Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Ständige Malwarebyte Warnungen, Bankdaten auch schon gestohlen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 29.01.2011, 16:04   #1
Alexandra267
 
Ständige Malwarebyte Warnungen, Bankdaten auch schon gestohlen - Standard

Ständige Malwarebyte Warnungen, Bankdaten auch schon gestohlen



Hallo,
hatte diese Woche Post von meiner Bank bekommen. Meine Bankdaten sind wohl auf einer Phishing Seite aufgetaucht. Da ich nirgends irgendwo Daten eingegeben habe ( PIN oder TANs) lag der Verdacht auf Trojaner o.ä. nahe und ich habe massiv die letzten Tage mein System scannen und putzen lassen.
Es wurde 2 SHeur Trojaner gefunden, und auch ein Verzeichnis portwexexe.
AVG SurfShield hat diese Woche auch ein paarmal Inhalte blockiert

Meine "Putzprogramme": AVG Vollversion, SpyBot, Malwarebytes

Alle scans von gestern und heute sind sauber.
Nach Aktivierung von Malwarebytes als Vollversion bekomme ich nun aber ständig folgende Warnung : Zugang zu einer potenziell gefährlichen Webseite erfolgreich blockiert. Art: ausgehen

Hier die Log Datei:
Zitat:
13:04:58 Alex MESSAGE Database updated successfully
13:04:59 Alex MESSAGE IP Protection started successfully
13:23:35 Alex IP-BLOCK 193.186.9.87 (Type: outgoing)
13:23:38 Alex IP-BLOCK 193.186.9.87 (Type: outgoing)
13:23:44 Alex IP-BLOCK 193.186.9.87 (Type: outgoing)
13:30:34 Alex IP-BLOCK 193.186.9.45 (Type: outgoing)
13:30:37 Alex IP-BLOCK 193.186.9.45 (Type: outgoing)
13:30:43 Alex IP-BLOCK 193.186.9.45 (Type: outgoing)
13:30:47 Alex IP-BLOCK 193.186.9.45 (Type: outgoing)
13:30:50 Alex IP-BLOCK 193.186.9.45 (Type: outgoing)
13:30:55 Alex IP-BLOCK 193.186.9.56 (Type: outgoing)
13:30:56 Alex IP-BLOCK 193.186.9.45 (Type: outgoing)
13:30:58 Alex IP-BLOCK 193.186.9.45 (Type: outgoing)
13:30:59 Alex IP-BLOCK 193.186.9.56 (Type: outgoing)
13:31:01 Alex IP-BLOCK 193.186.9.45 (Type: outgoing)
13:31:05 Alex IP-BLOCK 193.186.9.56 (Type: outgoing)
13:31:07 Alex IP-BLOCK 193.186.9.45 (Type: outgoing)
13:31:19 Alex IP-BLOCK 193.186.9.56 (Type: outgoing)
13:31:22 Alex IP-BLOCK 193.186.9.56 (Type: outgoing)
13:31:28 Alex IP-BLOCK 193.186.9.56 (Type: outgoing)
13:32:40 Alex IP-BLOCK 193.186.9.56 (Type: outgoing)
13:32:43 Alex IP-BLOCK 193.186.9.56 (Type: outgoing)
13:32:49 Alex IP-BLOCK 193.186.9.56 (Type: outgoing)
13:38:38 Alex IP-BLOCK 193.186.9.45 (Type: outgoing)
13:38:41 Alex IP-BLOCK 193.186.9.45 (Type: outgoing)
13:38:47 Alex IP-BLOCK 193.186.9.45 (Type: outgoing)
13:38:59 Alex IP-BLOCK 193.186.9.56 (Type: outgoing)
13:39:02 Alex IP-BLOCK 193.186.9.56 (Type: outgoing)
13:39:08 Alex IP-BLOCK 193.186.9.56 (Type: outgoing)
13:44:07 Alex IP-BLOCK 193.186.9.87 (Type: outgoing)
13:44:09 Alex IP-BLOCK 193.186.9.87 (Type: outgoing)
13:44:15 Alex IP-BLOCK 193.186.9.87 (Type: outgoing)
14:04:42 Alex IP-BLOCK 193.186.9.87 (Type: outgoing)
14:04:45 Alex IP-BLOCK 193.186.9.87 (Type: outgoing)
14:04:51 Alex IP-BLOCK 193.186.9.87 (Type: outgoing)
14:06:48 Alex IP-BLOCK 193.186.9.45 (Type: outgoing)
14:06:51 Alex IP-BLOCK 193.186.9.45 (Type: outgoing)
14:06:57 Alex IP-BLOCK 193.186.9.45 (Type: outgoing)
14:07:09 Alex IP-BLOCK 193.186.9.56 (Type: outgoing)
14:07:12 Alex IP-BLOCK 193.186.9.56 (Type: outgoing)
14:07:18 Alex IP-BLOCK 193.186.9.56 (Type: outgoing)
14:25:17 Alex IP-BLOCK 193.186.9.87 (Type: outgoing)
14:25:20 Alex IP-BLOCK 193.186.9.87 (Type: outgoing)
14:25:26 Alex IP-BLOCK 193.186.9.87 (Type: outgoing)
14:29:21 Alex IP-BLOCK 193.186.9.45 (Type: outgoing)
14:29:24 Alex IP-BLOCK 193.186.9.45 (Type: outgoing)
14:29:30 Alex IP-BLOCK 193.186.9.45 (Type: outgoing)
14:29:42 Alex IP-BLOCK 193.186.9.56 (Type: outgoing)
14:29:45 Alex IP-BLOCK 193.186.9.56 (Type: outgoing)
14:29:51 Alex IP-BLOCK 193.186.9.56 (Type: outgoing)
14:35:36 Alex IP-BLOCK 193.186.9.56 (Type: outgoing)
14:35:39 Alex IP-BLOCK 193.186.9.56 (Type: outgoing)
14:35:45 Alex IP-BLOCK 193.186.9.56 (Type: outgoing)
14:45:50 Alex IP-BLOCK 193.186.9.87 (Type: outgoing)
14:45:53 Alex IP-BLOCK 193.186.9.87 (Type: outgoing)
14:45:59 Alex IP-BLOCK 193.186.9.87 (Type: outgoing)
15:06:22 Alex IP-BLOCK 193.186.9.87 (Type: outgoing)
15:06:25 Alex IP-BLOCK 193.186.9.87 (Type: outgoing)
15:06:31 Alex IP-BLOCK 193.186.9.87 (Type: outgoing)
15:12:04 Alex IP-BLOCK 193.186.9.45 (Type: outgoing)
15:12:06 Alex IP-BLOCK 193.186.9.45 (Type: outgoing)
15:12:12 Alex IP-BLOCK 193.186.9.45 (Type: outgoing)
15:12:25 Alex IP-BLOCK 193.186.9.56 (Type: outgoing)
15:12:28 Alex IP-BLOCK 193.186.9.56 (Type: outgoing)
15:12:34 Alex IP-BLOCK 193.186.9.56 (Type: outgoing)
15:15:11 Alex IP-BLOCK 193.186.9.56 (Type: outgoing)
15:15:14 Alex IP-BLOCK 193.186.9.56 (Type: outgoing)
15:15:20 Alex IP-BLOCK 193.186.9.56 (Type: outgoing)
15:17:28 Alex IP-BLOCK 193.186.9.45 (Type: outgoing)
15:17:31 Alex IP-BLOCK 193.186.9.45 (Type: outgoing)
15:17:37 Alex IP-BLOCK 193.186.9.45 (Type: outgoing)
15:17:50 Alex IP-BLOCK 193.186.9.56 (Type: outgoing)
15:17:53 Alex IP-BLOCK 193.186.9.56 (Type: outgoing)
15:17:59 Alex IP-BLOCK 193.186.9.56 (Type: outgoing)
15:18:17 Alex IP-BLOCK 193.186.9.56 (Type: outgoing)
15:18:20 Alex IP-BLOCK 193.186.9.56 (Type: outgoing)
15:18:26 Alex IP-BLOCK 193.186.9.56 (Type: outgoing)
15:18:53 Alex IP-BLOCK 193.186.9.45 (Type: outgoing)
15:18:56 Alex IP-BLOCK 193.186.9.45 (Type: outgoing)
15:19:02 Alex IP-BLOCK 193.186.9.45 (Type: outgoing)
15:19:14 Alex IP-BLOCK 193.186.9.56 (Type: outgoing)
15:19:17 Alex IP-BLOCK 193.186.9.56 (Type: outgoing)
15:19:23 Alex IP-BLOCK 193.186.9.56 (Type: outgoing)
15:26:55 Alex IP-BLOCK 193.186.9.87 (Type: outgoing)
15:26:58 Alex IP-BLOCK 193.186.9.87 (Type: outgoing)
15:27:04 Alex IP-BLOCK 193.186.9.87 (Type: outgoing)
15:47:27 Alex IP-BLOCK 193.186.9.87 (Type: outgoing)
15:47:30 Alex IP-BLOCK 193.186.9.87 (Type: outgoing)
15:47:36 Alex IP-BLOCK 193.186.9.87 (Type: outgoing)
Hier die Malwarebyte Scan Log Datei:
Zitat:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5633

