Plagegeister aller Art und deren Bekämpfung: winlogonWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.
![]() | ![]() winlogon Hallo, versuche schon 2 Tagen meine Winlogon.exe zu "reparieren". Verwende AVG und dieser zeigt mir diese Datei als infiziert an. Habe sie schon mit Jotti auch gescannt, 7 von 19 haben sie als infiziert erkannt. Habe es weiters mit sfc und mit killbox versucht, beides fehlgeschlagen. Bitte um Hilfe, will ein Neu-Aufsetzten vermeiden. Danke |
/// Winkelfunktion /// TB-Süch-Tiger™ ![]() ![]() ![]() ![]() ![]() ![]() | ![]() winlogon Hallo und
__________________![]() Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
![]() | ![]() winlogon Hi,
__________________anbei Malware: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 5064 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 07.11.2010 02:01:21 mbam-log-2010-11-07 (02-01-21).txt Scan type: Full scan (C:\|E:\|F:\|G:\|) Objects scanned: 476982 Time elapsed: 59 minute(s), 20 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) |
![]() | ![]() winlogon Und OTL:OTL Logfile: Code:
C:\WINDOWS\System32\AVSredirect.dll | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll [2009.03.28 23:40:23 | 000,000,089 | ---- | C] () -- C:\WINDOWS\System32\MSBII.dll [2009.03.28 23:36:14 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll [2009.03.28 23:36:14 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll [2009.03.28 23:36:14 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\WKAuxil.dll [2009.03.28 23:36:10 | 003,782,416 | ---- | C] () -- C:\WINDOWS\System32\mso97.dll [2009.03.28 23:25:04 | 000,000,013 | ---- | C] () -- C:\WINDOWS\System32\asdrawim.ini [2009.03.06 19:04:26 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI [2009.03.06 16:06:16 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2009.03.06 16:05:00 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE RX585DEFGIPS.ini [2009.01.18 14:46:03 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll [2009.01.17 23:47:35 | 000,000,045 | ---- | C] () -- C:\WINDOWS\mix-fx.ini [2009.01.11 13:13:35 | 000,000,125 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib [2009.01.10 20:44:53 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009.01.07 12:28:01 | 000,037,275 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini [2009.01.06 17:22:57 | 000,145,632 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2009.01.05 16:24:14 | 000,074,752 | ---- | C] () -- C:\Documents and Settings\Martin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.01.05 11:41:25 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2009.01.05 11:41:24 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2009.01.03 01:18:29 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2009.01.02 23:25:39 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys [2009.01.02 22:40:57 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2009.01.02 22:15:53 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys [2009.01.02 22:15:42 | 000,037,237 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2009.01.02 22:15:41 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2007.10.25 17:26:10 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2005.08.23 10:59:28 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\aspolyzt.dll [2005.07.06 11:59:58 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\asdrawli.dll [2005.07.04 14:17:30 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\ASDRAWMA.DLL [2005.06.10 08:46:52 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\FDT100.dll [2004.08.17 16:34:52 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\AS_SORT.DLL [2003.05.22 11:31:44 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\ASDRAW32.DLL [2002.07.12 15:29:28 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\AS_MDB32.DLL [1999.11.08 15:55:46 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\S7oformx.dll [1999.07.16 14:37:56 | 000,136,704 | ---- | C] () -- C:\WINDOWS\System32\TDCTRL.dll [1996.12.19 15:37:38 | 000,103,360 | ---- | C] () -- C:\WINDOWS\System32\S7OSC16X.DLL [1996.12.19 15:36:48 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\S7OSC32X.DLL ========== Alternate Data Streams ========== @Alternate Data Stream - 72 bytes -> C:\WINDOWS:41484591AEF3A391 @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:408F95E5 < End of report > |
ATTFilter OTL Extras logfile created on: 07.11.2010 02:03:36 - Run 1 OTL by OldTimer - Version Folder = C:\Documents and Settings\Martin\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000C07 | Country: Austria | Language: DEA | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 51,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 48,83 Gb Total Space | 15,39 Gb Free Space | 31,52% Space Free | Partition Type: NTFS Drive D: | 501,05 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive E: | 97,65 Gb Total Space | 63,00 Gb Free Space | 64,52% Space Free | Partition Type: NTFS Drive F: | 97,65 Gb Total Space | 59,54 Gb Free Space | 60,97% Space Free | Partition Type: NTFS Drive G: | 221,62 Gb Total Space | 97,51 Gb Free Space | 44,00% Space Free | Partition Type: NTFS Computer Name: +++ | User Name: +++ | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- E:\Program\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htafile [open] -- "%1" %* htmlfile [edit] -- "E:\Program\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "E:\Program\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "E:\Program\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- E:\Program\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "E:\Program\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "E:\Program\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "E:\Program\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "E:\Program\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] "DisableMonitoring" = 1 ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 4 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "4410:TCP" = 4410:TCP:LocalSubNet:Enabled:Automation License Management [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002 "4547:TCP" = 4547:TCP:*:Enabled:krtyhd "4410:TCP" = 4410:TCP:LocalSubNet:Enabled:Automation License Management ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "E:\Games\Crytek\Crysis\Bin32\Crysis.exe" = E:\Games\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32 -- File not found "E:\Games\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe" = E:\Games\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32 -- File not found "C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.) "E:\Program\BitTorrent\bittorrent.exe" = E:\Program\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.) "E:\Games\PRO\pes2009.exe" = E:\Games\PRO\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009 -- File not found "E:\Program\AVG\AVG8\avgemc.exe" = E:\Program\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- File not found "E:\Program\AVG\AVG8\avgupd.exe" = E:\Program\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found "E:\TerraTec\CinergyDvrHelper.exe" = E:\TerraTec\CinergyDvrHelper.exe:*:Enabled:TerraTec Home Cinema (Setup) -- File not found "E:\TerraTec\tvtvSetup\tvtv_Wizard.exe" = E:\TerraTec\tvtvSetup\tvtv_Wizard.exe:*:Enabled:TerraTec tvtv Setup -- File not found "E:\TerraTec\CinergyDvr.exe" = E:\TerraTec\CinergyDvr.exe:*:Enabled:TerraTec Home Cinema -- File not found "E:\TerraTec\CinergyDvrUpdate\CinergyDVRUp_Date.exe" = E:\TerraTec\CinergyDvrUpdate\CinergyDVRUp_Date.exe:*:Enabled:TerraTec Auto Update -- File not found "E:\Program Files\Orbitdownloader\orbitdm.exe" = E:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com) "E:\Program Files\Orbitdownloader\orbitnet.exe" = E:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com) "C:\Documents and Settings\Martin\Desktop\PIC675799074533-JPG-www.facebook.com.exe" = C:\WINDOWS\jusched.exe:*:Enabled:Java developer Script Browse -- File not found ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) "{03030CB1-AEA1-90F8-6442-AC063AA1AE20}" = ccc-core-static "{0323CB96-221A-4042-84A3-93EDE47099FC}" = AVG 2011 "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4 "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4 "{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler "{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4 "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4 "{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4 "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4 "{129DDEC1-A6A3-3D60-AABE-76E6E5334922}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - CSY "{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4 "{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu "{159098AF-4EB8-4C10-B0C6-24CDA32B45F9}" = Microsoft SQL Server Compact 3.5 DEU "{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4 "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4 "{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4 "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB "{18E1FD72-60FA-3E10-A66B-640970B5559F}" = Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU "{1A258E63-8DF5-4ADB-9832-38A0121D65EB}" = AVG 2011 "{1A5F9CD3-7BD3-F68F-1267-7C1157AFE531}" = Catalyst Control