| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Fehler in C:\Dokumente und Einstellungen\Benutzer\AppData\RoamingWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.11.2010, 12:11
| #1 |
| |  Fehler in C:\Dokumente und Einstellungen\Benutzer\AppData\Roaming Hallo, Mein Internet läuft seit einigen Wochen immer langsamer und die letzte Überprüfung mit Sophos hat 2 Fehler bei den Zugriffen auf C:\Dokumente und Einstellungen\Benutzer\AppData\Roaming\appconf32.exe und C:\Dokumente und Einstellungen\Benutzer\AppData\Roaming\prapproxy32.exe entdeckt. Außerdem kommt beim Starten neuerdings immer eine Fehlermeldung in AppData. Hoffe ihr könnt mir da weiterhelfen |
|
22.11.2010, 12:18
| #2 |
| /// Malware-holic   | Fehler in C:\Dokumente und Einstellungen\Benutzer\AppData\Roaming ootl:
__________________Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt beide posten.
__________________ |
|
22.11.2010, 14:18
| #3 |
| | Fehler in C:\Dokumente und Einstellungen\Benutzer\AppData\Roaming Ok, hier sind die beiden Berichte:OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 22.11.2010 13:54:22 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Andreas\Downloads Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 69,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 424,66 Gb Total Space | 394,86 Gb Free Space | 92,98% Space Free | Partition Type: NTFS Drive D: | 40,00 Gb Total Space | 31,60 Gb Free Space | 79,01% Space Free | Partition Type: NTFS Drive E: | 3,24 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: ANDREAS-PC | User Name: Andreas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Andreas\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) PRC - C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc) PRC - C:\Programme\Sophos\Remote Management System\RouterNT.exe (Sophos Plc) PRC - C:\Programme\Sophos\Remote Management System\ManagementAgentNT.exe (Sophos Plc) PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Programme\Sophos\AutoUpdate\ALMon.exe (Sophos Plc) PRC - C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc) PRC - C:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc) PRC - C:\Programme\BullGuard Ltd\BullGuard\BullGuardUpdate.exe (BullGuard Ltd.) PRC - C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Web.de\LiveUpdate\m2LUTray.exe (mquadr.at software engineering und consulting GmbH) PRC - C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - c:\Programme\Windows Defender\MpCmdRun.exe (Microsoft Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - C:\Windows\System32\PSIService.exe () ========== Modules (SafeList) ========== MOD - C:\Users\Andreas\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) MOD - C:\Programme\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe () SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (Sophos AutoUpdate Service) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc) SRV - (Sophos Message Router) -- C:\Program Files\Sophos\Remote Management System\RouterNT.exe (Sophos Plc) SRV - (Sophos Agent) -- C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe (Sophos Plc) SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (SAVService) -- C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc) SRV - (SAVAdminService) -- C:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc) SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (BgLiveSvc) -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe (BullGuard Ltd.) SRV - (BgMainSvc) -- C:\Programme\BullGuard Ltd\BullGuard\BsMain.dll (BullGuard Ltd.) SRV - (vpnagent) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (BsMailProxy) -- C:\Programme\BullGuard Ltd\BullGuard\BsMailProxy.dll (BullGuard Ltd.) SRV - (BsFire) -- C:\Programme\BullGuard Ltd\BullGuard\BsFire.dll (BullGuard Ltd.) SRV - (BsFileScan) -- C:\Programme\BullGuard Ltd\BullGuard\BsFileScan.dll (BullGuard Ltd.) SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe () ========== Driver Services (SafeList) ========== DRV - (SAVOnAccess) -- C:\Windows\System32\drivers\savonaccess.sys (Sophos Plc) DRV - (SophosBootDriver) -- C:\Windows\System32\drivers\SophosBootDriver.sys (Sophos Plc) DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (rtl8192se) -- C:\Windows\System32\drivers\rtl8192se.sys (Realtek Semiconductor Corporation ) DRV - (SynTP) -- C:\Windows\system32\DRIVERS\SynTP.sys (Synaptics Incorporated) DRV - (JME) -- C:\Windows\System32\drivers\JME.sys (JMicron Technology Corp.) DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC-Seriellschnittstellentreiber (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\system32\DRIVERS\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) Brother MFC-nur-Fax-Modem (USB) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) Brother MFC-WDM-Treiber (USB,seriell) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) Brother WDM-Treiber (seriell) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (IntcHdmiAddService) Intel(R) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (afwcore) -- C:\Windows\System32\drivers\afwcore.sys (Agnitum Ltd.) DRV - (afw) -- C:\Windows\System32\drivers\afw.sys (Agnitum Ltd.) DRV - (BdFileSpy) -- C:\Windows\System32\drivers\BdFileSpy.sys (BullGuard Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2196728487-3460898585-2008473963-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKU\S-1-5-21-2196728487-3460898585-2008473963-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data] IE - HKU\S-1-5-21-2196728487-3460898585-2008473963-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-2196728487-3460898585-2008473963-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKU\S-1-5-21-2196728487-3460898585-2008473963-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKU\S-1-5-21-2196728487-3460898585-2008473963-1000\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKU\S-1-5-21-2196728487-3460898585-2008473963-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKU\S-1-5-21-2196728487-3460898585-2008473963-1000\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.1\pdfforgeToolbarIE.dll (Spigot, Inc.) IE - HKU\S-1-5-21-2196728487-3460898585-2008473963-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2196728487-3460898585-2008473963-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "WEB.DE Suche" FF - prefs.js..browser.search.defaulturl: "hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=" FF - prefs.js..browser.search.order.1: "WEB.DE Suche" FF - prefs.js..browser.search.order.2: "amazon.de" FF - prefs.js..browser.search.order.3: "amazon.de" FF - prefs.js..browser.search.order.4: "WEB.DE Suche" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://go.web.de/mff_mailcheck | hxxp://www.web.de" FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7 FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971 FF - prefs.js..extensions.enabledItems: allglassv2@ambroos.neowin.net:2.1.4 FF - prefs.js..extensions.enabledItems: {95f24680-9e31-11da-a746-0800200c9a66}:0.1.5.5 FF - prefs.js..extensions.enabledItems: {a82d0125-000a-4a57-abbc-5d4b0dbaab54}:1.7.2 FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.1 FF - prefs.js..extensions.enabledItems: {ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA}:1.0 FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.1 FF - prefs.js..keyword.URL: "hxxp://wa.ui-portal.de/webde/webde/s?produkte.browser.link.searchlink&s_brand=webde&t_link=searchlink&ns_type=clickin&ns_url=hxxp://suche.web.de/search/web/?origin=searchplugin&su=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.11.14 16:08:15 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.11.14 16:08:15 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.11.14 16:08:16 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.01.04 21:39:16 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\mozilla\Extensions [2010.01.04 21:39:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.11.22 11:31:51 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\gl2lk6no.default\extensions [2010.10.28 05:05:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\gl2lk6no.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.01.25 09:19:15 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\gl2lk6no.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66} [2010.04.12 05:21:01 | 000,000,000 | ---D | M] (WEB.DE Firefox Addon) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\gl2lk6no.default\extensions\{a82d0125-000a-4a57-abbc-5d4b0dbaab54} [2010.01.25 09:19:16 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\gl2lk6no.default\extensions\allglassv2@ambroos.neowin.net [2010.08.24 14:03:05 | 000,005,591 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\FireFox\Profiles\gl2lk6no.default\searchplugins\1und1-suche.xml [2010.01.25 09:31:48 | 000,001,371 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\FireFox\Profiles\gl2lk6no.default\searchplugins\amazonde.xml [2010.08.24 14:03:05 | 000,010,605 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\FireFox\Profiles\gl2lk6no.default\searchplugins\gmx-suche.xml [2010.11.16 10:08:14 | 000,000,950 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\FireFox\Profiles\gl2lk6no.default\searchplugins\icqplugin-1.xml [2010.10.31 14:07:50 | 000,000,950 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\FireFox\Profiles\gl2lk6no.default\searchplugins\icqplugin-10.xml [2010.09.16 09:58:29 | 000,000,950 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\FireFox\Profiles\gl2lk6no.default\searchplugins\icqplugin-2.xml [2010.06.04 16:07:38 | 000,000,950 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\FireFox\Profiles\gl2lk6no.default\searchplugins\icqplugin-3.xml [2010.06.28 05:53:48 | 000,000,950 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\FireFox\Profiles\gl2lk6no.default\searchplugins\icqplugin-4.xml [2010.07.23 12:43:32 | 000,000,950 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\FireFox\Profiles\gl2lk6no.default\searchplugins\icqplugin-5.xml [2010.07.24 14:15:38 | 000,000,950 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\FireFox\Profiles\gl2lk6no.default\searchplugins\icqplugin-6.xml [2010.09.16 18:34:04 | 000,000,950 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\FireFox\Profiles\gl2lk6no.default\searchplugins\icqplugin-7.xml [2010.10.11 18:53:15 | 000,000,950 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\FireFox\Profiles\gl2lk6no.default\searchplugins\icqplugin-8.xml [2010.10.23 08:33:34 | 000,000,950 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\FireFox\Profiles\gl2lk6no.default\searchplugins\icqplugin-9.xml [2010.06.21 15:35:24 | 000,001,042 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\FireFox\Profiles\gl2lk6no.default\searchplugins\icqplugin.xml [2010.04.14 18:22:47 | 000,001,420 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\FireFox\Profiles\gl2lk6no.default\searchplugins\preisvergleich.xml [2010.06.04 16:06:26 | 000,000,266 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\FireFox\Profiles\gl2lk6no.default\searchplugins\Search.xml [2010.08.24 14:03:05 | 000,005,588 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\FireFox\Profiles\gl2lk6no.default\searchplugins\webde-suche.xml [2010.11.21 15:33:26 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.01.04 21:30:09 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.01.25 09:18:34 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Programme\Mozilla Firefox\extensions\{95f24680-9e31-11da-a746-0800200c9a66} [2010.01.25 09:18:33 | 000,000,000 | ---D | M] (WEB.DE Firefox Addon) -- C:\Programme\Mozilla Firefox\extensions\{a82d0125-000a-4a57-abbc-5d4b0dbaab54} [2010.10.22 16:44:02 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.10.22 16:44:02 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.10.22 16:44:02 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.10.22 16:44:02 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.10.22 16:44:02 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Programme\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.1\pdfforgeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.1\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKU\S-1-5-21-2196728487-3460898585-2008473963-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [BullGuard] C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe (BullGuard Ltd.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [WEB.DE Update] C:\Programme\Web.de\LiveUpdate\m2LUTray.exe (mquadr.at software engineering und consulting GmbH) O4 - HKU\S-1-5-21-2196728487-3460898585-2008473963-1000..\Run: [charntfs] C:\Users\Andreas\AppData\Local\Temp\Netpalua.DLL File not found O4 - HKU\S-1-5-21-2196728487-3460898585-2008473963-1000..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O4 - HKU\S-1-5-21-2196728487-3460898585-2008473963-1000..\Run: [UseerSideBar] C:\Users\Andreas\AppData\Roaming\prapproxy32.exe () O4 - HKU\S-1-5-21-2196728487-3460898585-2008473963-1000..\Run: [Userinit] C:\Users\Andreas\AppData\Roaming\appconf32.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2196728487-3460898585-2008473963-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10k_Plugin.exe (Adobe Systems, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Programme\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: BgMainSvc - C:\Programme\BullGuard Ltd\BullGuard\BsMain.dll (BullGuard Ltd.) SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation) SafeBootMin: Primary disk - Driver Group SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SafeBootMin: sacsvr - Service SafeBootMin: SAVService - C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc) SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: BgLiveSvc - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe (BullGuard Ltd.) SafeBootNet: BgMainSvc - C:\Programme\BullGuard Ltd\BullGuard\BsMain.dll (BullGuard Ltd.) SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation) SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SafeBootNet: sacsvr - Service SafeBootNet: SAVService - C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc) SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) ========== Files/Folders - Created Within 30 Days ========== [2010.11.21 15:33:26 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Spigot [2010.11.21 15:33:26 | 000,000,000 | ---D | C] -- C:\Programme\pdfforge Toolbar [2010.11.21 15:33:26 | 000,000,000 | ---D | C] -- C:\Programme\Application Updater [2010.11.16 23:39:40 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\ALDI [2010.11.09 13:33:09 | 000,216,400 | ---- | C] (Adobe Systems, Incorporated) -- C:\Users\Andreas\AppData\Roaming\AcroIEHelpe022.dll [2010.11.09 13:33:05 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\5008 [2010.11.05 17:17:43 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\UAs [2010.11.05 17:02:26 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\5006 [2010.11.05 17:02:15 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\xmldm [2010.11.05 17:02:13 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\cock [2010.10.28 05:04:42 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\AOL [2010.10.28 05:04:33 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.2 [2010.10.27 06:07:23 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll [2010.10.27 06:07:23 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll [2010.10.27 06:07:21 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax [2010.10.27 06:07:21 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2010.10.27 06:07:16 | 000,026,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys [1 C:\Users\Andreas\AppData\Roaming\*.tmp files -> C:\Users\Andreas\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.11.22 13:45:55 | 000,658,380 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.11.22 13:45:55 | 000,619,616 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.11.22 13:45:55 | 000,134,002 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.11.22 13:45:55 | 000,109,400 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.11.22 13:45:22 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.11.22 13:45:22 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.11.22 13:37:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.11.22 13:37:03 | 2363,129,856 | -HS- | M] () -- C:\hiberfil.sys [2010.11.21 16:23:01 | 000,000,091 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\urhtps.dat [2010.11.09 13:33:09 | 000,216,400 | ---- | M] (Adobe Systems, Incorporated) -- C:\Users\Andreas\AppData\Roaming\AcroIEHelpe022.dll [2010.10.28 05:05:16 | 000,001,778 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7.2.lnk [1 C:\Users\Andreas\AppData\Roaming\*.tmp files -> C:\Users\Andreas\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.11.06 