| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Notebook völlig Ausserkontrolle (BOO/Alureus.A ? )Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.10.2010, 19:01
| #1 | ||
| |  Notebook völlig Ausserkontrolle (BOO/Alureus.A ? ) Edit: Mist, habe mich im Titel vertippt, das ding heißt Alureon nicht Alureus. Sorry Hallöchen allerseits, seit gestern ist mein Notebook völlig ausser Kontrolle. Es hat angefangen damit, dass ich beim Onlinebanking nach TANs gefragt wurde und ich darauf bei der Bank angerufen hab, die mir bestätigten einen Trojaner zu haben. (Laut Statisitk der Bank nur bei AVIRA AntiVir Usern wie ich) Am gleichen Tag fingen die Internetverbindungsabbrüche an. Ich surfe quasi über mein Handy, da ich noch keinen festen DSLAnschluss habe. Folgende Fehlermeldung tritt auf: hxxp://img52.imageshack.us/i/foto0207mh.jpg/ Das Bild habe ich vor ein paar Minuten gemacht, aber es tritt des öfteren auf. Daraufhin wollte ich direkt die ganze Festplatte formatieren. Das ging nicht, weil aufeinmal das DVD Laufwerk nicht mehr existiert. Weder im Gerätemanager, noch im BIOS. Ob das mit dem Virus zusammenhängt weiß ich nicht, man kann ja auch Flöhe und Läuse gleichzeitig haben. Jedoch doof für mich, ich kann nicht von der DVD booten. Ich hab den DE Cleaner von botfrei.de laufen lassen, der hat zwar was gefunden, aber ist nichts besser geworden. Leider hab ich das Logfile davon nicht gespeichert. Ich mache also erstmal einen Virenscan mit AntiVir. Antivir findet auch 3 Meldungen (1: hxxp://img684.imageshack.us/i/foto0204gv.jpg/ 2: hxxp://img685.imageshack.us/i/foto0205e.jpg/ 3: hxxp://img263.imageshack.us/i/foto0206je.jpg/ ) Es findet die Viren also, aber er macht nichts dagegen. Hier nochmal Logfiles: Antimalware: Zitat:
OTL Extras: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 19.10.2010 19:21:32 - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\Leo\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 278,56 Gb Total Space | 242,07 Gb Free Space | 86,90% Space Free | Partition Type: NTFS
Drive D: | 19,52 Gb Total Space | 7,77 Gb Free Space | 39,82% Space Free | Partition Type: FAT32
Computer Name: LEONOTEBOOK | User Name: Leo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MI1933~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11A9DB66-A822-4F90-BB80-E02A6F57FB86}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1904D3E2-4258-40D8-8FDE-F74C4574DCE6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{26E462F7-108E-4BEC-BAD1-B6F7EC5A1458}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{33986385-B22D-4014-B26A-6B741B41B369}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{371BD58D-38B5-428F-A9D0-B925F0FF1C42}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{45CC2A78-6E06-435A-8869-1ABFB88928DD}" = rport=139 | protocol=6 | dir=out | app=system |
"{48456DAC-9EEE-480C-AFBD-F957CF628BEE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4DF4B45A-DCA5-48B8-8502-160C5837368F}" = lport=445 | protocol=6 | dir=in | app=system |
"{5DCEC293-E506-4F70-8964-E509F0215B4A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6AB366C8-8FA8-4E5C-8FAB-D7839F2DAC27}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6AFE8EEB-7EF6-4FF3-84BF-BF9C50AE49EF}" = rport=137 | protocol=17 | dir=out | app=system |
"{712EF3C5-4F6F-44FD-AFAE-67A1F108CCDE}" = rport=445 | protocol=6 | dir=out | app=system |
"{9C3C7DC4-6485-4768-AB43-37BEAC657764}" = lport=137 | protocol=17 | dir=in | app=system |
"{9CB876B3-5280-4C81-A32C-D5260323C71B}" = lport=139 | protocol=6 | dir=in | app=system |
"{A36FB50C-D348-4B13-96FA-3DC6446FC67D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AEAC6C8A-61E4-4F15-950C-AD6C035A09F0}" = rport=138 | protocol=17 | dir=out | app=system |
"{C2668D6E-DCD6-4C4A-A1EE-7B5979D95CE4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C8CC713D-38B6-40B8-8422-4536F12AA14B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D273D0A8-ACD3-44DA-B068-978A6AF0AD4D}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{E351AF0C-AEA5-437E-9962-6E917331BD17}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FC1DFBE1-34BA-4B41-ADF5-76FC1D28E19E}" = lport=138 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C4F7BA3-1721-4D14-8CBC-9B5020B9C77C}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{0CE9AE29-9F86-4CFB-B863-E8336968E947}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{228BB5FA-C7B5-47DB-9CAB-8879A3A17794}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe |
"{3249C3D6-D5B7-4E1C-A8A1-9F17F6C1C055}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{3969621D-DAF7-4E89-B705-B0AC6D67BD2B}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{68B7F3F8-DD85-4AE9-9218-F6C72E44C1FC}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{6A4C9DF7-4C0F-44CD-9F87-8ED74AA5F29C}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{6C8FCA29-DB58-47B5-AAFC-55D69C364BB3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{75CA2251-CE22-4AC2-8F96-A550178E7777}" = protocol=17 | dir=in | app=c:\spiele\steam\steam.exe |
"{7AC5BB4D-0D1F-4BE0-90F4-A0762A664DC7}" = dir=in | app=c:\program files\homecinema\powerdvd8\powerdvd8.exe |