Center Graphics Full New "{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server "{1C3ADB5F-750E-4453-AC98-B75C5323845C}" = Microsoft SQL Server Compact 3.5 for Devices DEU "{1D1D8ADC-BF08-4E61-9393-5FA305B16864}" = Microsoft SQL Server Native Client "{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4 "{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email "{2457326B-C110-40C3-89B0-889CC913871A}" = AVM FRITZ!DSL "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18 "{29082A9B-0144-5189-78B3-1E8D47DD644D}" = ccc-core-preinstall "{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models "{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant "{2b95ad22-c41a-4517-b9dc-d4ff98faeb8a}" = Nero 9 "{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1 "{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman) "{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager "{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5 "{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4 "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4 "{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent "{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder "{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime "{3924C3E7-C440-4B23-9740-9A9EC0545F21}" = Crystal Reports Basic German Language Pack for Visual Studio 2008 "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4 "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4 "{3D78F2A2-C893-4ABD-B5FE-AD7011837755}" = EPSON Easy Photo Print "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth "{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4 "{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit "{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision "{445174EA-3D3A-308E-84AD-446127E71441}" = Microsoft Visual Studio 2008 Professional Edition - DEU "{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets "{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4 "{47C6F987-685A-41AE-B092-E75B277AEE39}" = Adobe Flash CS4 Extension - Flash Lite STI others "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4 "{4ACDC413-AF13-3934-8D8A-1F8CEF70D1A5}" = Microsoft Document Explorer 2008 Language Pack - DEU "{4E3A817A-8033-3D7E-BCA9-102EFF3FD9CA}" = Microsoft Device Emulator Version 3.0 - DEU "{519F53E5-2A88-41CC-B728-64F8202DDA4D}" = OpenOffice.org 3.1 Language Pack (German) "{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01) "{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01) "{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress "{5C759B74-34F4-43C6-A5D9-039CB754C5E9}" = Microsoft SQL Server VSS Writer "{5DB161C0-7C9C-41D7-8DA1-CB112F60946B}" = Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack "{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4 "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support "{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection "{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner "{62D917DF-16DE-4383-9239-8C8BA06EB829}" = OpenOffice.org 3.1 "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4 "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support "{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense "{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008 "{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content "{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3 "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4 "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK "{6A90C837-054E-44AE-B9BD-1B1F87986BBC}" = Folding@home-gpu "{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}" = Folding@home-x86 "{6FE8B722-4D7E-3CD7-BB3A-3AD1684B1295}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - CSY "{71A51A91-E7D3-11DB-A386-005056C00008}" = Vimicro USB2.0 UVC PC Camera "{71CFE572-6C01-96C4-F90E-36C147C98123}" = Catalyst Control Center InstallProxy "{721B5CF0-D220-4955-BB6F-EBCFB1096DE7}" = Windows Mobile 5.0 SDK R2 for Pocket PC "{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72CCBEA1-8D57-4981-A337-81019F28C5BA}" = Microsoft .NET Compact Framework 3.5 "{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4 "{74DCC43B-33C9-3389-BD0D-33EB37973657}" = Microsoft .NET Framework 3.5 Language Pack - csy "{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart "{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights "{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page "{7F2120EB-3337-45DC-B5C3-D4DED4F0A0BA}" = SIMATIC STEP 7 V5.4 + SP4 Professional 2006 SR5 "{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4 "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4 "{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries "{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II "{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed "{8709DD83-A73F-46F8-BCA1-234A7E04D82C}" = Siemens Automation License Manager V4.0 "{870FB7F0-59C3-099B-4ABF-A9F977393EE9}" = ccc-utility "{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4 "{885DDF98-4E4C-4D80-59C9-B785F2D314E4}" = Catalyst Control Center Graphics Previews Common "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding "{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime "{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12 "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}_PRJPRO_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}_PRJPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}_PRJPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}_PRJPRO_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007 "{90120000-0021-0407-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (German) 2007 "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007 "{90120000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}_PRJPRO_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{909B62B0-8ACA-4061-A83B-09CAEF609619}" = MSXML 6.0 Parser "{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4 "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{96F139DE-C33E-4FCC-A72B-684BF899F679}" = SIMATIC S7-SCL V5.3 + SP5 Professional 2006 SR5 "{9773450C-E2F3-46C3-9464-1D7EDE5EFB63}" = Pro Evolution Soccer 2011 "{99484975-321E-495B-8171-2797B82392DD}" = inode FTP "{99F0C3CC-8DF0-3611-B190-CF4D1AF0E053}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools "{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2 "{9B5B156B-9A4B-48FB-AA59-47B221495A7B}" = Logitech GamePanel Software 3.01 "{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap "{9EFA7323-47A0-48E2-8F77-35DB5EED500A}" = SpyHunter "{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU "{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A6EB4CB7-DA32-2FAA-7078-7C0C2882D9DF}" = CCC Help English "{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4 "{A816AE22-1878-CACA-7541-47C56F9A96F7}" = ATI Catalyst Install Manager "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008 "{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution "{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch "{AC76BA86-1033-F400-7760-000000000004}_930" = Adobe Acrobat 9.3.0 - CPSID_52073 "{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch "{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4 "{B095B0A4-50A5-46D7-9988-D038FEB040C0}" = Adobe Encore CS4 Library "{B1060346-9388-4C5B-AA52-176C39819E43}" = Microsoft .NET Compact Framework 2.0 SP2 "{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4 "{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content "{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles "{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect "{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center "{B3C2952E-B9E6-4C3E-A1B3-8087654A15F4}" = SIMATIC S7-PLCSIM V5.4 + SP2 Professional 2006 SR5 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1 "{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4 "{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit "{B918272C-7E6E-194F-53E9-D3B566480686}" = Catalyst Control Center Graphics Light "{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4 "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module "{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition "{BD3374D3-C2E6-42B7-A80B-E850B6886246}" = Adobe Flash CS4 STI-other "{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter "{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4 "{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax "{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com "{C8A92B59-E083-7715-F78F-FDD77B121C3C}" = Catalyst Control Center HydraVision Full "{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content "{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw "{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4 "{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1 "{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime "{DA7F48EF-5F56-45FE-9169-3B8159A7A323}" = Windows Mobile 5.0 SDK R2 for Smartphone "{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4 "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager "{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV "{E2A91BF5-FE48-46CF-A1BE-F639D21D06C2}" = SIMATIC S7-GRAPH V5.3 + SP6 Professional 2006 SR5 "{E32260E7-0B10-43C7-9B77-AB9F4184676D}" = Microsoft SQL Server Compact 3.5 Design Tools DEU "{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.14 "{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer "{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup "{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1BCD1EA-73CE-B1BF-70DC-A1A6EF3132EE}" = Catalyst Control Center Graphics Full Existing "{F2E92959-8856-6656-BE20-4E2F6685F170}" = Catalyst Control Center Core Implementation "{F600CCF3-9C88-4A22-B0B4-DDA82E997118}" = Adobe After Effects CS4 Template Projects & Footage "{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4 "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4 "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4 "{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs "{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All "{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD "3DWunschhausPlusVA.Exe" = 3D Wunschhaus Architekt 5.0 Plus "7-Zip" = 7-Zip 4.63 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe_5445c5ddd9a5c69582d3c1e2bba18f7" = Adobe Creative Suite 4 Master Collection "AnyDVD" = AnyDVD "ATI Display Driver" = ATI Display Driver "AVerMedia A835 USB TV Tuner" = AVerMedia A835 USB TV Tuner "AVG" = AVG 2011 "BitTorrent" = BitTorrent "CCleaner" = CCleaner "Cisco Networking Academy curriculum_is1" = Cisco Networking Academy curriculum "Cisco Packet Tracer_is1" = Cisco Packet Tracer 5.2 "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "Direktfotosystem2_is1" = Direkt Foto System 3.x "DivX Setup.divx.com" = DivX-Setup "DVD Decrypter" = DVD Decrypter (Remove Only) "EAGLE 5.4.0" = EAGLE 5.4.0 "ENTERPRISE" = Microsoft Office Enterprise 2007 "EPSON Printer and Utilities" = EPSON-Drucker-Software "EPSON Scanner" = EPSON Scan "EPSON Stylus Photo RX585_RX610 Benutzerhandbuch" = EPSON Stylus Photo RX585_RX610 Handbuch "Flash Saving Plugin" = Flash Saving Plugin "HijackThis" = HijackThis 2.0.2 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "inode FTP" = inode FTP "InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email "InstallShield_{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5 "Microsoft .NET Framework 3.5 Language Pack - csy" = Microsoft .NET Framework 3.5 Language Pack - CSY "Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU "Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008 "Microsoft Document Explorer 2008 Language Pack - DEU" = Microsoft Document Explorer 2008 Language Pack - DEU "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime "Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack" = Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack "Microsoft Visual Studio 2008 Professional Edition - DEU" = Microsoft Visual Studio 2008 Professional Edition - DEU "Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12) "Mozilla Thunderbird (3.1.3)" = Mozilla Thunderbird (3.1.3) "Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "Notepad++" = Notepad++ "Orbit_is1" = Orbit Downloader "Picasa 3" = Picasa 3 "PRJPRO" = Microsoft Office Project Professional 2007 "SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software "Streamripper" = Streamripper (Remove only) "TrySim" = TrySim "Unlocker" = Unlocker 1.9.0 "VISPRO" = Microsoft Office Visio Professional 2007 "Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime "Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU" = Visual Studio-Tools für Office System 3.0 Runtime Language Pack - DEU "VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component "VLC media player" = VLC media player 1.1.3 "Winamp" = Winamp "WinAVR-20100110" = WinAVR 20100110 (remove only) "Windows XP Service Pack" = Windows XP Service Pack 3 "Wubi" = Ubuntu "xp-AntiSpy" = xp-AntiSpy 3.96-4 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 "ZoneAlarm" = ZoneAlarm ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "BitTorrent" = BitTorrent "BitTorrent DNA" = DNA ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 05.11.2010 11:02:43 | Computer Name = KYLE | Source = Automation License Manager Service | ID = 18 Description = API = Socket Server couldn't be started., os error code = 1460, os message = This operation returned because the timeout period expired. . Error - 05.11.2010 11:05:44 | Computer Name = KYLE | Source = Automation License Manager Service | ID = 18 Description = API = Socket Server couldn't be started., os error code = 1460, os message = This operation returned because the timeout period expired. . Error - 05.11.2010 16:26:41 | Computer Name = KYLE | Source = Automation License Manager Service | ID = 18 Description = API = Socket Server couldn't be started., os error code = 1460, os message = This operation returned because the timeout period expired. . Error - 05.11.2010 16:29:51 | Computer Name = KYLE | Source = Automation License Manager Service | ID = 18 Description = API = Socket Server couldn't be started., os error code = 1460, os message = This operation returned because the timeout period expired. . Error - 05.11.2010 16:49:26 | Computer Name = KYLE | Source = Automation License Manager Service | ID = 18 Description = API = Socket Server couldn't be started., os error code = 1460, os message = This operation returned because the timeout period expired. . Error - 05.11.2010 17:43:43 | Computer Name = KYLE | Source = Automation License Manager Service | ID = 18 Description = API = Socket Server couldn't be started., os error code = 1460, os message = This operation returned because the timeout period expired. . Error - 06.11.2010 04:06:34 | Computer Name = KYLE | Source = Automation License Manager Service | ID = 18 Description = API = Socket Server couldn't be started., os error code = 1460, os message = This operation returned because the timeout period expired. . Error - 06.11.2010 10:32:55 | Computer Name = KYLE | Source = Automation License Manager Service | ID = 18 Description = API = Socket Server couldn't be started., os error code = 1460, os message = This operation returned because the timeout period expired. . Error - 06.11.2010 18:32:29 | Computer Name = KYLE | Source = Automation License Manager Service | ID = 18 Description = API = Socket Server couldn't be started., os error code = 1460, os message = This operation returned because the timeout period expired. . Error - 06.11.2010 18:46:03 | Computer Name = KYLE | Source = Automation License Manager Service | ID = 18 Description = API = Socket Server couldn't be started., os error code = 1460, os message = This operation returned because the timeout period expired. . [ OSession Events ] Error - 11.01.2010 18:30:15 | Computer Name = KYLE | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12439 seconds with 8580 seconds of active time. This session ended with a crash. Error - 11.01.2010 18:30:36 | Computer Name = KYLE | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0 seconds with 0 seconds of active time. This session ended with a crash. Error - 11.01.2010 18:31:14 | Computer Name = KYLE | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 26 seconds with 0 seconds of active time. This session ended with a crash. Error - 11.01.2010 18:31:30 | Computer Name = KYLE | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7 seconds with 0 seconds of active time. This session ended with a crash. Error - 02.05.2010 10:59:49 | Computer Name = KYLE | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 10, Application Name: Microsoft Office Visio, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6425.1000. This session lasted 0 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 06.11.2010 18:46:06 | Computer Name = KYLE | Source = DCOM | ID = 10005 Description = DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} Error - 06.11.2010 18:47:19 | Computer Name = KYLE | Source = Service Control Manager | ID = 7023 Description = The Microsoft Config service terminated with the following error: %%126 Error - 06.11.2010 18:47:19 | Computer Name = KYLE | Source = Service Control Manager | ID = 7023 Description = The Server Image service terminated with the following error: %%126 Error - 06.11.2010 18:47:19 | Computer Name = KYLE | Source = Service Control Manager | ID = 7023 Description = The Boot Security service terminated with the following error: %%126 Error - 06.11.2010 18:47:19 | Computer Name = KYLE | Source = Service Control Manager | ID = 7023 Description = The Microsoft Helper service terminated with the following error: %%126 Error - 06.11.2010 18:47:19 | Computer Name = KYLE | Source = Service Control Manager | ID = 7023 Description = The Windows Boot service terminated with the following error: %%126 Error - 06.11.2010 18:47:19 | Computer Name = KYLE | Source = Service Control Manager | ID = 7023 Description = The dujxlx service terminated with the following error: %%126 Error - 06.11.2010 18:47:19 | Computer Name = KYLE | Source = Service Control Manager | ID = 7023 Description = The System Restore Service service terminated with the following error: %%2 Error - 06.11.2010 18:47:19 | Computer Name = KYLE | Source = Service Control Manager | ID = 7023 Description = The Server Task service terminated with the following error: %%126 Error - 06.11.2010 18:47:19 | Computer Name = KYLE | Source = Service Control Manager | ID = 7024 Description = The Automation License Manager Service service terminated with service-specific error 1460 (0x5B4). < End of report > |