11:41:45 | 000,000,091 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\urhtps.dat [2010.11.05 17:02:27 | 000,000,065 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\AcroIEHelpe.txt [2010.10.28 05:05:16 | 000,001,778 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7.2.lnk [2010.10.11 14:35:59 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2010.06.26 20:32:30 | 000,000,000 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\wklnhst.dat [2010.04.13 12:06:19 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.10.31 11:08:11 | 000,119,424 | RHS- | C] () -- C:\Users\Andreas\AppData\Roaming\prapproxy32.exe [2009.10.31 11:08:11 | 000,110,592 | RHS- | C] () -- C:\Users\Andreas\AppData\Roaming\prapproxy32.dll [2009.09.29 11:18:10 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2009.09.29 06:38:08 | 000,036,864 | ---- | C] () -- C:\Windows\System32\Hooks.dll [2009.09.29 06:15:05 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll [2009.09.28 11:53:48 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2008.12.09 16:23:13 | 000,046,520 | RHS- | C] () -- C:\Users\Andreas\AppData\Roaming\appconf32.exe ========== LOP Check ========== [2010.01.08 17:13:19 | 000,000,000 | -HSD | M] -- C:\Users\Andreas\AppData\Roaming\.# [2010.11.05 17:02:26 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\5006 [2010.11.09 13:33:05 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\5008 [2010.01.05 10:48:20 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\BullGuard [2010.11.05 17:02:13 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\cock [2010.11.21 16:43:34 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\ICQ [2010.11.14 16:08:35 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Thunderbird [2010.11.14 14:53:40 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\UAs [2010.11.14 16:14:30 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\xmldm [2010.10.14 12:27:47 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < > < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.01.08 17:13:19 | 000,000,000 | -HSD | M] -- C:\Users\Andreas\AppData\Roaming\.# [2010.11.05 17:02:26 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\5006 [2010.11.09 13:33:05 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\5008 [2010.01.05 14:12:03 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Adobe [2010.08.27 09:10:21 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Apple Computer [2010.01.05 10:48:20 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\BullGuard [2010.11.05 17:02:13 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\cock [2010.09.11 12:03:29 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\CyberLink [2010.11.21 16:43:34 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\ICQ [2009.12.24 12:53:29 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Identities [2010.01.04 21:14:57 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Macromedia [2009.07.14 09:56:41 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Media Center Programs [2010.10.15 16:57:08 | 000,000,000 | --SD | M] -- C:\Users\Andreas\AppData\Roaming\Microsoft [2010.01.04 21:18:45 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Mozilla [2010.06.13 17:08:42 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\MozillaControl [2010.10.15 17:07:54 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Skype [2010.10.15 17:05:59 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\skypePM [2010.11.14 16:08:35 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Thunderbird [2010.11.14 14:53:40 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\UAs [2010.06.13 17:14:03 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\vlc [2010.11.14 16:14:30 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\xmldm < %APPDATA%\*.exe /s > [2008.12.09 16:23:13 | 000,046,520 | RHS- | M] () -- C:\Users\Andreas\AppData\Roaming\appconf32.exe [2009.10.31 11:08:11 | 000,119,424 | RHS- | M] () -- C:\Users\Andreas\AppData\Roaming\prapproxy32.exe [1 C:\Users\Andreas\AppData\Roaming\*.tmp files -> C:\Users\Andreas\AppData\Roaming\*.tmp -> ] < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2007.05.17 20:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Programme\CyberLink\PowerDirector\EventLog.dll < MD5 for: EXPLORER.EXE > [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: IASTOR.SYS > [2009.06.04 17:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Programme\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2009.06.04 17:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Programme\Intel\Intel Matrix Storage Manager\driver\IaStor.sys [2009.06.04 17:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys [2009.06.04 17:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_4f144d6467fc7c22\iaStor.sys < MD5 for: IASTORV.SYS > [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll [2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll < MD5 for: USERINIT.EXE > [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.07.14 02:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll [2009.07.14 02:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll [2009.07.14 02:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\LocationApi.dll < End of report > und der andere:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 22.11.2010 13:54:22 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Andreas\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 69,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 424,66 Gb Total Space | 394,86 Gb Free Space | 92,98% Space Free | Partition Type: NTFS