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

29.01.2011 13:01:52
mbam-log-2011-01-29 (13-01-52).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 1
Laufzeit: 2 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
OTL OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 29.01.2011 15:08:02 - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Alex\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 68,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 80,50 Gb Free Space | 34,57% Space Free | Partition Type: NTFS
 
Computer Name: WOHNZIMMER | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\Alex\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\MSI\DualCoreCenter\DualCoreCenter.exe ()
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\WINDOWS\system32\ASTSRV.EXE (Nalpeiron Ltd.)
PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\WINDOWS\system32\osk.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\msswchx.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Documents and Settings\Alex\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)
MOD - C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.)
MOD - C:\Program Files\Logitech\SetPoint\GameHook.dll (Logitech, Inc.)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe ()
SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (MotoConnect Service) -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (WiselinkPro) -- C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe ()
SRV - (AdobeActiveFileMonitor7.0) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (ASTSRV) -- C:\WINDOWS\system32\ASTSRV.EXE (Nalpeiron Ltd.)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (ACEDRV07) -- C:\WINDOWS\system32\drivers\ACEDRV07.sys (Protect Software GmbH)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShimxpx) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSErHrxpx) -- C:\WINDOWS\System32\Drivers\AVGIDSxx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriverxpx) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilterxpx) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgRkx86) -- C:\WINDOWS\System32\Drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (motccgp) -- C:\WINDOWS\system32\drivers\motccgp.sys (Motorola)
DRV - (MotDev) -- C:\WINDOWS\system32\drivers\motodrv.sys (Motorola Inc)
DRV - (RushTopDevice2) -- C:\Program Files\MSI\DualCoreCenter\RushTop.sys (Your Corporation)
DRV - (motccgpfl) -- C:\WINDOWS\system32\drivers\motccgpfl.sys (Motorola)
DRV - (DualCoreCenter) -- C:\Program Files\MSI\DualCoreCenter\NTGLM7X.sys (MICRO-STAR INT'L CO., LTD.)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (DCamUSBTP10) -- C:\WINDOWS\system32\drivers\iP293x.SYS (iPassion Technology Inc.)
DRV - (NPPTNT2) -- C:\WINDOWS\system32\npptNT2.sys (INCA Internet Co., Ltd.)
DRV - (P2k) -- C:\WINDOWS\system32\drivers\P2k.sys (Motorola Inc)
DRV - (USBIO) USBIO Driver (usbio.sys) -- C:\WINDOWS\system32\drivers\usbio.sys (Thesycon GmbH, Germany)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.20.0.66
FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:4.5.2.0
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.88
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010.11.24 15:25:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010.10.26 09:18:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.01.12 15:16:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.01.29 13:32:19 | 000,000,000 | ---D | M]
 
