|
Plagegeister aller Art und deren Bekämpfung: Ständige Malwarebyte Warnungen, Bankdaten auch schon gestohlenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
29.01.2011, 16:04 | #1 | ||
| Ständige Malwarebyte Warnungen, Bankdaten auch schon gestohlen Hallo, hatte diese Woche Post von meiner Bank bekommen. Meine Bankdaten sind wohl auf einer Phishing Seite aufgetaucht. Da ich nirgends irgendwo Daten eingegeben habe ( PIN oder TANs) lag der Verdacht auf Trojaner o.ä. nahe und ich habe massiv die letzten Tage mein System scannen und putzen lassen. Es wurde 2 SHeur Trojaner gefunden, und auch ein Verzeichnis portwexexe. AVG SurfShield hat diese Woche auch ein paarmal Inhalte blockiert Meine "Putzprogramme": AVG Vollversion, SpyBot, Malwarebytes Alle scans von gestern und heute sind sauber. Nach Aktivierung von Malwarebytes als Vollversion bekomme ich nun aber ständig folgende Warnung : Zugang zu einer potenziell gefährlichen Webseite erfolgreich blockiert. Art: ausgehen Hier die Log Datei: Zitat:
Zitat:
Code:
ATTFilter OTL logfile created on: 29.01.2011 15:08:02 - Run 2 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Alex\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 68,00% Memory free 5,00 Gb Paging File | 4,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 232,88 Gb Total Space | 80,50 Gb Free Space | 34,57% Space Free | Partition Type: NTFS Computer Name: WOHNZIMMER | User Name: Alex | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Alex\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgam.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\MSI\DualCoreCenter\DualCoreCenter.exe () PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) PRC - C:\WINDOWS\system32\ASTSRV.EXE (Nalpeiron Ltd.) PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.) PRC - C:\WINDOWS\system32\osk.exe (Microsoft Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\msswchx.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Alex\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation) MOD - C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.) MOD - C:\Program Files\Logitech\SetPoint\GameHook.dll (Logitech, Inc.) ========== Win32 Services (SafeList) ========== SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software) SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe () SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.) SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.) SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.) SRV - (MotoConnect Service) -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe () SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (WiselinkPro) -- C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe () SRV - (AdobeActiveFileMonitor7.0) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) SRV - (ASTSRV) -- C:\WINDOWS\system32\ASTSRV.EXE (Nalpeiron Ltd.) SRV - (LBTServ) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.) ========== Driver Services (SafeList) ========== DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (ACEDRV07) -- C:\WINDOWS\system32\drivers\ACEDRV07.sys (Protect Software GmbH) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation ) DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (AVGIDSShimxpx) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. ) DRV - (AVGIDSErHrxpx) -- C:\WINDOWS\System32\Drivers\AVGIDSxx.sys (AVG Technologies CZ, s.r.o. ) DRV - (AVGIDSDriverxpx) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. ) DRV - (AVGIDSFilterxpx) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. ) DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgRkx86) -- C:\WINDOWS\System32\Drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.) DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys () DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys () DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola) DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia) DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (motccgp) -- C:\WINDOWS\system32\drivers\motccgp.sys (Motorola) DRV - (MotDev) -- C:\WINDOWS\system32\drivers\motodrv.sys (Motorola Inc) DRV - (RushTopDevice2) -- C:\Program Files\MSI\DualCoreCenter\RushTop.sys (Your Corporation) DRV - (motccgpfl) -- C:\WINDOWS\system32\drivers\motccgpfl.sys (Motorola) DRV - (DualCoreCenter) -- C:\Program Files\MSI\DualCoreCenter\NTGLM7X.sys (MICRO-STAR INT'L CO., LTD.) DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (DCamUSBTP10) -- C:\WINDOWS\system32\drivers\iP293x.SYS (iPassion Technology Inc.) DRV - (NPPTNT2) -- C:\WINDOWS\system32\npptNT2.sys (INCA Internet Co., Ltd.) DRV - (P2k) -- C:\WINDOWS\system32\drivers\P2k.sys (Motorola Inc) DRV - (USBIO) USBIO Driver (usbio.sys) -- C:\WINDOWS\system32\drivers\usbio.sys (Thesycon GmbH, Germany) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll () IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.20.0.66 FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:4.5.2.0 FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908 FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.88 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010.11.24 15:25:47 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010.10.26 09:18:23 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.01.12 15:16:55 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.01.29 13:32:19 | 000,000,000 | ---D | M] [2010.01.04 12:19:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Alex\Application Data\Mozilla\Extensions [2011.01.29 13:36:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\wxw6eg3k.default\extensions [2011.01.04 19:33:55 | 000,000,000 | ---D | M] (FireShot) -- C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\wxw6eg3k.