óla Community.
Nun habe ich nach langem suchen doch ein Thema eröffnet. Bis jetzt ist es für mich hier noch etwas unübersichtlich.
Bitte weist mich darauf hin, wenn ich absolut Müll baue durch falsches Posten im falschen Unterforum!
/Edit: Sorry, aber ich bekomme leider weder durch löschen der [Url] noch durch den Button am obrigen Fenster der die URL auflößt die URL weg.

On Topic

Google unter Vista/Mozilla Firefox verlinkt Falsch. Derzeit 2 Seiten. Eine davon ist Ebay.

Nachdem ich mich über Google informiert hatte, was das Problem sei, habe ich mir vorgenommen hier um Rat zu beten. Denn:

"Das Problem soll eine IP. aus der Ukraine sein (Trojaner), welche immense Probleme bereiten kann, wenn man z.B. Homebanking tätigt etc."
Es wurde sogar manchem empfohlen, das System neu zu Installieren. Wobei ich davor etwas Panik habe, da ich viel Data auf dem Rechner habe, die mir sehr am Herzen liegt. Darunter viele Ausarbeitungen und Photographien.

Ich würde mich um Hilfe und eine Lösung des Problems sehr freuen!

Hier mal meine Hijack.log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:38:09, on 21.07.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\svchost.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Users\Solced\Desktop\MegaIEMn.dll (file missing)
O4 - HKLM\..\Run: [TPwrMain] REM %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SynTPStart] REM C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] REM C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [svchost] C:\Windows\svchost.exe
O4 - HKCU\..\Run: [Sidebar] REM C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [Speech Recognition] REM "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [msnmsgr] REM "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Nokia.PCSync] REM "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] REM "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Programme 2\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: a-squared Free Service a2freeAeLookupSvc (a2freeAeLookupSvc) - Unknown owner - C:\Windows\TEMP\qpimqqxtbn.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SecureDZone Helper Service (SecureDZoneService) - Softwareentwicklung Remus - C:\Program Files\ArchiCrypt\Shredder 4\SecureDZoneService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

--
End of file - 7342 bytes

Re:

Gerade lasse ich Antivir durchlaufen und habe mir STOPzilla herunter geladen, was parallel läuft.

Mit Antivir habe ich gerade diese Meldung bekommen:

Virus/Unerwünschtes Programm: C:\fixwareout\fundt\nircmd.exe
Enthält Erkennungsmuster der Anwendung APPL/NIRCDM.2

was hat das zu bedeuten?

/edit: Okay. Fixwareout scheint eine normale Anwendung zu sein.
Hoffe jmnd. ist so freundlich sich mir anzunehmen. Meine Amateurhafte Forscherei dauert ewig und bringt nichts

Okay.
STOPzilla ist nicht zu empfehlen, da man sich registrieren muss, was geld kostet, um die gefundene Bad-Data zu removen!

Jedoch zeigt STOPzilla nach Suchverlauf (der ewig dauert!) alle Bad-Data und dessen Pfad an. Wobei ich nicht weiß, ob ich diese manuell entfernen kann. Ich lasse gerade noch einmal davon ab, und habe Prevx 3.0 genutzt, was im gegensatz zu STOPzilla (42) nur 9 infizierte Dateien gefunden hat.
Außerdem will Pevx 3.0 auch eine Registration
Als nächstes lasse ich noch SPYBOT - Searc and Destroy durchlaufen. Hoffe es hilft! Werde berichten!



SPYBOT Search and Destroy ist freeware und sauber!
Habe es durchlaufen lassen. Dieses Programm hatte ein mittleres Ergebnis von 23 infizierten Data. welche gleich behoben werden können.
Außerdem erstellt Spybot nach Anfrage auf Wunsch eine Kopie der Registry, fals etwas fehl laufen sollte, wie z.B. das löschen falschter Data.

Ich hoffe mein Google-Prob. ist dadurch ggf. gelößt. Ich sende eine neue HijackThis.log und erhoffe mir trotz meiner eigenen bemühungen noch eine Rückmeldung von jmnd. der mehr bewandert ist als ich!




