| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: ebenfalls Link über ICQ gesendet bekommen und geöffnetWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
11.11.2010, 10:12
| #1 |
 |  ebenfalls Link über ICQ gesendet bekommen und geöffnet Hallo, auch ich habe gestern von einem Freund per ICQ eine Nachricht erhlaten, in der stand, dass ich mir mal das Foto anschauen sollte und dazu ein Link. Habe dummerweise ohne darüber nachzudenken den Link angeklickt und anschließend auf Programm ausführen geklickt. Da sich darauf ein Fenster bzw. der Editor mit wirren Schriftzeichen öffnete, versuchte ich ein weiteres Mal den Link auszuführen, wieder das gleiche. Als ich meinen Freund anschrieb, dass ich das Bild nicht öffnen könne, erklärte er mir, dass der Link ein Virus sei, auf den er selbst vor Kurzem reingefallen wäre. Ich habe dann sofort ICQ beendet und einen Virenscanner laufen lassen. Des weiteren habe ich mich im Internet in einigen Foren informiert, was man tun könnte und bin auf diese Seite gestoßen. Der Benutzer Marco_ri schilderte in diesem Forum genau das selbe Problem wie es bei mir der Fall ist. (Außer, dass ich nicht weiß ob an andere ICQ Kontakte der Link bereits weiter verschickt wurde, da ich ICQ sofort beendete). Habe mir dann wie in dem Thema von Marco_ri empfohlen, die Software Malwarebytes heruntergeladen und einen Vollscan durchgeführt. Hier folgt der Log: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 5089 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18975 11.11.2010 02:15:57 mbam-log-2010-11-11 (02-15-57).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|) Durchsuchte Objekte: 444691 Laufzeit: 5 Stunde(n), 55 Minute(n), 1 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 5 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\CLSID\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> No action taken. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> No action taken. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll (Adware.WidgiToolbar) -> No action taken. C:\Program Files\pdfforge Toolbar\WidgiHelper.exe (Adware.WidgiToolbar) -> No action taken. Zum Schluss sollte vielleicht noch angemerkt werden, dass sich der Virus bisher nach Außen nicht bemerkbar gemacht hat. Wenn mein Freund mir also nicht gesagt hätte, dass ich mir durch den Link sehr wahrscheinlich einen Virus auf den Computer geholt hätte, würde ich wahrscheinlich gar nicht merken, dass mein PC infiziert ist. Ich bedanke mich schon einmal im vorraus für eure Hilfen und Bemühungen und wäre froh, wenn mir jemand weiterhelfen könnte, wie ich nun weiter vorzugehen habe. Mit freundlichen Grüßen, Martin |
|
11.11.2010, 10:53
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | ebenfalls Link über ICQ gesendet bekommen und geöffnet Systemscan mit OTL
__________________Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
11.11.2010, 11:29
| #3 |
| | ebenfalls Link über ICQ gesendet bekommen und geöffnet Vielen Dank für die rasche Antwort.
__________________Hier sind die Logfiles: OTL.Txt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 11.11.2010 11:00:14 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Terrence\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18975) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 27,00% Memory free 10,00 Gb Paging File | 1,00 Gb Available in Paging File | 8,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 268,80 Gb Total Space | 142,59 Gb Free Space | 53,05% Space Free | Partition Type: NTFS Drive D: | 29,28 Gb Total Space | 17,30 Gb Free Space | 59,09% Space Free | Partition Type: FAT32 Drive G: | 1397,26 Gb Total Space | 858,40 Gb Free Space | 61,43% Space Free | Partition Type: NTFS Drive H: | 372,61 Gb Total Space | 324,34 Gb Free Space | 87,05% Space Free | Partition Type: NTFS Computer Name: TERRENCE-PC | User Name: Terrence | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Terrence\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\Terrence\AppData\Local\Temp\Temp1_ProcessMonitor[1].zip\Procmon.exe (Sysinternals - www.sysinternals.com) PRC - C:\Users\Terrence\AppData\Local\Temp\Temp1_TcpView[1].zip\Tcpview.exe (Sysinternals - www.sysinternals.com) PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10k_ActiveX.exe (Adobe Systems, Inc.) PRC - C:\Programme\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.) PRC - C:\Programme\Veoh Networks\Veoh\VeohClient.exe (Veoh Networks) PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Programme\BullGuard Software\BullGuard\BullGuardUpdate.exe (BullGuard Software) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Softex\OmniPass\scureapp.exe () PRC - C:\Programme\Softex\OmniPass\opvapp.exe () PRC - C:\Programme\Softex\OmniPass\OmniServ.exe (Softex Inc.) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.) PRC - C:\Programme\Launch Manager\WButton.exe (Wistron) PRC - C:\Programme\Launch Manager\HotkeyApp.exe (Wistron) PRC - C:\Programme\Launch Manager\LaunchAp.exe () PRC - C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) PRC - C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe (Buhl Data Service GmbH) PRC - C:\Programme\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia) PRC - C:\Programme\Brownie\BrStsWnd.exe (brother) PRC - C:\Programme\Brownie\brpjp04a.exe (brother) PRC - C:\Programme\Medion\MEDIONbox\Program\GCS.exe (Empolis GmbH) PRC - c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH) PRC - C:\Programme\HomeCinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.) PRC - C:\Programme\Launch Manager\OSD.exe (Wistron Corp.) PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) PRC - C:\Programme\Common Files\X10\Common\X10nets.exe (X10) ========== Modules (SafeList) ========== MOD - C:\Users\Terrence\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Akamai) -- c:\Programme\Common Files\Akamai\netsession_win_4176eef.dll () SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Autodesk Licensing Service) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk) SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (BsMailProxy) -- C:\Programme\BullGuard Software\BullGuard\BsMailProxy.dll (BullGuard Ltd.) SRV - (BsFileScan) -- C:\Programme\BullGuard Software\BullGuard\BsFileScan.dll (BullGuard Ltd.) SRV - (BGLiveSvc) -- C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe (BullGuard Software) SRV - (BgMainSvc) -- C:\Programme\BullGuard Software\BullGuard\BsMain.dll (BullGuard, Ltd.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (omniserv) -- C:\Programme\Softex\OmniPass\OmniServ.exe (Softex Inc.) SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (WisLMSvc) -- C:\Program Files\Launch Manager\WisLMSvc.exe (Wistron Corp.) SRV - (srvcPVR) -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe (Buhl Data Service GmbH) SRV - (GnabService) -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe (MAGIX®) SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10) ========== Driver Services (SafeList) ========== DRV - (VBoxNetFlt) -- C:\Windows\System32\DRIVERS\VBoxNetFlt.sys File not found DRV - (uxddrv) -- F:\DIAGNOSE\WSTGER32\2PART\uxddrv86.sys File not found DRV - (StMp3Rec) -- C:\Windows\System32\Drivers\StMp3Rec.sys File not found DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation) DRV - (VBoxNetAdp) -- C:\Windows\System32\drivers\VBoxNetAdp.sys (Sun Microsystems, Inc.) DRV - (VBoxUSB) -- C:\Windows\System32\drivers\VBoxUSB.sys (Sun Microsystems, Inc.) DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (BdFileSpy) -- C:\Windows\System32\drivers\BdFileSpy.sys (BullGuard Ltd.) DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.) DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.) DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (netr28) -- C:\Windows\System32\drivers\netr28.sys (Ralink Technology, Corp.) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) -- C:\Windows\System32\drivers\atswpdrv.sys (AuthenTec, Inc.) DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (PhilCap) -- C:\Windows\System32\drivers\PhilCap.sys (NXP Semiconductors Germany GmbH) DRV - (Reconn) -- C:\Programme\BullGuard Software\BullGuard\Reconn.sys (BullGuard Ltd.) DRV - (Si3531) -- C:\Windows\system32\DRIVERS\Si3531.sys (Silicon Image, Inc) DRV - (SiFilter) -- C:\Windows\system32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc.) DRV - (SiRemFil) -- C:\Windows\system32\DRIVERS\SiRemFil.sys (Silicon Image, Inc.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () DRV - (Hotkey) -- C:\Windows\System32\drivers\HOTKEY.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://10.11.14.154/wohnheim/netzag/index.php?target=quota IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll (Google Inc.) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\pdfforgeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programme\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother) O4 - HKLM..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe File not found O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe () O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [OmniPass] C:\Programme\Softex\OmniPass\scureapp.exe () O4 - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe (sonix) O4 - HKLM..\Run: [RemoteControl] C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SearchSettings] C:\Programme\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe File not found O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\GoogleEULA\EULALauncher.exe ( ) O4 - HKLM..\Run: [TVBroadcast] C:\Programme\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [msnmsgr] C:\Program Files\MSN Messenger\msnmsgr.exe File not found O4 - HKCU..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKCU..\Run: [Veoh] C:\Program Files\Veoh Networks\Veoh\VeohClient.exe (Veoh Networks) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.11.13.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Terrence\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp O24 - Desktop BackupWallPaper: C:\Users\Terrence\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.04.24 22:52:35 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - Unable to obtain root file information for disk D:\ O32 - Unable to obtain root file information for disk G:\ O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Menu.exe -- [2009.04.30 15:21:00 | 005,955,584 | ---- | M] (Markement GmbH ) O34 - HKLM BootExecute: (autocheck autochk /r \??