[2010.01.04 12:19:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Alex\Application Data\Mozilla\Extensions
[2011.01.29 13:36:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\wxw6eg3k.default\extensions
[2011.01.04 19:33:55 | 000,000,000 | ---D | M] (FireShot) -- C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\wxw6eg3k.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2010.07.22 20:45:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\wxw6eg3k.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.11.30 09:39:15 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\wxw6eg3k.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010.12.24 14:21:11 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\wxw6eg3k.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.07.13 17:42:53 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\wxw6eg3k.default\extensions\2020Player@2020Technologies.com
[2010.09.23 17:38:46 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\wxw6eg3k.default\extensions\DeviceDetection@logitech.com
[2010.09.17 20:15:07 | 000,000,000 | ---D | M] (Personas) -- C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\wxw6eg3k.default\extensions\personas@christopher.beard
[2011.01.29 13:36:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.01.29 13:32:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010.11.24 15:25:47 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG9\FIREFOX
[2010.01.05 10:15:08 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.03.23 22:55:31 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.23 22:55:31 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.23 22:55:31 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.23 22:55:31 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.23 22:55:31 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.01.29 15:07:16 | 000,429,203 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    www.0scan.com
O1 - Hosts: 127.0.0.1    0scan.com
O1 - Hosts: 127.0.0.1    1000gratisproben.com
O1 - Hosts: 127.0.0.1    www.1000gratisproben.com
O1 - Hosts: 127.0.0.1    1001namen.com
O1 - Hosts: 127.0.0.1    www.1001namen.com
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    www.100888290cs.com
O1 - Hosts: 127.0.0.1    www.100sexlinks.com
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.10sek.com
O1 - Hosts: 127.0.0.1    www.1-2005-search.com
O1 - Hosts: 127.0.0.1    1-2005-search.com
O1 - Hosts: 14778 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DualCoreCenter.lnk = C:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 11
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Translate with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (Device Detection)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262559069890 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (C:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe) - C:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Alex\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Alex\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.01.03 23:38:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.01.29 14:54:34 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Alex\Desktop\OTL.exe
[2011.01.29 14:03:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alex\Desktop\Firewall_logs
[2011.01.29 13:32:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.01.29 13:32:19 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011.01.29 13:32:19 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011.01.29 13:32:19 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011.01.29 13:32:19 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011.01.27 15:45:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alex\Application Data\Malwarebytes
[2011.01.27 15:44:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.01.27 15:44:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011.01.27 15:44:55 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.01.27 15:44:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.01.18 21:28:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alex\Application Data\FriendsGamesNetwork
[2011.01.18 21:27:50 | 000,000,000 | ---D | C] -- C:\Program Files\Bird's Town
[2011.01.17 12:10:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alex\Saved Games
[2011.01.17 12:10:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Green Clover Games
[2011.01.17 12:10:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alex\Application Data\Green Clover Games
[2011.01.17 12:10:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alex\Start Menu\Programs\Project Rescue Africa
[2011.01.17 12:10:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\Project Rescue Africa
[2011.01.17 12:10:27 | 000,000,000 | ---D | C] -- C:\Program Files\Project Rescue Africa
[2011.01.17 09:30:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alex\Application Data\vlc
[2011.01.17 09:29:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011.01.11 18:18:19 | 000,000,000 | ---D | C] -- C:\Program Files\Bulk Rename Utility
[2011.01.11 18:18:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Bulk Rename Utility
[2011.01.11 11:57:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alex\Application Data\iMaxGen
[2011.01.11 11:57:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alex\Start Menu\Programs\Hexus
[2011.01.11 11:56:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\Hexus
[2011.01.11 11:56:59 | 000,000,000 | ---D | C] -- C:\Program Files\Hexus
[2011.01.09 14:51:21 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Alex\My Documents\Eigene Datenquellen
[2010.12.31 15:17:13 | 000,147,456 | R--- | C] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) -- C:\WINDOWS\System32\MUINST_U.EXE
[2010.12.31 15:16:30 | 001,282,048 | ---- | C] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) -- C:\WINDOWS\System32\MSTMON_U.DLL
[2010.12.31 15:16:30 | 000,204,800 | ---- | C] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) -- C:\WINDOWS\System32\MPSMC__U.EXE
[2010.12.31 15:16:30 | 000,176,128 | ---- | C] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) -- C:\WINDOWS\System32\MSTMON_U.EXE
[2010.12.31 15:16:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\KONICA MINOLTA
[2010.12.31 15:16:16 | 000,109,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSWINSCK.OCX
[2010.12.31 15:16:16 | 000,000,000 | ---D | C] -- C:\Program Files\KONICA MINOLTA
[2010.01.05 13:22:25 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Alex\Application Data\pcouffin.sys
[2004.11.24 19:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.01.29 15:07:16 | 000,429,203 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011.01.29 14:54:34 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alex\Desktop\OTL.exe
[2011.01.29 14:52:37 | 000,472,098 | ---- | M] () -- C:\Documents and Settings\Alex\Desktop\Load.exe
[2011.01.29 14:31:50 | 070,562,341 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011.01.29 10:33:39 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.01.29 10:32:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.01.29 00:33:31 | 000,005,759 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011.01.28 18:55:59 | 000,040,448 | ---- | M] () -- C:\Documents and Settings\Alex\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.28 16:07:03 | 000,001,495 | ---- | M] () -- C:\Documents and Settings\Alex\Application Data\Microsoft\Internet Explorer\Quick Launch\On-Screen Keyboard.lnk
[2011.01.28 16:06:46 | 000,001,495 | ---- | M] () -- C:\Documents and Settings\Alex\Desktop\On-Screen Keyboard.lnk
[2011.01.28 09:56:44 | 000,004,296 | ---- | M] () -- C:\Documents and Settings\Alex\Desktop\Kleinunternehmerrechnung.zip
[2011.01.25 16:10:06 | 000,235,237 | ---- | M] () -- C:\Documents and Settings\Alex\Desktop\bigware_virus_warnung.jpg
[2011.01.25 15:16:15 | 000,783,808 | ---- | M] () -- C:\Documents and Settings\Alex\Desktop\bigware_virus.png