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2010.07.22 20:45:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\wxw6eg3k.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.11.30 09:39:15 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\wxw6eg3k.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2010.12.24 14:21:11 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\wxw6eg3k.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.07.13 17:42:53 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\wxw6eg3k.default\extensions\2020Player@2020Technologies.com [2010.09.23 17:38:46 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\wxw6eg3k.default\extensions\DeviceDetection@logitech.com [2010.09.17 20:15:07 | 000,000,000 | ---D | M] (Personas) -- C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\wxw6eg3k.default\extensions\personas@christopher.beard [2011.01.29 13:36:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011.01.29 13:32:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2010.11.24 15:25:47 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG9\FIREFOX [2010.01.05 10:15:08 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010.03.23 22:55:31 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.03.23 22:55:31 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.03.23 22:55:31 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.03.23 22:55:31 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.03.23 22:55:31 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.01.29 15:07:16 | 000,429,203 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 14778 more lines... O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll () O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll () O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DualCoreCenter.lnk = C:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 11 O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O8 - Extra context menu item: Translate with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (Device Detection) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262559069890 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll () O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (C:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe) - C:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O24 - Desktop WallPaper: C:\Documents and Settings\Alex\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Alex\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.01.03 23:38:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.01.29 14:54:34 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Alex\Desktop\OTL.exe [2011.01.29 14:03:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alex\Desktop\Firewall_logs [2011.01.29 13:32:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2011.01.29 13:32:19 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2011.01.29 13:32:19 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2011.01.29 13:32:19 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2011.01.29 13:32:19 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2011.01.27 15:45:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alex\Application Data\Malwarebytes [2011.01.27 15:44:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011.01.27 15:44:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2011.01.27 15:44:55 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011.01.27 15:44:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.01.18 21:28:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alex\Application Data\FriendsGamesNetwork [2011.01.18 21:27:50 | 000,000,000 | ---D | C] -- C:\Program Files\Bird's Town [2011.01.17 12:10:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alex\Saved Games [2011.01.17 12:10:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Green Clover Games [2011.01.17 12:10:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alex\Application Data\Green Clover Games [2011.01.17 12:10:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alex\Start Menu\Programs\Project Rescue Africa [2011.01.17 12:10:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\Project Rescue Africa [2011.01.17 12:10:27 | 000,000,000 | ---D | C] -- C:\Program Files\Project Rescue Africa [2011.01.17 09:30:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alex\Application Data\vlc [2011.01.17 09:29:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN [2011.01.11 18:18:19 | 000,000,000 | ---D | C] -- C:\Program Files\Bulk Rename Utility [2011.01.11 18:18:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Bulk Rename Utility [2011.01.11 11:57:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alex\Application Data\iMaxGen [2011.01.11 11:57:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alex\Start Menu\Programs\Hexus [2011.01.11 11:56:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\Hexus [2011.01.11 11:56:59 | 000,000,000 | ---D | C] -- C:\Program Files\Hexus [2011.01.09 14:51:21 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Alex\My Documents\Eigene Datenquellen [2010.12.31 15:17:13 | 000,147,456 | R--- | C] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) -- C:\WINDOWS\System32\MUINST_U.EXE [2010.12.31 15:16:30 | 001,282,048 | ---- | C] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) -- C:\WINDOWS\System32\MSTMON_U.DLL [2010.12.31 15:16:30 | 000,204,800 | ---- | C] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) -- C:\WINDOWS\System32\MPSMC__U.EXE [2010.12.31 15:16:30 | 000,176,128 | ---- | C] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) -- C:\WINDOWS\System32\MSTMON_U.EXE [2010.12.31 15:16:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\KONICA MINOLTA [2010.12.31 15:16:16 | 000,109,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSWINSCK.OCX [2010.12.31 15:16:16 | 000,000,000 | ---D | C] -- C:\Program Files\KONICA MINOLTA [2010.01.05 13:22:25 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Alex\Application Data\pcouffin.sys [2004.11.24 19:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.01.29 15:07:16 | 000,429,203 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2011.01.29 14:54:34 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alex\Desktop\OTL.exe [2011.01.29 14:52:37 | 000,472,098 | ---- | M] () -- C:\Documents and Settings\Alex\Desktop\Load.exe [2011.01.29 14:31:50 | 070,562,341 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2011.01.29 10:33:39 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.01.29 10:32:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.01.29 00:33:31 | 000,005,759 | ---- | M] () -- C:\WINDOWS\wininit.ini [2011.01.28 18:55:59 | 000,040,448 | ---- | M] () -- C:\Documents and Settings\Alex\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.01.28 16:07:03 | 000,001,495 | ---- | M] () -- C:\Documents and Settings\Alex\Application Data\Microsoft\Internet Explorer\Quick Launch\On-Screen Keyboard.lnk [2011.01.28 16:06:46 | 000,001,495 | ---- | M] () -- C:\Documents and Settings\Alex\Desktop\On-Screen Keyboard.lnk [2011.01.28 09:56:44 | 000,004,296 | ---- | M] () -- C:\Documents and Settings\Alex\Desktop\Kleinunternehmerrechnung.zip [2011.01.25 16:10:06 | 000,235,237 | ---- | M] () -- C:\Documents and Settings\Alex\Desktop\bigware_virus_warnung.jpg [2011.01.25 15:16:15 | 000,783,808 | ---- | M] () -- C:\Documents and Settings\Alex\Desktop\bigware_virus.png [2011.01.24 20:34:20 | 000,428,822 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110127-143956.backup [2011.01.23 18:05:57 | 000,061,048 | ---- | M] () -- C:\Documents and Settings\Alex\Desktop\IGV_23.01.11.docx [2011.01.19 11:34:00 | 000,002,324 | ---- | M] () -- C:\Documents and Settings\Alex\My Documents\index_die_verändert_wurde.php [2011.01.18 21:28:00 | 000,001,629 | ---- | M] () -- C:\Documents and Settings\Alex\Desktop\Bird'sTown.lnk [2011.01.17 12:10:35 | 000,001,756 | ---- | M] () -- C:\Documents and Settings\Alex\Desktop\Project Rescue Africa.lnk [2011.01.16 12:09:44 | 000,150,236 | ---- | M] () -- C:\Documents and Settings\Alex\Desktop\psp.jpg [2011.01.16 12:08:46 | 000,258,262 | ---- | M] () -- C:\Documents and Settings\Alex\Desktop\ski.jpg [2011.01.16 12:07:25 | 000,149,856 | ---- | M] () -- C:\Documents and Settings\Alex\Desktop\skistiefel.jpg [2011.01.11 11:57:14 | 000,001,492 | ---- | M] () -- C:\Documents and Settings\Alex\Desktop\Hexus.lnk [2011.01.07 12:12:38 | 000,000,981 | ---- | M] () -- C:\Documents and Settings\Alex\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk [2011.01.07 12:11:12 | 000,428,696 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110124-203420.backup [2011.01.06 14:19:57 | 026,993,231 | ---- | M] () -- C:\Documents and Settings\Alex\My Documents\Photoshop Elements 9 for Dummies.pdf [2011.01.01 14:23:11 | 000,061,473 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\shop-entrance1.jpg [2010.12.31 15:19:40 | 000,001,617 | ---- | M] () -- C:\WINDOWS\vpd.properties [2010.12.31 15:16:18 | 001,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMCTL.OCX [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.01.29 14:52:36 | 000,472,098 | ---- | C] () -- C:\Documents and Settings\Alex\Desktop\Load.exe [2011.01.28 16:07:03 | 000,001,495 | ---- | C] () -- C:\Documents and Settings\Alex\Application Data\Microsoft\Internet Explorer\Quick Launch\On-Screen Keyboard.lnk [2011.01.28 16:06:46 | 000,001,495 | ---- | C] () -- C:\Documents and Settings\Alex\Desktop\On-Screen Keyboard.lnk [2011.01.28 09:56:43 | 000,004,296 | ---- | C] () -- C:\Documents and Settings\Alex\Desktop\Kleinunternehmerrechnung.zip [2011.01.25 16:10:06 | 000,235,237 | ---- | C] () -- C:\Documents and Settings\Alex\Desktop\bigware_virus_warnung.jpg [2011.01.25 15:16:14 | 000,783,808 | ---- | C] () -- C:\Documents and Settings\Alex\Desktop\bigware_virus.png [2011.01.23 17:35:42 | 000,061,048 | ---- | C] () -- C:\Documents and Settings\Alex\Desktop\IGV_23.01.11.docx [2011.01.19 11:34:00 | 000,002,324 | ---- | C] () -- C:\Documents and Settings\Alex\My Documents\index_die_verändert_wurde.php [2011.01.18 21:28:00 | 000,001,629 | ---- | C] () -- C:\Documents and Settings\Alex\Desktop\Bird'sTown.lnk [2011.01.18 21:19:48 | 000,001,505 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Vuze.lnk [2011.01.17 12:10:35 | 000,001,756 | ---- | C] () -- C:\Documents and Settings\Alex\Desktop\Project Rescue Africa.lnk [2011.01.16 12:09:44 | 000,150,236 | ---- | C] () -- C:\Documents and Settings\Alex\Desktop\psp.jpg [2011.01.16 12:08:46 | 000,258,262 | ---- | C] () -- C:\Documents and Settings\Alex\Desktop\ski.jpg [2011.01.16 12:07:25 | 000,149,856 | ---- | C] () -- C:\Documents and Settings\Alex\Desktop\skistiefel.jpg [2011.01.11 11:57:14 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\Alex\Desktop\Hexus.lnk [2011.01.06 21:31:21 | 026,993,231 | ---- | C] () -- C:\Documents and Settings\Alex\My Documents\Photoshop Elements 9 for Dummies.pdf [2011.01.01 14:51:35 | 000,004,039 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\slide.3ss [2011.01.01 14:36:28 | 000,189,198 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\slide.swf [2011.01.01 14:18:03 | 000,061,473 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\shop-entrance1.jpg [2010.12.31 15:17:22 | 000,169,984 | ---- | C] () -- C:\WINDOWS\System32\crnxmon.dll [2010.12.31 15:17:22 | 000,131,584 | ---- | C] () -- C:\WINDOWS\System32\crnxutil.dll [2010.12.31 15:17:22 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\mqisnmp.dll [2010.12.31 15:17:13 | 000,002,977 | R--- | C] () -- C:\WINDOWS\System32\MUNZ___U.UNM [2010.12.31 15:16:30 | 000,039,596 | ---- | C] () -- C:\WINDOWS\MSTMON_U.INI [2010.12.31 15:16:18 | 000,001,617 | ---- | C] () -- C:\WINDOWS\vpd.properties [2010.12.31 15:16:16 | 000,001,524 | ---- | C] () -- C:\WINDOWS\System32\cbklib.tlb [2010.12.27 23:57:21 | 000,080,416 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll [2010.11.20 14:54:33 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Milli.ini [2010.11.11 18:47:21 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\mf.dll [2010.10.24 13:51:17 | 000,005,759 | ---- | C] () -- C:\WINDOWS\wininit.ini [2010.10.21 12:25:11 | 000,000,017 | ---- | C] () -- C:\WINDOWS\Missing.ini [2010.08.17 07:32:50 | 000,001,057 | ---- | C] () -- C:\Documents and Settings\Alex\Application Data\vso_ts_preview.xml [2010.08.12 11:10:15 | 000,000,310 | ---- | C] () -- C:\WINDOWS\ka.ini [2010.05.11 22:38:06 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll [2010.04.08 18:36:13 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2010.02.20 14:05:06 | 000,019,619 | ---- | C] () -- C:\WINDOWS\MSUMLT_U.INI [2010.02.12 09:27:15 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI [2010.02.07 17:24:46 | 000,000,191 | ---- | C] () -- C:\WINDOWS\disney.ini [2010.02.07 16:03:17 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2010.02.07 16:03:17 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2010.01.29 12:13:03 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Alex\Application Data\setup_ldm.iss [2010.01.20 21:13:00 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll [2010.01.20 21:13:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll [2010.01.20 15:16:33 | 003,345,408 | ---- | C] () -- C:\WINDOWS\System32\avcodec-51.dll [2010.01.20 15:16:33 | 000,448,512 | ---- | C] () -- C:\WINDOWS\System32\avformat-50.dll [2010.01.20 15:16:33 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\avutil-49.dll [2010.01.05 13:22:28 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Alex\Application Data\pcouffin.log [2010.01.05 13:22:25 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Alex\Application Data\inst.exe [2010.01.05 13:22:25 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Alex\Application Data\pcouffin.cat [2010.01.05 13:22:25 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Alex\Application Data\pcouffin.inf [2010.01.04 17:57:55 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2010.01.04 17:02:10 | 000,040,448 | ---- | C] () -- C:\Documents and Settings\Alex\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.01.04 01:54:16 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll [2010.01.04 00:29:31 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2008.12.19 15:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll [2008.12.17 17:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll [2008.12.17 17:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll [2008.12.17 17:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2008.12.17 17:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll [2008.12.17 16:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll [2008.10.07 08:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2008.10.07 08:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2007.12.15 14:55:30 | 005,423,104 | ---- | C] () -- C:\WINDOWS\System32\tlpsplib10.dll [2007.12.15 14:55:30 | 002,510,848 | --S- | C] () -- C:\WINDOWS\System32\tlpsplib10.dll_original [2007.04.17 15:34:40 | 000,135,716 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat [2004.10.13 04:55:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\MSHRES_U.DLL [2004.10.03 17:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:19823AC6 @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:774A0E14 @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:44807EFA < End of report > [/QUOTE] Extras OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 29.01.2011 15:08:02 - Run 2 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Alex\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 68,00% Memory free 5,00 Gb Paging File | 4,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 232,88 Gb Total Space | 80,50 Gb Free Space | 34,57% Space Free | Partition Type: NTFS Computer Name: WOHNZIMMER | User Name: Alex | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 4 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "56656:TCP" = 56656:TCP:*:Enabled:Pando Media Booster "56656:UDP" = 56656:UDP:*:Enabled:Pando Media Booster [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "56656:TCP" = 56656:TCP:*:Disabled:Pando Media Booster "56656:UDP" = 56656:UDP:*:Disabled:Pando Media Booster ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe" = C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe:*:Enabled:WiselinkPro -- () "C:\Program Files\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe" = C:\Program Files\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe:*:Enabled:http_ss_win_pro -- () "C:\Program Files\WS_FTP\WS_FTP95.exe" = C:\Program Files\WS_FTP\WS_FTP95.exe:*:Enabled:WS_FTP 95 -- (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA) "C:\Program Files\Motorola\Software Update\msu.exe" = C:\Program Files\Motorola\Software Update\msu.exe:*:Enabled:msu -- (Motorola) "C:\Program Files\Ubisoft\Related Designs\ANNO 1404\tools\AddonWeb.exe" = C:\Program Files\Ubisoft\Related Designs\ANNO 1404\tools\AddonWeb.exe:*:Disabled:AddonWeb -- () "C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe" = C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs -- (Ensemble Studios) "C:\Program Files\Ubisoft\Die Siedler 7\Data\Base\_Dbg\Bin\Release\Settlers7R.exe" = C:\Program Files\Ubisoft\Die Siedler 7\Data\Base\_Dbg\Bin\Release\Settlers7R.exe:*:Enabled:Die Siedler 7 -- (Blue Byte GmbH) "C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher -- (Ubisoft) "C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.) "C:\Program Files\TeamViewer\Version6\TeamViewer.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH) "C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH) "C:\WINDOWS\system32\MPSMC__U.EXE" = C:\WINDOWS\system32\MPSMC__U.EXE:*:Enabled:Printer Status Monitor Center -- (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) "C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.) "D:\install\german\MQInpw.exe" = D:\install\german\MQInpw.exe:*:Disabled:MQInpw ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center "{0893078B-8A9A-84D6-D393-119B9B0B033A}" = CCC Help French "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{09CF6AF5-9206-4FD7-9B08-BA6819FB47E3}" = Anno 1404 "{0C51A75A-537D-4E2F-8683-B3BD7DF32379}_is1" = Terrafarmers version 1.0 "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{0CA38F52-F0FA-4B9F-8A36-EC8A9609FBBC}" = Halo 2 for Windows Vista "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{0E2A60F7-2907-5718-FF16-7D8FAF70051E}" = CCC Help Chinese Standard "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{11192AA7-FBE3-4150-9667-EE7279CCC769}" = LEGO® Indiana Jones™ 2 "{14FAE013-AE19-4FC9-B5BF-E56ADC01ECE6}" = CCC Help Turkish "{15292416-A464-4FBA-BB96-7298EAACFC07}" = Zoo Tycoon 2 - Ausgestorbene Tierarten "{164965E8-4BB0-4EEB-AFBA-75785A2A2A7F}" = Adobe Fireworks CS5 "{17BB2784-6EE4-D7FF-FE63-58A3AD2B3708}" = CCC Help Russian "{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite "{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs "{20B83B31-09C4-4F0E-9774-EF8A12A0A527}" = Adobe Device Central CS3 "{233588CF-96D5-46AF-EF74-7EC382662791}" = Catalyst Control Center Graphics Full Existing "{23BE4DF2-293D-4077-82F4-1FD8C269277C}" = TuneUp Utilities Language Pack (en-US) "{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011 "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 23 "{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper "{3260ECBC-9DDF-E7A3-0863-449473BC7BD5}" = CCC Help Chinese Traditional "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{39C6C229-CFFD-639E-229A-E463FCD87478}" = CCC Help German "{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}" = Adobe Setup "{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404 "{477B5D48-14D4-4EFE-921E-AB95D0E2D57B}" = Sprachtrainer Découvertes Cadet 2 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4F11FC80-CE8C-1BD4-5C39-EBE5744E5135}" = CCC Help Portuguese "{4FAB2BA7-E16C-95D2-F326-60A68409373F}" = Catalyst Control Center HydraVision Full "{529AA9A8-5020-6CFB-A809-BC5943C87077}" = CCC Help Thai "{53604297-26FD-516D-6FF7-1063BA64A0A4}" = Catalyst Control Center Graphics Light "{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater "{55BD3B0B-F054-9341-514F-295A5F7EA450}" = CCC Help Spanish "{5A4FA9C8-ED56-08C3-153B-FC5C19256290}" = CCC Help Dutch "{5C08784B-D955-4BB4-8C70-43C89A738F58}" = Motorola Phone Tools "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{63CEA2E4-4FE7-4F2C-B388-C1313D24157C}" = SPORE™ Galaktische Abenteuer "{6A67911E-8EB5-4F9A-8D8E-1C4CC590B914}" = Motorola Software Update "{6C390D51-E5F0-4FCD-24C4-731ACAF34571}" = CCC Help Japanese "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{762EBEC5-7ADC-48DC-ADDE-882616730050}" = TransType Pro "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update "{77A1AE2C-C17A-405C-91C0-8FB90144D7C3}" = MotoConnect "{78B9C3A6-A234-40D0-858E-1FD0DACA99CC}" = Découvertes 1 Sprachtrainer "{7AA8FA9A-1656-7DBD-633B-FE7A62BBED0C}" = CCC Help Czech "{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{839916F4-D8B5-4407-BE6D-6D4EB9D96AF4}" = LIVE gaming on Windows Runtime Version 1.0.6027 "{870F1750-BA89-11DA-A94D-0800200C9A66}_is1" = VSO CopyToDVD 4 "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs "{8C22131B-8634-CECF-F0D1-A2ECC160B450}" = CCC Help Norwegian "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{8FD0AC90-1268-4A53-977E-E8E90D10EF6A}" = Crown Print Monitor+ "{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12 "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{90FBE4D0-2ACA-A8A8-2CC4-CFFBAE528504}" = CCC Help Finnish "{99A37AC7-E724-4621-B167-500B5A52B69C}" = LastChaosGER "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9C916142-C18C-429D-BFED-40094A7E0BEB}" = Die Siedler 7 "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{9D74375E-3012-E7D2-9229-B220C91F326A}" = Catalyst