"{7BAAB57C-AA7F-48C1-AD21-225E84E8461A}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{823DC58C-6075-46EB-BD78-213F01F60CF4}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{8D1ACB11-67CE-4018-852C-7544FF71FC83}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{91A2C974-C3CB-41DE-B830-1139ED6ADB77}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{92E64610-EAB6-4411-838E-917C3C4D440D}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{9CF2C0C3-BD79-4940-BD43-1F66FE914357}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A90CDA92-5C52-4EDF-B1D8-E2FB02EF07A7}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{B58995C5-E3EB-405E-8DA6-686CBF47E5FF}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{C0177952-42DA-4DE2-9361-AEA4C0205FC9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C1418938-F6C1-47D3-AAB6-64A0AB95F7CC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C97899AE-4BC4-48EC-A97F-47D8975B87E1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{CD7C2849-DF5D-47B5-BD16-6DDC83F8D404}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D27F4399-6202-4432-ABB9-2AAB12E5B251}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{D7FBA8D9-9132-4F18-B722-5A4739FFA43A}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{DCF2D07B-4CBF-41BB-9DE0-585B28B42DE8}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{E07E2168-7181-440D-B6AD-702532431AE6}" = protocol=6 | dir=in | app=c:\spiele\steam\steam.exe |
"{E3CFB2C6-ED06-47EF-9582-BC41C3B5BB1B}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{F5C03FFE-BC35-48CF-8437-9341C4DBE1DB}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{F5C0F062-000A-4326-BB87-D14313BF9D6D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{FDE68C07-1FA6-4742-B5A1-10FAA0CF8EB1}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"TCP Query User{13B43B26-596E-4D37-89FE-960D1B2EDBE8}C:\program files\qip infium\infium.exe" = protocol=6 | dir=in | app=c:\program files\qip infium\infium.exe |
"TCP Query User{147F3A26-7E27-403B-8C74-3AE4DC4FC67D}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{1DE01C3B-EE39-4F77-BEE2-F55B915EBBCF}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{236EEBDE-7FCD-437F-A272-3433D4B38F0D}C:\spiele\hdro\lotroclient.exe" = protocol=6 | dir=in | app=c:\spiele\hdro\lotroclient.exe |
"TCP Query User{2926475B-E99B-4A22-916D-F84DE9E5680C}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{490B9577-2E89-4AEB-871A-527ACBA306F0}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{B76B8DCC-B345-4C89-87EC-C311CA526D1D}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{3D2852EA-E9E4-4F34-AAA5-5235355740C7}C:\program files\qip infium\infium.exe" = protocol=17 | dir=in | app=c:\program files\qip infium\infium.exe |
"UDP Query User{6CCFAB41-CC84-491C-AE93-74404EE27441}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{8E5DE080-8D09-4DB0-A30F-3A0D4A47CDC9}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{A59FB511-E860-4ADB-B6A4-9613861304C6}C:\spiele\hdro\lotroclient.exe" = protocol=17 | dir=in | app=c:\spiele\hdro\lotroclient.exe |
"UDP Query User{C869BB15-9159-40C1-9E21-2112322FCB91}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{E0D3E3D9-827A-4AED-8398-36B7623D5E12}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{F5D571C1-A7D9-488D-AF68-EBFD72BEF978}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0474CEF2-37AE-441D-8FDE-A1EF7EAD01B9}" = Cisco AnyConnect VPN Client
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4CFFAEC0-1F2A-4D38-8D95-3995A936ADD9}" = NetWorkingWizard_ICM
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5B4383F2-37EE-4E97-AD81-F5FF76F286DA}" = OutlookAddInNet3Setup
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Azurewave Wireless LAN
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne
"{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD009869-6498-4CF9-9016-E9EA6E3742B2}" = The Whispered World
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}" = Cisco Systems VPN Client 5.0.00.0340
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.5.0.2
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{F0B2D11F-E4D9-4C17-A195-B8BADEAE9C40}" = VGA USB Camera
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"EAX Unified" = EAX Unified
"FileZilla Client" = FileZilla Client 3.2.7.1
"Google Updater" = Google Updater
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"JDownloader" = JDownloader
"Launch of the Screaming Narwhal" = Tales of Monkey Island - Launch of the Screaming Narwhal
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"MyFreeCodec" = MyFreeCodec
"PandoraRecovery" = PandoraRecovery (Remove Only)
"Port Royale 2" = Port Royale 2
"PS3 Media Server" = PS3 Media Server
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TVWiz" = Intel(R) TV Wizard
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
"QIP Infium" = QIP Infium 2.0.9032 RC4
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 19.10.2010 12:43:06 | Computer Name = LeoNotebook | Source = Microsoft-Windows-CAPI2 | ID = 131584
Description =
Error - 19.10.2010 12:44:29 | Computer Name = LeoNotebook | Source = EventSystem | ID = 4609