Drive D: | 40,00 Gb Total Space | 31,60 Gb Free Space | 79,01% Space Free | Partition Type: NTFS
Drive E: | 3,24 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: ANDREAS-PC | User Name: Andreas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2196728487-3460898585-2008473963-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{034759DA-E21A-4795-BFB3-C66D17FAD183}" = Sophos Anti-Virus
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4737AD9F-13AA-4E4C-B86F-B631D557F6A7}" = e-Wörterbücher
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{92083A9A-549D-4057-88E8-223EA08563FA}" = Cisco AnyConnect VPN Client
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}" = JMicron Ethernet Adapter NDIS Driver
"{9B8E1C10-3952-48D3-BC66-F223DDC3A556}" = Firefox 3.6 WEB.DE Edition
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{B1BFDF6B-3C03-46fe-B5D7-BABB0063D8E0}" = pdfforge Toolbar v4.1
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1FCC8AD-0F88-4D77-8530-0FBB088485F1}" = WEB.DE Update
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FF11005D-CBC8-45D5-A288-25C7BB304121}" = Sophos Remote Management System
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALDI Süd Foto Manager Free D" = ALDI Süd Foto Manager Free
"ALDI Süd Foto Service D" = ALDI Süd Foto Service
"Aldi Süd Fotoservice_is1" = Aldi Süd Fotoservice
"ALDI Süd Online Druck Service D" = ALDI Süd Online Druck Service
"BullGuard" = BullGuard 8.7
"Firefox 3.6 WEB.DE Edition" = Firefox 3.6 WEB.DE Edition
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ICQToolbar" = ICQ Toolbar
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"MEDION Fotos auf CD & DVD SE Sued D" = MEDION Fotos auf CD & DVD SE Sued
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Mozilla Thunderbird (3.0)" = Mozilla Thunderbird (3.0)
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Theme Park World" = Theme Park World
"Theme Park_is1" = Theme Park
"TVWiz" = Intel(R) TV Wizard
"WEB.DE Update" = WEB.DE Update
"WinLiveSuite_Wave3" = Windows Live Essentials
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 19.11.2010 02:02:04 | Computer Name = Andreas-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16559,
Zeitstempel: 0x4ba9b21e Ausnahmecode: 0xc0000005 Fehleroffset: 0x00075cfb ID des fehlerhaften
Prozesses: 0x171c Startzeit der fehlerhaften Anwendung: 0x01cb87af4a1ccee4 Pfad der
fehlerhaften Anwendung: C:\Windows\system32\svchost.exe Pfad des fehlerhaften Moduls:
C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 87f43289-f3a2-11df-abfa-00222007f000
Error - 21.11.2010 10:27:38 | Computer Name = Andreas-PC | Source = Bonjour Service | ID = 100
Description = UDPEndRecv: WSARecvMsg control information error.
Error - 21.11.2010 10:27:40 | Computer Name = Andreas-PC | Source = Sophos Message Router | ID = 8006
Description = Die Netzwerkidentität (Interoperable Object Reference oder IOR) des
lokalen Computers ist ungültig.%3
Error - 21.11.2010 11:34:14 | Computer Name = Andreas-PC | Source = System Restore | ID = 8193
Description =
Error - 21.11.2010 12:01:27 | Computer Name = Andreas-PC | Source = Sophos Anti-Virus | ID = 4915209
Description = Der Versuch, die infizierte Datei '\\.\GLOBALROOT\Device\HarddiskVolumeShadowCopy19\hiberfil.sys'
zu verschieben, ist fehlgeschlagen. Der Anwender hat keine Rechte, die Maßnahme
für die infizierte Datei auszuführen.
Error - 21.11.2010 12:03:32 | Computer Name = Andreas-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SavService.exe, Version: 1.0.0.3921,
Zeitstempel: 0x48ad59ca Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x07bcf0f3 ID des fehlerhaften
Prozesses: 0x4c0 Startzeit der fehlerhaften Anwendung: 0x01cb898837986a62 Pfad der
fehlerhaften Anwendung: C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: e324c72f-f588-11df-8f73-00222007f000
Error - 21.11.2010 12:15:42 | Computer Name = Andreas-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16671,
Zeitstempel: 0x4c86f9be Name des fehlerhaften Moduls: AcroIEHelpe022.dll_unloaded,
Version: 0.0.0.0, Zeitstempel: 0x4cd924ea Ausnahmecode: 0xc0000005 Fehleroffset:
0x03952784 ID des fehlerhaften Prozesses: 0x17bc Startzeit der fehlerhaften Anwendung:
0x01cb8996612908e2 Pfad der fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe
Pfad
des fehlerhaften Moduls: AcroIEHelpe022.dll Berichtskennung: 961bc060-f58a-11df-8f73-00222007f000
Error - 21.11.2010 15:04:20 | Computer Name = Andreas-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SkypeNames.exe, Version: 1.0.1.9,
Zeitstempel: 0x4a5d8705 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16559,
Zeitstempel: 0x4ba9b21e Ausnahmecode: 0xc0000005 Fehleroffset: 0x00075cf0 ID des fehlerhaften
Prozesses: 0x1608 Startzeit der fehlerhaften Anwendung: 0x01cb89aee6035262 Pfad der
fehlerhaften Anwendung: C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 247da02e-f5a2-11df-8f73-00222007f000
Error - 22.11.2010 06:30:07 | Computer Name = Andreas-PC | Source = Bonjour Service | ID = 100
Description = UDPEndRecv: WSARecvMsg control information error.
Error - 22.11.2010 08:37:45 | Computer Name = Andreas-PC | Source = Bonjour Service | ID = 100
Description = UDPEndRecv: WSARecvMsg control information error.
[ Cisco AnyConnect VPN Client Events ]
Error - 10.09.2010 05:00:42 | Computer Name = Andreas-PC | Source = vpninstall | ID = 67108866
Description = Function: CManifestInfo::FileCbSize File: ..\..\Downloader\ManifestInfo.cpp
Line:
1385 Invoked Function: stat Return Code: 2 (0x00000002) Description: Das System kann
die angegebene Datei nicht finden.