[2011.01.24 20:34:20 | 000,428,822 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110127-143956.backup
[2011.01.23 18:05:57 | 000,061,048 | ---- | M] () -- C:\Documents and Settings\Alex\Desktop\IGV_23.01.11.docx
[2011.01.19 11:34:00 | 000,002,324 | ---- | M] () -- C:\Documents and Settings\Alex\My Documents\index_die_verändert_wurde.php
[2011.01.18 21:28:00 | 000,001,629 | ---- | M] () -- C:\Documents and Settings\Alex\Desktop\Bird'sTown.lnk
[2011.01.17 12:10:35 | 000,001,756 | ---- | M] () -- C:\Documents and Settings\Alex\Desktop\Project Rescue Africa.lnk
[2011.01.16 12:09:44 | 000,150,236 | ---- | M] () -- C:\Documents and Settings\Alex\Desktop\psp.jpg
[2011.01.16 12:08:46 | 000,258,262 | ---- | M] () -- C:\Documents and Settings\Alex\Desktop\ski.jpg
[2011.01.16 12:07:25 | 000,149,856 | ---- | M] () -- C:\Documents and Settings\Alex\Desktop\skistiefel.jpg
[2011.01.11 11:57:14 | 000,001,492 | ---- | M] () -- C:\Documents and Settings\Alex\Desktop\Hexus.lnk
[2011.01.07 12:12:38 | 000,000,981 | ---- | M] () -- C:\Documents and Settings\Alex\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011.01.07 12:11:12 | 000,428,696 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110124-203420.backup
[2011.01.06 14:19:57 | 026,993,231 | ---- | M] () -- C:\Documents and Settings\Alex\My Documents\Photoshop Elements 9 for Dummies.pdf
[2011.01.01 14:23:11 | 000,061,473 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\shop-entrance1.jpg
[2010.12.31 15:19:40 | 000,001,617 | ---- | M] () -- C:\WINDOWS\vpd.properties
[2010.12.31 15:16:18 | 001,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMCTL.OCX
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.01.29 14:52:36 | 000,472,098 | ---- | C] () -- C:\Documents and Settings\Alex\Desktop\Load.exe
[2011.01.28 16:07:03 | 000,001,495 | ---- | C] () -- C:\Documents and Settings\Alex\Application Data\Microsoft\Internet Explorer\Quick Launch\On-Screen Keyboard.lnk
[2011.01.28 16:06:46 | 000,001,495 | ---- | C] () -- C:\Documents and Settings\Alex\Desktop\On-Screen Keyboard.lnk
[2011.01.28 09:56:43 | 000,004,296 | ---- | C] () -- C:\Documents and Settings\Alex\Desktop\Kleinunternehmerrechnung.zip
[2011.01.25 16:10:06 | 000,235,237 | ---- | C] () -- C:\Documents and Settings\Alex\Desktop\bigware_virus_warnung.jpg
[2011.01.25 15:16:14 | 000,783,808 | ---- | C] () -- C:\Documents and Settings\Alex\Desktop\bigware_virus.png
[2011.01.23 17:35:42 | 000,061,048 | ---- | C] () -- C:\Documents and Settings\Alex\Desktop\IGV_23.01.11.docx
[2011.01.19 11:34:00 | 000,002,324 | ---- | C] () -- C:\Documents and Settings\Alex\My Documents\index_die_verändert_wurde.php
[2011.01.18 21:28:00 | 000,001,629 | ---- | C] () -- C:\Documents and Settings\Alex\Desktop\Bird'sTown.lnk
[2011.01.18 21:19:48 | 000,001,505 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Vuze.lnk
[2011.01.17 12:10:35 | 000,001,756 | ---- | C] () -- C:\Documents and Settings\Alex\Desktop\Project Rescue Africa.lnk
[2011.01.16 12:09:44 | 000,150,236 | ---- | C] () -- C:\Documents and Settings\Alex\Desktop\psp.jpg
[2011.01.16 12:08:46 | 000,258,262 | ---- | C] () -- C:\Documents and Settings\Alex\Desktop\ski.jpg
[2011.01.16 12:07:25 | 000,149,856 | ---- | C] () -- C:\Documents and Settings\Alex\Desktop\skistiefel.jpg
[2011.01.11 11:57:14 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\Alex\Desktop\Hexus.lnk
[2011.01.06 21:31:21 | 026,993,231 | ---- | C] () -- C:\Documents and Settings\Alex\My Documents\Photoshop Elements 9 for Dummies.pdf
[2011.01.01 14:51:35 | 000,004,039 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\slide.3ss
[2011.01.01 14:36:28 | 000,189,198 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\slide.swf
[2011.01.01 14:18:03 | 000,061,473 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\shop-entrance1.jpg
[2010.12.31 15:17:22 | 000,169,984 | ---- | C] () -- C:\WINDOWS\System32\crnxmon.dll
[2010.12.31 15:17:22 | 000,131,584 | ---- | C] () -- C:\WINDOWS\System32\crnxutil.dll
[2010.12.31 15:17:22 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\mqisnmp.dll
[2010.12.31 15:17:13 | 000,002,977 | R--- | C] () -- C:\WINDOWS\System32\MUNZ___U.UNM
[2010.12.31 15:16:30 | 000,039,596 | ---- | C] () -- C:\WINDOWS\MSTMON_U.INI
[2010.12.31 15:16:18 | 000,001,617 | ---- | C] () -- C:\WINDOWS\vpd.properties
[2010.12.31 15:16:16 | 000,001,524 | ---- | C] () -- C:\WINDOWS\System32\cbklib.tlb
[2010.12.27 23:57:21 | 000,080,416 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010.11.20 14:54:33 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Milli.ini
[2010.11.11 18:47:21 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\mf.dll
[2010.10.24 13:51:17 | 000,005,759 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010.10.21 12:25:11 | 000,000,017 | ---- | C] () -- C:\WINDOWS\Missing.ini
[2010.08.17 07:32:50 | 000,001,057 | ---- | C] () -- C:\Documents and Settings\Alex\Application Data\vso_ts_preview.xml
[2010.08.12 11:10:15 | 000,000,310 | ---- | C] () -- C:\WINDOWS\ka.ini
[2010.05.11 22:38:06 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2010.04.08 18:36:13 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010.02.20 14:05:06 | 000,019,619 | ---- | C] () -- C:\WINDOWS\MSUMLT_U.INI
[2010.02.12 09:27:15 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2010.02.07 17:24:46 | 000,000,191 | ---- | C] () -- C:\WINDOWS\disney.ini
[2010.02.07 16:03:17 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2010.02.07 16:03:17 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2010.01.29 12:13:03 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Alex\Application Data\setup_ldm.iss
[2010.01.20 21:13:00 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll
[2010.01.20 21:13:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2010.01.20 15:16:33 | 003,345,408 | ---- | C] () -- C:\WINDOWS\System32\avcodec-51.dll
[2010.01.20 15:16:33 | 000,448,512 | ---- | C] () -- C:\WINDOWS\System32\avformat-50.dll
[2010.01.20 15:16:33 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\avutil-49.dll
[2010.01.05 13:22:28 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Alex\Application Data\pcouffin.log
[2010.01.05 13:22:25 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Alex\Application Data\inst.exe
[2010.01.05 13:22:25 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Alex\Application Data\pcouffin.cat
[2010.01.05 13:22:25 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Alex\Application Data\pcouffin.inf
[2010.01.04 17:57:55 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010.01.04 17:02:10 | 000,040,448 | ---- | C] () -- C:\Documents and Settings\Alex\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.04 01:54:16 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2010.01.04 00:29:31 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008.12.19 15:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008.12.17 17:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008.12.17 17:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008.12.17 17:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.12.17 17:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008.12.17 16:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008.10.07 08:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008.10.07 08:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007.12.15 14:55:30 | 005,423,104 | ---- | C] () -- C:\WINDOWS\System32\tlpsplib10.dll
[2007.12.15 14:55:30 | 002,510,848 | --S- | C] () -- C:\WINDOWS\System32\tlpsplib10.dll_original
[2007.04.17 15:34:40 | 000,135,716 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2004.10.13 04:55:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\MSHRES_U.DLL
[2004.10.03 17:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:19823AC6
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:774A0E14
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:44807EFA
 