\G:) - File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.11.11 10:58:16 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Terrence\Desktop\OTL.exe [2010.11.11 09:49:01 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Security Essentials [2010.11.10 20:17:01 | 000,000,000 | ---D | C] -- C:\Users\Terrence\AppData\Roaming\Malwarebytes [2010.11.10 20:16:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.11.10 20:16:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.11.10 20:16:44 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.11.10 20:16:43 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.11.10 19:09:55 | 000,000,000 | ---D | C] -- C:\Users\Terrence\AppData\Roaming\Avira [2010.11.10 19:08:19 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2010.11.10 19:08:17 | 000,126,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010.11.10 19:08:17 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2010.11.10 19:08:16 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2010.11.10 19:08:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2010.10.27 11:51:52 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll [2010.10.27 11:51:51 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll [2010.10.27 11:51:51 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll [2010.10.14 13:59:55 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2010.10.14 13:59:34 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll [2010.10.14 13:59:21 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll [2010.10.14 13:59:18 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.10.14 13:59:18 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2010.10.14 13:59:17 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2010.10.14 13:59:17 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.10.14 13:59:17 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2010.10.14 13:59:16 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.10.14 13:59:16 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.10.14 13:59:16 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2010.10.14 13:59:16 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.10.14 13:59:16 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010.10.14 13:59:16 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2010.10.14 13:59:16 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2010.10.14 13:59:16 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2010.10.14 13:59:16 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.10.14 13:59:16 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.10.14 13:59:15 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.10.14 13:59:15 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010.10.14 13:59:14 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll [2010.10.14 13:59:14 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll [2010.10.14 13:59:12 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.10.14 13:59:10 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll [2010.10.14 13:59:09 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll [2008.02.26 05:02:49 | 000,180,224 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll [2008.02.26 05:02:49 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll ========== Files - Modified Within 30 Days ========== [2010.11.11 10:58:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Terrence\Desktop\OTL.exe [2010.11.11 09:49:02 | 000,000,944 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk [2010.11.11 09:43:19 | 000,732,882 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.11.11 09:43:19 | 000,682,438 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.11.11 09:43:19 | 000,171,390 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.11.11 09:43:19 | 000,139,116 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.11.11 09:35:35 | 000,104,724 | ---- | M] () -- C:\Users\Terrence\AppData\Roaming\nvModes.001 [2010.11.11 09:35:28 | 000,000,275 | ---- | M] () -- C:\Windows\Brownie.ini [2010.11.11 09:35:19 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.11.11 09:35:19 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.11.11 09:35:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.11.11 09:35:09 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys [2010.11.11 02:24:18 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.11.10 18:53:52 | 000,000,402 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{35B65A4B-1C29-4E8F-98F5-D8069714CDE6}.job [2010.11.09 17:32:00 | 000,097,280 | ---- | M] () -- C:\Users\Terrence\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.11.09 17:10:30 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI [2010.10.27 15:07:58 | 000,953,525 | ---- | M] () -- C:\Users\Terrence\Documents\c_Informatik_und_C_Skript_Release_2_4_IOE[2].pdf [2010.10.24 13:43:21 | 000,000,480 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Terrence.job [2010.10.19 21:51:33 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2010.10.14 14:44:50 | 000,489,888 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.10.12 19:25:41 | 000,000,615 | ---- | M] () -- C:\Users\Terrence\Desktop\5. Semester - Verknüpfung.lnk ========== Files Created - No Company Name ========== [2010.11.11 09:49:02 | 000,000,944 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk [2010.10.27 15:07:58 | 000,953,525 | ---- | C] () -- C:\Users\Terrence\Documents\c_Informatik_und_C_Skript_Release_2_4_IOE[2].pdf [2010.01.20 13:36:45 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI [2009.12.07 12:36:49 | 000,000,760 | ---- | C] () -- C:\Users\Terrence\AppData\Roaming\setup_ldm.iss [2009.11.25 21:25:03 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2009.09.19 17:11:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.25 12:46:25 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2009.08.25 12:44:04 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2009.06.25 19:21:50 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2009.01.07 20:52:20 | 000,000,145 | ---- | C] () -- C:\Windows\BRVIDEO.INI [2009.01.07 20:52:20 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini [2009.01.07 20:52:06 | 000,000,114 | ---- | C] () -- C:\Windows\System32\brlmw03a.ini [2009.01.07 20:52:05 | 000,009,853 | ---- | C] () -- C:\Windows\HL-2140.INI [2009.01.07 20:51:09 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2009.01.07 20:44:47 | 000,000,275 | ---- | C] () -- C:\Windows\Brownie.ini [2008.07.28 06:16:57 | 000,104,724 | ---- | C] () -- C:\Users\Terrence\AppData\Roaming\nvModes.001 [2008.07.27 21:41:14 | 000,104,724 | ---- | C] () -- C:\Users\Terrence\AppData\Roaming\nvModes.dat [2008.05.02 16:20:59 | 000,000,250 | ---- | C] () -- C:\Users\Terrence\AppData\Roaming\Default.PLS [2008.05.02 15:01:52 | 000,097,280 | ---- | C] () -- C:\Users\Terrence\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.04.30 18:25:09 | 000,000,096 | ---- | C] () -- C:\Users\Terrence\AppData\Local\fusioncache.dat [2008.03.01 10:28:59 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2008.03.01 10:28:58 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini [2008.02.29 06:19:08 | 000,299,008 | ---- | C] () -- C:\Windows\System32\midas.dll [2008.02.29 06:19:07 | 000,120,320 | ---- | C] () -- C:\Windows\System32\UnzDll.dll [2008.02.26 06:59:51 | 000,000,381 | ---- | C] () -- C:\Windows\WISO.INI [2008.02.26 05:07:07 | 000,009,867 | ---- | C] () -- C:\Windows\System32\drivers\HOTKEY.sys [2008.02.26 05:02:49 | 001,749,760 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2008.02.26 05:02:49 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2008.02.26 05:02:49 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2008.02.26 05:02:49 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini [2008.02.08 15:34:02 | 000,009,824 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll [2008.02.08 15:33:25 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2007.12.04 13:55:36 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2004.12.14 12:04:48 | 000,266,240 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2004.12.14 12:02:49 | 001,175,552 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2003.02.20 16:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI [2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll < End of report > Extras.Txt:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 11.11.2010 11:00:15 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Terrence\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 27,00% Memory free
10,00 Gb Paging File | 1,00 Gb Available in Paging File | 8,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 268,80 Gb Total Space | 142,59 Gb Free Space | 53,05% Space Free | Partition Type: NTFS
Drive D: | 29,28 Gb Total Space | 17,30 Gb Free Space | 59,09% Space Free | Partition Type: FAT32
Drive G: | 1397,26 Gb Total Space | 858,40 Gb Free Space | 61,43% Space Free | Partition Type: NTFS
Drive H: | 372,61 Gb Total Space | 324,34 Gb Free Space | 87,05% Space Free | Partition Type: NTFS
Computer Name: TERRENCE-PC | User Name: Terrence | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1F04DC29-A988-478A-A414-ADAD68CA53FE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{5871A128-D06C-441B-A60E-E3652938398C}" = rport=138 | protocol=17 | dir=out | app=system |
"{79B8885D-894A-4C62-8C50-AB5CD428DF1D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{80021563-F1FC-48E0-A867-9FCCDE122FB3}" = rport=445 | protocol=6 | dir=out | app=system |
"{86F2F92F-C77C-49C2-B8A9-D5A0801B8FE9}" = lport=137 | protocol=17 | dir=in | app=system |
"{A046455A-D426-4736-8403-67E0E0C438A9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A78F7028-CD74-42D4-A314-96F2C916F3DC}" = rport=139 | protocol=6 | dir=out | app=system |
"{A8CB31B5-698C-4ED0-92EE-8DE6444311CF}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{ADBC3843-7784-4CFE-8316-F8AD4BB7D592}" = lport=49178 | protocol=6 | dir=in | name=akamai netsession interface |
"{AE14C2AF-8138-4900-A3F3-572F1ECDBE23}" = lport=139 | protocol=6 | dir=in | app=system |
"{BFF5A569-E021-4937-ACBC-21AB0D4F66BE}" = lport=138 | protocol=17 | dir=in | app=system |