Error - 10.09.2010 05:01:12 | Computer Name = Andreas-PC | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::AddRouteChange File: .\ChangeRouteHelper.cpp
Line:
1295 Invoked Function: AddRouteChange Return Code: -33095667 (0xFE07000D) Description:
ROUTETABLE_ERROR_CREATEIPFORWARDENTRY_FAILED
Error - 10.09.2010 05:01:12 | Computer Name = Andreas-PC | Source = vpnagent | ID = 67110872
Description = Failed Route change: Action: AddRoute Destination: 0.0.0.0 Netmask:
0.0.0.0 Gateway: 132.187.246.65 Interface: 132.187.246.113 Metric: 1
Error - 10.09.2010 05:01:12 | Computer Name = Andreas-PC | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::SetRouteTable File: .\ChangeRouteHelper.cpp
Line:
226 Invoked Function: AddRouteChange Return Code: -33095667 (0xFE07000D) Description:
ROUTETABLE_ERROR_CREATEIPFORWARDENTRY_FAILED
Error - 10.09.2010 05:02:17 | Computer Name = Andreas-PC | Source = vpnagent | ID = 67108866
Description = Function: CDtlsProtocol::timerCallback File: .\DtlsProtocol.cpp Line:
406 Invoked Function: CDtlsProtocol::retransmit Return Code: -31719410 (0xFE1C000E)
Description:
TLSPROTOCOL_ERROR_MAX_RETRANSMITS_EXCEEDED
Error - 10.09.2010 05:02:17 | Computer Name = Andreas-PC | Source = vpnagent | ID = 67108866
Description = Function: CCdtpProtocol::OnTunnelInitiateComplete File: .\CdtpProtocol.cpp
Line:
506 Invoked Function: initiateTunnel Return Code: -31719410 (0xFE1C000E) Description:
TLSPROTOCOL_ERROR_MAX_RETRANSMITS_EXCEEDED
Error - 10.09.2010 05:02:17 | Computer Name = Andreas-PC | Source = vpnagent | ID = 67108866
Description = Function: CTunnelStateMgr::OnTunnelInitiateComplete File: .\TunnelStateMgr.cpp
Line:
1038 Invoked Function: ITunnelProtocol::initiateTunnel Return Code: -31719410 (0xFE1C000E)
Description:
TLSPROTOCOL_ERROR_MAX_RETRANSMITS_EXCEEDED callback
Error - 10.09.2010 05:02:17 | Computer Name = Andreas-PC | Source = vpnagent | ID = 67108866
Description = Function: CTlsTunnelMgr::OnTunnelInitiateComplete File: .\TunnelMgr.cpp
Line:
599 Invoked Function: CTunnelStateMgr::initiateTunnel Return Code: -31719410 (0xFE1C000E)
Description:
TLSPROTOCOL_ERROR_MAX_RETRANSMITS_EXCEEDED callback
[ System Events ]
Error - 22.11.2010 08:38:05 | Computer Name = Andreas-PC | Source = SAVOnAccess | ID = 3997781
Description = Der Scan von Datei [...tem32\msacm32.drv] wurde nach einer Zeitüberschreitung/Auslastung
durchgeführt. Sie wird protokolliert. Prozess explorer.exe, (Überprüfung des Zeitstempels
[ 1cb8a421bf10289]).
Error - 22.11.2010 08:38:05 | Computer Name = Andreas-PC | Source = SAVOnAccess | ID = 3997781
Description = Der Scan von Datei [...FONTS\SSERIFE.FON] wurde nach einer Zeitüberschreitung/Auslastung
durchgeführt. Sie wird protokolliert. Prozess SearchSettings, (Überprüfung des
Zeitstempels [ 1cb8a421bf5c549]).
Error - 22.11.2010 08:38:05 | Computer Name = Andreas-PC | Source = SAVOnAccess | ID = 3997781
Description = Der Scan von Datei [...tem32\midimap.dll] wurde nach einer Zeitüberschreitung/Auslastung
durchgeführt. Sie wird protokolliert. Prozess explorer.exe, (Überprüfung des Zeitstempels
[ 1cb8a421bf5c549]).
Error - 22.11.2010 08:38:05 | Computer Name = Andreas-PC | Source = SAVOnAccess | ID = 3997781
Description = Der Scan von Datei [...stem32\trkwks.dll] wurde nach einer Zeitüberschreitung/Auslastung
durchgeführt. Sie wird protokolliert. Prozess svchost.exe, (Überprüfung des Zeitstempels
[ 1cb8a421bf5c549]).