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:17:44, on 21.07.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Users\Solced\Desktop\MegaIEMn.dll (file missing)
O4 - HKLM\..\Run: [TPwrMain] REM %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SynTPStart] REM C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] REM C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [SpybotDeletingA4375] command.com /c del "C:\Program Files\Mozilla Firefox\components\iamfamous.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3095] cmd.exe /c del "C:\Program Files\Mozilla Firefox\components\iamfamous.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1040] command.com /c del "C:\Windows\System32\drivers\SKYNETrvxwttur.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1399] cmd.exe /c del "C:\Windows\System32\drivers\SKYNETrvxwttur.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5812] command.com /c del "C:\Windows\System32\SKYNETcipkxvfx.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3068] cmd.exe /c del "C:\Windows\System32\SKYNETcipkxvfx.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1885] command.com /c del "C:\Windows\System32\SKYNETxrdvipdm.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6062] cmd.exe /c del "C:\Windows\System32\SKYNETxrdvipdm.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2133] command.com /c del "C:\Windows\temp\SKYNETcoqqpdgmkj.tmp"
O4 - HKLM\..\RunOnce: [SpybotDeletingC27] cmd.exe /c del "C:\Windows\temp\SKYNETcoqqpdgmkj.tmp"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9528] command.com /c del "C:\Windows\System32\SKYNETjscxsqvj.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9573] cmd.exe /c del "C:\Windows\System32\SKYNETjscxsqvj.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6731] command.com /c del "C:\Windows\System32\SKYNETrqspmpii.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC94] cmd.exe /c del "C:\Windows\System32\SKYNETrqspmpii.dat"
O4 - HKCU\..\Run: [Sidebar] REM C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [Speech Recognition] REM "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [msnmsgr] REM "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Nokia.PCSync] REM "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] REM "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Programme 2\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB6153] command.com /c del "C:\Program Files\Mozilla Firefox\components\iamfamous.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD793] cmd.exe /c del "C:\Program Files\Mozilla Firefox\components\iamfamous.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8993] command.com /c del "C:\Windows\System32\drivers\SKYNETrvxwttur.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingD424] cmd.exe /c del "C:\Windows\System32\drivers\SKYNETrvxwttur.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8097] command.com /c del "C:\Windows\System32\SKYNETcipkxvfx.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1671] cmd.exe /c del "C:\Windows\System32\SKYNETcipkxvfx.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9959] command.com /c del "C:\Windows\System32\SKYNETxrdvipdm.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6074] cmd.exe /c del "C:\Windows\System32\SKYNETxrdvipdm.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8594] command.com /c del "C:\Windows\temp\SKYNETcoqqpdgmkj.tmp"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1399] cmd.exe /c del "C:\Windows\temp\SKYNETcoqqpdgmkj.tmp"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6468] command.com /c del "C:\Windows\System32\SKYNETjscxsqvj.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3411] cmd.exe /c del "C:\Windows\System32\SKYNETjscxsqvj.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9983] command.com /c del "C:\Windows\System32\SKYNETrqspmpii.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5483] cmd.exe /c del "C:\Windows\System32\SKYNETrqspmpii.dat"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service a2freeAeLookupSvc (a2freeAeLookupSvc) - Unknown owner - C:\Windows\TEMP\qpimqqxtbn.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SecureDZone Helper Service (SecureDZoneService) - Softwareentwicklung Remus - C:\Program Files\ArchiCrypt\Shredder 4\SecureDZoneService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

--
End of file - 9929 bytes

Ich führe hier über den Tag hin ein Thema ganz allein für mich ^^
Nunja.

Ich möchte sagen, das Spybot - Search and Destroy (bis jetzt) erfolgreich meinen Rechner von dem Google-link problem bereinigt hat.
Daher meine erste Empfehlung.
Natürlich muss ich das im Verlauf weiter hin beobachten, da vlt. nicht alles gefunden worde sein muss. Jedoch ist es jetzt schon mal besser.
Für Ratschläge und weiteren Tipps bin ich gerne offen!
Denn jetzt geht es daran herauszufinden, woher ich diese Trojaner bzw. Spyware hatte und wie ich mich dagegen besser schützen kann.

Hallo und

Du hast da einen fiesen Rootkit und eines kann Spybot ganz sicher nicht: Ihn entfernen.

1.) Poste bitte beide Logs von RSIT => http://www.trojaner-board.de/74910-a...tion-tool.html

2.) http://www.trojaner-board.de/51187-a...i-malware.html

3.) http://www.trojaner-board.de/51871-a...tispyware.html (Punkt 1-3 der Anleitung)

ciao, andreas

RSIT.log (Teil 1)

Logfile of random's system information tool 1.06 (written by random/random)
Run by Solced at 2009-07-21 19:50:26
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 22 GB (19%) free of 113 GB
Total RAM: 2046 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:50:28, on 21.07.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Solced\Downloads\RSIT.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Solced\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Solced.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Users\Solced\Desktop\MegaIEMn.dll (file missing)
O4 - HKLM\..\Run: [TPwrMain] REM %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SynTPStart] REM C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] REM C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] REM C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [Speech Recognition] REM "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [msnmsgr] REM "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Nokia.PCSync] REM "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] REM "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Programme 2\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service a2freeAeLookupSvc (a2freeAeLookupSvc) - Unknown owner - C:\Windows\TEMP\qpimqqxtbn.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SecureDZone Helper Service (SecureDZoneService) - Softwareentwicklung Remus - C:\Program Files\ArchiCrypt\Shredder 4\SecureDZoneService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

--
End of file - 6932 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll [2007-12-14 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}]
IeMonitorBho Class - C:\Users\Solced\Desktop\MegaIEMn.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
SITEguard