< End of report >
         
--- --- ---

[/QUOTE]

Extras OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 29.01.2011 15:08:02 - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Alex\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 68,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 80,50 Gb Free Space | 34,57% Space Free | Partition Type: NTFS
 
Computer Name: WOHNZIMMER | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"56656:TCP" = 56656:TCP:*:Enabled:Pando Media Booster
"56656:UDP" = 56656:UDP:*:Enabled:Pando Media Booster
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"56656:TCP" = 56656:TCP:*:Disabled:Pando Media Booster
"56656:UDP" = 56656:UDP:*:Disabled:Pando Media Booster
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe" = C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe:*:Enabled:WiselinkPro -- ()
"C:\Program Files\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe" = C:\Program Files\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe:*:Enabled:http_ss_win_pro -- ()
"C:\Program Files\WS_FTP\WS_FTP95.exe" = C:\Program Files\WS_FTP\WS_FTP95.exe:*:Enabled:WS_FTP 95 -- (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA)
"C:\Program Files\Motorola\Software Update\msu.exe" = C:\Program Files\Motorola\Software Update\msu.exe:*:Enabled:msu -- (Motorola)
"C:\Program Files\Ubisoft\Related Designs\ANNO 1404\tools\AddonWeb.exe" = C:\Program Files\Ubisoft\Related Designs\ANNO 1404\tools\AddonWeb.exe:*:Disabled:AddonWeb -- ()
"C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe" = C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs -- (Ensemble Studios)
"C:\Program Files\Ubisoft\Die Siedler 7\Data\Base\_Dbg\Bin\Release\Settlers7R.exe" = C:\Program Files\Ubisoft\Die Siedler 7\Data\Base\_Dbg\Bin\Release\Settlers7R.exe:*:Enabled:Die Siedler 7 -- (Blue Byte GmbH)
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher -- (Ubisoft)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\TeamViewer\Version6\TeamViewer.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\WINDOWS\system32\MPSMC__U.EXE" = C:\WINDOWS\system32\MPSMC__U.EXE:*:Enabled:Printer Status Monitor Center -- (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)
"D:\install\german\MQInpw.exe" = D:\install\german\MQInpw.exe:*:Disabled:MQInpw
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0893078B-8A9A-84D6-D393-119B9B0B033A}" = CCC Help French
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09CF6AF5-9206-4FD7-9B08-BA6819FB47E3}" = Anno 1404
"{0C51A75A-537D-4E2F-8683-B3BD7DF32379}_is1" = Terrafarmers version 1.0
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0CA38F52-F0FA-4B9F-8A36-EC8A9609FBBC}" = Halo 2 for Windows Vista
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E2A60F7-2907-5718-FF16-7D8FAF70051E}" = CCC Help Chinese Standard
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{11192AA7-FBE3-4150-9667-EE7279CCC769}" = LEGO® Indiana Jones™ 2
"{14FAE013-AE19-4FC9-B5BF-E56ADC01ECE6}" = CCC Help Turkish
"{15292416-A464-4FBA-BB96-7298EAACFC07}" = Zoo Tycoon 2 - Ausgestorbene Tierarten
"{164965E8-4BB0-4EEB-AFBA-75785A2A2A7F}" = Adobe Fireworks CS5
"{17BB2784-6EE4-D7FF-FE63-58A3AD2B3708}" = CCC Help Russian
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{20B83B31-09C4-4F0E-9774-EF8A12A0A527}" = Adobe Device Central CS3
"{233588CF-96D5-46AF-EF74-7EC382662791}" = Catalyst Control Center Graphics Full Existing
"{23BE4DF2-293D-4077-82F4-1FD8C269277C}" = TuneUp Utilities Language Pack (en-US)
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 23
"{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3260ECBC-9DDF-E7A3-0863-449473BC7BD5}" = CCC Help Chinese Traditional
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39C6C229-CFFD-639E-229A-E463FCD87478}" = CCC Help German
"{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}" = Adobe Setup
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{477B5D48-14D4-4EFE-921E-AB95D0E2D57B}" = Sprachtrainer Découvertes Cadet 2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F11FC80-CE8C-1BD4-5C39-EBE5744E5135}" = CCC Help Portuguese
"{4FAB2BA7-E16C-95D2-F326-60A68409373F}" = Catalyst Control Center HydraVision Full
"{529AA9A8-5020-6CFB-A809-BC5943C87077}" = CCC Help Thai
"{53604297-26FD-516D-6FF7-1063BA64A0A4}" = Catalyst Control Center Graphics Light
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{55BD3B0B-F054-9341-514F-295A5F7EA450}" = CCC Help Spanish
"{5A4FA9C8-ED56-08C3-153B-FC5C19256290}" = CCC Help Dutch
"{5C08784B-D955-4BB4-8C70-43C89A738F58}" = Motorola Phone Tools
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63CEA2E4-4FE7-4F2C-B388-C1313D24157C}" = SPORE™ Galaktische Abenteuer
"{6A67911E-8EB5-4F9A-8D8E-1C4CC590B914}" = Motorola Software Update
"{6C390D51-E5F0-4FCD-24C4-731ACAF34571}" = CCC Help Japanese
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{762EBEC5-7ADC-48DC-ADDE-882616730050}" = TransType Pro
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{77A1AE2C-C17A-405C-91C0-8FB90144D7C3}" = MotoConnect
"{78B9C3A6-A234-40D0-858E-1FD0DACA99CC}" = Découvertes 1 Sprachtrainer
"{7AA8FA9A-1656-7DBD-633B-FE7A62BBED0C}" = CCC Help Czech
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{839916F4-D8B5-4407-BE6D-6D4EB9D96AF4}" = LIVE gaming on Windows Runtime Version 1.0.6027
"{870F1750-BA89-11DA-A94D-0800200C9A66}_is1" = VSO CopyToDVD 4
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{8C22131B-8634-CECF-F0D1-A2ECC160B450}" = CCC Help Norwegian
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8FD0AC90-1268-4A53-977E-E8E90D10EF6A}" = Crown Print Monitor+
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90FBE4D0-2ACA-A8A8-2CC4-CFFBAE528504}" = CCC Help Finnish
"{99A37AC7-E724-4621-B167-500B5A52B69C}" = LastChaosGER
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C916142-C18C-429D-BFED-40094A7E0BEB}" = Die Siedler 7
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D74375E-3012-E7D2-9229-B220C91F326A}" = Catalyst Control Center Core Implementation
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{9EE8BDCA-7505-4895-D91E-8108DD16292E}" = CCC Help English
"{A0673E9E-4510-4AA0-B860-58FD5A7212A1}" = Motorola Driver Installation 4.5.0
"{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}" = ANNO 1404 - Venice
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8AF8BD3-61B5-7945-4D1B-217421F604FC}" = CCC Help Hungarian