Error - 22.11.2010 08:38:05 | Computer Name = Andreas-PC | Source = SAVOnAccess | ID = 3997781
Description = Der Scan von Datei [...2\wbem\wmisvc.dll] wurde nach einer Zeitüberschreitung/Auslastung
durchgeführt. Sie wird protokolliert. Prozess svchost.exe, (Überprüfung des Zeitstempels
[ 1cb8a421bfce96a]).
Error - 22.11.2010 08:38:05 | Computer Name = Andreas-PC | Source = SAVOnAccess | ID = 3997781
Description = Der Scan von Datei [...2.EXE-59D2A21B.pf] wurde nach einer Zeitüberschreitung/Auslastung
durchgeführt. Sie wird protokolliert. Prozess appconf32.exe, (Überprüfung des Zeitstempels
[ 1cb8a421be9de68]).
Error - 22.11.2010 08:38:05 | Computer Name = Andreas-PC | Source = SAVOnAccess | ID = 3997781
Description = Der Scan von Datei [...\DRIVERS\srv2.sys] wurde nach einer Zeitüberschreitung/Auslastung
durchgeführt. Sie wird protokolliert. Prozess System, (Überprüfung des Zeitstempels
[ 1cb8a421c08d04b]).
Error - 22.11.2010 08:38:05 | Computer Name = Andreas-PC | Source = SAVOnAccess | ID = 3997781
Description = Der Scan von Datei [...gins\emalware.110] wurde nach einer Zeitüberschreitung/Auslastung
durchgeführt. Sie wird protokolliert. Prozess svchost.exe, (Überprüfung des Zeitstempels
[ 1cb8a421bcaec84]).
Error - 22.11.2010 08:38:05 | Computer Name = Andreas-PC | Source = SAVOnAccess | ID = 3997781
Description = Der Scan von Datei [...stem32\msv1_0.DLL] wurde nach einer Zeitüberschreitung/Auslastung
durchgeführt. Sie wird protokolliert. Prozess svchost.exe, (Überprüfung des Zeitstempels
[ 1cb8a421bfa880a]).
Error - 22.11.2010 08:38:55 | Computer Name = Andreas-PC | Source = DCOM | ID = 10010
Description =
< End of report >
|
|
22.11.2010, 14:35
| #4 |
| /// Malware-holic | Fehler in C:\Dokumente und Einstellungen\Benutzer\AppData\Roaming • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. :OTL O4 - HKU\S-1-5-21-2196728487-3460898585-2008473963-1000..\Run: [charntfs] C:\Users\Andreas\AppData\Local\Temp\Netpalua.DLL File not found O4 - HKU\S-1-5-21-2196728487-3460898585-2008473963-1000..\Run: [UseerSideBar] C:\Users\Andreas\AppData\Roaming\prapproxy32.exe () O4 - HKU\S-1-5-21-2196728487-3460898585-2008473963-1000..\Run: [Userinit] C:\Users\Andreas\AppData\Roaming\appconf32.exe () [2010.11.06 11:41:45 | 000,000,091 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\urhtps.dat :Files :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort posten. öffne mein computer, c: dann _OTL dort rechtsklick auf moved files wähle zu moved files.rar oder zip hinzufügen. lade das archiv in unserem upload channel hoch. http://www.trojaner-board.de/54791-a...ner-board.html
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
22.11.2010, 20:16
| #5 |
| | Fehler in C:\Dokumente und Einstellungen\Benutzer\AppData\Roaming Also hier der neue Bericht: All processes killed ========== OTL ========== Registry value HKEY_USERS\S-1-5-21-2196728487-3460898585-2008473963-1000\Software\Microsoft\Windows\CurrentVersion\Run\\charntfs deleted successfully. Registry value HKEY_USERS\S-1-5-21-2196728487-3460898585-2008473963-1000\Software\Microsoft\Windows\CurrentVersion\Run\\UseerSideBar deleted successfully. File move failed. C:\Users\Andreas\AppData\Roaming\prapproxy32.exe scheduled to be moved on reboot. Registry value HKEY_USERS\S-1-5-21-2196728487-3460898585-2008473963-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Userinit deleted successfully. File move failed. C:\Users\Andreas\AppData\Roaming\appconf32.exe scheduled to be moved on reboot. C:\Users\Andreas\AppData\Roaming\urhtps.dat moved successfully. ========== FILES ========== ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Andreas ->Flash cache emptied: 32235 bytes User: Default User: Default User User: Public Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Andreas ->Temp folder emptied: 290058377 bytes ->Temporary Internet Files folder emptied: 64478505 bytes ->Java cache emptied: 1867102 bytes ->FireFox cache emptied: 101013147 bytes ->Flash cache emptied: 0 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 52964660 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 487,00 mb OTL by OldTimer - Version 3.2.17.3 log created on 11222010_194819 Files\Folders moved on Reboot... C:\Users\Andreas\AppData\Roaming\prapproxy32.exe moved successfully. C:\Users\Andreas\AppData\Roaming\appconf32.exe moved successfully. File\Folder C:\Windows\temp\TMP000001D3624D9043D58CEADC not found! Registry entries deleted on Reboot... |
|
22.11.2010, 20:34
| #6 |
| /// Malware-holic | Fehler in C:\Dokumente und Einstellungen\Benutzer\AppData\Roaming wo ist der upload?