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TPwrMain"=REM C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE []
"avgnt"=C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe [2008-05-23 262401]
"SynTPStart"=REM C:\Program Files\Synaptics\SynTP\SynTPStart.exe []
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-06-13 4489216]
"SynTPEnh"=REM C:\Program Files\Synaptics\SynTP\SynTPEnh.exe []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"MobileConnect"=C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [2008-03-13 2060288]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-11-13 86016]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-11-13 8497696]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-11-13 81920]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=REM C:\Program Files\Windows Sidebar\sidebar.exe /autoRun []
"TOSCDSPD"=TOSCDSPD.EXE []
"Speech Recognition"=REM C:\Windows\Speech\Common\sapisvr.exe -SpeechUX -Startup []
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe -scheduler []
"msnmsgr"=REM C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background []
"Nokia.PCSync"=REM C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe /NoDialog []
"PC Suite Tray"=REM C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe -onlytray []
"AlcoholAutomount"=D:\Programme 2\Alcohol 120\axcmd.exe /automount []
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-18 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2007-05-22 538744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArchiCrypt Aufgabenstarter]
REM []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArchiCrypt Secure D Zone]
REM []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArchiCrypt Shredder4]
REM []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
REM C:\Windows\ehome\ehTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]
C:\Program Files\TOSHIBA\TBS\HSON.exe [2006-12-07 55416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
REM C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe -scheduler []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeNotify]
REM C:\Program Files\TOSHIBA\Utilities\KeNotify.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]
NDSTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\Windows\system32\NvMcTray.dll [2007-11-13 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
C:\Windows\system32\nvsvc.dll [2007-11-13 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSQLLauncher]
C:\Program Files\Protector Suite QL\launcher.exe [2006-12-03 49168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Windows\RtHDVCpl.exe [2007-06-13 4489216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2007-05-23 509496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVPWUTIL]
REM C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
REM C:\Program Files\Synaptics\SynTP\SynTPEnh.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart]
REM C:\Program Files\Synaptics\SynTP\SynTPStart.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toscdspd]
TOSCDSPD.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-18 1008184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\Windows\system32\psqlpwd.dll [2006-12-03 90112]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
psqlpwd

RSIT.log (Teil 2)

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"undockwithoutlogon"=1
"DisableCAD"=1
"EnableUIADesktopToggle"=0
"ShutdownWithoutLogon"=1
"NoDispSettingsPage"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveTrack"=
"NoViewContextMenu"=
"NoFileAssociate"=
"NoFind"=
"NoRun"=
"NoClose"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{526aa56e-ceb2-11dd-9010-0013e84a5a5b}]
shell\AutoRun\command - E:\System\Security\DriveGuard.exe -run
shell\Explore\command - E:\System\Security\DriveGuard.exe -run
shell\Open\command - E:\System\Security\DriveGuard.exe -run

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53aa4179-081a-11de-9933-0013e84a5a5b}]
shell\AutoRun\command - E:\wd_windows_tools\WDSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5593cbb6-cfa7-11dd-a447-001b381acfc1}]
shell\AutoRun\command - E:\System\Security\DriveGuard.exe -run
shell\Explore\command - E:\System\Security\DriveGuard.exe -run
shell\Open\command - E:\System\Security\DriveGuard.exe -run

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6efa96f5-d106-11dd-aad6-001b381acfc1}]
shell\AutoRun\command - E:\System\Security\DriveGuard.exe -run
shell\Explore\command - E:\System\Security\DriveGuard.exe -run
shell\Open\command - E:\System\Security\DriveGuard.exe -run

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ba87a77-076f-11de-b65d-0013e84a5a5b}]
shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ba87a7c-076f-11de-b65d-0013e84a5a5b}]
shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8bddc0d9-3c63-11de-93b2-001b381acfc1}]
shell\AutoRun\command - E:\System\Security\DriveGuard.exe -run
shell\Explore\command - E:\System\Security\DriveGuard.exe -run
shell\Open\command - E:\System\Security\DriveGuard.exe -run


======File associations======

.txt - open -

======List of files/folders created in the last 1 months======

2009-07-21 19:48:21 ----D---- C:\rsit
2009-07-21 16:51:15 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-07-21 16:51:15 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-07-21 16:49:12 ----D---- C:\Program Files\Prevx
2009-07-21 16:49:09 ----D---- C:\ProgramData\PrevxCSI
2009-07-21 16:49:08 ----A---- C:\Windows\wininit.ini
2009-07-21 15:17:03 ----D---- C:\ProgramData\SITEguard
2009-07-21 15:16:34 ----D---- C:\ProgramData\STOPzilla!
2009-07-21 15:16:34 ----D---- C:\Program Files\Common Files\iS3
2009-07-11 19:01:07 ----A---- C:\Windows\system32\mshtml.dll
2009-07-11 19:01:05 ----A---- C:\Windows\system32\ieframe.dll
2009-07-11 19:01:04 ----A---- C:\Windows\system32\wininet.dll
2009-07-11 19:01:04 ----A---- C:\Windows\system32\urlmon.dll
2009-07-11 19:01:04 ----A---- C:\Windows\system32\iertutil.dll
2009-07-11 19:01:03 ----A---- C:\Windows\system32\occache.dll
2009-07-11 19:01:03 ----A---- C:\Windows\system32\mstime.dll
2009-07-11 19:01:03 ----A---- C:\Windows\system32\msfeeds.dll
2009-07-11 19:01:03 ----A---- C:\Windows\system32\ieUnatt.exe
2009-07-11 19:01:03 ----A---- C:\Windows\system32\ieencode.dll
2009-07-11 19:01:03 ----A---- C:\Windows\system32\iedkcs32.dll
2009-07-11 19:01:03 ----A---- C:\Windows\system32\ieaksie.dll
2009-07-11 19:01:02 ----A---- C:\Windows\system32\jsproxy.dll
2009-07-11 18:56:58 ----A---- C:\Windows\system32\rpcrt4.dll
2009-07-11 16:16:00 ----D---- C:\ProgramData\TrackMania
2009-06-27 14:13:53 ----D---- C:\Program Files\Sierra On-Line
2009-06-27 14:09:51 ----D---- C:\Sierra
2009-06-26 16:50:22 ----D---- C:\Program Files\Valve