"{AA46E1C5-A709-6D9B-D99D-92E4C6E042A9}" = CCC Help Korean
"{AA62A33C-9E5E-3913-7D88-7E58A8CB1493}" = CCC Help Greek
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{ACC901CB-12A9-4252-8535-4020803CD819}" = Sprachtrainer Découvertes 2
"{B3276CB1-20B6-4AF9-AAEC-E72C83816495}" = IKEA Home Planner
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B653F643-A1B4-9936-2DB6-FEA9A3110D8D}" = ccc-core-preinstall
"{B71C4637-0247-78CE-6A3D-D61645CB8921}" = ccc-utility
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{BC2E7C0B-1AC6-5F6C-F31D-E1E72D8E0B5C}" = CCC Help Danish
"{BF8C7DA7-2DE6-ED67-6C82-6BE82F8BA8D3}" = Catalyst Control Center Graphics Full New
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}" = SPORE™ Süß & Schrecklich Ergänzungs-Pack
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C13A8E73-7E98-4295-BA94-6931701CD1F9}" = Topaz Vivacity
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C409F338-BB20-6C4A-F40D-20CA07AF714C}" = CCC Help Polish
"{C50EF365-2898-489A-B6C7-30DAA466E9A2}" = Nokia Connectivity Cable Driver
"{C5A8DF48-580B-44D3-B2B2-E965A9368F28}" = LEGO® Harry Potter™: Die Jahre 1-4
"{C9AAF970-4E7E-4C98-AD67-09C74379D345}" = Harry Potter und die Heiligtümer des Todes™ - Teil 1
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D4B7B2DC-E688-A9D6-6EC0-56AE540E074C}" = Catalyst Control Center Localization All
"{D7A53E41-3F32-4A44-989C-53DDEBB2130C}" = Adobe Extension Manager CS3
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9CD701B-3F04-FC69-D974-F3A7F5E9BA30}" = CCC Help Swedish
"{D9D93D74-107D-4BD3-87D0-AABCF7C98BD5}" = Catalyst Control Center - Branding
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.12.327
"{E213321B-1E88-B38D-DAB2-D8CB9355984A}" = Skins
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E8701D50-3453-4292-887A-A5387DDB969F}" = Greeting Card Builder
"{F01D5ED5-D53A-4468-B428-149DC2CB3110}" = Adobe Dreamweaver CS3
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F4148D8F-ED3A-3097-509C-04D5560220F9}" = ccc-core-static
"{F49FEF83-45CA-4CE8-8304-A7372BA07AA9}" = Motorola Phone Tools
"{F7E68997-E626-952B-A7BF-F72066CD5D77}" = Catalyst Control Center Graphics Previews Common
"{FA36C82B-464D-51F2-A6A1-0BC9140BE067}" = CCC Help Italian
"{FBCF2ED3-AFB5-475E-BF9A-30BEAD366FBC}" = Sprachtrainer Fonts
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows Driver Package - Nokia Modem (10/05/2009 4.2)
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows Driver Package - Nokia Modem (02/15/2007 3.1)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"6983398e91e00aa801030d9612c168ab" = KONICA MINOLTA magicolor 2430DL Druckertreiber-Software
"8461-7759-5462-8226" = Vuze
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
"AAA Logo 3.10 Business_is1" = AAA Logo Business Edition 3.10
"Action Replay Code Manager_is1" = Action Replay Code Manager
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_435a6af7459cb02a9c1138113a26e93" = Adobe Dreamweaver CS3
"Age of Mythology 1.0" = Age of Mythology
"Age of Mythology Expansion Pack 1.0" = Age of Mythology - The Titans Expansion
"Aleo 3D Flash Slideshow Creator_is1" = Aleo 3D Flash Slideshow Creator 1.6
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"AMS Photo Effects_is1" = AMS Photo Effects 2.61
"Apassionata/EN/ES-English_is1" = Apassionata
"ATI Display Driver" = ATI Display Driver
"AVG9Uninstall" = AVG 9.0
"B726756F5B5A5AA9D798B399386FC6205A45F19E" = Windows Driver Package - Nokia Modem (02/15/2007 3.1)
"Babylon" = Babylon
"Ballville - The Beginning3.424" = Ballville - The Beginning
"Bird's Town1.0.0.1" = Bird's Town
"Bulk Rename Utility_is1" = Bulk Rename Utility 2.7.1.2
"CD8424B9400BFF7D34AA18F816C71322AC4BDAA7" = Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1)
"Cheat Engine 5.6_is1" = Cheat Engine 5.6
"Dinosaur Battles(TM)" = Dinosaur Battles(TM)
"Divinity II - Ego Draconis_is1" = Divinity II - Ego Draconis
"DualCoreCenter_is1" = DualCoreCenter
"EADM" = EA Download Manager
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Eye Candy 6" = Alien Skin Eye Candy 6
"Farm Craft 2 - Global Vegetable Crisis1.2.0.14440" = Farm Craft 2 - Global Vegetable Crisis
"Farm Tribe1.0" = Farm Tribe
"FG_1.4" = Jumpstart First Grade v1.4
"FormatFactory" = FormatFactory 2.20
"Halo" = Microsoft Halo
"Hexus1.0" = Hexus
"HijackThis" = HijackThis 2.0.2
"Hoyle Puzzle and Board Games 2011" = Hoyle Puzzle and Board Games 2011 (remove only)
"ie8" = Windows Internet Explorer 8
"InstallShield_{11192AA7-FBE3-4150-9667-EE7279CCC769}" = LEGO® Indiana Jones™ 2:*Die neuen Abenteuer
"InstallShield_{15292416-A464-4FBA-BB96-7298EAACFC07}" = Zoo Tycoon 2 - Ausgestorbene Tierarten
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"Kings Bounty Armored Princess_is1" = King's Bounty: Crossworlds
"KONICA MINOLTA magicolor 2430DL" = KONICA MINOLTA magicolor 2430DL
"Liveupdate4_is1" = Liveupdate4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Milli-Metha's Abenteuer im Bauch des Riesen" = Milli-Metha's Abenteuer im Bauch des Riesen
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Nokia PC Suite" = Nokia PC Suite
"Operation Mania" = Operation Mania (remove only)
"Paradise Beach1.0" = Paradise Beach
"Power Retouche Retouching Suite" = Power Retouche Retouching Suite
"Project Rescue Africa1.0" = Project Rescue Africa
"PSPad editor_is1" = PSPad editor
"SKIP BO Castaway Caper1.0" = SKIP BO Castaway Caper
"SolveigMM AVI Trimmer 1.6.801.18" = SolveigMM AVI Trimmer
"Star Wars: The Force Unleashed 2_is1" = Star Wars: The Force Unleashed 2
"SuperMailer" = SuperMailer 5.10
"SWF & FLV Toolbox_is1" = SWF & FLV Toolbox 3.5 (build 3.5.17.252)
"TeamViewer 6" = TeamViewer 6
"TIPP10_is1" = TIPP10 Version 2.0.3
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"Ultra Video Joiner_is1" = Ultra Video Joiner 5.2.0603
"VLC media player" = VLC media player 1.1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinRAR archiver" = WinRAR archiver
"XP Codec Pack" = XP Codec Pack
"Yahtzee" = Yahtzee (remove only)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 08.12.2010 16:33:18 | Computer Name = WOHNZIMMER | Source = Application Error | ID = 1000
Description = Faulting application paradisebeach.exe, version 0.0.0.0, faulting 
module paradisebeach.exe, version 0.0.0.0, fault address 0x00047adc.
 