Description =
Error - 19.10.2010 12:45:35 | Computer Name = LeoNotebook | Source = WinMgmt | ID = 10
Description =
Error - 19.10.2010 12:47:39 | Computer Name = LeoNotebook | Source = WinMgmt | ID = 10
Description =
Error - 19.10.2010 12:52:54 | Computer Name = LeoNotebook | Source = WinMgmt | ID = 10
Description =
Error - 19.10.2010 13:00:34 | Computer Name = LeoNotebook | Source = Application Hang | ID = 1002
Description = Programm Load.exe, Version 3.3.6.1 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 1064 Anfangszeit: 01cb6fae99b13265 Zeitpunkt der Beendigung:
8
Error - 19.10.2010 13:08:31 | Computer Name = LeoNotebook | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel
0x47918b89, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03821,
Ausnahmecode 0xc0000005, Fehleroffset 0x0004714e, Prozess-ID 0x470, Anwendungsstartzeit
01cb6fadf48d1097.
Error - 19.10.2010 13:08:39 | Computer Name = LeoNotebook | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung HotkeyApp.exe, Version 2.1.2.8, Zeitstempel
0x49df0760, fehlerhaftes Modul kernel32.dll, Version 6.0.6002.18005, Zeitstempel
0x49e037dd, Ausnahmecode 0xe06d7363, Fehleroffset 0x0003fbae, Prozess-ID 0x900,
Anwendungsstartzeit 01cb6fadff96d955.
Error - 19.10.2010 13:10:25 | Computer Name = LeoNotebook | Source = WinMgmt | ID = 10
Description =
Error - 19.10.2010 13:19:23 | Computer Name = LeoNotebook | Source = WinMgmt | ID = 10
Description =
[ Cisco AnyConnect VPN Client Events ]
Error - 19.10.2010 12:55:05 | Computer Name = LeoNotebook | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
856 Invoked Function: CNetEnvironment::IsSGAccessible Return Code: -28901363 (0xFE47000D)
Description:
NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target
Error - 19.10.2010 12:55:05 | Computer Name = LeoNotebook | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line:
190 Invoked Function: CNetEnvironment::testNetwork Return Code: -28901363 (0xFE47000D)
Description:
NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target
Error - 19.10.2010 12:55:35 | Computer Name = LeoNotebook | Source = vpnagent | ID = 67108866
Description = Function: URL::URL File: .\Utility\URL.cpp Line: 36 Invoked Function:
URL::setURL Return Code: -28508150 (0xFE4D000A) Description: URL_ERROR_BAD_URL
Error - 19.10.2010 12:55:45 | Computer Name = LeoNotebook | Source = vpnagent | ID = 67108866
Description = Function: CHttpSessionAsync::OnTransportInitiateComplete File: .\IP\HttpSessionAsync.cpp
Line:
1002 Invoked Function: ISocketTransportCB::OnTransportInitiateComplete Return Code:
-31522780 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT
Error - 19.10.2010 12:55:45 | Computer Name = LeoNotebook | Source = vpnagent | ID = 67108866
Description = Function: CHttpProbeAsync::OnOpenRequestComplete File: .\IP\HttpProbeAsync.cpp
Line:
254 Invoked Function: CHttpSessionAsync::OnOpenRequestComplete Return Code: -31522780
(0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT
Error - 19.10.2010 12:55:45 | Computer Name = LeoNotebook | Source = vpnagent | ID = 67108866
Description = Function: CSocketTransport::OnTimerExpired File: .\IPC\SocketTransport.cpp
Line:
1175 Invoked Function: CSocketTransport::postConnectProcessing Return Code: -31522780
(0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT
Error - 19.10.2010 12:55:45 | Computer Name = LeoNotebook | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestAccessToSG File: .\NetEnvironment.cpp
Line:
1020 Invoked Function: CNetEnvironment::analyzeHttpResponse Return Code: -28901363
(0xFE47000D) Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could
not contact target
Error - 19.10.2010 12:55:45 | Computer Name = LeoNotebook | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
856 Invoked Function: CNetEnvironment::IsSGAccessible Return Code: -28901363 (0xFE47000D)
Description:
NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target
Error - 19.10.2010 12:55:45 | Computer Name = LeoNotebook | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line:
190 Invoked Function: CNetEnvironment::testNetwork Return Code: -28901363 (0xFE47000D)
Description:
NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target
Error - 19.10.2010 13:17:26 | Computer Name = LeoNotebook | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
[ Media Center Events ]
Error - 12.12.2009 14:03:23 | Computer Name = LeoNotebook | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
[ System Events ]
Error - 19.10.2010 12:45:35 | Computer Name = LeoNotebook | Source = Service Control Manager | ID = 7001
Description =
Error - 19.10.2010 12:45:35 | Computer Name = LeoNotebook | Source = Service Control Manager | ID = 7001
Description =
Error - 19.10.2010 12:47:39 | Computer Name = LeoNotebook | Source = Service Control Manager | ID = 7000
Description =
Error - 19.10.2010 12:47:39 | Computer Name = LeoNotebook | Source = Service Control Manager | ID = 7011
Description =
Error - 19.10.2010 12:52:02 | Computer Name = LeoNotebook | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 19.10.2010 um 18:50:41 unerwartet heruntergefahren.