======List of files/folders modified in the last 1 months======

2009-07-21 19:42:09 ----D---- C:\Program Files\Mozilla Firefox
2009-07-21 19:21:00 ----A---- C:\Windows\ntbtlog.txt
2009-07-21 18:49:08 ----D---- C:\Windows\Temp
2009-07-21 18:49:01 ----D---- C:\Windows\System32
2009-07-21 18:47:37 ----D---- C:\Windows\registration
2009-07-21 17:14:24 ----D---- C:\RECYCLER
2009-07-21 16:56:17 ----SHD---- C:\Windows\Installer
2009-07-21 16:56:17 ----RD---- C:\Program Files
2009-07-21 16:56:17 ----HD---- C:\Config.Msi
2009-07-21 16:56:17 ----D---- C:\Windows\system32\drivers
2009-07-21 16:51:15 ----HD---- C:\ProgramData
2009-07-21 16:49:08 ----D---- C:\Windows
2009-07-21 15:20:46 ----D---- C:\Program Files\Common Files
2009-07-21 15:14:48 ----AD---- C:\ProgramData\TEMP
2009-07-21 15:14:47 ----D---- C:\Windows\Prefetch
2009-07-21 13:25:12 ----A---- C:\Windows\NeroDigital.ini
2009-07-20 21:04:41 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-07-20 21:04:40 ----D---- C:\Windows\inf
2009-07-11 19:10:01 ----D---- C:\Program Files\Internet Explorer
2009-07-11 19:02:03 ----D---- C:\Windows\winsxs
2009-07-11 19:01:50 ----D---- C:\Windows\system32\catroot
2009-07-11 18:59:41 ----D---- C:\Windows\system32\catroot2
2009-07-11 11:01:18 ----D---- C:\Windows\Minidump
2009-07-04 12:56:09 ----D---- C:\Users\AppData\Roaming\Xfire
2009-07-03 21:34:47 ----D---- C:\Program Files\Common Files\Steam
2009-07-03 21:29:52 ----D---- C:\ProgramData\Xfire
2009-06-28 22:22:09 ----D---- C:\Program Files\Full Tilt Poker
2009-06-27 14:46:43 ----A---- C:\Windows\SIERRA.INI
2009-06-26 20:34:28 ----D---- C:\Users\AppData\Roaming\Skype
2009-06-26 18:45:27 ----D---- C:\Users\AppData\Roaming\skypePM
2009-06-26 16:56:39 ----SD---- C:\Users\AppData\Roaming\Microsoft
2009-06-25 21:52:27 ----D---- C:\Users\AppData\Roaming\dvdcss