Error - 22.12.2010 17:08:15 | Computer Name = WOHNZIMMER | Source = Application Error | ID = 1000
Description = Faulting application keygen.exe, version 0.0.0.0, faulting module 
ntdll.dll, version 5.1.2600.5755, fault address 0x0000120e.
 
Error - 22.12.2010 17:14:33 | Computer Name = WOHNZIMMER | Source = Application Error | ID = 1000
Description = Faulting application kg.exe, version 0.0.0.0, faulting module ntdll.dll,
version 5.1.2600.5755, fault address 0x0000120e.
 
Error - 25.12.2010 11:32:38 | Computer Name = WOHNZIMMER | Source = Application Error | ID = 1000
Description = Faulting application ballville - the beginning.exe, version 0.0.0.0,
faulting module ballville - the beginning.exe, version 0.0.0.0, fault address 0x00326660.
 
Error - 18.01.2011 08:33:49 | Computer Name = WOHNZIMMER | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. 
 
Error - 18.01.2011 08:33:50 | Computer Name = WOHNZIMMER | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. 
 
Error - 18.01.2011 08:33:51 | Computer Name = WOHNZIMMER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved 
 
Error - 18.01.2011 08:33:52 | Computer Name = WOHNZIMMER | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. 
 
Error - 18.01.2011 08:33:54 | Computer Name = WOHNZIMMER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist. 
 
Error - 27.01.2011 06:22:30 | Computer Name = WOHNZIMMER | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x077c5528.
 
[ System Events ]
Error - 29.01.2011 07:04:30 | Computer Name = WOHNZIMMER | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
 
Error - 29.01.2011 07:04:34 | Computer Name = WOHNZIMMER | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
 
Error - 29.01.2011 07:04:38 | Computer Name = WOHNZIMMER | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
 
Error - 29.01.2011 07:04:42 | Computer Name = WOHNZIMMER | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
 
Error - 29.01.2011 07:04:46 | Computer Name = WOHNZIMMER | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
 
Error - 29.01.2011 07:04:50 | Computer Name = WOHNZIMMER | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
 
Error - 29.01.2011 07:04:54 | Computer Name = WOHNZIMMER | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
 
Error - 29.01.2011 07:04:58 | Computer Name = WOHNZIMMER | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
 
Error - 29.01.2011 07:05:02 | Computer Name = WOHNZIMMER | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
 
Error - 29.01.2011 07:05:07 | Computer Name = WOHNZIMMER | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
 
 
< End of report >
         
--- --- ---

[/QUOTE]

Leider sagt mir Malwarebytes nicht welches Program oder Datei ständig rauswählen möchte.

Bin für jede Hilfe dankbar !

Alt 29.01.2011, 16:19   #2
markusg
/// Malware-holic
 
Ständige Malwarebyte Warnungen, Bankdaten auch schon gestohlen - Standard

Ständige Malwarebyte Warnungen, Bankdaten auch schon gestohlen



das sicherste wäre es, die daten zu sichern und dann neu aufzusetzen.
erst dann wird dein system wieder vertrauenswürdig und du kannst es fürs onlinebanking wieder nutzen.
man kann nicht 100 %ig sicher gehen das man das system sauber bekommt.
ich würde dir dann erklären wie das system richtig abzusichern währe.
__________________

__________________

Alt 29.01.2011, 18:03   #3
Alexandra267
 
Ständige Malwarebyte Warnungen, Bankdaten auch schon gestohlen - Standard

Ständige Malwarebyte Warnungen, Bankdaten auch schon gestohlen



diesen Schritt wollte ich eigentlich vermeiden .

In erster Linie hat mich jetzt interessiert, ob man herausfinden kann, welches program bzw. welche Datei ständig versucht, sich mit dieser potenziel gefährlichen Webseite zu verbinden.
__________________

Alt 29.01.2011, 18:09   #4
markusg
/// Malware-holic
 
Ständige Malwarebyte Warnungen, Bankdaten auch schon gestohlen - Standard

Ständige Malwarebyte Warnungen, Bankdaten auch schon gestohlen



was muss noch passieren, deine bankdaten waren bereits bekannt, muss erst dein konto leer geräumt werden?
man kann das system nicht mit hundert prozentiger sicherheit bereinigen und daher ist das neu aufsetzen das beste.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 31.01.2011, 06:28   #5
Alexandra267
 
Ständige Malwarebyte Warnungen, Bankdaten auch schon gestohlen - Standard

Ständige Malwarebyte Warnungen, Bankdaten auch schon gestohlen



so, habe formatiert und neu aufgesetzt.

welche zusätzlichen Schritte zur Systemabsicherung sind jetzt noch durchzuführen ?

Danke
Alex


Alt 04.02.2011, 07:23   #6
Alexandra267
 
Ständige Malwarebyte Warnungen, Bankdaten auch schon gestohlen - Standard

Ständige Malwarebyte Warnungen, Bankdaten auch schon gestohlen



gibt es, ausser den herkömmlichen Schritten wie Viren Scanner, Firewall etc. noch andere Dinge, die ich durchführen kann, um mein System optimal abzusicher ??

Alt 04.02.2011, 11:36   #7
markusg
/// Malware-holic
 
Ständige Malwarebyte Warnungen, Bankdaten auch schon gestohlen - Standard

Ständige Malwarebyte Warnungen, Bankdaten auch schon gestohlen



sorry ich war ziemlich krank und konnte net online kommen.
http://www.trojaner-board.de/96344-a...-rechners.html
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 05.02.2011, 10:33   #8
Alexandra267
 
Ständige Malwarebyte Warnungen, Bankdaten auch schon gestohlen - Standard

Ständige Malwarebyte Warnungen, Bankdaten auch schon gestohlen



Hallo,
ich hoffe , es geht Dir jetzt wieder besser.

Folgende Schritte sind schon durchgeführt :

- Windows Update ist aktiviert , alle Microsoft Programme werden somit automatisch aktualisiert (Windows, Office, IE ..)

- Anti Virus Program benutze ich AVG ,mit integriertem Surfshield, auch automatisch immer aktualisiert

- Malwarebytes mit aktiviertem Schutzmodul, automatisch immer aktualisiert


Folgendes muss ich mir noch anschauen:

- Windows Dienste konfigurieren und abschalten
Leider wird der von Dir gepostete Link hxxp://ntsvcfg.de/#pfw von Malwarebytes als potenziell gefährliche Webseite eingestuft und blockiert (IP 188.40.69.151 )

Ich habe aber Tuneup Utilities und kann damit alle Startup Programme und Services verwalten.
Jetzt sollte ich halt wissen, welche Programme und Service/Dienste ich an bzw. abschalten muss. Bzw. wie die genau heissen.

- DEP , ich habe windows XP home.
Laut winfaq.de : Die Datenausführungs-Verhinderung kann auch bei Windows XP und Windows 2003 über die BOOT.INI gesteuert werden.

Und hier hört es bei mir schon auf . Ich verstehe nicht, was ich jetzt tun soll.

- Browser : ich benutze Firefox. Die Plugins Adblock plus und Web of Trust sind installiert.
Welche weiteren Schritte sind noch notwendig ?


Sandboxie, die Update Programme und Backup Programme muss ich mir in Ruhe noch ansehen.