Error - 19.10.2010 12:52:54 | Computer Name = LeoNotebook | Source = Service Control Manager | ID = 7000
Description =
Error - 19.10.2010 12:52:54 | Computer Name = LeoNotebook | Source = Service Control Manager | ID = 7011
Description =
Error - 19.10.2010 13:10:37 | Computer Name = LeoNotebook | Source = Service Control Manager | ID = 7032
Description =
Error - 19.10.2010 13:19:24 | Computer Name = LeoNotebook | Source = Service Control Manager | ID = 7011
Description =
Error - 19.10.2010 13:19:24 | Computer Name = LeoNotebook | Source = Service Control Manager | ID = 7000
Description =
< End of report >
---------------------------------------------------------- OTL OTL Logfile: Code:
ATTFilter OTL logfile created on: 19.10.2010 19:21:32 - Run 1 OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\Leo\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 278,56 Gb Total Space | 242,07 Gb Free Space | 86,90% Space Free | Partition Type: NTFS Drive D: | 19,52 Gb Total Space | 7,77 Gb Free Space | 39,82% Space Free | Partition Type: FAT32 Computer Name: LEONOTEBOOK | User Name: Leo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Leo\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) PRC - C:\Windows\System32\dgdersvc.exe (Devguru Co., Ltd.) PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Windows\Pixart\Pac7302\Monitor.exe (PixArt Imaging Incorporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Launch Manager\HotkeyApp.exe (Wistron) PRC - C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Windows\System32\PSIService.exe () PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Programme\Launch Manager\OSD.exe (Wistron Corp.) PRC - C:\Programme\Launch Manager\OSDCtrl.exe () ========== Modules (SafeList) ========== MOD - C:\Users\Leo\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe File not found SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (vpnagent) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (dgdersvc) -- C:\Windows\System32\dgdersvc.exe (Devguru Co., Ltd.) SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (WisLMSvc) -- C:\Program Files\Launch Manager\WisLMSvc.exe (Wistron Corp.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe () SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.) DRV - (dgderdrv) -- C:\Windows\System32\drivers\dgderdrv.sys (Devguru Co., Ltd) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (sscemdm) -- C:\Windows\System32\drivers\sscemdm.sys (MCCI Corporation) DRV - (ssceserd) SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM) -- C:\Windows\System32\drivers\ssceserd.sys (MCCI Corporation) DRV - (sscebus) SAMSUNG USB Composite Device V2 driver (WDM) -- C:\Windows\System32\drivers\sscebus.sys (MCCI Corporation) DRV - (sscemdfl) -- C:\Windows\System32\drivers\sscemdfl.sys (MCCI Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (PAC7302) -- C:\Windows\System32\drivers\PAC7302.SYS (PixArt Imaging Inc.) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (netr28) -- C:\Windows\System32\drivers\netr28.sys (Ralink Technology, Corp.) DRV - (arcvad_ds2dhw) -- C:\Windows\System32\drivers\ArcVad.sys (ArcSoft, Inc.) DRV - (adfs) -- C:\Windows\System32\drivers\adfs.sys (Adobe Systems, Inc.) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Amazon.de" FF - prefs.js..browser.startup.homepage: "hxxp://ecosia.org/?cc=de&lang=de&nocookie=1" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.2 FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.22.1 FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.8.4 FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.41 FF - prefs.js..extensions.enabledItems: {241aae70-0022-11de-87af-0800200c9a66}:3.6.30.01.10 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.19 11:34:28 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.19 11:34:28 | 000,000,000 | ---D | M] [2009.06.27 11:01:29 | 000,000,000 | ---D | M] -- C:\Users\Leo\AppData\Roaming\mozilla\Extensions [2010.10.19 15:07:21 | 000,000,000 | ---D | M] -- C:\Users\Leo\AppData\Roaming\mozilla\Firefox\Profiles\zllma419.default\extensions [2010.10.09 12:38:04 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Leo\AppData\Roaming\mozilla\Firefox\Profiles\zllma419.