![]() | #6 |
das war das erste Logfile: Malwarebytes' Anti-Malware 1.46 Malwarebytes Database version: 4950 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 26.10.2010 12:02:48 mbam-log-2010-10-26 (12-02-48).txt Scan type: Quick scan Objects scanned: 177991 Time elapsed: 6 minute(s), 52 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Trojan.Agent) -> Quarantined and deleted successfully.
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
ATTFilter :OTL SRV - (toogmft) -- C:\WINDOWS\System32\hqhakc.dll File not found SRV - (scinetu) -- C:\WINDOWS\System32\hqhakc.dll File not found SRV - (oruqjr) -- C:\Program Files\Movie Maker\hqhakc.dll File not found SRV - (oqimg) -- C:\WINDOWS\System32\hqhakc.dll File not found SRV - (mlkynlqkb) -- C:\WINDOWS\System32\hqhakc.dll File not found SRV - (eqkfl) -- C:\WINDOWS\System32\hqhakc.dll File not found SRV - (bmljcgc) -- C:\WINDOWS\System32\hqhakc.dll File not found DRV - (xltsaaqhvemjujj) -- C:\WINDOWS\system32\drivers\vdrkdlxgsthjem.sys () O33 - MountPoints2\{0bdb1810-dcad-11dd-b36a-002354091e0f}\Shell - "" = AutoRun O33 - MountPoints2\{0bdb1810-dcad-11dd-b36a-002354091e0f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{0bdb1810-dcad-11dd-b36a-002354091e0f}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found O33 - MountPoints2\{0bdb1811-dcad-11dd-b36a-002354091e0f}\Shell\AutoRun\command - "" = VLkmed0349-v-sd90jk129-0G\1490304-609127988309-709234\taskmgr.exe O33 - MountPoints2\{0bdb1811-dcad-11dd-b36a-002354091e0f}\Shell\open\command - "" = VLkmed0349-v-sd90jk129-0G\1490304-609127988309-709234\taskmgr.exe O33 - MountPoints2\{9c3ca953-2d55-11df-9a46-002354091e0f}\Shell\AutoRun\command - "" = K:\SamsungSoftware\APPInst.exe -- File not found [2010.10.29 14:05:40 | 000,044,800 | ---- | M] () -- C:\WINDOWS\System32\drivers\vdrkdlxgsthjem.sys [2010.10.20 21:51:37 | 000,016,236 | ---- | M] () -- C:\bar.emf [2010.09.02 14:19:38 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll [2010.09.02 14:19:38 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll [2010.09.02 14:19:38 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll [2010.09.02 14:19:38 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll [2010.09.02 14:19:38 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll [2010.09.02 14:19:38 | 000,000,021 | ---- | C] () -- C:\WINDOWS\SurCode.INI @Alternate Data Stream - 72 bytes -> C:\WINDOWS:41484591AEF3A391 @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:408F95E5 :Files C:\WINDOWS\tasks\At*.job C:\Program Files\Movie Maker\hqhakc.dll C:\WINDOWS\System32\hqhakc.dll :Commands [purity] [resethosts] [emptytemp] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten ![]() |
Hi, anbei der neue report. Darf ich nur fragen was hier gemacht worden ist? Danke All processes killed ========== OTL ========== Service toogmft stopped successfully! Service toogmft deleted successfully! Service bmljcgc stopped successfully! Service bmljcgc deleted successfully! File C:\WINDOWS\System32\hqhakc.dll File not found not found. Service xltsaaqhvemjujj stopped successfully! Service xltsaaqhvemjujj deleted successfully! C:\WINDOWS\system32\drivers\vdrkdlxgsthjem.sys moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0bdb1810-dcad-11dd-b36a-002354091e0f}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0bdb1810-dcad-11dd-b36a-002354091e0f}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0bdb1810-dcad-11dd-b36a-002354091e0f}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0bdb1810-dcad-11dd-b36a-002354091e0f}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0bdb1810-dcad-11dd-b36a-002354091e0f}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0bdb1810-dcad-11dd-b36a-002354091e0f}\ not found. File J:\LaunchU3.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0bdb1811-dcad-11dd-b36a-002354091e0f}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0bdb1811-dcad-11dd-b36a-002354091e0f}\ not found. File VLkmed0349-v-sd90jk129-0G\1490304-609127988309-709234\taskmgr.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0bdb1811-dcad-11dd-b36a-002354091e0f}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0bdb1811-dcad-11dd-b36a-002354091e0f}\ not found. File VLkmed0349-v-sd90jk129-0G\1490304-609127988309-709234\taskmgr.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c3ca953-2d55-11df-9a46-002354091e0f}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9c3ca953-2d55-11df-9a46-002354091e0f}\ not found. File K:\SamsungSoftware\APPInst.exe not found. File C:\WINDOWS\System32\drivers\vdrkdlxgsthjem.sys not found. C:\bar.emf moved successfully. C:\WINDOWS\system32\sysprs7.dll moved successfully. C:\WINDOWS\system32\clauth2.dll moved successfully. C:\WINDOWS\system32\clauth1.dll moved successfully. C:\WINDOWS\system32\lsprst7.dll moved successfully. C:\WINDOWS\system32\ssprs.dll moved successfully. C:\WINDOWS\SurCode.INI moved successfully. ADS C:\WINDOWS:41484591AEF3A391 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:408F95E5 deleted successfully. ========== FILES ========== C:\WINDOWS\tasks\At1.job moved successfully. C:\WINDOWS\tasks\At10.job moved successfully. C:\WINDOWS\tasks\At11.job moved successfully. C:\WINDOWS\tasks\At12.job moved successfully. C:\WINDOWS\tasks\At13.job moved successfully. C:\WINDOWS\tasks\At14.job moved successfully. C:\WINDOWS\tasks\At15.job moved successfully. C:\WINDOWS\tasks\At16.job moved successfully. C:\WINDOWS\tasks\At17.job moved successfully. C:\WINDOWS\tasks\At18.job moved successfully. C:\WINDOWS\tasks\At19.job moved successfully. C:\WINDOWS\tasks\At2.job moved successfully. C:\WINDOWS\tasks\At20.job moved successfully. C:\WINDOWS\tasks\At21.job moved successfully. C:\WINDOWS\tasks\At22.job moved successfully. C:\WINDOWS\tasks\At23.job moved successfully. C:\WINDOWS\tasks\At24.job moved successfully. C:\WINDOWS\tasks\At3.job moved successfully. C:\WINDOWS\tasks\At4.job moved successfully. C:\WINDOWS\tasks\At5.job moved successfully. C:\WINDOWS\tasks\At6.job moved successfully. C:\WINDOWS\tasks\At7.job moved successfully. C:\WINDOWS\tasks\At8.job moved successfully. C:\WINDOWS\tasks\At9.job moved successfully. File\Folder C:\Program Files\Movie Maker\hqhakc.dll not found. File\Folder C:\WINDOWS\System32\hqhakc.dll not found. ========== COMMANDS ========== C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: Administrator ->Temp folder emptied: 3334016 bytes ->Temporary Internet Files folder emptied: 22336245 bytes ->FireFox cache emptied: 5473537 bytes ->Flash cache emptied: 1172 bytes User: All Users User: Babsi ->Temp folder emptied: 16384 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->FireFox cache emptied: 3176393 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41661 bytes User: LocalService ->Temp folder emptied: 992536 bytes ->Temporary Internet Files folder emptied: 112094 bytes User: Martin ->Temp folder emptied: 68901750 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 45624972 bytes ->Flash cache emptied: 989 bytes User: NetworkService ->Temp folder emptied: 2376632 bytes ->Temporary Internet Files folder emptied: 73387677 bytes ->Flash cache emptied: 2058 bytes User: test ->Temp folder emptied: 4229843 bytes ->Temporary Internet Files folder emptied: 130845 bytes ->FireFox cache emptied: 12648103 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 20825954 bytes %systemroot%\System32 .tmp files removed: 2577 bytes %systemroot%\System32\dllcache .tmp files removed: 4319680 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 5658057 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 261,00 mb OTL by OldTimer - Version log created on 11082010_225831 Files\Folders moved on Reboot... C:\Documents and Settings\Martin\Local Settings\Temp\~DFEDFA.tmp moved successfully. C:\Documents and Settings\Martin\Local Settings\Application Data\Mozilla\Firefox\Profiles\hag7fc90.default\Cache\_CACHE_001_ moved successfully. C:\Documents and Settings\Martin\Local Settings\Application Data\Mozilla\Firefox\Profiles\hag7fc90.default\Cache\_CACHE_002_ moved successfully. C:\Documents and Settings\Martin\Local Settings\Application Data\Mozilla\Firefox\Profiles\hag7fc90.default\Cache\_CACHE_003_ moved successfully. C:\Documents and Settings\Martin\Local Settings\Application Data\Mozilla\Firefox\Profiles\hag7fc90.default\Cache\_CACHE_MAP_ moved successfully. C:\Documents and Settings\Martin\Local Settings\Application Data\Mozilla\Firefox\Profiles\hag7fc90.default\urlclassifier3.sqlite moved successfully. C:\Documents and Settings\Martin\Local Settings\Application Data\Mozilla\Firefox\Profiles\hag7fc90.default\XUL.mfl moved successfully. File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_39c.dat not found! File\Folder C:\WINDOWS\temp\ZLT06ce9.TMP not found! Registry entries deleted on Reboot... |
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Hallo, CCleaner verwende ich beinahe jeden Tag. Der Combo Report: Combofix Logfile:
ATTFilter ComboFix 10-11-07.A2 - Martin 09.11.2010 7:12.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.43.1033.18.2047.1435 [GMT 1:00] ausgeführt von:: c:\documents and settings\Martin\Desktop\cofi.exe FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Martin\Application Data\completescan c:\documents and settings\Martin\Application Data\install c:\windows\system32\404Fix.exe c:\windows\system32\Agent.OMZ.Fix.exe c:\windows\system32\drivers\hwinterface.sys c:\windows\system32\dumphive.exe c:\windows\system32\IEDFix.C.exe c:\windows\system32\IEDFix.exe c:\windows\system32\images c:\windows\system32\images\toolbar\calendar.gif c:\windows\system32\images\toolbar\crlogo.gif c:\windows\system32\images\toolbar\export.gif c:\windows\system32\images\toolbar\export_over.gif c:\windows\system32\images\toolbar\exportd.gif c:\windows\system32\images\toolbar\First.gif c:\windows\system32\images\toolbar\first_over.gif c:\windows\system32\images\toolbar\Firstd.gif c:\windows\system32\images\toolbar\gotopage.gif c:\windows\system32\images\toolbar\gotopage_over.gif c:\windows\system32\images\toolbar\gotopaged.gif c:\windows\system32\images\toolbar\grouptree.gif c:\windows\system32\images\toolbar\grouptree_over.gif c:\windows\system32\images\toolbar\grouptreed.gif c:\windows\system32\images\toolbar\grouptreepressed.gif c:\windows\system32\images\toolbar\Last.gif c:\windows\system32\images\toolbar\last_over.gif c:\windows\system32\images\toolbar\Lastd.gif c:\windows\system32\images\toolbar\Next.gif c:\windows\system32\images\toolbar\next_over.gif c:\windows\system32\images\toolbar\Nextd.gif c:\windows\system32\images\toolbar\Prev.gif c:\windows\system32\images\toolbar\prev_over.gif c:\windows\system32\images\toolbar\Prevd.gif c:\windows\system32\images\toolbar\print.gif c:\windows\system32\images\toolbar\print_over.gif c:\windows\system32\images\toolbar\printd.gif c:\windows\system32\images\toolbar\Refresh.gif c:\windows\system32\images\toolbar\refresh_over.gif c:\windows\system32\images\toolbar\refreshd.gif c:\windows\system32\images\toolbar\Search.gif c:\windows\system32\images\toolbar\search_over.gif c:\windows\system32\images\toolbar\searchd.gif c:\windows\system32\images\toolbar\up.gif c:\windows\system32\images\toolbar\up_over.gif c:\windows\system32\images\toolbar\upd.gif c:\windows\system32\images\tree\begindots.gif c:\windows\system32\images\tree\beginminus.gif c:\windows\system32\images\tree\beginplus.gif c:\windows\system32\images\tree\blank.gif c:\windows\system32\images\tree\blankdots.gif c:\windows\system32\images\tree\dots.gif c:\windows\system32\images\tree\lastdots.gif c:\windows\system32\images\tree\lastminus.gif c:\windows\system32\images\tree\lastplus.gif c:\windows\system32\images\tree\Magnify.gif c:\windows\system32\images\tree\minus.gif c:\windows\system32\images\tree\minusbox.gif c:\windows\system32\images\tree\plus.gif c:\windows\system32\images\tree\plusbox.gif c:\windows\system32\images\tree\singleminus.gif c:\windows\system32\images\tree\singleplus.gif c:\windows\system32\o4Patch.exe c:\windows\system32\Process.exe c:\windows\system32\pthreadVC.dll c:\windows\system32\SrchSTS.exe c:\windows\system32\VACFix.exe c:\windows\system32\VCCLSID.exe c:\windows\system32\WS2Fix.exe c:\windows\system32\winlogon.exe . . . ist infiziert!! Infizierte Kopie von c:\windows\explorer.exe wurde gefunden und desinfiziert Kopie von - c:\windows\ServicePackFiles\i386\explorer.exe wurde wiederhergestellt . \\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_hwinterface -------\Service_hwinterface ((((((((((((((((((((((( Dateien erstellt von 2010-10-09 bis 2010-11-09 )))))))))))))))))))))))))))))) . 2010-11-08 21:58 . 2010-11-08 21:58 -------- d-----w- C:\_OTL 2010-11-06 22:43 . 2010-11-06 22:44 -------- d-----w- C:\!KillBox 2010-11-06 09:31 . 2010-11-06 09:31 -------- d-----w- c:\documents and settings\All Users\Application Data\KONAMI 2010-11-05 22:03 . 2001-08-17 12:28 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys 2010-11-05 22:02 . 2001-08-17 21:36 26624 -c--a-w- c:\windows\system32\dllcache\umaxu22.dll 2010-11-05 22:01 . 2001-08-17 11:13 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys 2010-11-05 22:00 . 2001-08-17 12:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys 2010-11-05 21:59 . 2001-08-17 11:50 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys 2010-11-05 21:58 . 2001-08-17 21:36 79872 -c--a-w- c:\windows\system32\dllcache\rwia430.dll 2010-11-05 21:57 . 2001-08-17 13:07 19840 -c--a-w- c:\windows\system32\dllcache\philtune.sys 2010-11-05 21:56 . 2001-08-17 11:49 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys 2010-11-05 21:55 . 2008-04-13 23:16 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys 2010-11-05 21:54 . 2001-08-17 21:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll 2010-11-05 21:53 . 2001-08-17 21:36 61952 -c--a-w- c:\windows\system32\dllcache\icam4ext.dll 2010-11-05 21:52 . 2001-08-17 21:36 9759 -c--a-w- c:\windows\system32\dllcache\hsf_inst.dll 2010-11-05 21:51 . 2001-08-17 11:13 27165 -c--a-w- c:\windows\system32\dllcache\fetnd5.sys 2010-11-05 21:51 . 2001-08-17 11:10 22090 -c--a-w- c:\windows\system32\dllcache\fem556n5.sys 2010-11-05 21:51 . 2001-08-17 11:12 24618 -c--a-w- c:\windows\system32\dllcache\fa410nd5.sys 2010-11-05 21:51 . 2001-08-17 11:12 16074 -c--a-w- c:\windows\system32\dllcache\fa312nd5.sys 2010-11-05 21:51 . 2001-08-17 11:11 11850 -c--a-w- c:\windows\system32\dllcache\f3ab18xj.sys 2010-11-05 21:51 . 2001-08-17 11:11 12362 -c--a-w- c:\windows\system32\dllcache\f3ab18xi.sys 2010-11-05 21:51 . 2001-08-17 12:52 7040 -c--a-w- c:\windows\system32\dllcache\exabyte2.sys 2010-11-05 21:51 . 2001-08-17 11:12 16998 -c--a-w- c:\windows\system32\dllcache\ex10.sys 2010-11-05 21:47 . 2001-08-17 21:36 6729 -c--a-w- c:\windows\system32\dllcache\disrvci.dll 2010-11-05 21:46 . 2001-08-17 12:51 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys 2010-11-05 20:45 . 2008-04-14 04:42 507904 ------w- c:\windows\system32\winlogon.exe 2010-11-05 14:44 . 2010-11-05 14:44 -------- d-----w- c:\documents and settings\Martin\Application Data\AVG10 2010-11-05 14:44 . 2010-11-05 14:44 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files 2010-11-05 14:44 . 2010-11-08 21:39 -------- d-----w- c:\windows\system32\drivers\AVG 2010-11-05 14:44 . 2010-11-05 14:44 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10 2010-11-05 14:44 . 2010-11-05 14:44 -------- d-----w- c:\program files\AVG 2010-11-05 14:37 . 2010-11-05 14:40 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData 2010-11-05 14:12 . 2010-11-05 14:12 -------- d-----w- c:\program files\Enigma Software Group 2010-11-03 04:52 . 2010-11-03 04:55 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2010-11-02 18:37 . 2010-11-02 18:37 -------- d-----w- c:\program files\Zone Labs 2010-11-02 18:07 . 2008-04-14 04:42 1033728 ----a-w- c:\windows\explorer.exe 2010-11-02 17:58 . 2010-11-05 14:40 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2010-11-02 16:57 . 2010-11-09 06:18 -------- d-----w- c:\windows\Internet Logs 2010-11-02 16:41 . 2010-11-02 16:44 -------- d-----w- c:\documents and settings\All Users\Application Data\fssg 2010-11-02 16:38 . 2010-11-02 16:40 -------- d-----w- c:\documents and settings\All Users\Application Data\f-secure 2010-11-01 16:34 . 2010-11-01 16:34 -------- d-----w- c:\documents and settings\Martin\Application Data\TrojanHunter 2010-10-27 22:04 . 2010-10-27 22:05 -------- d-----w- c:\documents and settings\Martin\Local Settings\Application Data\Temp 2010-10-26 17:20 . 2010-10-26 17:21 -------- d-----w- c:\program files\Graboid 2010-10-26 10:52 . 2010-10-26 10:52 -------- d-----w- c:\documents and settings\Martin\Application Data\Malwarebytes 2010-10-26 10:41 . 2010-10-26 10:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2010-10-26 10:41 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-10-26 10:41 . 2010-10-26 10:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-10-26 10:41 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-10-26 10:36 . 2010-10-26 10:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\ProgSense 2010-10-26 10:36 . 2010-10-26 10:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\Orbit 2010-10-26 10:33 . 2010-10-26 10:33 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla 2010-10-26 09:34 . 2010-10-26 09:35 -------- d-----w- c:\documents and settings\Martin\Application Data\FCAAC60ADBD2A67431F87ADADD3EE6E0 2010-10-25 17:55 . 2010-10-25 17:56 -------- d-----w- c:\documents and settings\Martin\Application Data\Youtube Downloader HD . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-13 15:27 . 2010-09-13 15:27 25680 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys 2010-09-07 02:49 . 2010-09-07 02:49 298448 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-09-07 02:48 . 2010-09-07 02:48 34384 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-09-07 02:48 . 2010-09-07 02:48 249424 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-09-07 02:48 . 2010-09-07 02:48 26064 ----a-w- c:\windows\system32\drivers\avgrkx86.sys 2010-08-19 20:42 . 2010-08-19 20:42 30288 ----a-w- c:\windows\system32\drivers\AVGIDSFilter.sys 2010-08-19 20:42 . 2010-08-19 20:42 123472 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys 2010-08-19 20:42 . 2010-08-19 20:42 26192 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys . ------- Sigcheck ------- [-] 2008-04-14 . 35D83FE8244BD4A242E58CDFC48FFF80 . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe [-] 2008-04-14 . 378B7DD8284DF7E748461C69E13D3913 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe [7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ZoneAlarm Client"="e:\program\ZoneAlarm\zlclient.exe" [2010-06-28 1043968] "AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2010-09-15 2745696] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AVer HID Receiver.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AVer HID Receiver.lnk backup=c:\windows\pss\AVer HID Receiver.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AVerQuick.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AVerQuick.lnk backup=c:\windows\pss\AVerQuick.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Martin^Start Menu^Programs^Startup^Folding@home-gpu.lnk] path=c:\documents and settings\Martin\Start Menu\Programs\Startup\Folding@home-gpu.lnk backup=c:\windows\pss\Folding@home-gpu.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Martin^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk] path=c:\documents and settings\Martin\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] 2009-12-21 17:35 640440 ----a-w- f:\software\Adobe\Acrobat 9.0\Acrobat\acrotray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher] 2009-12-22 00:26 38840 ----a-w- f:\software\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager] 2008-08-14 06:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater6] 2010-02-05 19:50 2521464 ----a-w- c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2009-03-02 09:14 57344 ----a-w- c:\windows\ALCMTR.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare] 2007-10-04 16:38 307200 ----a-w- c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 04:42 15360 ----a-w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2008-12-29 10:40 687560 ----a-w- e:\program\DAEMON Tools Lite\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2010-03-05 15:32 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 10:44 31072 ----a-w- e:\program\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LCDMon] 2008-11-06 11:21 1548296 ----a-w- c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LGDCore] 2008-11-06 11:39 2816520 ----a-w- c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LgDevAgt] 2008-11-06 11:41 358920 ----a-w- c:\program files\Logitech\GamePanel Software\LGDevAgt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2009-10-06 14:34 18750976 ----a-w- c:\windows\RTHDCPL.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S7UB Start] 2008-07-14 23:02 102453 ----a-w- e:\program files\Common Files\Siemens\S7UBTOOX\S7ubTstx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] 2009-12-11 14:38 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-01-11 14:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMonitorVMUVC] 2008-06-16 01:02 135168 ----a-w- c:\program files\Vimicro Corporation\VMUVC\VMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "gupdate1c9dc50e11d5e64"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "e:\\Program\\BitTorrent\\bittorrent.exe"= "e:\\Program Files\\Orbitdownloader\\orbitdm.exe"= "e:\\Program Files\\Orbitdownloader\\orbitnet.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "4547:TCP"= 4547:TCP:krtyhd R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 4:27 PM 25680] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 3:48 AM 26064] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/3/2009 1:18 AM 717296] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 3:48 AM 249424] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/7/2010 3:49 AM 298448] R2 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [6/18/2010 7:26 PM 344064] R2 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [6/18/2010 7:26 PM 389120] R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [9/10/2010 1:45 AM 265400] R2 Dpmtrcdd;Dpmtrcdd;c:\windows\system32\drivers\dpmtrcdd.sys [6/25/2007 3:47 PM 28363] R2 IGDCTRL;AVM IGD CTRL Service;e:\program\FRITZ!DSL\IGDCTRL.EXE [9/4/2007 10:14 AM 87344] R2 s7asysvx;S7 Global Services;g:\program\Siemens\Step7\S7BIN\s7asysvx.exe [7/14/2008 7:02 PM 69685] R2 s7oiehsx;SIMATIC IEPG Help Service;e:\program files\Common Files\Siemens\S7IEPG\s7oiehsx.exe [7/3/2008 1:30 PM 1571912] R2 S7opcsrtx;PROFINET IO RT-Protocol (LLDP);c:\windows\system32\drivers\s7opcsrtx.sys [7/3/2008 1:04 PM 31232] R2 s7snsrtx;PROFINET IO RT-Protocol;c:\windows\system32\drivers\s7snsrtx.sys [7/30/2007 12:06 PM 71168] R2 S7TraceServiceX;S7TraceServiceX;c:\program files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe [7/3/2008 1:30 PM 240712] S2 almservice;Automation License Manager Service;e:\program files\Common Files\Siemens\SWS\almsrv\almsrvx.exe [5/20/2008 3:10 PM 1146880] S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 5:46 AM 284016] S3 AF05BDA;Cinergy T USB XE service;c:\windows\system32\drivers\AF05BDA.sys [4/25/2009 4:48 PM 117376] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [10/19/2009 4:27 PM 1684736] S3 AVerAF35;AVerMedia A835 USB DVB-T;c:\windows\system32\drivers\AVerAF35.sys [6/18/2010 7:28 PM 474880] S3 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [10/11/2010 12:58 PM 6104656] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/19/2010 9:42 PM 123472] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/19/2010 9:42 PM 30288] S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/19/2010 9:42 PM 26192] S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2/11/2010 1:19 PM 36608] S3 s7oefs_x;SIMATIC MPI/EFS Driver;c:\windows\system32\drivers\s7oefs_x.sys [10/18/2002 2:34 AM 30512] S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [9/2/2010 8:00 AM 252032] S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [9/2/2010 8:00 AM 398720] S4 gupdate1c9dc50e11d5e64;Google Update Service (gupdate1c9dc50e11d5e64);c:\program files\Google\Update\GoogleUpdate.exe [5/24/2009 10:20 AM 133104] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs toogmft oruqjr mlkynlqkb oqimg bmljcgc scinetu eqkfl . Inhalt des "geplante Tasks" Ordners 2010-11-07 c:\windows\Tasks\Driver Robot.job - c:\program files\Driver Robot\\DriverRobot.exe [2009-10-18 20:35] 2010-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-24 09:20] 2010-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-24 09:20] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.com/ IE: &Download by Orbit - e:\program files\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - e:\program files\Orbitdownloader\orbitmxt.dll/204 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Do&wnload selected by Orbit - e:\program files\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - e:\program files\Orbitdownloader\orbitmxt.dll/202 IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Nach Microsoft E&xel exportieren - e:\program\MICROS~1\Office12\EXCEL.EXE/3000 IE: Save Flash - e:\program\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210 IE: Save YouTube Video - e:\program\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/217 FF - ProfilePath - c:\documents and settings\Martin\Application Data\Mozilla\Firefox\Profiles\hag7fc90.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Wikipedia (de) FF - prefs.js: browser.startup.homepage - www.google.at FF - component: c:\program files\AVG\AVG10\Firefox\components\avgssff.dll FF - component: e:\program files\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\\npGoogleOneClick8.dll FF - plugin: e:\program\Google\Picasa3\npPicasa3.dll FF - plugin: e:\program\VideoLAN\VLC\npvlc.dll ---- FIREFOX Richtlinien ---- e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true); e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true); e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true); e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true); e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified e:\program\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - Entfernte verwaiste Registrierungseinträge - - - - WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file) MSConfigStartUp-12CFG214-K641-12SF-N85P - c:\recycler\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe MSConfigStartUp-Java developer Script Browse - c:\windows\jusched.exe MSConfigStartUp- Malwarebytes Anti-Malware (reboot) - c:\program\Malwarebytes' Anti-Malware\mbam.exe MSConfigStartUp-Microsoft Driver Setup - c:\windows\cfdrive32.exe MSConfigStartUp-oxnrmsawec - c:\docume~1\Martin\LOCALS~1\Temp\oxnrmsawec.tmp MSConfigStartUp-SpyHunter Security Suite - c:\program files\Enigma Software Group\SpyHunter\SpyHunter4.exe MSConfigStartUp-xacrnowesm - c:\docume~1\Martin\LOCALS~1\Temp\xacrnowesm.tmp ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2010-11-09 07:19 Windows 5.1.2600 Service Pack 3 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_USERS\S-1-5-21-1004336348-1563985344-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:20,77,a7,13,4d,57,e7,e8,f0,71,d5,4e,f0,fe,81,02,ba,e8,04,20,06,f0,12, ff,a0,3a,e8,55,45,eb,4e,ba,69,97,3d,64,ae,00,f3,4c,ba,e1,09,ca,88,7d,80,8c,\ "??