Alt 05.02.2011, 11:12   #9
markusg
/// Malware-holic
 
Ständige Malwarebyte Warnungen, Bankdaten auch schon gestohlen - Standard

Ständige Malwarebyte Warnungen, Bankdaten auch schon gestohlen



^der link ist sauber, kannst du die meldung ignorieren?
ich hatte doch etwas zu tuneup geschrieben, solche programme können dir das system zerschießen und machen es nicht schneller, dass was man meint an geschwindigkeit zu bemerken kannst du beruhigt unter plazebo efekt verbuchen.
^- dep:
da steht man kann auch über die boot.ini, musst du aber nicht. da sollte auch nen teil mit systemsteuerung etc stehen wo du das einstellen kannst.
- firefox:
Web of Trust davon halte ich persönlich nicht viel, nur weil die seite zum zeitpunkt der bewertung sauber war ist sie es nicht unbedingt jetzt.
adblock+ um werbung zu blockieren:
Bekannte Filterlisten fr Adblock Plus
hier würde ich 2 oder 3 deutsche filter auswählen.
unter sonstiges die malware blocklist.

sandbox:
den direkten datei zugriff bitte auf firefox.exe und plugin-container.exe
beschrenken, hier kannst du auch noscript und andere plugins eintragen.
OpenFilePath=firefox.exe,%AppData%\Mozilla\Firefox\Profiles\*.default\prefs.js
OpenFilePath=firefox.exe,%AppData%\Mozilla\Firefox\Profiles\*.default\bookmarks.html
OpenFilePath=firefox.exe,%AppData%\Mozilla\Firefox\Profiles\*.default\sessionstore.js
OpenFilePath=firefox.exe,%AppData%\Mozilla\Firefox\Profiles\*.default\adblockplus\patterns.ini
bei
Internetzugriff:
firefox.exe und
plugin-container.exe
eintragen
öffne dann sandboxie, dann oben im menü auf sandbox klickem, wähle deine sandbox aus und klicke dann auf sandboxeinstellung.
dort auf anwendung, webbrowser, firefox.
direkten zugriff auf lesezeichen erlauben auswählen und auf hinzufügen klicken, dann auf ok.
das sind die einstellungen für sandboxie (ff).
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 06.02.2011, 15:38   #10
Alexandra267
 
Ständige Malwarebyte Warnungen, Bankdaten auch schon gestohlen - Standard

Ständige Malwarebyte Warnungen, Bankdaten auch schon gestohlen



Hallo Markus,

vielen Dank für Deine Tipps.

Ich denke ich bin soweit fertig.

Sandboxie ist eine klasse methode, wusste bisher gar nicht, dass es sowas gibt.

Sollte es mich dennoch irgendwann wieder erwischen, dann schau ich hier wieder vorbei.

Vielen dank nochmal !!

Alt 06.02.2011, 15:45   #11
markusg
/// Malware-holic
 
Ständige Malwarebyte Warnungen, Bankdaten auch schon gestohlen - Standard

Ständige Malwarebyte Warnungen, Bankdaten auch schon gestohlen



kannst du unter start ausführen services.msc noch schauen, ob die windows firewall aktiev ist? falls nein, einschalten bitte.
freud mich, dass alles geklappt hatt.
du bist natürlich jederzeit willkommen, aber nicht vergessen, wenn du regelmäßige updates machst, kannst du dieses nutzen, um beim nächsten schädling das system innerhalb von 5-10 minuten in einen sauberen zustand zurückzusetzen.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Ständige Malwarebyte Warnungen, Bankdaten auch schon gestohlen
adblock, alternate, ausgehen, avg security toolbar, babylon, bho, bonjour, candy, error, excel, failed, firefox, flash player, hijack, hijackthis, hängen, index, installation, ip-block, launch, location, log datei, logfile, mbamservice.exe, microsoft office word, mozilla, msvcr80.dll, object, oldtimer, otl.exe, phishing, plug-in, realtek, registry, remote control, required, safer networking, saver, scan, searchplugins, security, server, shell32.dll, software, sptd.sys, start menu, system, system restore, trojaner, trojaner gefunden, virus, vlc media player, windows internet




Ähnliche Themen: Ständige Malwarebyte Warnungen, Bankdaten auch schon gestohlen


  1. Mein Symantec bringt mir div. Trojaner u. Viren Warnungen, auch Optionen zum bereinigen, aber die dinger sind immer noch da :-(
    Plagegeister aller Art und deren Bekämpfung - 30.10.2015 (20)
  2. Geht's jetzt auf Skype auch schon los?
    Überwachung, Datenschutz und Spam - 22.09.2015 (4)
  3. Antivir ist nach 35 std scan erst zu 5% durchgelaufen und schon 30 warnungen
    Plagegeister aller Art und deren Bekämpfung - 06.09.2015 (31)
  4. Windows XP (2002 SP3): QVO6 und ständige Popups (Warnungen)
    Log-Analyse und Auswertung - 10.08.2013 (7)
  5. PC hängt sicht auf (Standbild) auch schon vor Windows Login
    Alles rund um Windows - 12.12.2012 (3)
  6. PC hängt sicht auf (Standbild) auch schon vor Windows Login
    Plagegeister aller Art und deren Bekämpfung - 12.12.2012 (0)
  7. Microsofts Juni Patchday auch schon für Windows 8
    Nachrichten - 12.06.2012 (0)
  8. Nach LinkedIn auch eHarmony-Passwörter gestohlen
    Nachrichten - 07.06.2012 (0)
  9. Firefox öffnet plötzlich fremde Seiten (auch nach neuer WindowsInstallation) + ständige Bluescreens
    Log-Analyse und Auswertung - 12.06.2011 (4)
  10. Auch Probleme mit TR/Kazy.mekml.1 (schon alles befolgt....
    Plagegeister aller Art und deren Bekämpfung - 28.04.2011 (16)
  11. Ständige Phishing-Warnungen von Kaspersky
    Plagegeister aller Art und deren Bekämpfung - 19.11.2008 (1)
  12. Spyworm.win32 und ständige Security Warnungen
    Log-Analyse und Auswertung - 17.10.2008 (5)
  13. Hilfe: habe auch ständige Popups mit Werbung
    Plagegeister aller Art und deren Bekämpfung - 23.06.2008 (7)
  14. Habe irgendwelche Plagegeister und auch schon diverse gelöscht trotzdem bekomme ich
    Plagegeister aller Art und deren Bekämpfung - 21.03.2008 (3)
  15. Ständige Pop UPS, auch im Mozilla Browser. -> HijackThis Logfile
    Log-Analyse und Auswertung - 28.11.2007 (2)
  16. auch ständige Popups bei Internet-Explorer und Mozilla
    Log-Analyse und Auswertung - 23.06.2006 (3)
  17. Unerwünschte Werbefenster nicht nur im Browser, sondern auch schon im Windows
    Log-Analyse und Auswertung - 18.06.2006 (8)

Zum Thema Ständige Malwarebyte Warnungen, Bankdaten auch schon gestohlen - Hallo, hatte diese Woche Post von meiner Bank bekommen. Meine Bankdaten sind wohl auf einer Phishing Seite aufgetaucht. Da ich nirgends irgendwo Daten eingegeben habe ( PIN oder TANs) lag - Ständige Malwarebyte Warnungen, Bankdaten auch schon gestohlen...
Archiv
Du betrachtest: Ständige Malwarebyte Warnungen, Bankdaten auch schon gestohlen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.