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\AntiVir PersonalEdition Classic\avgio.sys [2007-02-27 11840]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2008-05-23 79424]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2008-05-23 21248]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2008-01-20 278728]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2008-01-20 25416]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888]
R3 avgntflt;avgntflt; \??\C:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys [2008-05-23 49472]
R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-18 14208]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-06-12 1787816]
R3 NETw4v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-09-26 2251776]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-11-13 7610592]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-04-30 81408]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-18 88576]
R3 StillCam;Treiber für serielle Digitalkamera; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-18 9216]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-04-03 199600]
R3 TcUsb;TC USB Kernel Driver; C:\Windows\System32\Drivers\tcusb.sys [2006-12-03 39056]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 16128]
R3 tifm21;tifm21; C:\Windows\system32\drivers\tifm21.sys [2007-01-24 290304]
R3 tosrfec;Bluetooth ACPI; C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-23 9216]
R3 usbvideo;Chicony USB 2.0 Camera; C:\Windows\System32\Drivers\usbvideo.sys [2008-01-18 134016]
R3 UVCFTR;UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [2007-04-16 11776]
S1 Tosrfcom;Bluetooth RFCOMM; C:\Windows\System32\Drivers\tosrfcom.sys [2005-08-01 64896]
S3 athr;Atheros Extensible Drahtlos-LAN-Gerätetreiber; C:\Windows\system32\DRIVERS\athr.sys [2006-11-02 467456]
S3 BthEnum;Bluetooth-Auflistungsdienst; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-18 19456]
S3 BthPan;Bluetooth-Gerät (PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-18 92160]
S3 BTHPORT;Bluetooth-Porttreiber; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160]
S3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 gmer;gmer; C:\Windows\System32\DRIVERS\gmer.sys [2008-01-04 70001]
S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2008-03-07 101504]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCASp50.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-18 49664]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-18 8192]
S3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver; C:\Windows\System32\Drivers\tascusb2.sys [2007-12-18 360448]
S3 TASCAM_US144_MIDI;TASCAM US-144 WDM MIDI Device; C:\Windows\system32\drivers\tscusb2m.sys [2007-12-18 18944]
S3 TASCAM_US144_WDM;TASCAM US-144 WDM; C:\Windows\system32\drivers\tscusb2a.sys [2007-12-18 33792]
S3 tosporte;Bluetooth COM Port; C:\Windows\system32\DRIVERS\tosporte.sys [2006-10-10 41600]
S3 Tosrfbd;Bluetooth RFBUS; C:\Windows\system32\DRIVERS\tosrfbd.sys [2007-02-22 113920]
S3 tosrfbnp;Bluetooth RFBNEP; C:\Windows\System32\Drivers\tosrfbnp.sys [2006-11-20 36480]
S3 Tosrfhid;Bluetooth RFHID; C:\Windows\system32\DRIVERS\Tosrfhid.sys [2007-03-01 73728]
S3 tosrfnds;Bluetooth Personal Area Network; C:\Windows\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
S3 TosRfSnd;Bluetooth Audio; C:\Windows\system32\drivers\tosrfsnd.sys [2007-01-22 53376]
S3 Tosrfusb;Bluetooth USB Controller; C:\Windows\system32\DRIVERS\tosrfusb.sys [2007-02-28 41344]
S3 TpChoice;Touch Pad Detection Filter driver; C:\Windows\system32\DRIVERS\TpChoice.sys []
S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-18 35328]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S4 KR10I;KR10I; C:\Windows\system32\drivers\kr10i.sys [2007-01-18 219392]
S4 KR10N;KR10N; C:\Windows\system32\drivers\kr10n.sys [2007-01-18 211072]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2freeAeLookupSvc;a-squared Free Service a2freeAeLookupSvc; C:\Windows\TEMP\qpimqqxtbn.exe [2009-07-06 23552]
R2 AntiVirService;AntiVir PersonalEdition Classic Guard; C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe [2008-05-23 147201]
R2 AppHostSvc;Anwendungshost-Hilfsdienst; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-08-01 196608]
R2 SecureDZoneService;SecureDZone Helper Service; C:\Program Files\ArchiCrypt\Shredder 4\SecureDZoneService.exe [2008-04-08 531968]
R2 VMCService;Vodafone Mobile Connect Service; C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-03-13 24576]
R2 WAS;Windows-Prozessaktivierungsdienst; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S3 AntiVirScheduler;AntiVir PersonalEdition Classic Planer; C:\Program Files\AntiVir PersonalEdition Classic\sched.exe [2008-05-23 68865]
S3 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2006-11-14 40960]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe []
S3 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2007-02-12 355096]
S3 NetMsmqActivator;Net.Msmq-Listeneradapter; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-01-05 122880]
S3 NetPipeActivator;Net.Pipe-Listeneradapter; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-01-05 122880]
S3 NetTcpActivator;Net.Tcp-Listeneradapter; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-01-05 122880]
S3 NtmsSvc;Wechselmedien; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-07-03 316664]
S3 TNaviSrv;TOSHIBA Navi Support Service; C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [2007-04-27 114688]
S3 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2006-05-25 114688]
S3 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2007-03-29 427576]
S3 usnjsvc;Messenger USN Journal Reader-Service für freigegebene Ordner; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S4 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2008-05-23 587384]
S4 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216]
S4 CSIScanner;CSIScanner; C:\Program Files\Prevx\prevx.exe [2009-07-21 4368952]
S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe []
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S4 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]

-----------------EOF-----------------

RSIT.info (Teil 1.)


Computer Name: Mein-PC
Event Code: 537
Message: Auf diesem Computer konnte kein kompatibles TPM-Sicherheitsgerät (Trusted Platform Module) gefunden werden. TBS konnte nicht gestartet werden.
Record Number: 182586
Source Name: Microsoft-Windows-TBS
Time Written: 20090721165107.930753-000
Event Type: Informationen
User: NT-AUTORITÄT\LOKALER DIENST

Computer Name: Mein-PC
Event Code: 10029
Message: DCOM hat den Dienst BITS mit den Argumenten "" gestartet, um den Server auszuführen:
{4991D34B-80A1-4291-83B6-3328366B9097}
Record Number: 182587
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20090721165154.000000-000
Event Type: Informationen
User:

Computer Name: Mein-PC
Event Code: 7036
Message: Dienst "Intelligenter Hintergrundübertragungsdienst" befindet sich jetzt im Status "Ausgeführt".
Record Number: 182588
Source Name: Service Control Manager
Time Written: 20090721165155.000000-000
Event Type: Informationen
User:

Computer Name: Mein-PC
Event Code: 7036
Message: Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" befindet sich jetzt im Status "Beendet".
Record Number: 182589
Source Name: Service Control Manager
Time Written: 20090721170541.000000-000
Event Type: Informationen
User:

RSIT.info (Teil 2.)