Control Center Core Implementation "{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™ "{9EE8BDCA-7505-4895-D91E-8108DD16292E}" = CCC Help English "{A0673E9E-4510-4AA0-B860-58FD5A7212A1}" = Motorola Driver Installation 4.5.0 "{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}" = ANNO 1404 - Venice "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A8AF8BD3-61B5-7945-4D1B-217421F604FC}" = CCC Help Hungarian "{AA46E1C5-A709-6D9B-D99D-92E4C6E042A9}" = CCC Help Korean "{AA62A33C-9E5E-3913-7D88-7E58A8CB1493}" = CCC Help Greek "{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch "{ACC901CB-12A9-4252-8535-4020803CD819}" = Sprachtrainer Découvertes 2 "{B3276CB1-20B6-4AF9-AAEC-E72C83816495}" = IKEA Home Planner "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B653F643-A1B4-9936-2DB6-FEA9A3110D8D}" = ccc-core-preinstall "{B71C4637-0247-78CE-6A3D-D61645CB8921}" = ccc-utility "{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer "{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools "{BC2E7C0B-1AC6-5F6C-F31D-E1E72D8E0B5C}" = CCC Help Danish "{BF8C7DA7-2DE6-ED67-6C82-6BE82F8BA8D3}" = Catalyst Control Center Graphics Full New "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3 "{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}" = SPORE™ Süß & Schrecklich Ergänzungs-Pack "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C13A8E73-7E98-4295-BA94-6931701CD1F9}" = Topaz Vivacity "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2 "{C409F338-BB20-6C4A-F40D-20CA07AF714C}" = CCC Help Polish "{C50EF365-2898-489A-B6C7-30DAA466E9A2}" = Nokia Connectivity Cable Driver "{C5A8DF48-580B-44D3-B2B2-E965A9368F28}" = LEGO® Harry Potter™: Die Jahre 1-4 "{C9AAF970-4E7E-4C98-AD67-09C74379D345}" = Harry Potter und die Heiligtümer des Todes™ - Teil 1 "{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver "{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{D4B7B2DC-E688-A9D6-6EC0-56AE540E074C}" = Catalyst Control Center Localization All "{D7A53E41-3F32-4A44-989C-53DDEBB2130C}" = Adobe Extension Manager CS3 "{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86 "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{D9CD701B-3F04-FC69-D974-F3A7F5E9BA30}" = CCC Help Swedish "{D9D93D74-107D-4BD3-87D0-AABCF7C98BD5}" = Catalyst Control Center - Branding "{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.12.327 "{E213321B-1E88-B38D-DAB2-D8CB9355984A}" = Skins "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{E8701D50-3453-4292-887A-A5387DDB969F}" = Greeting Card Builder "{F01D5ED5-D53A-4468-B428-149DC2CB3110}" = Adobe Dreamweaver CS3 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint "{F4148D8F-ED3A-3097-509C-04D5560220F9}" = ccc-core-static "{F49FEF83-45CA-4CE8-8304-A7372BA07AA9}" = Motorola Phone Tools "{F7E68997-E626-952B-A7BF-F72066CD5D77}" = Catalyst Control Center Graphics Previews Common "{FA36C82B-464D-51F2-A6A1-0BC9140BE067}" = CCC Help Italian "{FBCF2ED3-AFB5-475E-BF9A-30BEAD366FBC}" = Sprachtrainer Fonts "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows Driver Package - Nokia Modem (10/05/2009 4.2) "0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows Driver Package - Nokia Modem (02/15/2007 3.1) "504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) "6983398e91e00aa801030d9612c168ab" = KONICA MINOLTA magicolor 2430DL Druckertreiber-Software "8461-7759-5462-8226" = Vuze "8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4) "AAA Logo 3.10 Business_is1" = AAA Logo Business Edition 3.10 "Action Replay Code Manager_is1" = Action Replay Code Manager "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe_435a6af7459cb02a9c1138113a26e93" = Adobe Dreamweaver CS3 "Age of Mythology 1.0" = Age of Mythology "Age of Mythology Expansion Pack 1.0" = Age of Mythology - The Titans Expansion "Aleo 3D Flash Slideshow Creator_is1" = Aleo 3D Flash Slideshow Creator 1.6 "All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software "AMS Photo Effects_is1" = AMS Photo Effects 2.61 "Apassionata/EN/ES-English_is1" = Apassionata "ATI Display Driver" = ATI Display Driver "AVG9Uninstall" = AVG 9.0 "B726756F5B5A5AA9D798B399386FC6205A45F19E" = Windows Driver Package - Nokia Modem (02/15/2007 3.1) "Babylon" = Babylon "Ballville - The Beginning3.424" = Ballville - The Beginning "Bird's Town1.0.0.1" = Bird's Town "Bulk Rename Utility_is1" = Bulk Rename Utility 2.7.1.2 "CD8424B9400BFF7D34AA18F816C71322AC4BDAA7" = Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1) "Cheat Engine 5.6_is1" = Cheat Engine 5.6 "Dinosaur Battles(TM)" = Dinosaur Battles(TM) "Divinity II - Ego Draconis_is1" = Divinity II - Ego Draconis "DualCoreCenter_is1" = DualCoreCenter "EADM" = EA Download Manager "ENTERPRISE" = Microsoft Office Enterprise 2007 "Eye Candy 6" = Alien Skin Eye Candy 6 "Farm Craft 2 - Global Vegetable Crisis1.2.0.14440" = Farm Craft 2 - Global Vegetable Crisis "Farm Tribe1.0" = Farm Tribe "FG_1.4" = Jumpstart First Grade v1.4 "FormatFactory" = FormatFactory 2.20 "Halo" = Microsoft Halo "Hexus1.0" = Hexus "HijackThis" = HijackThis 2.0.2 "Hoyle Puzzle and Board Games 2011" = Hoyle Puzzle and Board Games 2011 (remove only) "ie8" = Windows Internet Explorer 8 "InstallShield_{11192AA7-FBE3-4150-9667-EE7279CCC769}" = LEGO® Indiana Jones™ 2:*Die neuen Abenteuer "InstallShield_{15292416-A464-4FBA-BB96-7298EAACFC07}" = Zoo Tycoon 2 - Ausgestorbene Tierarten "InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs "InstallShield_{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager "InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III "Kings Bounty Armored Princess_is1" = King's Bounty: Crossworlds "KONICA MINOLTA magicolor 2430DL" = KONICA MINOLTA magicolor 2430DL "Liveupdate4_is1" = Liveupdate4 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Milli-Metha's Abenteuer im Bauch des Riesen" = Milli-Metha's Abenteuer im Bauch des Riesen "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13) "Nokia PC Suite" = Nokia PC Suite "Operation Mania" = Operation Mania (remove only) "Paradise Beach1.0" = Paradise Beach "Power Retouche Retouching Suite" = Power Retouche Retouching Suite "Project Rescue Africa1.0" = Project Rescue Africa "PSPad editor_is1" = PSPad editor "SKIP BO Castaway Caper1.0" = SKIP BO Castaway Caper "SolveigMM AVI Trimmer 1.6.801.18" = SolveigMM AVI Trimmer "Star Wars: The Force Unleashed 2_is1" = Star Wars: The Force Unleashed 2 "SuperMailer" = SuperMailer 5.10 "SWF & FLV Toolbox_is1" = SWF & FLV Toolbox 3.5 (build 3.5.17.252) "TeamViewer 6" = TeamViewer 6 "TIPP10_is1" = TIPP10 Version 2.0.3 "TuneUp Utilities 2011" = TuneUp Utilities 2011 "Ultra Video Joiner_is1" = Ultra Video Joiner 5.2.0603 "VLC media player" = VLC media player 1.1.5 "Windows Media Format Runtime" = Windows Media Format 11 runtime "WinRAR archiver" = WinRAR archiver "XP Codec Pack" = XP Codec Pack "Yahtzee" = Yahtzee (remove only) ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 08.12.2010 16:33:18 | Computer Name = WOHNZIMMER | Source = Application Error | ID = 1000 Description = Faulting application paradisebeach.exe, version 0.0.0.0, faulting module paradisebeach.exe, version 0.0.0.0, fault address 0x00047adc. Error - 22.12.2010 17:08:15 | Computer Name = WOHNZIMMER | Source = Application Error | ID = 1000 Description = Faulting application keygen.exe, version 0.0.0.0, faulting module ntdll.dll, version 5.1.2600.5755, fault address 0x0000120e. Error - 22.12.2010 17:14:33 | Computer Name = WOHNZIMMER | Source = Application Error | ID = 1000 Description = Faulting application kg.exe, version 0.0.0.0, faulting module ntdll.dll, version 5.1.2600.5755, fault address 0x0000120e. Error - 25.12.2010 11:32:38 | Computer Name = WOHNZIMMER | Source = Application Error | ID = 1000 Description = Faulting application ballville - the beginning.exe, version 0.0.0.0, faulting module ballville - the beginning.exe, version 0.0.0.0, fault address 0x00326660. Error - 18.01.2011 08:33:49 | Computer Name = WOHNZIMMER | Source = crypt32 | ID = 131083 Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error - 18.01.2011 08:33:50 | Computer Name = WOHNZIMMER | Source = crypt32 | ID = 131083 Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error - 18.01.2011 08:33:51 | Computer Name = WOHNZIMMER | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved Error - 18.01.2011 08:33:52 | Computer Name = WOHNZIMMER | Source = crypt32 | ID = 131083 Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error - 18.01.2011 08:33:54 | Computer Name = WOHNZIMMER | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist. Error - 27.01.2011 06:22:30 | Computer Name = WOHNZIMMER | Source = Application Error | ID = 1000 Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x077c5528. [ System Events ] Error - 29.01.2011 07:04:30 | Computer Name = WOHNZIMMER | Source = Disk | ID = 262151 Description = The device, \Device\Harddisk0\D, has a bad block. Error - 29.01.2011 07:04:34 | Computer Name = WOHNZIMMER | Source = Disk | ID = 262151 Description = The device, \Device\Harddisk0\D, has a bad block. Error - 29.01.2011 07:04:38 | Computer Name = WOHNZIMMER | Source = Disk | ID = 262151 Description = The device, \Device\Harddisk0\D, has a bad block. Error - 29.01.2011 07:04:42 | Computer Name = WOHNZIMMER | Source = Disk | ID = 262151 Description = The device, \Device\Harddisk0\D, has a bad block. Error - 29.01.2011 07:04:46 | Computer Name = WOHNZIMMER | Source = Disk | ID = 262151 Description = The device, \Device\Harddisk0\D, has a bad block. Error - 29.01.2011 07:04:50 | Computer Name = WOHNZIMMER | Source = Disk | ID = 262151 Description = The device, \Device\Harddisk0\D, has a bad block. Error - 29.01.2011 07:04:54 | Computer Name = WOHNZIMMER | Source = Disk | ID = 262151 Description = The device, \Device\Harddisk0\D, has a bad block. Error - 29.01.2011 07:04:58 | Computer Name = WOHNZIMMER | Source = Disk | ID = 262151 Description = The device, \Device\Harddisk0\D, has a bad block. Error - 29.01.2011 07:05:02 | Computer Name = WOHNZIMMER | Source = Disk | ID = 262151 Description = The device, \Device\Harddisk0\D, has a bad block. Error - 29.01.2011 07:05:07 | Computer Name = WOHNZIMMER | Source = Disk | ID = 262151 Description = The device, \Device\Harddisk0\D, has a bad block. < End of report > [/QUOTE] Leider sagt mir Malwarebytes nicht welches Program oder Datei ständig rauswählen möchte. Bin für jede Hilfe dankbar ! |
29.01.2011, 16:19 | #2 |
/// Malware-holic | Ständige Malwarebyte Warnungen, Bankdaten auch schon gestohlen das sicherste wäre es, die daten zu sichern und dann neu aufzusetzen.
__________________erst dann wird dein system wieder vertrauenswürdig und du kannst es fürs onlinebanking wieder nutzen. man kann nicht 100 %ig sicher gehen das man das system sauber bekommt. ich würde dir dann erklären wie das system richtig abzusichern währe.
__________________ |
29.01.2011, 18:03 | #3 |
| Ständige Malwarebyte Warnungen, Bankdaten auch schon gestohlen diesen Schritt wollte ich eigentlich vermeiden .
