallo zusammen, lt. meiner Sparkasse habe ich einen Trojaner mitb_3. Das Programm SecureBanking meldet sich öffter, dass was gefunden wurde. Aber wie werde ich das los? Habe in der registry - Banking Trojaner...
Archiv
Du betrachtest: Banking Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131