=====Application event log=====

Computer Name: Mein-PC
Event Code: 103
Message: WinMail (4028) WindowsMail0: Das Datenbankmodul hat die Instanz (0) beendet.
Record Number: 47797
Source Name: ESENT
Time Written: 20090721171215.000000-000
Event Type: Informationen
User:

Computer Name: Mein-PC
Event Code: 0
Message: VOLUME ARRIVAL
Record Number: 47798
Source Name: VMCService
Time Written: 20090721172100.000000-000
Event Type: Informationen
User:

Computer Name: Mein-PC
Event Code: 0
Message: INFO: dom=<MEIN-PC>; usr=<SOLCED>
Record Number: 47799
Source Name: VMCService
Time Written: 20090721172101.000000-000
Event Type: Informationen
User:

Computer Name: Mein-PC
Event Code: 0
Message: SEND: id=3168; type=DeviceEventVolume
Record Number: 47800
Source Name: VMCService
Time Written: 20090721172101.000000-000
Event Type: Informationen
User:

Computer Name: Mein-PC
Event Code: 0
Message: VOLUME REMOVAL
Record Number: 47801
Source Name: VMCService
Time Written: 20090721172135.000000-000
Event Type: Informationen
User:

=====Security event log=====

Computer Name: Mein-PC
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 73981
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090721174829.513153-000
Event Type: Überwachung gescheitert
User:

Computer Name: Mein-PC
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 73982
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090721174829.549153-000
Event Type: Überwachung gescheitert
User:

Computer Name: Mein-PC
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 73983
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090721174829.584153-000
Event Type: Überwachung gescheitert
User:

Computer Name: Mein-PC
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 73984
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090721174829.621153-000
Event Type: Überwachung gescheitert
User:

Computer Name: Mein-PC
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 73985
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090721174829.658153-000
Event Type: Überwachung gescheitert
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 10, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0f0a
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"DEVMGR_SHOW_NONPRESENT_DEVICES"=1
"DEVMGR_SHOW_DETAILS"=1

-----------------EOF-----------------

Hi @ john.doe

ich danke dir sehr für deine ausgiebige Hilfsbereitschaft!
Aber etwas skeptisch soviel Daten preis zu geben, bin ich schon ^^
Darf ich sie nach Lösung des Problems jmnd. zum löschen vormerken lassen?

Zitat:

Darf ich sie nach Lösung des Problems jmnd. zum löschen vormerken lassen?

Klar, musst dich allerdings an die Moderatoren wenden, nur die können löschen.

Zitat:

Aber etwas skeptisch soviel Daten preis zu geben, bin ich schon

Du musst hier überhaupt nichts preisgeben, aber wenn du Hilfe möchtest, dann brauchen wir genügend Informationen, um helfen zu können.

Du gehst doch nicht zum Arzt und sagst, nein, so genau sollen sie mich nicht untersuchen, aber heilen sollen sie mich schon?

Es fehlt noch der obere Teil der info.txt. Wir brauchen die Softwareliste um auf Aktualität und schädlichen Programmen zu suchen.

ciao, andreas

Ging davon aus, das RSIT.info TEIL 1 der obere teil ist. habe ihn eigentlich ab oben kopiert. Mach es aber gerne nochmal. lasse aber gerade noch Malwarebytes durchlaufen. RSIT zeigt die info.txt. nicht an wenn es im hintergrund läuft. deswegen hoffe ich das Malwarebytes schnellstens durch ist

Du kannst ihn jederzeit aufrufen, auch wenn MBAM läuft.

Start => Ausführen => c:\rsit\info.txt => OK

ciao, andreas

Ich danke dir von herzen für deine schnellen Antworten und Hilfen, Andreas.
Hier ist der Rest der RSIT.info.


/Edit: Die Log./Info. txt. von SUPERAntiSpyware erübrigt sich, ja?
Kann ich SuperAntiSpy mit Malwarebytes zugleich laufen lassen?

RSIT.info (Teil 0.1)