__________________In erster Linie hat mich jetzt interessiert, ob man herausfinden kann, welches program bzw. welche Datei ständig versucht, sich mit dieser potenziel gefährlichen Webseite zu verbinden. |
29.01.2011, 18:09 | #4 |
/// Malware-holic | Ständige Malwarebyte Warnungen, Bankdaten auch schon gestohlen was muss noch passieren, deine bankdaten waren bereits bekannt, muss erst dein konto leer geräumt werden? man kann das system nicht mit hundert prozentiger sicherheit bereinigen und daher ist das neu aufsetzen das beste.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
31.01.2011, 06:28 | #5 |
| Ständige Malwarebyte Warnungen, Bankdaten auch schon gestohlen so, habe formatiert und neu aufgesetzt. welche zusätzlichen Schritte zur Systemabsicherung sind jetzt noch durchzuführen ? Danke Alex |
04.02.2011, 07:23 | #6 |
| Ständige Malwarebyte Warnungen, Bankdaten auch schon gestohlen gibt es, ausser den herkömmlichen Schritten wie Viren Scanner, Firewall etc. noch andere Dinge, die ich durchführen kann, um mein System optimal abzusicher ?? |
04.02.2011, 11:36 | #7 |
/// Malware-holic | Ständige Malwarebyte Warnungen, Bankdaten auch schon gestohlen sorry ich war ziemlich krank und konnte net online kommen. http://www.trojaner-board.de/96344-a...-rechners.html
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
05.02.2011, 10:33 | #8 |
| Ständige Malwarebyte Warnungen, Bankdaten auch schon gestohlen Hallo, ich hoffe , es geht Dir jetzt wieder besser. Folgende Schritte sind schon durchgeführt : - Windows Update ist aktiviert , alle Microsoft Programme werden somit automatisch aktualisiert (Windows, Office, IE ..) - Anti Virus Program benutze ich AVG ,mit integriertem Surfshield, auch automatisch immer aktualisiert - Malwarebytes mit aktiviertem Schutzmodul, automatisch immer aktualisiert Folgendes muss ich mir noch anschauen: - Windows Dienste konfigurieren und abschalten Leider wird der von Dir gepostete Link hxxp://ntsvcfg.de/#pfw von Malwarebytes als potenziell gefährliche Webseite eingestuft und blockiert (IP 188.40.69.151 ) Ich habe aber Tuneup Utilities und kann damit alle Startup Programme und Services verwalten. Jetzt sollte ich halt wissen, welche Programme und Service/Dienste ich an bzw. abschalten muss. Bzw. wie die genau heissen. - DEP , ich habe windows XP home. Laut winfaq.de : Die Datenausführungs-Verhinderung kann auch bei Windows XP und Windows 2003 über die BOOT.INI gesteuert werden. Und hier hört es bei mir schon auf . Ich verstehe nicht, was ich jetzt tun soll. - Browser : ich benutze Firefox. Die Plugins Adblock plus und Web of Trust sind installiert. Welche weiteren Schritte sind noch notwendig ? Sandboxie, die Update Programme und Backup Programme muss ich mir in Ruhe noch ansehen. |
05.02.2011, 11:12 | #9 |
/// Malware-holic | Ständige Malwarebyte Warnungen, Bankdaten auch schon gestohlen ^der link ist sauber, kannst du die meldung ignorieren? ich hatte doch etwas zu tuneup geschrieben, solche programme können dir das system zerschießen und machen es nicht schneller, dass was man meint an geschwindigkeit zu bemerken kannst du beruhigt unter plazebo efekt verbuchen. ^- dep: da steht man kann auch über die boot.ini, musst du aber nicht. da sollte auch nen teil mit systemsteuerung etc stehen wo du das einstellen kannst. - firefox: Web of Trust davon halte ich persönlich nicht viel, nur weil die seite zum zeitpunkt der bewertung sauber war ist sie es nicht unbedingt jetzt. adblock+ um werbung zu blockieren: Bekannte Filterlisten fr Adblock Plus hier würde ich 2 oder 3 deutsche filter auswählen. unter sonstiges die malware blocklist. sandbox: den direkten datei zugriff bitte auf firefox.exe und plugin-container.exe beschrenken, hier kannst du auch noscript und andere plugins eintragen. OpenFilePath=firefox.exe,%AppData%\Mozilla\Firefox\Profiles\*.default\prefs.js OpenFilePath=firefox.exe,%AppData%\Mozilla\Firefox\Profiles\*.default\bookmarks.html OpenFilePath=firefox.exe,%AppData%\Mozilla\Firefox\Profiles\*.default\sessionstore.js OpenFilePath=firefox.exe,%AppData%\Mozilla\Firefox\Profiles\*.default\adblockplus\patterns.ini bei Internetzugriff: firefox.exe und plugin-container.exe eintragen öffne dann sandboxie, dann oben im menü auf sandbox klickem, wähle deine sandbox aus und klicke dann auf sandboxeinstellung. dort auf anwendung, webbrowser, firefox. direkten zugriff auf lesezeichen erlauben auswählen und auf hinzufügen klicken, dann auf ok. das sind die einstellungen für sandboxie (ff).
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
06.02.2011, 15:38 | #10 |
| Ständige Malwarebyte Warnungen, Bankdaten auch schon gestohlen Hallo Markus, vielen Dank für Deine Tipps. Ich denke ich bin soweit fertig. Sandboxie ist eine klasse methode, wusste bisher gar nicht, dass es sowas gibt. Sollte es mich dennoch irgendwann wieder erwischen, dann schau ich hier wieder vorbei. Vielen dank nochmal !! |
06.02.2011, 15:45 | #11 |
/// Malware-holic | Ständige Malwarebyte Warnungen, Bankdaten auch schon gestohlen kannst du unter start ausführen services.msc noch schauen, ob die windows firewall aktiev ist? falls nein, einschalten bitte. freud mich, dass alles geklappt hatt. du bist natürlich jederzeit willkommen, aber nicht vergessen, wenn du regelmäßige updates machst, kannst du dieses nutzen, um beim nächsten schädling das system innerhalb von 5-10 minuten in einen sauberen zustand zurückzusetzen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
Themen zu Ständige Malwarebyte Warnungen, Bankdaten auch schon gestohlen |
adblock, alternate, ausgehen, avg security toolbar, babylon, bho, bonjour, candy, error, excel, failed, firefox, flash player, hijack, hijackthis, hängen, index, installation, ip-block, launch, location, log datei, logfile, mbamservice.exe, microsoft office word, mozilla, msvcr80.dll, object, oldtimer, otl.exe, phishing, plug-in, realtek, registry, remote control, required, safer networking, saver, scan, searchplugins, security, server, shell32.dll, software, sptd.sys, start menu, system, system restore, trojaner, trojaner gefunden, virus, vlc media player, windows internet |