"{CB60C474-1A66-438E-A48B-1500C17CE29C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D5C8D36E-B097-47E4-B79E-4A548718DE56}" = rport=137 | protocol=17 | dir=out | app=system |
"{EB7BBFF7-0FF8-4672-B345-0F1C0487297A}" = lport=445 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01A165AB-D9A5-41CB-A196-1709CEC1537C}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe |
"{24A50AEE-D406-4048-B0BC-02A5913D469D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{3C5A8524-4DEF-4D50-9A70-4846FC3B2671}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{5C97BE55-1E38-4BF9-B224-A9641EA98DA3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{687B5CEF-BC5F-4893-A514-A606B79C2497}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe |
"{6C0DA55C-2572-45EF-B1E0-B722D0E2A190}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{709EA6AA-EE90-4CE0-AF4D-DD8E27F5ABB3}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{79952A36-49A8-4DEF-999C-20FB3B2C088C}" = protocol=17 | dir=in | app=c:\program files\voipdiscount.com\voipdiscount\voipdiscount.exe |
"{9A2DB446-B9C5-49F9-8DF0-B4F071AD1CF8}" = protocol=6 | dir=in | app=c:\program files\voipdiscount.com\voipdiscount\voipdiscount.exe |
"{AB000C05-D6B5-4F4C-83EB-06493ED76728}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{B46E3084-F6F1-416B-84D3-505B4094EBB8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{BFBD3A98-B585-400D-A6D1-CAB6C743F17E}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{CC62E603-FA70-43F0-916F-B22ABF1ED8FC}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe |
"{E14C8F95-410A-4F6F-B07A-846FA6B92BF0}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{EA6F3C65-895C-4EC8-8116-E1991A7924F7}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"TCP Query User{44953CBE-73BE-4D4E-A71E-10F1F163EBFF}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{4902D6BB-48A5-462F-8E71-B2906E505A6D}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"TCP Query User{870DBB7D-A040-49A2-AFEB-3AE4401C1A13}C:\users\terrence\appdata\local\temp\pyl7638.tmp\pyrun.exe" = protocol=6 | dir=in | app=c:\users\terrence\appdata\local\temp\pyl7638.tmp\pyrun.exe |
"TCP Query User{90291ACF-E4FD-49E5-885C-98DDE9B352BD}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{A20C8569-D3DA-4BEE-A3F0-BB0BE1D5A118}C:\program files\voipdiscount.com\voipdiscount\voipdiscount.exe" = protocol=6 | dir=in | app=c:\program files\voipdiscount.com\voipdiscount\voipdiscount.exe |
"TCP Query User{CCCC13A1-15F2-4978-9CFA-DE1FD6A70221}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{D6294F95-A423-4AE1-99AD-30D6C0283518}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"TCP Query User{D6F37643-DA5B-4466-886F-11167F3D74FE}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{E85E05EB-B6E9-41A3-ACEB-9F4826D84A92}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{F6159184-6A12-4E0B-BAA9-65B675A48836}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{014A1198-563F-45E4-BD53-8CC26895BBA5}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{066FD862-CBAA-4900-877B-61A9EEC62CA2}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{0811CAAC-26BA-4E49-940B-22B092990BCA}C:\users\terrence\appdata\local\temp\pyl7638.tmp\pyrun.exe" = protocol=17 | dir=in | app=c:\users\terrence\appdata\local\temp\pyl7638.tmp\pyrun.exe |
"UDP Query User{1D9D5BAA-6238-473B-88AA-F5FF9354099C}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{2CA7095E-AF82-4326-836A-3E0D4E27CA7B}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{5C65A77E-A9B4-46DE-8FCF-AD4B8715BB91}C:\program files\voipdiscount.com\voipdiscount\voipdiscount.exe" = protocol=17 | dir=in | app=c:\program files\voipdiscount.com\voipdiscount\voipdiscount.exe |
"UDP Query User{5D229ED0-CEF9-4D11-B021-5EFFFCFCB18F}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"UDP Query User{6B645F31-5BAB-4956-ACA0-1F4CFA55FAA2}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{8623385E-E5EF-4244-83C2-07CB9BDA9757}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{9BD0EE27-A969-4F00-B4FF-2D38B9D6839E}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (AUTODESKVAULT)
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6000
"{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{27FDF949-69CE-435A-8372-339F72336AC5}" = MEDIONbox
"{2E41963B-151C-4D8B-BE5D-15A4F161719F}" = GoGear Spark Device Manager
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41EEF558-3585-4020-8DF2-B182A0CE2D69}" = Autodesk Vault 2011 (Client)
"{41EEF558-3585-4028-8DF2-B182A0CE2D69}" = Autodesk Vault 2011 (Client) German Language Pack
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV
"{4EF8BE6A-899C-4196-94E7-297C5F7A203E}" = pdfforge Toolbar v1.1.1
"{53DF73B1-37F5-4B7F-86ED-FA7CC4041031}" = Nero 8 Essentials
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5783F2D7-9001-0407-0002-0060B0CE6BBA}" = AutoCAD 2011 - Deutsch
"{5783F2D7-9001-0407-1002-0060B0CE6BBA}" = AutoCAD 2011 Language Pack - Deutsch
"{5783F2D7-9005-0407-0002-0060B0CE6BBA}" = AutoCAD Mechanical 2011
"{5783F2D7-9005-0407-1002-0060B0CE6BBA}" = AutoCAD Mechanical 2011 Language Pack - Deutsch
"{5783F2D7-9028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2011
"{588D9F5F-8C62-4421-BAE9-CCAA57D4E4EE}" = TVsweeper 3
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76D6189D-1532-0400-0000-DFC2EE337EAC}" = Autodesk Inventor View 2011
"{76D6189D-1532-0400-0001-DFC2EE337EAC}" = Autodesk Inventor View 2011 Language Pack - Deutsch
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
"{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer
"{84ED5482-CFB0-4DD9-BF18-489FFDACD18A}" = Microsoft Antimalware Service DE-DE Language Pack
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{8D20B4D7-3422-4099-9332-39F27E617A6F}" = Autodesk Design Review 2011
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink Wireless LAN
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{975951E7-14D0-49AF-A630-89680D12D7F6}" = Autodesk Material Library 2011 Medium Image library
"{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}" = Google Earth
"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition
"{BD1587F7-B8D0-4111-8F1F-3327628AB02F}" = 3531-W-D
"{C79A37F3-C076-48BE-B290-F4C8676ABD74}" = Samsung PC Studio 3
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCF22908-ECD2-4068-84F1-BA02DA1EC72D}" = GoGear Spark Device Manager
"{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.4.9
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{D8D22773-14BF-4178-A683-3DBA515C2A26}" = WISO Mein Geld 2008 Professional
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E0091C29-DEE8-4B24-BF65-8C35B5940D77}" = Letstrade
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{E815FB81-995F-4F33-8E25-F16712123AB7}" = AuthenTec Fingerprint Sensor Minimum Install
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}" = OmniPass 5.00.91
"{F6A5EEB3-CFA6-47E8-879D-F68EFEEEA2E8}" = Brother HL-2140
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FEDE400D-3381-4087-ACCB-689DD8A56123}" = Inst5657
"7-Zip" = 7-Zip 4.65
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Akamai" = Akamai NetSession Interface
"AutoCAD 2011 - Deutsch" = AutoCAD 2011 - Deutsch
"AutoCAD Mechanical 2011" = AutoCAD Mechanical 2011
"Autodesk Design Review 2011" = Autodesk Design Review 2011
"Autodesk Inventor View 2011" = Autodesk Inventor View 2011 Deutsch
"Autodesk Vault 2011 (Client)" = Autodesk Vault 2011 (Client)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BullGuard" = BullGuard 7.0 for Vista
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"DWG TrueView 2011" = DWG TrueView 2011
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"GSview 4.9" = GSview 4.9
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"LetsTrade" = LetsTrade Komponenten
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediacoderSE1.1" = MediacoderSE
"MEDION Fotos auf CD Nord D" = MEDION Fotos auf CD Nord
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Essentials" = Microsoft Security Essentials
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MiKTeX 2.8" = MiKTeX 2.8
"Nomad MuVo TX" = NOMAD MuVo TX
"NSS" = Norton Security Scan
"NVIDIA Drivers" = NVIDIA Drivers
"RealPlayer 6.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"VLC media player" = VLC media player 1.1.4
"VoipDiscount_is1" = VoipDiscount
"WinRAR archiver" = WinRAR Archivierer
"Wubi" = Ubuntu
"X10Hardware" = X10 Hardware(TM)
"XviD" = XviD MPEG-4 Codec
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 27.03.2010 12:44:25 | Computer Name = Terrence-PC | Source = WinMgmt | ID = 10
Description =
Error - 27.03.2010 12:46:24 | Computer Name = Terrence-PC | Source = Autodesk Data Management Job Dispatch | ID = 0
Description = JobService.GetAllJobs() failure Timeout für Vorgang überschritten
Error - 28.03.2010 04:03:04 | Computer Name = Terrence-PC | Source = WinMgmt | ID = 10
Description =
Error - 28.03.2010 04:05:07 | Computer Name = Terrence-PC | Source = Autodesk Data Management Job Dispatch | ID = 0
Description = JobService.GetAllJobs() failure Timeout für Vorgang überschritten
Error - 28.03.2010 04:08:48 | Computer Name = Terrence-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung vlc.exe, Version 0.8.4.0, Zeitstempel 0x439dd576,
fehlerhaftes Modul libwxwidgets_plugin.dll, Version 0.0.0.0, Zeitstempel 0x439dd584,
Ausnahmecode 0xc0000005, Fehleroffset 0x001854fc, Prozess-ID 0x15e8, Anwendungsstartzeit
01cace4db4426430.
Error - 29.03.2010 02:52:34 | Computer Name = Terrence-PC | Source = WinMgmt | ID = 10
Description =
Error - 30.03.2010 01:22:36 | Computer Name = Terrence-PC | Source = WinMgmt | ID = 10
Description =
Error - 30.03.2010 05:43:56 | Computer Name = Terrence-PC | Source = WinMgmt | ID = 10
Description =
Error - 30.03.2010 05:47:32 | Computer Name = Terrence-PC | Source = Autodesk Data Management Job Dispatch | ID = 0
Description = JobService.GetAllJobs() failure Timeout für Vorgang überschritten
Error - 12.04.2010 16:57:06 | Computer Name = Terrence-PC | Source = WinMgmt | ID = 10
Description =
[ Media Center Events ]
Error - 04.11.2008 10:49:07 | Computer Name = Terrence-PC | Source = ehRecvr | ID = 3
Description =
Error - 21.09.2009 19:00:50 | Computer Name = Terrence-PC | Source = Recording | ID = 19
Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 09/22/2009 01:00:50
automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen.