info.txt logfile of random's system information tool 1.06 2009-07-21 19:48:33

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
ActiveNote -->"C:\Program Files\ActiveNote 4.01\anote.exe" /deinst
ActiveNote 4.01-->C:\Program Files\ActiveNote 4.01\Uninst.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.5 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81300000003}
Adobe Shockwave Player-->C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log
ArchiCrypt Shredder Version 4.4.5.6039-->"C:\Program Files\ArchiCrypt\Shredder 4\unins000.exe"
Ashampoo WinOptimizer 4.51-->"C:\Program Files\Ashampoo\Ashampoo WinOptimizer 4\unins000.exe"
a-squared Free 3.0-->"C:\Program Files\a-squared Free\unins000.exe"
Autostart-Manager 2006-->MsiExec.exe /I{3B11379A-9196-4228-981A-BB255E13109E}
Avira AntiVir Personal – Free Antivirus-->C:\Program Files\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Bluetooth Monitor 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{61539202-097E-487E-9237-B291AB56D54C}\setup.exe" -l0x9 -removeonly
Camera Assistant Software for Toshiba-->C:\Program Files\InstallShield Installation Information\{37C866E4-AA67-4725-9E95-A39968DD7960}\setup.exe -runfromtemp -l0x0007
CBL Daten-Shredder-->MsiExec.exe /I{560E96B3-356D-4572-9FE3-B44F9AB92622}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CD/DVD Drive Acoustic Silencer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\setup.exe" -l0x7
Cobra 11 - Crash Time (remove only)-->"C:\Program Files\Cobra 11 - Crash Time\Uninstall.exe"
Counter-Strike(TM)-->MsiExec.exe /I{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}
DataRecovery-->C:\Program Files\DataRecovery\Uninst.exe
Day of Defeat-->"C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/30
Desktop SMS-->MsiExec.exe /I{5980B928-1C95-4B3E-957B-B02D8147FF9E}
Emdedded IR Driver-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{A6D4234C-CB02-4048-AC3E-AD09404FA35A}
FEAR-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2B653229-9854-4989-B780-D978F5F13EAB}\setup.exe" -l0x7 /zU -removeonly
Fiesta Online(EU_German) 1.02.004-->C:\Program Files\Gamigo Games\Fiesta Online(EU_German)\uninst.exe
Fraps-->"D:\Programme 2\Fraps\uninstall.exe"
Free Video Converter V 2.0-->"C:\Program Files\Free Video Converter\unins000.exe"
Full Tilt Poker-->"C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -runfromtemp -l0x0007 -removeonly
GIMP 2.6.4-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
Gothic 3 Gametool 3.0.2 Rev. 89-->"C:\Program Files\JoWooD\Gothic 3 Gametool\unins000.exe"
Gothic II-->C:\PROGRA~1\JoWooD\GOTHIC~1\UNWISE.EXE C:\PROGRA~1\JoWooD\GOTHIC~1\INSTALL.LOG
Gothic III - Götterdämmerung 1.0.7 Patch-->MsiExec.exe /I{A4ED5256-CF3F-4DEA-9101-E2C87545478B}
Gothic III-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{02B244A2-7F6A-42E8-A36F-8C385D7A1625}\setup.exe" -l0x7 -removeonly
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
ICQ6.5-->"C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
Intel Matrix Storage Manager-->C:\Windows\system32\imsmudlg.exe -uninstall
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
Java(TM) 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Kalender 2.1-->C:\Program Files\Kalender\Uninstal.exe
Kane and Lynch: Dead Men-->MsiExec.exe /X{A66C4716-7E10-4A53-8101-00C3C11D6A9C}
MAGIX Xtreme Foto Designer 6 6.0.19.0 (D)-->C:\Program Files\MAGIX\Xtreme_Foto_Designer_6\instslct.exe
Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Sunbird (0.7)-->C:\Program Files\Mozilla Sunbird\uninstall\uninst.exe
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser und SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
Nero 7-->MsiExec.exe /X{CF097717-F174-4144-954A-FBC4BF301031}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nokia Connectivity Cable Driver-->MsiExec.exe /X{4F1DCA42-2030-437C-A94E-736692A499C1}
Nokia PC Suite-->C:\ProgramData\Installations\{9C05FA75-0337-4523-AA57-9D3511018887}\Nokia_PC_Suite_rel_6_86_9_3_ger.exe
Nokia PC Suite-->MsiExec.exe /I{9C05FA75-0337-4523-AA57-9D3511018887}
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
OpenOffice.org 3.0-->MsiExec.exe /I{04B45310-A5FE-4425-BFCA-1A6D8920DE74}
PC Connectivity Solution-->MsiExec.exe /I{AC599724-5755-48C1-ABE7-ABB857652930}
PC Wizard 2008.1.84-->"C:\Program Files\PC Wizard 2008\unins000.exe"
PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"
Prevx 3.0-->"C:\Program Files\Prevx\prevx.exe" /prop UNINSTALL=Y
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0007 -removeonly
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
ScummVM 0.13.0-->"C:\Program Files\ScummVM\unins000.exe"
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Media Encoder (KB954156)-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} MSIPATCHREMOVE={E836F1B7-43FB-46B0-A0D9-E4D2A5951659} /qb
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam(TM)-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Syncrosoft Lizenz Kontrolle-->C:\PROGRA~1\SYNCRO~1\UNWISE.EXE C:\PROGRA~1\SYNCRO~1\INSTALL.LOG
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\Program Files\InstallShield Installation Information\{DB780B85-B4B5-4864-A49C-9B706B169C93}\setup.exe -runfromtemp -l0x0407
TOSHIBA Assist-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\setup.exe" -l0x7
TOSHIBA ConfigFree-->C:\Program Files\InstallShield Installation Information\{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}\setup.exe -runfromtemp -l0x0007 uninstall -removeonly
TOSHIBA Disc Creator-->MsiExec.exe /X{5DA0E02F-970B-424B-BF41-513A5018E4C0}
TOSHIBA DVD PLAYER-->C:\Program Files\InstallShield Installation Information\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}\setup.exe -runfromtemp -l0x0007 -ADDREMOVE -removeonly
TOSHIBA Extended Tiles for Windows Mobility Center-->C:\Program Files\InstallShield Installation Information\{617C36FD-0CBE-4600-84B2-441CEB12FADF}\setup.exe -runfromtemp -l0x0407
TOSHIBA Flash Cards Support Utility-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{620BBA5E-F848-4D56-8BDA-584E44584C5E}
TOSHIBA Hardware Setup-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5279374D-87FE-4879-9385-F17278EBB9D3} /l1031
TOSHIBA SD Memory Utilities-->MsiExec.exe /X{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}
TOSHIBA Software Modem-->Tosmreg -U
TOSHIBA Supervisorkennwort-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE} /l1031
TOSHIBA Value Added Package-->C:\Program Files\InstallShield Installation Information\{FEDD27A0-B306-45EF-BF58-B527406B42C8}\setup.exe -runfromtemp -l0x0407
TrackMania Nations Forever-->"C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/11020
US-122L / US-144 driver-->C:\Windows\usb-audio.deTascam\Setup.exe /l0
Vampire - The Masquerade Bloodlines-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{C4E2A4A7-B623-40CB-8EEA-72F577E49D56} /l1031
VideoLAN VLC media player 0.8.6e-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Vodafone Mobile Connect Lite Huawei-->MsiExec.exe /X{F7C0163D-9CD8-4F5F-BAC8-3E45A0000AFF}
WinAce Archiver-->"C:\Program Files\WinAce\SXUNINST.EXE" "C:\Program Files\WinAce\SXUNINST.INI"
Windows Live Messenger-->MsiExec.exe /X{2B091530-69AA-442E-AB09-39ED06B58220}
Windows Media Encoder 9-Reihe-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9-Reihe-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf
Xfire (remove only)-->"D:\Programme 2\Xfire\uninst.exe"
XviD MPEG-4 Video Codec-->"C:\Program Files\XviD\unins000.exe"