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} [2010.04.27 16:12:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Leo\AppData\Roaming\mozilla\Firefox\Profiles\zllma419.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.01.31 16:59:31 | 000,000,000 | ---D | M] (Blue Fox) -- C:\Users\Leo\AppData\Roaming\mozilla\Firefox\Profiles\zllma419.default\extensions\{241aae70-0022-11de-87af-0800200c9a66} [2010.10.09 12:38:04 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Leo\AppData\Roaming\mozilla\Firefox\Profiles\zllma419.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [2010.09.02 16:16:58 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Leo\AppData\Roaming\mozilla\Firefox\Profiles\zllma419.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.10.19 15:07:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leo\AppData\Roaming\mozilla\Firefox\Profiles\zllma419.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2010.09.02 19:35:01 | 000,000,000 | ---D | M] -- C:\Users\Leo\AppData\Roaming\mozilla\Firefox\Profiles\zllma419.default\extensions\foxyproxy@eric.h.jung [2009.06.27 11:01:22 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.10.11 11:39:43 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.10.11 11:39:43 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.10.11 11:39:44 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.10.11 11:39:44 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.10.11 11:39:44 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.10.19 16:43:43 | 000,000,355 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe () O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\Pixart\Pac7302\Monitor.exe (PixArt Imaging Incorporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Users\Leo\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Leo\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\autoexec.bat -- [ FAT32 ] O33 - MountPoints2\{1180402a-f5fa-11de-a488-001f161dc241}\Shell\AutoRun\command - "" = F:\Get_Started_for_Win.exe -- File not found O33 - MountPoints2\{13a27f54-628e-11de-96fe-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{13a27f54-628e-11de-96fe-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found O33 - MountPoints2\{229351fc-901e-11de-bc69-001f161dc241}\Shell - "" = AutoRun O33 - MountPoints2\{229351fc-901e-11de-bc69-001f161dc241}\Shell\AutoRun\command - "" = G:\Autorun.exe -- File not found O33 - MountPoints2\{d1f90929-8cf9-11df-97cd-001f161dc241}\Shell - "" = AutoRun O33 - MountPoints2\{d1f90929-8cf9-11df-97cd-001f161dc241}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found O33 - MountPoints2\{f0c51969-d7d3-11df-ae24-001f161dc241}\Shell - "" = AutoRun O33 - MountPoints2\{f0c51969-d7d3-11df-ae24-001f161dc241}\Shell\AutoRun\command - "" = H:\ICM_ML.exe -- File not found O33 - MountPoints2\{f2d47ff8-d5fb-11df-a83f-001f161dc241}\Shell - "" = AutoRun O33 - MountPoints2\{f2d47ff8-d5fb-11df-a83f-001f161dc241}\Shell\AutoRun\command - "" = H:\ICM_ML.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.10.19 19:04:31 | 000,000,000 | ---D | C] -- C:\Users\Leo\AppData\Roaming\Malwarebytes [2010.10.19 19:04:24 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.10.19 19:04:22 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.10.19 19:04:22 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.10.19 19:04:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.10.19 18:58:19 | 000,000,000 | ---D | C] -- C:\Users\Leo\Desktop\MFTools [2010.10.19 18:42:41 | 000,000,000 | ---D | C] -- C:\Users\Leo\Desktop\Bereinigung [2010.10.19 15:38:24 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure [2010.10.19 15:07:27 | 000,000,000 | ---D | C] -- C:\Users\Leo\AppData\Roaming\QuickScan [2010.10.19 14:42:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2010.10.19 14:42:22 | 000,000,000 | ---D | C] -- C:\Users\Leo\AppData\Local\NPE [2010.10.19 10:09:18 | 000,000,000 | ---D | C] -- C:\Users\Leo\AppData\Roaming\InstallShield [2010.10.18 19:48:38 | 000,000,000 | ---D | C] -- C:\Programme\Cisco [2010.10.18 19:48:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco [2010.10.17 18:56:50 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2010.10.16 13:01:15 | 000,000,000 | ---D | C] -- C:\Users\Leo\AppData\Local\Fallout3 [2010.10.16 13:01:07 | 