Error - 21.09.2009 19:00:52 | Computer Name = Terrence-PC | Source = Recording | ID = 19
Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 09/22/2009 01:00:52
automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen.
Error - 15.10.2009 01:39:10 | Computer Name = Terrence-PC | Source = Recording | ID = 19
Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 10/15/2009 07:39:10
automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen.
Error - 30.11.2009 04:02:30 | Computer Name = Terrence-PC | Source = Recording | ID = 19
Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 11/30/2009 09:02:30
automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen.
Error - 23.04.2010 06:33:52 | Computer Name = Terrence-PC | Source = Recording | ID = 19
Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 04/23/2010 12:33:52
automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen.
Error - 28.04.2010 10:51:28 | Computer Name = Terrence-PC | Source = Recording | ID = 19
Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 04/28/2010 16:51:28
automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen.
Error - 13.05.2010 03:36:07 | Computer Name = Terrence-PC | Source = Recording | ID = 19
Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 05/13/2010 09:36:07
automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen.
Error - 19.05.2010 11:08:37 | Computer Name = Terrence-PC | Source = Recording | ID = 19
Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 05/19/2010 17:08:37
automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen.
Error - 10.11.2010 07:37:20 | Computer Name = Terrence-PC | Source = Recording | ID = 19
Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 11/10/2010 12:37:20
automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen.
[ System Events ]
Error - 09.11.2010 11:57:03 | Computer Name = Terrence-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 10.11.2010 07:35:02 | Computer Name = Terrence-PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker PDFCreator nicht unter dem Namen
PDFCreator freigeben. Fehler: 2114. Der Drucker kann nicht von anderen Benutzern
im Netzwerk verwendet werden.
Error - 10.11.2010 07:35:02 | Computer Name = Terrence-PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker Brother HL-2140 series nicht unter
dem Namen Brother HL-2140 series freigeben. Fehler: 2114. Der Drucker kann nicht
von anderen Benutzern im Netzwerk verwendet werden.
Error - 10.11.2010 07:35:47 | Computer Name = Terrence-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 10.11.2010 12:23:57 | Computer Name = Terrence-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
für die Netzwerkkarte mit der Netzwerkadresse 000AE4CB4180 zugeteilt werden. Der
folgende Fehler ist aufgetreten: %%258. Es wird weiterhin im Hintergrund versucht,
eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
Error - 10.11.2010 12:24:03 | Computer Name = Terrence-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 10.11.2010 14:08:36 | Computer Name = Terrence-PC | Source = Service Control Manager | ID = 7006
Description =
Error - 10.11.2010 21:23:55 | Computer Name = Terrence-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 10.11.2010 21:24:01 | Computer Name = Terrence-PC | Source = DCOM | ID = 10010
Description =
Error - 11.11.2010 04:36:07 | Computer Name = Terrence-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
|
|
11.11.2010, 22:30
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | ebenfalls Link über ICQ gesendet bekommen und geöffnet Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
SRV - (Akamai) -- c:\Programme\Common Files\Akamai\netsession_win_4176eef.dll ()
O4 - HKCU..\Run: [] File not found
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
15.11.2010, 08:43
| #5 |
| | ebenfalls Link über ICQ gesendet bekommen und geöffnet All processes killed ========== OTL ========== Service Akamai stopped successfully! Service Akamai deleted successfully! c:\Programme\Common Files\Akamai\netsession_win_4176eef.dll moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: Terrence ->Temp folder emptied: 1252607170 bytes ->Temporary Internet Files folder emptied: 358396821 bytes ->Java cache emptied: 26779340 bytes ->Flash cache emptied: 136095 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 64661117 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 1.624,00 mb OTL by OldTimer - Version 3.2.17.3 log created on 11122010_201522 Files\Folders moved on Reboot... File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot. File\Folder C:\Windows\temp\tmp0000237f\tmp00000000 not found! C:\Windows\temp\JET48F1.tmp moved successfully. File\Folder C:\Windows\temp\JET6585.tmp not found! Registry entries deleted on Reboot... |
|
15.11.2010, 09:13
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | ebenfalls Link über ICQ gesendet bekommen und geöffnet Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ --> ebenfalls Link über ICQ gesendet bekommen und geöffnet |
|
15.11.2010, 14:15
| #7 |
| | ebenfalls Link über ICQ gesendet bekommen und geöffnet Combofix Logfile: Code:
ATTFilter ComboFix 10-11-14.02 - Terrence 15.11.2010 9:55.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3070.1753 [GMT 1:00]
ausgeführt von:: c:\users\Terrence\Desktop\cofi.exe
AV: BullGuard Antivirus *On-access scanning enabled* (Outdated) {7A9BB333-8EDF-4FDC-A2A5-1A30FA021913}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Im Speicher befindliches AV aktiv.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\pdfforge Toolbar\pdFForgetoolbarie.dll
c:\program files\pdfforge Toolbar\SeARchsettings.dll
c:\windows\Downloaded Program Files\IDropPTB.dll
D:\Autorun.inf
Infizierte Kopie von c:\windows\system32\userinit.exe wurde gefunden und desinfiziert
Kopie von - c:\cofi\HarddiskVolumeShadowCopy7_!Windows!System32!userinit.exe wurde wiederhergestellt
.
((((((((((((((((((((((( Dateien erstellt von 2010-10-15 bis 2010-11-15 ))))))))))))))))))))))))))))))
.
2010-11-15 09:43 . 2010-11-15 09:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-15 08:31 . 2010-11-15 08:31 -------- d-----w- c:\program files\CCleaner
2010-11-15 07:49 . 2010-10-07 15:21 6146896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-11-15 07:48 . 2010-10-07 15:21 6146896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{428140D1-1A9E-4248-81D7-DB838A9D9799}\mpengine.dll
2010-11-12 19:15 . 2010-11-12 19:15 -------- d-----w- C:\_OTL
2010-11-11 12:49 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-11-11 12:49 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-11-11 12:49 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-11-11 12:49 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-11-11 12:49 . 2010-09-07 15:47 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-11-11 12:48 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-11-11 12:48 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-11-11 12:47 . 2010-11-11 12:47 -------- d-----w- c:\programdata\Alwil Software
2010-11-11 12:47 . 2010-11-11 12:47 -------- d-----w- c:\program files\Alwil Software
2010-11-11 08:49 . 2010-11-11 08:49 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-11-10 19:17 . 2010-11-10 19:17 -------- d-----w- c:\users\Terrence\AppData\Roaming\Malwarebytes
2010-11-10 19:16 . 2010-04-29 11:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-10 19:16 . 2010-11-10 19:16 -------- d-----w- c:\programdata\Malwarebytes
2010-11-10 19:16 . 2010-04-29 11:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-10 19:16 . 2010-11-11 01:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-10 18:09 . 2010-11-10 18:09 -------- d-----w- c:\users\Terrence\AppData\Roaming\Avira
2010-11-10 18:08 . 2010-08-02 15:09 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-10 18:08 . 2010-08-02 15:09 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-11-10 18:08 . 2010-11-10 18:08 -------- d-----w- c:\programdata\Avira
2010-11-10 18:08 . 2010-11-10 18:08 -------- d-----w- c:\program files\Avira
2010-11-10 11:44 . 2010-10-07 11:37 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-11-09 16:01 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E152310E-37B0-42B0-9DE1-C42B6C445B5E}\mpengine.dll
2010-10-27 10:51 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-27 10:51 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-27 10:51 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 20:51 . 2009-10-12 06:45 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-13 13:56 . 2010-10-14 12:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-08 06:01 . 2010-10-14 12:59 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57 . 2010-10-14 12:59 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57 . 2010-10-14 12:59 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56 . 2010-10-14 12:59 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:56 . 2010-10-14 12:59 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:04 . 2010-10-14 12:59 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26 . 2010-10-14 12:59 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25 . 2010-10-14 12:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-06 16:20 . 2010-10-14 12:59 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:19 . 2010-10-14 12:59 17920 ----a-w- c:\windows\system32\netevent.dll
2010-09-06 13:45 . 2010-10-14 12:59 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-09-06 13:45 . 2010-10-14 12:59 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-09-06 13:45 . 2010-10-14 12:59 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-31 15:46 . 2010-10-14 12:59 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:46 . 2010-10-14 12:59 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 15:44 . 2010-10-14 12:59 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-08-31 13:27 . 2010-10-14 12:59 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-08-26 16:37 . 2010-10-14 12:59 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-08-26 16:33 . 2010-10-27 10:51 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33 . 2010-10-27 10:51 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-26 16:33 . 2010-10-27 10:51 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:33 . 2010-10-27 10:51 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-20 16:05 . 2010-10-14 12:59 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-08-17 14:11 . 2010-09-17 07:23 128000 ----a-w- c:\windows\system32\spoolsv.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-23 68856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-09-26 3660848]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-18 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-18 8501792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-18 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-12-17 4718592]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-31 102400]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2007-09-01 32768]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2007-09-06 188416]
"LMgrOSD"="c:\program files\Launch Manager\OSD.exe" [2006-12-26 180224]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2007-09-07 86016]
"OmniPass"="c:\program files\Softex\OmniPass\scureapp.exe" [2007-11-02 2564096]
"RemoteControl"="c:\program files\HomeCinema\PowerDVD\PDVDServ.exe" [2007-02-09 71216]
"LanguageShortcut"="c:\program files\HomeCinema\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"UCam_Menu"="c:\program files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]
"TVBroadcast"="c:\program files\Sceneo\AbsolutTV\SERVICES\ODSBC\ODSBCApp.exe" [2007-08-07 797696]
"toolbar_eula_launcher"="c:\program files\GoogleEULA\EULALauncher.exe" [2007-02-09 16896]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-03 185896]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2007-07-31 815104]
"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2009-07-29 1024512]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 69632]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-12-7 809488]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\G:\0autocheck autochk *
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-10-15 09:14 202024 ----a-w- c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullGuard]
2008-04-30 17:50 308552 ----a-w- c:\program files\BullGuard Software\BullGuard\BullGuard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
R3 PhilCap;NXP service;c:\windows\system32\DRIVERS\PhilCap.sys [2007-07-31 908896]
R3 Reconn;BullGuard Email Monitor;c:\program files\BullGuard Software\BullGuard\reconn.sys [2007-06-28 16984]
R3 uxddrv;Dynamically loaded UxdDrv;f:\diagnose\WSTGER32\2PART\uxddrv86.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-03-25 99728]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2010-03-25 31824]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\DRIVERS\Si3531.sys [2007-06-01 210736]
S1 aswSP;aswSP; [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-08-02 135336]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 BdFileSpy;BullGuard File Monitor Driver;c:\windows\system32\drivers\BdFileSpy.sys [2008-04-30 50896]
S2 BsFileScan;BullGuard File Scan Service;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 BsMailProxy;BullGuard Email Monitoring Service;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 GnabService;GnabService;c:\program files\common files\gnab\service\servicecontroller.exe [2007-04-19 36864]
S2 srvcPVR;Sceneo PVR Service;c:\program files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe [2007-08-16 1681408]
S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2007-11-21 327168]
S3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2007-09-11 118784]
S3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2006-11-17 13976]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
BullGuard REG_MULTI_SZ BgMainSvc BsFileScan BsMailProxy
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
Inhalt des "geplante Tasks" Ordners
2010-11-11 c:\windows\Tasks\Norton Security Scan for Terrence.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-07-10 07:48]
2010-11-15 c:\windows\Tasks\User_Feed_Synchronization-{35B65A4B-1C29-4E8F-98F5-D8069714CDE6}.job
- c:\windows\system32\msfeedssync.exe [2010-10-14 04:25]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://10.11.14.154/wohnheim/netzag/index.php?target=quota
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4
.