=====HijackThis Backups=====

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe [2007-09-17]
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing) [2007-09-17]
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing) [2007-09-17]
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba...//www.ebay.de/ (file missing) [2007-09-17]
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.de/scan_de/scan8/oscan8.cab [2007-09-17]
O13 - Gopher Prefix: [2007-09-23]
O9 - Extra button: (no name) - AutorunsDisabled - (no file) [2008-01-12]
O3 - Toolbar: &Browser Radio - {55E52620-3354-4C57-A179-62D5500A01E4} - browserradio.dll (file missing) [2008-01-12]
O3 - Toolbar: &RadioJockey.NET Radiotoolbar - {DFE52DAF-0CD2-4227-BB56-37564E637861}} - brard.DLL (file missing) [2008-01-12]
O3 - Toolbar: (no name) - {DFE52DAF-0CD2-4227-BB56-37564E637861} - (no file) [2008-01-12]
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (file missing) [2008-01-24]
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user') [2008-02-16]
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (file missing) [2008-02-16]
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM') [2008-02-16]
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-03-01]
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) [2008-03-01]
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2008-04-02]
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) [2008-04-10]

======Security center information======

AV: Avira AntiVir PersonalEdition
AV: Norton Internet Security (disabled) (outdated)
FW: Norton Internet Security (disabled)
AS: Avira AntiVir PersonalEdition
AS: Windows-Defender
AS: Norton Internet Security (outdated)

======System event log======

Computer Name: Mein-PC
Event Code: 7036
Message: Dienst "Windows Update" befindet sich jetzt im Status "Ausgeführt".
Record Number: 182585
Source Name: Service Control Manager
Time Written: 20090721165109.000000-000
Event Type: Informationen
User:

Beginnen wir mit der Deinstallationsorgie.

1.) Deinstalliere:

• Adobe Flash Player 10 Plugin (veraltet)
• Adobe Flash Player ActiveX (veraltet)
• Adobe Reader 8.1.5 (veraltet)
• Adobe Shockwave Player (veraltet)
• a-squared Free 3.0 (taugt nicht)
• Java(TM) 6 Update 4 (veraltet)
• Java(TM) SE Runtime Environment 6 (veraltet)
• Mozilla Firefox (3.0.11) (veraltet)
• Mozilla Sunbird (0.7) (veraltet)
• Skype™ 3.8 (veraltet)
• Spybot - Search & Destroy (Schrott)
• VideoLAN VLC media player 0.8.6e (veraltet)

2.) Download und Ausführung des Norton-Entfernungsprogramms (nur Schritt 1+2 )

3.) Installiere (Toolbars immer abwählen, Haken weg):

• Adobe Reader oder besser FoxIt Reader
• Adobe - Adobe Flash Player
• Java-Downloads für alle Betriebssysteme - Sun Microsystems
• Skype herunterladen und kostenlose Skype-to-Skype Telefonate führen
• Mozilla Sunbird und Lightning [DE] - Downloads
• Webbrowser Firefox | Schneller, sicherer & anpassbar | Mozilla Europe
• VLC media player - Overview oder besser KMPlayer

ciao, andreas