000,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll [2010.10.16 12:47:47 | 000,000,000 | ---D | C] -- C:\Programme\Bethesda Softworks [2010.10.16 12:46:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\xlive [2010.10.16 10:14:51 | 000,000,000 | ---D | C] -- C:\Users\Leo\AppData\Roaming\Avira [2010.10.14 15:08:05 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2010.10.14 15:07:28 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll [2010.10.14 15:07:17 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll [2010.10.14 15:07:16 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll [2010.10.14 15:07:16 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll [2010.10.14 15:07:04 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.10.14 15:07:01 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll [2010.10.14 15:06:55 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll [2010.10.14 15:06:49 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.10.14 15:06:47 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2010.10.14 15:06:47 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2010.10.14 15:06:47 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.10.14 15:06:47 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2010.10.13 18:55:08 | 000,000,000 | ---D | C] -- C:\Users\Leo\Documents\ICQ [2010.10.12 11:26:10 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys [2010.10.12 11:26:10 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys [2010.10.10 14:39:00 | 000,000,000 | ---D | C] -- C:\Users\Leo\.dvdcss [2010.10.10 14:37:16 | 000,000,000 | ---D | C] -- C:\Users\Leo\fontconfig [2010.10.10 14:35:59 | 000,000,000 | ---D | C] -- C:\Programme\PS3 Media Server [2010.10.10 13:59:42 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\MCE Logs [2010.10.06 12:05:20 | 000,000,000 | ---D | C] -- C:\Uni [2010.10.06 10:08:22 | 000,000,000 | ---D | C] -- C:\Users\Leo\Desktop\4411-012-41187-25154b7066115f11346d33f81bd8f8ca-Dateien [2010.10.06 10:03:32 | 000,000,000 | ---D | C] -- C:\Users\Leo\Desktop\1803-001-39846-b95c55f6ef7f813cf0f571f6afe7176f-Dateien [2010.09.29 10:48:55 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.10.19 19:21:26 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2010.10.19 19:18:34 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.10.19 19:18:34 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.10.19 19:18:34 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.10.19 19:18:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.10.19 19:18:07 | 3211,173,888 | -HS- | M] () -- C:\hiberfil.sys [2010.10.19 19:17:26 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.10.19 19:14:34 | 000,669,120 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.10.19 19:14:34 | 000,629,724 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.10.19 19:14:34 | 000,145,158 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.10.19 19:14:34 | 000,119,088 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.10.19 19:04:26 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.19 18:58:50 | 000,286,404 | ---- | M] () -- C:\Users\Leo\Desktop\Gmer.zip [2010.10.19 17:34:10 | 000,001,356 | ---- | M] () -- C:\Users\Leo\AppData\Local\d3d9caps.dat [2010.10.19 16:46:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.10.19 16:43:43 | 000,000,355 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2010.10.19 15:17:20 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{DD4AE266-3B07-4DD6-BB9F-98D3B3F412BD}.job [2010.10.19 09:34:28 | 000,001,905 | ---- | M] () -- C:\Windows\diagwrn.xml [2010.10.19 09:34:28 | 000,001,905 | ---- | M] () -- C:\Windows\diagerr.xml [2010.10.17 13:59:17 | 000,018,189 | ---- | M] () -- C:\Users\Leo\Desktop\gmx kü.odt [2010.10.17 13:59:01 | 000,065,042 | ---- | M] () -- C:\Users\Leo\Desktop\gmx kü.pdf [2010.10.16 13:01:07 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll [2010.10.15 15:03:52 | 002,258,320 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.10.13 11:47:06 | 000,014,102 | ---- | M] () -- C:\Users\Leo\Desktop\Ausgaben.ods [2010.10.10 14:36:09 | 000,000,833 | ---- | M] () -- C:\Users\Public\Desktop\PS3 Media Server.lnk [2010.10.10 14:01:54 | 000,032,768 | ---- | M] () -- C:\Users\Leo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.10.09 