.
------- Dateityp-Verknüpfung -------
.
.scr=AutoCADScriptFile
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-11-15 10:48
Windows 6.0.6002 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
"MSCurrentCountry"=dword:000000b5
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'Explorer.exe'(5972)
c:\program files\Softex\OmniPass\SCUREDLL.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Softex\OmniPass\OmniServ.exe
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\BullGuard Software\BullGuard\BullGuardUpdate.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Windows Calendar\wincal.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Medion\MEDIONbox\Program\GCS.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Softex\OmniPass\opvapp.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\WUDFHost.exe
c:\progra~1\COMMON~1\X10\Common\x10nets.exe
c:\windows\system32\conime.exe
c:\windows\System32\rundll32.exe
c:\windows\RtHDVCpl.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\windows\ehome\ehsched.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\windows\ehome\ehRecvr.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-11-15 10:59:12 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-11-15 09:59
Vor Suchlauf: 12 Verzeichnis(se), 168.241.840.128 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 168.550.944.768 Bytes frei
- - End Of File - - C15711B8E036F462F9DE88EA09EFAF72
|
|
18.11.2010, 16:33
| #8 |
| | ebenfalls Link über ICQ gesendet bekommen und geöffnet Hallo, ich möchte ja nicht für ungeduldig wirken, aber ich habe schon seit ein paar Tagen nachdem ich den Combofix Logfile ins Forum kopiert habe, keine Antwort mehr bekommen. Kann ich nun davon ausgehen, dass Virus/Trojaner/Plagegeist nun von meinen Computer entfernt worden ist oder sind noch weitere Schritte nötig oder Möglichkeiten offen den Störenfried zu beseitigen? Ich bedanke mich auf jedenfall schon mal für die mir bisher geleistete Hilfe und Mühen. Über eine Antwort auf meinen Beitrag würde ich mich freuen. Mit freundlichen Grüßen, Martin |
|
18.11.2010, 19:32
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | ebenfalls Link über ICQ gesendet bekommen und geöffnet Sry hab deinen Beitrag übersehen. Man möge mir verzeihen  Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.11.2010, 20:32
| #10 |
| | ebenfalls Link über ICQ gesendet bekommen und geöffnet GMER hat bei mir auch nach dem 2. Versuch nicht einwandfrei gearbeitet. Hier ist der LogFile von Osam: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 20:29:47 on 18.11.2010 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "Norton Security Scan for Terrence.job" - "Symantec Corporation" - C:\Program Files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "Ddbaccpl.cpl" - "DataDesign AG" - C:\Windows\system32\Ddbaccpl.cpl "ddBACCTM.cpl" - "DataDesign AG" - C:\Windows\system32\ddBACCTM.cpl "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl "plotman.cpl" - "Autodesk, Inc." - C:\Windows\system32\plotman.cpl "styleman.cpl" - "Autodesk, Inc." - C:\Windows\system32\styleman.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "aswFsBlk" (aswFsBlk) - "AVAST Software" - C:\Windows\system32\drivers\aswFsBlk.sys "aswMonFlt" (aswMonFlt) - "AVAST Software" - C:\Windows\system32\drivers\aswMonFlt.sys "aswRdr" (aswRdr) - "AVAST Software" - C:\Windows\system32\drivers\aswRdr.sys "aswSP" (aswSP) - "AVAST Software" - C:\Windows\system32\drivers\aswSP.sys "avast! Network Shield Support" (aswTdi) - "AVAST Software" - C:\Windows\system32\drivers\aswTdi.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "BullGuard Email Monitor" (Reconn) - "BullGuard Ltd." - C:\Program Files\BullGuard Software\BullGuard\reconn.sys "BullGuard File Monitor Driver" (BdFileSpy) - "BullGuard Ltd." - C:\Windows\system32\drivers\BdFileSpy.sys "catchme" (catchme) - ? - C:\cofi\catchme.sys (File not found) "Dynamically loaded UxdDrv" (uxddrv) - ? - F:\DIAGNOSE\WSTGER32\2PART\uxddrv86.sys (File not found) "Hotkey" (Hotkey) - ? - C:\Windows\system32\drivers\Hotkey.sys (File found, but it contains no detailed information) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys (File found, but it contains no detailed information) "Treiber für Player-Wiederherstellungsgerät" (StMp3Rec) - ? - C:\Windows\System32\Drivers\StMp3Rec.sys (File not found) "uglcrkob" (uglcrkob) - ? - C:\Users\Terrence\AppData\Local\Temp\uglcrkob.sys (Hidden registry entry, rootkit activity | File not found) "VBoxNetFlt Service" (VBoxNetFlt) - ? - C:\Windows\System32\DRIVERS\VBoxNetFlt.sys (File not found) "VirtualBox Host-Only Ethernet Adapter" (VBoxNetAdp) - "Sun Microsystems, Inc." - C:\Windows\System32\DRIVERS\VBoxNetAdp.sys "VirtualBox USB" (VBoxUSB) - "Sun Microsystems, Inc." - C:\Windows\System32\Drivers\VBoxUSB.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {8A0BC933-7552-42E2-A228-3BE055777227} "AcColumnHandler" - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {8A0BC933-7552-42E2-A228-3BE055777227} "AcColumnHandler" - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll {4B392032-A759-43ED-9469-377C80A4472D} "AcDgnImageExtractor" - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\AcDgnCOM18.dll {5800AD5B-72C1-477B-9A08-CA112DF06D97} "AcInfoTipHandler" - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll {36A21736-36C2-4C11-8ACB-D4136F2B57BD} "AcSignIcon" - "Autodesk, Inc." - C:\Windows\system32\AcSignIcon.dll {AC1DB655-4F9A-4c39-8AD2-A65324A4C446} "ACTHUMBNAIL" - "Autodesk, Inc." - C:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcThumbnail16.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {472083B0-C522-11CF-8763-00608CC02F24} "avast" - "AVAST Software" - C:\Program Files\Alwil Software\Avast5\ashShell.dll {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {27887764-0D0A-4C3C-B0C6-91A332FFF6A7} "DWFVShellExt Class" - "Autodesk, Inc." - C:\Program Files\Common Files\Autodesk Shared\DWF Common\DWF_VShell.dll {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech, Inc." - C:\Program Files\Logitech\SetPoint\kbcplext.dll {B9B9F083-2B04-452A-8691-83694AC1037B} "LogiExt Class" - "Logitech, Inc." - C:\Program Files\Logitech\SetPoint\mcplext.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\OFFICE11\msohev.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll {CCFE56EE-C7DE-44EE-A160-4553A5A912C9} "OmniPass Shell Extension" - ? - (File not found | COM-object registry key not found) {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {D0CE97A0-415B-42E9-B251-34393AF2D5F6} "Softex OmniPass Encrypted File" - "Softex Inc." - C:\Program Files\Softex\OmniPass\opfolderext.dll {D5B1944E-DB4E-482E-B3F1-DB05827F0978} "Softex OmniPass Encrypted Folder" - "Softex Inc." - C:\Program Files\Softex\OmniPass\opfolderext.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll (File found, but it contains no detailed information) [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-15/4 (HTTP value) -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {E312764E-7706-43F1-8DAB-FCDD2B1E416D} "{E312764E-7706-43F1-8DAB-FCDD2B1E416D}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC} "ClsidExtension" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll "eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 (HTTP value) "ICQ6" - "ICQ, LLC." - C:\Program Files\ICQ6.5\ICQ.exe {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {D0943516-5076-4020-A3B5-AEFAF26AB263} "Veoh Browser Plug-in" - "Veoh Networks Inc" - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "SSVHelper Class" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Terrence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Logitech SetPoint.lnk" - "Logitech, Inc." - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "swg" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "Veoh" - "Veoh Networks" - "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "avast5" - "AVAST Software" - "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "BrStsWnd" - "brother" - C:\Program Files\Brownie\BrstsWnd.exe Autorun "DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW "HotkeyApp" - "Wistron" - "C:\Program Files\Launch Manager\HotkeyApp.exe" "IAAnotif" - "Intel Corporation" - "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" "LanguageShortcut" - ? - "C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe" "LaunchAp" - ? - "C:\Program Files\Launch Manager\LaunchAp.exe" "LMgrOSD" - "Wistron Corp." - "C:\Program Files\Launch Manager\OSD.exe" "MSSE" - "Microsoft Corporation" - "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey "OmniPass" - ? - C:\Program Files\Softex\OmniPass\scureapp.exe "RemoteControl" - "Cyberlink Corp." - "C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe" "SearchSettings" - "Spigot, Inc." - C:\Program Files\pdfforge Toolbar\SearchSettings.exe "TkBellExe" - "RealNetworks, Inc." - "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot "toolbar_eula_launcher" - " " - C:\Program Files\GoogleEULA\EULALauncher.exe "TVBroadcast" - "ODSoft multimedia" - C:\Program Files\Sceneo\AbsolutTV\SERVICES\ODSBC\ODSBCApp.exe "UCam_Menu" - "CyberLink Corp." - "C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\YouCam" update "Software\CyberLink\YouCam\1.0" "Wbutton" - "Wistron" - "C:\Program Files\Launch Manager\Wbutton.