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49 [HKEY_USERS\S-1-5-21-1004336348-1563985344-839522115-1003\Software\SecuROM\License information*] "datasecu"=hex:7d,b4,35,b9,89,0b,d1,22,ec,e3,6a,6c,19,e1,c7,73,d3,d5,30,67,23, 55,da,9f,42,e1,82,db,07,d2,9f,27,e8,e9,44,bb,dc,19,cb,aa,98,73,df,bb,29,2e,\ "rkeysecu"=hex:9b,04,a8,92,08,fb,4f,36,8b,5e,a1,13,bb,bb,01,d1 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version] "Version"=hex:97,5d,d3,2c,23,ce,9f,1f,b5,4c,46,8b,97,b4,c3,aa,1e,d2,5a,0e,57, 91,8f,44,d6,46,e1,d8,d2,fd,d3,50,fd,80,f8,fe,aa,26,03,84,3c,e9,20,1b,17,ec,\ [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version] "Version"=hex:97,5d,d3,2c,23,ce,9f,1f,b5,4c,46,8b,97,b4,c3,aa,1e,d2,5a,0e,57, 91,8f,44,d6,46,e1,d8,d2,fd,d3,50,fd,80,f8,fe,aa,26,03,84,3c,e9,20,1b,17,ec,\ . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'winlogon.exe'(764) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(988) c:\windows\system32\WININET.dll c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll . ------------------------ Weitere laufende Prozesse ------------------------ . c:\progra~1\AVG\AVG10\avgchsvx.exe c:\progra~1\AVG\AVG10\avgrsx.exe c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe e:\program\CDBurnerXP\NMSAccessU.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\AVG\AVG10\avgnsx.exe c:\program files\AVG\AVG10\avgemcx.exe c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe . ************************************************************************** . Zeit der Fertigstellung: 2010-11-09 07:21:48 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2010-11-09 06:21 Vor Suchlauf: 16.654.684.160 bytes free Nach Suchlauf: 16.451.829.760 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - D8119EA07EF3C199754A10FD62883E5B |
/// Winkelfunktion /// TB-Süch-Tiger™ ![]() ![]() ![]() ![]() ![]() ![]() | ![]() winlogonZitat:
Nach der Deinstallation bitte so weitermachen: Diese saubere winlogon.exe direkt nach c:\ herunterladen => File-Upload.net - winlogon.exe Anschließend kommen weitere Schritte mit CF: Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter FCopy:: c:\winlogon.exe | c:\windows\system32\winlogon.exe Filelook:: c:\windows\explorer.exe c:\windows\ServicePackFiles\i386\explorer.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "4547:TCP"=- Netsvc:: toogmft oruqjr mlkynlqkb oqimg bmljcgc scinetu eqkfl 4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet. ![]() 6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten ![]() |
Hi, wow, wie kann man sich so gut auskennen? Combofix Logfile:
ATTFilter ComboFix 10-11-07.A2 - Martin 11.11.2010 22:18:19.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.43.1033.18.2047.1549 [GMT 1:00] ausgeführt von:: c:\documents and settings\Martin\Desktop\cofi.exe Benutzte Befehlsschalter :: c:\documents and settings\Martin\Desktop\CFScript.txt FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . C:\winlogon.exe c:\windows\system32\winlogon.exe . . . ist infiziert!! Infizierte Kopie von c:\windows\explorer.exe wurde gefunden und desinfiziert Kopie von - c:\windows\ServicePackFiles\i386\explorer.exe wurde wiederhergestellt . --------------- FCopy --------------- c:\winlogon.exe --> c:\windows\system32\winlogon.exe . ((((((((((((((((((((((( Dateien erstellt von 2010-10-11 bis 2010-11-11 )))))))))))))))))))))))))))))) . 2010-11-08 21:58 . 2010-11-08 21:58 -------- d-----w- C:\_OTL 2010-11-06 22:43 . 2010-11-06 22:44 -------- d-----w- C:\!KillBox 2010-11-06 09:31 . 2010-11-06 09:31 -------- d-----w- c:\documents and settings\All Users\Application Data\KONAMI 2010-11-05 22:03 . 2001-08-17 12:28 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys 2010-11-05 22:02 . 2001-08-17 21:36 26624 -c--a-w- c:\windows\system32\dllcache\umaxu22.dll 2010-11-05 22:01 . 2001-08-17 11:13 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys 2010-11-05 22:00 . 2001-08-17 12:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys 2010-11-05 21:59 . 2001-08-17 11:50 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys 2010-11-05 21:58 . 2001-08-17 21:36 79872 -c--a-w- c:\windows\system32\dllcache\rwia430.dll 2010-11-05 21:57 . 2001-08-17 13:07 19840 -c--a-w- c:\windows\system32\dllcache\philtune.sys 2010-11-05 21:56 . 2001-08-17 11:49 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys 2010-11-05 21:55 . 2008-04-13 23:16 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys 2010-11-05 21:54 . 2001-08-17 21:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll 2010-11-05 21:53 . 2001-08-17 21:36 61952 -c--a-w- c:\windows\system32\dllcache\icam4ext.dll 2010-11-05 21:52 . 2001-08-17 21:36 9759 -c--a-w- c:\windows\system32\dllcache\hsf_inst.dll 2010-11-05 21:51 . 2001-08-17 11:13 27165 -c--a-w- c:\windows\system32\dllcache\fetnd5.sys 2010-11-05 21:51 . 2001-08-17 11:10 22090 -c--a-w- c:\windows\system32\dllcache\fem556n5.sys 2010-11-05 21:51 . 2001-08-17 11:12 24618 -c--a-w- c:\windows\system32\dllcache\fa410nd5.sys 2010-11-05 21:51 . 2001-08-17 11:12 16074 -c--a-w- c:\windows\system32\dllcache\fa312nd5.sys 2010-11-05 21:51 . 2001-08-17 11:11 11850 -c--a-w- c:\windows\system32\dllcache\f3ab18xj.sys 2010-11-05 21:51 . 2001-08-17 11:11 12362 -c--a-w- c:\windows\system32\dllcache\f3ab18xi.sys 2010-11-05 21:51 . 2001-08-17 12:52 7040 -c--a-w- c:\windows\system32\dllcache\exabyte2.sys 2010-11-05 21:51 . 2001-08-17 11:12 16998 -c--a-w- c:\windows\system32\dllcache\ex10.sys 2010-11-05 21:47 . 2001-08-17 21:36 6729 -c--a-w- c:\windows\system32\dllcache\disrvci.dll 2010-11-05 21:46 . 2001-08-17 12:51 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys 2010-11-05 20:45 . 2010-11-11 21:10 513024 ----a-w- c:\windows\system32\winlogon.exe 2010-11-05 14:44 . 2010-11-05 14:44 -------- d-----w- c:\documents and settings\Martin\Application Data\AVG10 2010-11-05 14:44 . 2010-11-05 14:44 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files 2010-11-05 14:44 . 2010-11-11 21:16 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10 2010-11-05 14:44 . 2010-11-05 14:44 -------- d-----w- c:\program files\AVG 2010-11-05 14:37 . 2010-11-05 14:40 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData 2010-11-05 14:12 . 2010-11-05 14:12 -------- d-----w- c:\program files\Enigma Software Group 2010-11-03 04:52 . 2010-11-03 04:55 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2010-11-02 18:39 . 2010-06-28 12:00 46592 ----a-w- c:\windows\system32\vsutil_loc0407.dll 2010-11-02 18:07 . 2008-04-14 04:42 1033728 ----a-w- c:\windows\explorer.exe 2010-11-02 17:58 . 2010-11-05 14:40 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2010-11-02 16:57 . 2010-11-11 20:54 -------- d-----w- c:\windows\Internet Logs 2010-11-02 16:41 . 2010-11-02 16:44 -------- d-----w- c:\documents and settings\All Users\Application Data\fssg 2010-11-02 16:38 . 2010-11-02 16:40 -------- d-----w- c:\documents and settings\All Users\Application Data\f-secure 2010-11-01 16:34 . 2010-11-01 16:34 -------- d-----w- c:\documents and settings\Martin\Application Data\TrojanHunter 2010-10-27 22:04 . 2010-10-27 22:05 -------- d-----w- c:\documents and settings\Martin\Local Settings\Application Data\Temp 2010-10-26 17:20 . 2010-10-26 17:21 -------- d-----w- c:\program files\Graboid 2010-10-26 10:52 . 2010-10-26 10:52 -------- d-----w- c:\documents and settings\Martin\Application Data\Malwarebytes 2010-10-26 10:41 . 2010-10-26 10:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2010-10-26 10:41 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-10-26 10:41 . 2010-10-26 10:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-10-26 10:41 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-10-26 10:36 . 2010-10-26 10:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\ProgSense 2010-10-26 10:36 . 2010-10-26 10:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\Orbit 2010-10-26 10:33 . 2010-10-26 10:33 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla 2010-10-26 09:34 . 2010-10-26 09:35 -------- d-----w- c:\documents and settings\Martin\Application Data\FCAAC60ADBD2A67431F87ADADD3EE6E0 2010-10-25 17:55 . 2010-10-25 17:56 -------- d-----w- c:\documents and settings\Martin\Application Data\Youtube Downloader HD . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . --- c:\windows\explorer.exe --- Company: Microsoft Corporation File Description: Windows Explorer File Version: 6.00.2900.5512 (xpsp.080413-2105) Product Name: Microsoft® Windows® Operating System Copyright: © Microsoft Corporation. All rights reserved. Original Filename: EXPLORER.EXE File size: 1033728 Created time: 2010-11-02 18:07 Modified time: 2008-04-14 04:42 MD5: 378B7DD8284DF7E748461C69E13D3913 SHA1: 7F6BE072DDC7D9C8AD4038974BC23C26A01A9016 --- c:\windows\ServicePackFiles\i386\explorer.exe --- Company: Microsoft Corporation File Description: Windows Explorer File Version: 6.00.2900.5512 (xpsp.080413-2105) Product Name: Microsoft® Windows® Operating System Copyright: © Microsoft Corporation. All rights reserved. Original Filename: EXPLORER.EXE File size: 1033728 Created time: 2009-01-02 21:56 Modified time: 2008-04-14 04:42 MD5: 12896823FB95BFB3DC9B46BCAEDC9923 SHA1: 9D2BF84874ABC5B6E9A2744B7865C193C08D362F ------- Sigcheck ------- [-] 2010-11-11 . 2F1F63845DB7EB2C6BD4EAB69F2B728C . 513024 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe [-] 2008-04-14 . 358F7515ABCDCBB13201A42BEADD170E . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe [7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe . ((((((((((((((((((((((((((((( SnapShot@2010-11-09_06.19.13 ))))))))))))))))))))))))))))))))))))))))) . + 2010-11-11 20:52 . 2010-11-11 20:52 16384 c:\windows\Temp\Perflib_Perfdata_7c4.dat + 2010-11-11 21:23 . 2010-11-11 21:23 16384 c:\windows\Temp\Perflib_Perfdata_614.dat + 2004-08-04 12:00 . 2010-11-09 06:22 83950 c:\windows\system32\perfc009.dat - 2004-08-04 12:00 . 2010-11-02 18:23 83950 c:\windows\system32\perfc009.dat + 2004-08-04 12:00 . 2010-11-09 06:22 476318 c:\windows\system32\perfh009.dat - 2004-08-04 12:00 . 2010-11-02 18:23 476318 c:\windows\system32\perfh009.dat . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AVer HID Receiver.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AVer HID Receiver.lnk backup=c:\windows\pss\AVer HID Receiver.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AVerQuick.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AVerQuick.lnk backup=c:\windows\pss\AVerQuick.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Martin^Start Menu^Programs^Startup^Folding@home-gpu.lnk] path=c:\documents and settings\Martin\Start Menu\Programs\Startup\Folding@home-gpu.lnk backup=c:\windows\pss\Folding@home-gpu.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Martin^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk] path=c:\documents and settings\Martin\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] 2009-12-21 17:35 640440 ----a-w- f:\software\Adobe\Acrobat 9.0\Acrobat\acrotray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher] 2009-12-22 00:26 38840 ----a-w- f:\software\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager] 2008-08-14 06:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater6] 2010-02-05 19:50 2521464 ----a-w- c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2009-03-02 09:14 57344 ----a-w- c:\windows\ALCMTR.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare] 2007-10-04 16:38 307200 ----a-w- c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 04:42 15360 ----a-w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2008-12-29 10:40 687560 ----a-w- e:\program\DAEMON Tools Lite\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2010-03-05 15:32 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 10:44 31072 ----a-w- e:\program\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LCDMon] 2008-11-06 11:21 1548296 ----a-w- c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LGDCore] 2008-11-06 11:39 2816520 ----a-w- c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LgDevAgt] 2008-11-06 11:41 358920 ----a-w- c:\program files\Logitech\GamePanel Software\LGDevAgt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2009-10-06 14:34 18750976 ----a-w- c:\windows\RTHDCPL.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S7UB Start] 2008-07-14 23:02 102453 ----a-w- e:\program files\Common Files\Siemens\S7UBTOOX\S7ubTstx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] 2009-12-11 14:38 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-01-11 14:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMonitorVMUVC] 2008-06-16 01:02 135168 ----a-w- c:\program files\Vimicro Corporation\VMUVC\VMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "gupdate1c9dc50e11d5e64"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "e:\\Program\\BitTorrent\\bittorrent.exe"= "e:\\Program Files\\Orbitdownloader\\orbitdm.exe"= "e:\\Program Files\\Orbitdownloader\\orbitnet.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "4547:TCP"= 4547:TCP:krtyhd R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/3/2009 1:18 AM 717296] R2 almservice;Automation License Manager Service;e:\program files\Common Files\Siemens\SWS\almsrv\almsrvx.exe [5/20/2008 3:10 PM 1146880] R2 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [6/18/2010 7:26 PM 344064] R2 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [6/18/2010 7:26 PM 389120] R2 Dpmtrcdd;Dpmtrcdd;c:\windows\system32\drivers\dpmtrcdd.sys [6/25/2007 3:47 PM 28363] R2 IGDCTRL;AVM IGD CTRL Service;e:\program\FRITZ!DSL\IGDCTRL.EXE [9/4/2007 10:14 AM 87344] R2 s7asysvx;S7 Global Services;g:\program\Siemens\Step7\S7BIN\s7asysvx.exe [7/14/2008 7:02 PM 69685] R2 s7oiehsx;SIMATIC IEPG Help Service;e:\program files\Common Files\Siemens\S7IEPG\s7oiehsx.exe [7/3/2008 1:30 PM 1571912] R2 S7opcsrtx;PROFINET IO RT-Protocol (LLDP);c:\windows\system32\drivers\s7opcsrtx.sys [7/3/2008 1:04 PM 31232] R2 s7snsrtx;PROFINET IO RT-Protocol;c:\windows\system32\drivers\s7snsrtx.sys [7/30/2007 12:06 PM 71168] R2 S7TraceServiceX;S7TraceServiceX;c:\program files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe [7/3/2008 1:30 PM 240712] S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 5:46 AM 284016] S3 AF05BDA;Cinergy T USB XE service;c:\windows\system32\drivers\AF05BDA.sys [4/25/2009 4:48 PM 117376] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [10/19/2009 4:27 PM 1684736] S3 AVerAF35;AVerMedia A835 USB DVB-T;c:\windows\system32\drivers\AVerAF35.sys [6/18/2010 7:28 PM 474880] S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2/11/2010 1:19 PM 36608] S3 s7oefs_x;SIMATIC MPI/EFS Driver;c:\windows\system32\drivers\s7oefs_x.sys [10/18/2002 2:34 AM 30512] S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [9/2/2010 8:00 AM 252032] S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [9/2/2010 8:00 AM 398720] S4 gupdate1c9dc50e11d5e64;Google Update Service (gupdate1c9dc50e11d5e64);c:\program files\Google\Update\GoogleUpdate.exe [5/24/2009 10:20 AM 133104] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper . Inhalt des "geplante Tasks" Ordners 2010-11-07 c:\windows\Tasks\Driver Robot.job - c:\program files\Driver Robot\\DriverRobot.exe [2009-10-18 20:35] 2010-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-24 09:20] 2010-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-24 09:20] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.com/ IE: &Download by Orbit - e:\program files\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - e:\program files\Orbitdownloader\orbitmxt.dll/204 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Do&wnload selected by Orbit - e:\program files\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - e:\program files\Orbitdownloader\orbitmxt.dll/202 IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Nach Microsoft E&xel exportieren - e:\program\MICROS~1\Office12\EXCEL.EXE/3000 IE: Save Flash - e:\program\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210 IE: Save YouTube Video - e:\program\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/217 FF - ProfilePath - c:\documents and settings\Martin\Application Data\Mozilla\Firefox\Profiles\hag7fc90.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Wikipedia (de) FF - prefs.js: browser.startup.homepage - www.google.at FF - component: e:\program files\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\\npGoogleOneClick8.dll FF - plugin: e:\program\Google\Picasa3\npPicasa3.dll FF - plugin: e:\program\VideoLAN\VLC\npvlc.dll ---- FIREFOX Richtlinien ---- e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true); e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true); e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true); e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true); e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified e:\program\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2010-11-11 22:23 Windows 5.1.2600 Service Pack 3 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_USERS\S-1-5-21-1004336348-1563985344-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:20,77,a7,13,4d,57,e7,e8,f0,71,d5,4e,f0,fe,81,02,ba,e8,04,20,06,f0,12, ff,a0,3a,e8,55,45,eb,4e,ba,69,97,3d,64,ae,00,f3,4c,ba,e1,09,ca,88,7d,80,8c,\ "??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49 [HKEY_USERS\S-1-5-21-1004336348-1563985344-839522115-1003\Software\SecuROM\License information*] "datasecu"=hex:7d,b4,35,b9,89,0b,d1,22,ec,e3,6a,6c,19,e1,c7,73,d3,d5,30,67,23, 55,da,9f,42,e1,82,db,07,d2,9f,27,e8,e9,44,bb,dc,19,cb,aa,98,73,df,bb,29,2e,\ "rkeysecu"=hex:9b,04,a8,92,08,fb,4f,36,8b,5e,a1,13,bb,bb,01,d1 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version] "Version"=hex:97,5d,d3,2c,23,ce,9f,1f,b5,4c,46,8b,97,b4,c3,aa,1e,d2,5a,0e,57, 91,8f,44,d6,46,e1,d8,d2,fd,d3,50,fd,80,f8,fe,aa,26,03,84,3c,e9,20,1b,17,ec,\ [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version] "Version"=hex:97,5d,d3,2c,23,ce,9f,1f,b5,4c,46,8b,97,b4,c3,aa,1e,d2,5a,0e,57, 91,8f,44,d6,46,e1,d8,d2,fd,d3,50,fd,80,f8,fe,aa,26,03,84,3c,e9,20,1b,17,ec,\ . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'winlogon.exe'(560) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(3784) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\msi.dll . ------------------------ Weitere laufende Prozesse ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe e:\program\CDBurnerXP\NMSAccessU.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe . ************************************************************************** . Zeit der Fertigstellung: 2010-11-11 22:25:57 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2010-11-11 21:25 ComboFix2.txt 2010-11-09 06:21 Vor Suchlauf: 16.346.312.704 bytes free Nach Suchlauf: 16.420.786.176 bytes free - - End Of File - - 68109C4EC60BEF749E4A679B0163F9F4 |