14:42:53 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.10.06 10:08:22 | 000,006,554 | ---- | M] () -- C:\Users\Leo\Desktop\4411-012-41187-25154b7066115f11346d33f81bd8f8ca.html [2010.10.06 10:03:33 | 000,007,073 | ---- | M] () -- C:\Users\Leo\Desktop\1803-001-39846-b95c55f6ef7f813cf0f571f6afe7176f.html [2010.10.05 21:36:55 | 000,460,913 | ---- | M] () -- C:\Users\Leo\Desktop\Fahrkarte Oktober.pdf [2010.10.05 16:48:15 | 000,017,219 | ---- | M] () -- C:\Users\Leo\Desktop\Losverfahren.odt [2010.10.03 17:07:46 | 000,067,987 | ---- | M] () -- C:\Users\Leo\Desktop\stundlnplan.pdf [2010.10.03 16:58:34 | 001,975,423 | ---- | M] () -- C:\Users\Leo\Desktop\HalleNetzPlan.pdf [2010.10.03 10:59:47 | 000,002,077 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2010.10.02 14:19:24 | 000,462,274 | ---- | M] () -- C:\Users\Leo\Desktop\Zugfahrt November.pdf [2010.09.29 20:17:54 | 000,146,037 | ---- | M] () -- C:\Users\Leo\Desktop\joeys-speisekarte_f.pdf [2010.09.24 20:05:31 | 000,016,039 | ---- | M] () -- C:\Users\Leo\Documents\Unbenannt 1.odt [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.10.19 19:04:26 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.19 18:58:44 | 000,286,404 | ---- | C] () -- C:\Users\Leo\Desktop\Gmer.zip [2010.10.19 18:46:31 | 3211,173,888 | -HS- | C] () -- C:\hiberfil.sys [2010.10.19 09:34:17 | 000,001,905 | ---- | C] () -- C:\Windows\diagwrn.xml [2010.10.19 09:34:17 | 000,001,905 | ---- | C] () -- C:\Windows\diagerr.xml [2010.10.17 13:58:51 | 000,065,042 | ---- | C] () -- C:\Users\Leo\Desktop\gmx kü.pdf [2010.10.17 13:50:53 | 000,018,189 | ---- | C] () -- C:\Users\Leo\Desktop\gmx kü.odt [2010.10.10 14:36:09 | 000,000,833 | ---- | C] () -- C:\Users\Public\Desktop\PS3 Media Server.lnk [2010.10.09 14:42:53 | 000,001,891 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.10.06 10:08:22 | 000,006,554 | ---- | C] () -- C:\Users\Leo\Desktop\4411-012-41187-25154b7066115f11346d33f81bd8f8ca.html [2010.10.06 10:03:32 | 000,007,073 | ---- | C] () -- C:\Users\Leo\Desktop\1803-001-39846-b95c55f6ef7f813cf0f571f6afe7176f.html [2010.10.05 21:36:55 | 000,460,913 | ---- | C] () -- C:\Users\Leo\Desktop\Fahrkarte Oktober.pdf [2010.10.03 18:18:35 | 000,001,356 | ---- | C] () -- C:\Users\Leo\AppData\Local\d3d9caps.dat [2010.10.03 17:07:46 | 000,067,987 | ---- | C] () -- C:\Users\Leo\Desktop\stundlnplan.pdf [2010.10.03 16:58:34 | 001,975,423 | ---- | C] () -- C:\Users\Leo\Desktop\HalleNetzPlan.pdf [2010.10.03 10:59:47 | 000,002,077 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2010.10.02 14:19:24 | 000,462,274 | ---- | C] () -- C:\Users\Leo\Desktop\Zugfahrt November.pdf [2010.09.29 21:03:37 | 000,014,102 | ---- | C] () -- C:\Users\Leo\Desktop\Ausgaben.ods [2010.09.29 20:17:52 | 000,146,037 | ---- | C] () -- C:\Users\Leo\Desktop\joeys-speisekarte_f.pdf [2010.09.24 20:05:29 | 000,016,039 | ---- | C] () -- C:\Users\Leo\Documents\Unbenannt 1.odt [2010.07.26 15:18:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2010.07.26 15:18:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2010.07.26 15:18:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2010.07.26 15:18:38 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2010.07.05 22:06:25 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010.07.05 22:06:25 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2009.12.12 12:07:41 | 000,000,091 | ---- | C] () -- C:\Users\Leo\AppData\Local\fusioncache.dat [2009.11.13 00:12:29 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2009.11.13 00:12:29 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2009.10.18 20:25:58 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009.10.06 09:16:00 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009.08.24 09:35:48 | 000,032,768 | ---- | C] () -- C:\Users\Leo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.08.23 21:49:01 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2009.08.19 10:26:37 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.06.27 15:52:05 | 000,000,000 | ---- | C] () -- C:\Users\Leo\AppData\Roaming\wklnhst.dat [2009.05.08 13:15:59 | 000,000,850 | ---- | C] () -- C:\Windows\System32\SP7302.INI [2009.05.08 13:08:36 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll [2009.05.05 03:56:36 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2007.11.26 21:56:28 | 000,151,415 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2007.06.27 08:00:00 | 011,206,656 | ---- | C] () -- C:\Windows\System32\ZHHP_RES.DLL [2007.04.03 16:18:26 | 000,197,672 | ---- | C] () -- C:\Windows\System32\vpnapi.