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll "PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll (File found, but it contains no detailed information) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Autodesk Licensing Service" (Autodesk Licensing Service) - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe "avast! Antivirus" (avast! Antivirus) - "AVAST Software" - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe "avast! Mail Scanner" (avast! Mail Scanner) - "AVAST Software" - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe "avast! Web Scanner" (avast! Web Scanner) - "AVAST Software" - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "BullGuard Email Monitoring Service" (BsMailProxy) - "BullGuard Ltd." - C:\Program Files\BullGuard Software\BullGuard\BsMailProxy.dll "BullGuard File Scan Service" (BsFileScan) - "BullGuard Ltd." - C:\Program Files\BullGuard Software\BullGuard\BsFileScan.dll "BullGuard LiveUpdate" (BGLiveSvc) - "BullGuard Software" - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe "BullGuard Main Service" (BgMainSvc) - "BullGuard, Ltd." - C:\Program Files\BullGuard Software\BullGuard\BsMain.dll "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe "Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe "FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe "GnabService" (GnabService) - "Empolis GmbH" - c:\program files\common files\gnab\service\servicecontroller.exe "Google Updater Service" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe "Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Antimalware Service" (MsMpSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe "Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe "NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Sceneo PVR Service" (srvcPVR) - "Buhl Data Service GmbH" - C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe "Softex OmniPass Service" (omniserv) - "Softex Inc." - C:\Program Files\Softex\OmniPass\OmniServ.exe "SQL Server (AUTODESKVAULT)" (MSSQL$AUTODESKVAULT) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe "SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe "SQL Server-Browser" (SQLBrowser) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe "WisLMSvc" (WisLMSvc) - "Wistron Corp." - C:\Program Files\Launch Manager\WisLMSvc.exe "X10 Device Network Service" (x10nets) - "X10" - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
|
18.11.2010, 20:34
| #11 |
| | ebenfalls Link über ICQ gesendet bekommen und geöffnet Hier nun das .txt Dokument: MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows Vista Home Premium Edition Windows Information: Service Pack 2 (build 6002), 32-bit Base Board Manufacturer: MEDION BIOS Manufacturer: Phoenix Technologies LTD System Manufacturer: MEDION System Product Name: WIM2180 Logical Drives Mask: 0x0000003c Kernel Drivers (total 168): 0x82606000 \SystemRoot\system32\ntkrnlpa.exe 0x829BF000 \SystemRoot\system32\hal.dll 0x80608000 \SystemRoot\system32\kdcom.dll 0x8060F000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x8067F000 \SystemRoot\system32\PSHED.dll 0x80690000 \SystemRoot\system32\BOOTVID.dll 0x80698000 \SystemRoot\system32\CLFS.SYS 0x806D9000 \SystemRoot\system32\CI.dll 0x8A60F000 \SystemRoot\system32\drivers\Wdf01000.sys 0x8A68B000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x8A698000 \SystemRoot\system32\drivers\acpi.sys 0x8A6DE000 \SystemRoot\system32\drivers\WMILIB.SYS 0x8A6E7000 \SystemRoot\system32\drivers\msisadrv.sys 0x8A6EF000 \SystemRoot\system32\drivers\pci.sys 0x8A716000 \SystemRoot\System32\drivers\partmgr.sys 0x8A725000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x8A728000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x8A732000 \SystemRoot\system32\drivers\volmgr.sys 0x8A741000 \SystemRoot\System32\drivers\volmgrx.sys 0x8A78B000 \SystemRoot\system32\drivers\intelide.sys 0x8A792000 \SystemRoot\system32\drivers\PCIIDEX.SYS 0x8A7A0000 \SystemRoot\System32\drivers\mountmgr.sys 0x8A808000 \SystemRoot\system32\DRIVERS\iaStor.sys 0x8A8D0000 \SystemRoot\system32\drivers\atapi.sys 0x8A8D8000 \SystemRoot\system32\drivers\ataport.SYS 0x8A8F6000 \SystemRoot\system32\DRIVERS\Si3531.sys 0x8A92C000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS 0x8A952000 \SystemRoot\system32\drivers\fltmgr.sys 0x8A984000 \SystemRoot\system32\drivers\fileinfo.sys 0x8A994000 \SystemRoot\system32\DRIVERS\SiWinAcc.sys 0x8A997000 \SystemRoot\System32\Drivers\PxHelp20.sys 0x8AA06000 \SystemRoot\System32\Drivers\ksecdd.sys 0x8AA77000 \SystemRoot\system32\drivers\ndis.sys 0x8AB82000 \SystemRoot\system32\drivers\msrpc.sys 0x8ABAD000 \SystemRoot\system32\drivers\NETIO.SYS 0x8AC03000 \SystemRoot\System32\drivers\tcpip.sys 0x8ACED000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x8AE0A000 \SystemRoot\System32\Drivers\Ntfs.sys 0x8AF1A000 \SystemRoot\system32\drivers\volsnap.sys 0x8AF53000 \SystemRoot\System32\Drivers\spldr.sys 0x8AF5B000 \SystemRoot\system32\DRIVERS\SiRemFil.sys 0x8AF5D000 \SystemRoot\System32\Drivers\mup.sys 0x8AF6C000 \SystemRoot\System32\drivers\ecache.sys 0x8AF93000 \SystemRoot\system32\drivers\disk.sys 0x8AFA4000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x8AFC5000 \SystemRoot\system32\drivers\crcdisk.sys 0x8AFDB000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x8AFE6000 \SystemRoot\system32\DRIVERS\tunmp.sys 0x8AFEF000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0x8ADD0000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x8F605000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x8FD4C000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x8FDED000 \SystemRoot\System32\drivers\watchdog.sys 0x8ADDF000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x8A9A1000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x8ADEA000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x90008000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x90095000 \SystemRoot\system32\DRIVERS\Rtlh86.sys 0x900AD000 \SystemRoot\system32\DRIVERS\netr28.sys 0x90104000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x90108000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x9011B000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x90126000 \SystemRoot\system32\DRIVERS\SynTP.sys 0x90154000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x90156000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x90161000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x90179000 \SystemRoot\System32\Drivers\x10hid.sys 0x9017B000 \SystemRoot\System32\Drivers\HIDCLASS.SYS 0x9018B000 \SystemRoot\System32\Drivers\HIDPARSE.SYS 0x90192000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0x8A7B0000 \SystemRoot\system32\DRIVERS\storport.sys 0x901C1000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x901CC000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x901E3000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x807B9000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x901EE000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x8ABE8000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x8A9DF000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x807DC000 \SystemRoot\system32\DRIVERS\termdd.sys 0x901FD000 \SystemRoot\system32\DRIVERS\swenum.sys 0x9020A000 \SystemRoot\system32\DRIVERS\ks.sys 0x90234000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x9023E000 \SystemRoot\system32\DRIVERS\umbus.sys 0x9024B000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x90280000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x90289000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x90406000 \SystemRoot\system32\drivers\RTKVHDA.sys 0x9029A000 \SystemRoot\system32\drivers\portcls.sys 0x902C7000 \SystemRoot\system32\drivers\drmk.sys 0x9060B000 \SystemRoot\system32\DRIVERS\AGRSM.sys 0x90727000 \SystemRoot\system32\drivers\modem.sys 0x90734000 \SystemRoot\system32\DRIVERS\MpFilter.sys 0x90757000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0x90760000 \SystemRoot\System32\Drivers\Null.SYS 0x90767000 \SystemRoot\System32\Drivers\Beep.SYS 0x9076E000 \SystemRoot\System32\drivers\vga.sys 0x9077A000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x9079B000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x907A3000 \SystemRoot\system32\drivers\rdpencdd.sys 0x907AB000 \SystemRoot\System32\Drivers\Msfs.SYS 0x907B6000 \SystemRoot\System32\Drivers\Npfs.SYS 0x907C4000 \SystemRoot\System32\DRIVERS\rasacd.sys 0x907CD000 \SystemRoot\system32\DRIVERS\tdx.sys 0x907E3000 \SystemRoot\System32\Drivers\aswTdi.SYS 0x902EC000 \SystemRoot\system32\DRIVERS\smb.sys 0x90300000 \SystemRoot\system32\drivers\afd.sys 0x907ED000 \SystemRoot\System32\Drivers\aswRdr.SYS 0x90348000 \SystemRoot\System32\DRIVERS\netbt.sys 0x9037A000 \SystemRoot\system32\DRIVERS\pacer.sys 0x907F2000 \SystemRoot\system32\DRIVERS\netbios.sys 0x90600000 \SystemRoot\System32\Drivers\StarOpen.SYS 0x90390000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x905F5000 \SystemRoot\system32\DRIVERS\ssmdrv.sys 0x903A3000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x903DF000 \SystemRoot\system32\drivers\nsiproxy.sys 0x90606000 \SystemRoot\System32\Drivers\Hotkey.SYS 0x903E9000 \SystemRoot\System32\Drivers\dfsc.sys 0x90807000 \SystemRoot\system32\DRIVERS\avipbb.sys 0x9082A000 \SystemRoot\System32\Drivers\aswSP.SYS 0x90851000 \SystemRoot\System32\Drivers\fastfat.SYS 0x90C07000 \SystemRoot\system32\DRIVERS\snp2uvc.sys 0x90DB3000 \SystemRoot\system32\DRIVERS\STREAM.SYS 0x90DC0000 \SystemRoot\system32\DRIVERS\sncduvc.SYS 0x90DC7000 \SystemRoot\System32\Drivers\x10ufx2.sys 0x90DD1000 \SystemRoot\system32\drivers\RTSTOR.SYS 0x90DE4000 \SystemRoot\System32\Drivers\crashdmp.sys 0x90879000 \SystemRoot\System32\Drivers\dump_iaStor.sys 0x90941000 \SystemRoot\system32\DRIVERS\ATSwpDrv.sys 0x90964000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x90DF1000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x9097B000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys 0x90983000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x9098B000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys 0x81A20000 \SystemRoot\System32\win32k.sys 0x90993000 \SystemRoot\System32\drivers\Dxapi.sys 0x9099D000 \SystemRoot\system32\DRIVERS\monitor.sys 0x81C40000 \SystemRoot\System32\TSDDD.dll 0x81C60000 \SystemRoot\System32\cdd.dll 0x81C70000 \SystemRoot\System32\ATMFD.DLL 0x909AC000 \SystemRoot\system32\drivers\luafv.sys 0x909C7000 \??\C:\Windows\system32\drivers\aswMonFlt.sys 0x8AD08000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0x8AFCE000 \??\C:\Windows\system32\drivers\BdFileSpy.sys 0x90DFA000 \SystemRoot\System32\Drivers\aswFsBlk.SYS 0x8AD1D000 \SystemRoot\system32\drivers\spsys.sys 0x807EC000 \SystemRoot\system32\DRIVERS\lltdio.sys 0xA1A0C000 \SystemRoot\system32\DRIVERS\nwifi.sys 0xA1A36000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xA1A40000 \SystemRoot\system32\DRIVERS\rspndr.sys 0xA1A53000 \SystemRoot\system32\drivers\HTTP.sys 0xA1AC0000 \SystemRoot\System32\DRIVERS\srvnet.sys 0xA1ADD000 \SystemRoot\system32\DRIVERS\bowser.sys 0xA1AF6000 \SystemRoot\System32\drivers\mpsdrv.sys 0xA1B0B000 \SystemRoot\system32\drivers\mrxdav.sys 0xA1B2C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xA1B4B000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0xA1B84000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0xA1B9C000 \SystemRoot\System32\DRIVERS\srv2.sys 0xA5602000 \SystemRoot\System32\DRIVERS\srv.sys 0xA5668000 \SystemRoot\system32\drivers\peauth.sys 0xA5746000 \SystemRoot\System32\Drivers\secdrv.SYS 0xA5750000 \SystemRoot\System32\drivers\tcpipreg.sys 0xA575C000 \SystemRoot\system32\DRIVERS\WUDFRd.sys 0xA5771000 \SystemRoot\system32\DRIVERS\WUDFPf.sys 0xA5783000 \SystemRoot\system32\DRIVERS\cdfs.sys 0xA5799000 \SystemRoot\system32\DRIVERS\asyncmac.sys 0xA57A2000 \??\C:\Users\Terrence\AppData\Local\Temp\uglcrkob.sys 0x77570000 \Windows\System32\ntdll.dll Processes (total 89): 0 System Idle Process 4 System 512 C:\Windows\System32\smss.exe 668 csrss.exe 720 C:\Windows\System32\wininit.exe 728 csrss.exe 764 C:\Windows\System32\services.exe 796 C:\Windows\System32\lsass.exe 808 C:\Windows\System32\lsm.exe 944 C:\Windows\System32\svchost.exe 1032 C:\Program Files\Softex\OmniPass\OmniServ.exe 1088 C:\Windows\System32\winlogon.exe 1096 C:\Windows\System32\svchost.exe 1156 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe 1292 C:\Windows\System32\svchost.exe 1368 C:\Windows\System32\svchost.exe 1384 C:\Windows\System32\svchost.exe 1448 C:\Windows\System32\audiodg.exe 1472 C:\Windows\System32\svchost.exe 1488 C:\Windows\System32\SLsvc.exe 1544 C:\Windows\System32\svchost.exe 1756 C:\Windows\System32\svchost.exe 1988 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe 1556 C:\Windows\System32\spoolsv.exe 1704 C:\Program Files\Avira\AntiVir Desktop\sched.exe 1736 C:\Windows\System32\svchost.exe 2220 C:\Windows\System32\taskeng.exe 2308 C:\Windows\System32\dwm.exe 2348 C:\Windows\explorer.exe 2492 C:\Windows\System32\agrsmsvc.exe 2528 C:\Program Files\Avira\AntiVir Desktop\avguard.exe 2544 C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe 2556 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe 2580 C:\Windows\System32\svchost.exe 2604 C:\Windows\System32\svchost.exe 2632 C:\Program Files\Common Files\Gnab\Service\ServiceController.exe 2852 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe 2952 C:\Program Files\Medion\MEDIONbox\Program\GCS.exe 2984 C:\Program Files\Softex\OmniPass\opvapp.exe 3156 C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe 3260 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe 3344 C:\Windows\System32\svchost.exe 3440 C:\Program Files\CyberLink\Shared Files\RichVideo.exe 3476 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe 3500 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe 3540 C:\Program Files\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe 3588 C:\Windows\System32\svchost.exe 3736 C:\Windows\System32\svchost.exe 3816 C:\Windows\System32\SearchIndexer.exe 3872 WUDFHost.exe 3904 C:\PROGRA~1\COMMON~1\X10\Common\X10nets.exe 1688 C:\Windows\System32\taskeng.exe 2244 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe 2884 C:\Windows\System32\rundll32.exe 3024 C:\Windows\System32\rundll32.exe 3224 WmiPrvSE.exe 3972 C:\Windows\RtHDVCpl.exe 160 C:\Program Files\Synaptics\SynTP\SynTPStart.exe 1116 C:\Program Files\Launch Manager\LaunchAp.exe 3176 C:\Program Files\Launch Manager\HotkeyApp.exe 2100 C:\Program Files\Launch Manager\OSD.exe 2104 C:\Program Files\Launch Manager\WButton.exe 3956 C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe 3400 C:\Program Files\DivX\DivX Update\DivXUpdate.exe 4124 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 4132 C:\Program Files\Microsoft Security Essentials\msseces.exe 4156 C:\Program Files\Alwil Software\Avast5\AvastUI.exe 4164 C:\Program Files\Windows Sidebar\sidebar.exe 4172 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 4180 C:\Windows\ehome\ehtray.exe 4720 C:\Windows\ehome\ehmsas.exe 4892 C:\Windows\ehome\ehsched.exe 4916 C:\Program Files\Launch Manager\WisLMSvc.exe 5328 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 5460 C:\Windows\ehome\ehrecvr.exe 4432 C:\Windows\System32\conime.exe 4228 C:\Program Files\Internet Explorer\iexplore.exe 4052 C:\Program Files\Internet Explorer\iexplore.exe 3596 C:\Windows\System32\Macromed\Flash\FlashUtil10k_ActiveX.exe 3696 C:\Program Files\Internet Explorer\iexplore.exe 1456 C:\Windows\System32\taskeng.exe 5324 C:\Users\Terrence\Desktop\osam_autorun_manager_version_portable\osam.exe 5076 C:\Program Files\Internet Explorer\iexplore.exe 4800 C:\Windows\System32\SearchProtocolHost.exe 3000 C:\Windows\System32\SearchFilterHost.exe 5840 C:\Windows\System32\SearchProtocolHost.exe 1152 dllhost.exe 548 dllhost.exe 5408 C:\Users\Terrence\Desktop\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000043`32e82000 (FAT32) PhysicalDrive0 Model Number: WDCWD3200BEVT-22ZCT0, Rev: 11.01A11 Size Device Name MBR Status -------------------------------------------- 298 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979 Done! |
|
18.11.2010, 20:53
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | ebenfalls Link über ICQ gesendet bekommen und geöffnet Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.11.2010, 09:15
| #13 |
| | ebenfalls Link über ICQ gesendet bekommen und geöffnet Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 5147 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18975 20.11.2010 18:20:10 mbam-log-2010-11-20 (18-20-10).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|) Durchsuchte Objekte: 455025 Laufzeit: 2 Stunde(n), 16 Minute(n), 29 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Program Files\pdfforge Toolbar\WidgiHelper.exe (Adware.WidgiToolbar) -> No action taken. C:\Qoobox\Quarantine\C\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll.vir (Adware.WidgiToolbar) -> No action taken. SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 11/20/2010 at 07:34 PM Application Version : 4.45.1000 Core Rules Database Version : 5882 Trace Rules Database Version: 3694 Scan type : Complete Scan Total Scan Time : 01:12:27 Memory items scanned : 802 Memory threats detected : 0 Registry items scanned : 12184 Registry threats detected : 0 File items scanned : 46695 File threats detected : 53 Adware.Tracking Cookie C:\Users\Terrence\AppData\Roaming\Microsoft\Windows\Cookies\terrence@tradedoubler[2].txt C:\Users\Terrence\AppData\Roaming\Microsoft\Windows\Cookies\terrence@content.yieldmanager[2].txt C:\Users\Terrence\AppData\Roaming\Microsoft\Windows\Cookies\Low\terrence@www.etracker[1].txt C:\Users\Terrence\AppData\Roaming\Microsoft\Windows\Cookies\Low\terrence@collective-media[1].txt C:\Users\Terrence\AppData\Roaming\Microsoft\Windows\Cookies\Low\terrence@specificclick[1].txt C:\Users\Terrence\AppData\Roaming\Microsoft\Windows\Cookies\Low\terrence@ad2.adfarm1.adition[1].txt C:\Users\Terrence\AppData\Roaming\Microsoft\Windows\Cookies\Low\terrence@zanox-affiliate[1].txt C:\Users\Terrence\AppData\Roaming\Microsoft\Windows\Cookies\Low\terrence@ad3.adfarm1.adition[2].txt C:\Users\Terrence\AppData\Roaming\Microsoft\Windows\Cookies\Low\terrence@www.usenext[2].txt C:\Users\Terrence\AppData\Roaming\Microsoft\Windows\Cookies\Low\terrence@vinvest.122.2o7[1].txt C:\Users\Terrence\AppData\Roaming\Microsoft\Windows\Cookies\Low\terrence@server.lon.liveperson[1].txt C:\Users\Terrence\AppData\Roaming\Microsoft\Windows\Cookies\Low\terrence@ad.adition[2].txt C:\Users\Terrence\AppData\Roaming\Microsoft\Windows\Cookies\Low\terrence@content.yieldmanager[1].txt C:\Users\Terrence\AppData\Roaming\Microsoft\Windows\Cookies\Low\terrence@unitymedia[2].txt C:\Users\Terrence\AppData\Roaming\Microsoft\Windows\Cookies\Low\terrence@www.googleadservices[2].txt C:\Users\Terrence\AppData\Roaming\Microsoft\Windows\Cookies\Low\terrence@www.googleadservices[3].txt C:\Users\Terrence\AppData\Roaming\Microsoft\Windows\Cookies\Low\terrence@ad.adnet[1].txt C:\Users\Terrence\AppData\Roaming\Microsoft\Windows\Cookies\Low\terrence@serving-sys[1].txt C:\Users\Terrence\AppData\Roaming\Microsoft\Windows\Cookies\Low\terrence@serving-sys[2].txt C:\Users\Terrence\AppData\Roaming\Microsoft\Windows\Cookies\Low\terrence@www.zanox-affiliate[1].txt C:\Users\Terrence\AppData\Roaming\Microsoft\Windows\Cookies\Low\terrence@tradedoubler[1].txt C:\Users\Terrence\AppData\Roaming\Microsoft\Windows\Cookies\Low\terrence@www.traffictrack[2].txt C:\Users\Terrence\AppData\Roaming\Microsoft\Windows\Cookies\Low\terrence@traffictrack[1].txt C:\Users\Terrence\AppData\Roaming\Microsoft\Windows\Cookies\Low\terrence@statse.webtrendslive[2].txt C:\Users\Terrence\AppData\Roaming\Microsoft\Windows\Cookies\Low\terrence@unitymedia.122.2o7[1].txt C:\Users\Terrence\AppData\Roaming\Microsoft\Windows\Cookies\Low\terrence@usenext[1].txt C:\Users\Terrence\AppData\Roaming\Microsoft\Windows\Cookies\Low\terrence@hansenet.122.2o7[1].txt C:\Users\Terrence\AppData\Roaming\Microsoft\Windows\Cookies\Low\terrence@advertising[1].txt C:\Users\Terrence\AppData\Roaming\Microsoft\Windows\Cookies\Low\terrence@mediaplex[1].txt C:\Users\Terrence\AppData\Roaming\Microsoft\Windows\Cookies\Low\terrence@doubleclick[1].txt C:\Users\Terrence\AppData\Roaming\Microsoft\Windows\Cookies\Low\terrence@imrworldwide[2].txt C:\Users\Terrence\AppData\Roaming\Microsoft\Windows\Cookies\Low\terrence@ru4[2].txt C:\Users\Terrence\AppData\Roaming\Microsoft\Windows\Cookies\Low\terrence@webmasterplan[2].txt C:\Users\Terrence\AppData\Roaming\Microsoft\Windows\Cookies\Low\terrence@hasenet.122.2o7[1].txt C:\Users\Terrence\AppData\Roaming\Microsoft\Windows\Cookies\Low\terrence@tracking.dc-storm[2].txt C:\Users\Terrence\AppData\Roaming\Microsoft\Windows\Cookies\Low\terrence@invitemedia[1].txt C:\Users\Terrence\AppData\Roaming\Microsoft\Windows\Cookies\Low\terrence@ad.yieldmanager[1].txt C:\Users\Terrence\AppData\Roaming\Microsoft\Windows\Cookies\Low\terrence@atdmt[2].txt C:\Users\Terrence\AppData\Roaming\Microsoft\Windows\Cookies\Low\terrence@liveperson[1].txt C:\Users\Terrence\AppData\Roaming\Microsoft\Windows\Cookies\Low\terrence@ad.adc-serv[1].txt C:\Users\Terrence\AppData\Roaming\Microsoft\Windows\Cookies\Low\terrence@liveperson[2].txt C:\Users\Terrence\AppData\Roaming\Microsoft\Windows\Cookies\Low\terrence@bs.serving-sys[1].txt C:\Users\Terrence\AppData\Roaming\Microsoft\Windows\Cookies\Low\terrence@fastclick[1].txt C:\Users\Terrence\AppData\Roaming\Microsoft\Windows\Cookies\Low\terrence@bs.serving-sys[3].txt C:\Users\Terrence\AppData\Roaming\Microsoft\Windows\Cookies\Low\terrence@ad.zanox[2].txt C:\Users\Terrence\AppData\Roaming\Microsoft\Windows\Cookies\Low\terrence@tracking.quisma[2].txt C:\Users\Terrence\AppData\Roaming\Microsoft\Windows\Cookies\Low\terrence@adtech[1].txt C:\Users\Terrence\AppData\Roaming\Microsoft\Windows\Cookies\Low\terrence@apmebf[1].txt C:\Users\Terrence\AppData\Roaming\Microsoft\Windows\Cookies\Low\terrence@adviva[1].txt C:\Users\Terrence\AppData\Roaming\Microsoft\Windows\Cookies\Low\terrence@www.unitymedia[2].txt C:\Users\Terrence\AppData\Roaming\Microsoft\Windows\Cookies\Low\terrence@adfarm1.adition[2].txt C:\Users\Terrence\AppData\Roaming\Microsoft\Windows\Cookies\Low\terrence@ad.ad-srv[2].txt C:\Users\Terrence\AppData\Roaming\Microsoft\Windows\Cookies\Low\terrence@zanox[2].txt |
|
22.11.2010, 11:47
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | ebenfalls Link über ICQ gesendet bekommen und geöffnet Sieht ok aus, da wurden nur Reste und Cookies gefunden. Noch Probleme oder weitere Funde in der Zwischenzeit? Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.11.2010, 09:04
| #15 |
| | ebenfalls Link über ICQ gesendet bekommen und geöffnet Das letzte MBAM Update ist von Donnerstag Abend, der Scan wurde Samstag durchgeführt. Da ich am Wochenende unterwegs war, hatte ich keinen Zugang zum Internet. Probleme konnte ich bisher keine feststellen, läuft alles wie immer. Besten Dank auf jedenfall für die Hilfe und Unterstützung. Gerne bin ich bereit, eine kleine Anerkennung auf das Spendenkonto von Trojaner-Board zu überweisen. Mit freundlichen Grüßen, Martin |
|
| Themen zu ebenfalls Link über ICQ gesendet bekommen und geöffnet |
| adware.widgitoolbar, anti-malware, beendet, bild, browser, computer, dateien, explorer, foren, forum, foto, helper, icq, internet, link, link angeklickt, log, malwarebytes, microsoft, nicht öffnen, pc infiziert, pdfforge toolbar, problem, programm, scan, seite, software, virus, öffnen |