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini ========== LOP Check ========== [2009.09.30 14:35:41 | 000,000,000 | ---D | M] -- C:\Users\Leo\AppData\Roaming\Ascaron Entertainment [2009.08.23 22:36:17 | 000,000,000 | ---D | M] -- C:\Users\Leo\AppData\Roaming\com.adobe.ExMan [2010.07.11 16:41:31 | 000,000,000 | ---D | M] -- C:\Users\Leo\AppData\Roaming\DAEMON Tools Lite [2010.05.25 17:31:01 | 000,000,000 | ---D | M] -- C:\Users\Leo\AppData\Roaming\FileZilla [2009.12.12 12:50:30 | 000,000,000 | ---D | M] -- C:\Users\Leo\AppData\Roaming\GetRightToGo [2010.10.19 16:46:37 | 000,000,000 | ---D | M] -- C:\Users\Leo\AppData\Roaming\ICQ [2010.07.11 16:46:27 | 000,000,000 | ---D | M] -- C:\Users\Leo\AppData\Roaming\LucasArts [2009.10.18 20:10:20 | 000,000,000 | ---D | M] -- C:\Users\Leo\AppData\Roaming\OpenOffice.org [2009.08.30 22:04:47 | 000,000,000 | ---D | M] -- C:\Users\Leo\AppData\Roaming\PandoraRecovery [2009.06.27 11:34:32 | 000,000,000 | ---D | M] -- C:\Users\Leo\AppData\Roaming\QIP [2010.10.19 15:07:36 | 000,000,000 | ---D | M] -- C:\Users\Leo\AppData\Roaming\QuickScan [2010.10.12 14:29:58 | 000,000,000 | ---D | M] -- C:\Users\Leo\AppData\Roaming\Samsung [2009.06.27 15:52:29 | 000,000,000 | ---D | M] -- C:\Users\Leo\AppData\Roaming\Template [2009.12.12 12:40:59 | 000,000,000 | ---D | M] -- C:\Users\Leo\AppData\Roaming\Turbine [2010.10.19 19:17:26 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.10.19 15:17:20 | 000,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{DD4AE266-3B07-4DD6-BB9F-98D3B3F412BD}.job ========== Purity Check ========== < End of report > ---------------------------------------------------------- Und weils so schön ist, gibts den Antivir log vom Virenscan, den ich gerade nochmal gemacht hab. Zitat:
So ich glaube, das ist jetzt halbwegs übersichtlich strukturiert. Ich bin völlig ratlos, hat jemand eine Idee was ich machen kann? Geändert von KaeptnKnarz (19.10.2010 um 19:11 Uhr) |
|
19.10.2010, 22:25
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Notebook völlig Ausserkontrolle (BOO/Alureus.A ? ) Gibt es noch weitere Logs von Malwarebytes? Wenn ja, bitte alle Logs posten.
__________________Wenn nicht, bitte einen Vollscan mit Malwarebytes machen und davon das Log posten.
__________________ |
|
20.10.2010, 15:20
| #3 |
| | Notebook völlig Ausserkontrolle (BOO/Alureus.A ? ) Heute morgen war das laufwerk wieder da oO habe direkt die ganze kiste formatiert.
__________________Lässt sich irgendwie herrausfinden, wo der virus herkam? Das einzige was ich an dem Tag wos losging gemacht hab, waren zum einen einen (offiziellen) Patch für Fallout 3 zu laden und ich habe mein Handy via USB an mein Notebook angeschlossen, ob das Handy quasi als UMTSStick zu nutzen. Kann das Handy schuld sein? Wenn ja wie krieg ich das überprüft, ohne dass mir der Virus wieder die ganze Kiste lahm legt? Ich hab mir nun avast! Anitivirus in der free version drauf gepackt, reicht das? Vielleicht noch Spybot Search & Destroy und ne Firewall mitdrauf? Vielen Dank für die Hilfe übrigens  |
|
20.10.2010, 18:11
| #4 | |||
| /// Winkelfunktion /// TB-Süch-Tiger™ | Notebook völlig Ausserkontrolle (BOO/Alureus.A ? )Zitat:
Zitat:
 Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
| Themen zu Notebook völlig Ausserkontrolle (BOO/Alureus.A ? ) |
| 0 bytes, adblock, antivir, audacity, avgntflt.sys, avira, bho, bootsektorvirus, components, corp./icp, desktop, ebanking, error, excel, excel.exe, failed, festplatte, firefox.exe, flash player, google, google earth, home, home premium, hängt, iastor.sys, install.exe, jdownloader, launch, location, media center, microsoft office word, monitor.exe, monkey island, ntdll.dll, nvstor.sys, oldtimer, otl.exe, plug-in, programdata, programm, realtek, registry, saver, scan, sched.exe, searchplugins, security, security update, senden, server, shell32.dll, software, sptd.sys, svchost.exe, trojaner, verweise, virus, vista |
Linear-Darstellung