__________________ --> Fehler in C:\Dokumente und Einstellungen\Benutzer\AppData\Roaming |
|
22.11.2010, 20:43
| #7 |
| | Fehler in C:\Dokumente und Einstellungen\Benutzer\AppData\Roaming Sry, hoff ich hab jetzt die richtige datei hochgeladen |
|
22.11.2010, 20:53
| #8 |
| /// Malware-holic | Fehler in C:\Dokumente und Einstellungen\Benutzer\AppData\Roaming bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
23.11.2010, 10:50
| #9 |
| | Fehler in C:\Dokumente und Einstellungen\Benutzer\AppData\Roaming Hier der log: Combofix Logfile: Code:
ATTFilter ComboFix 10-11-22.05 - Andreas 23.11.2010 10:04:28.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3005.2063 [GMT 1:00]
ausgeführt von:: c:\users\Andreas\Desktop\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\pdfforge Toolbar\IE\4.1\pdFForgetoolbarie.dll
c:\users\Andreas\AppData\Roaming\.#
c:\users\Andreas\AppData\Roaming\AcROiehelpe022.dll
c:\users\Andreas\AppData\Roaming\prapproxy32.dll
c:\windows\system32\userinit.exe . . . ist infiziert!!
.
((((((((((((((((((((((( Dateien erstellt von 2010-10-23 bis 2010-11-23 ))))))))))))))))))))))))))))))
.
2010-11-23 09:39 . 2010-11-23 09:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-23 08:42 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{24268093-1E87-4189-96F0-C57A29F58408}\mpengine.dll
2010-11-22 18:48 . 2010-11-22 19:06 -------- d-----w- C:\_OTL
2010-11-21 14:33 . 2010-11-21 14:33 -------- d-----w- c:\program files\pdfforge Toolbar
2010-11-21 14:33 . 2010-11-21 14:33 -------- d-----w- c:\program files\Common Files\Spigot
2010-11-21 14:33 . 2010-11-21 14:33 -------- d-----w- c:\program files\Application Updater
2010-11-16 22:39 . 2010-11-16 22:39 -------- d-----w- c:\users\Andreas\AppData\Local\ALDI
2010-11-09 12:33 . 2010-11-09 12:33 -------- d-----w- c:\users\Andreas\AppData\Roaming\5008
2010-11-05 16:17 . 2010-11-14 13:53 -------- d-----w- c:\users\Andreas\AppData\Roaming\UAs
2010-11-05 16:02 . 2010-11-05 16:02 -------- d-----w- c:\users\Andreas\AppData\Roaming\5006
2010-11-05 16:02 . 2010-11-05 16:02 112 ----a-w- c:\users\Andreas\AppData\Roaming\srvblck2.tmp
2010-11-05 16:02 . 2010-11-14 15:14 -------- d-----w- c:\users\Andreas\AppData\Roaming\xmldm
2010-11-05 16:02 . 2010-11-05 16:02 -------- d-----w- c:\users\Andreas\AppData\Roaming\cock
2010-10-28 04:04 . 2010-10-28 04:04 -------- d-----w- c:\users\Andreas\AppData\Local\AOL
2010-10-28 04:04 . 2010-11-14 15:08 -------- d-----w- c:\program files\ICQ7.2
2010-10-27 05:07 . 2010-08-04 06:18 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-10-27 05:07 . 2010-08-04 06:17 417792 ----a-w- c:\windows\system32\msdri.dll
2010-10-27 05:07 . 2010-08-04 06:15 204288 ----a-w- c:\windows\system32\MSNP.ax
2010-10-27 05:07 . 2010-08-04 06:15 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2010-10-27 05:07 . 2010-07-13 05:22 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 09:41 . 2009-10-14 09:39 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-15 16:00 . 2010-10-15 16:00 2300696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2010-10-15 15:59 . 2010-10-15 15:59 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2010-10-15 15:59 . 2010-10-15 15:59 1113408 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-09-08 09:17 . 2010-09-08 09:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 09:17 . 2010-09-08 09:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-08 04:30 . 2010-10-14 15:07 978432 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 04:28 . 2010-10-14 15:07 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 03:22 . 2010-10-14 15:07 386048 ----a-w- c:\windows\system32\html.iec
2010-09-08 02:48 . 2010-10-14 15:07 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-01 04:23 . 2010-10-14 15:07 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-01 02:34 . 2010-10-14 15:07 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-08-31 04:32 . 2010-10-14 15:07 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 04:32 . 2010-10-14 15:07 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-27 05:46 . 2010-10-14 15:07 168448 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 03:31 . 2010-10-14 15:07 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-27 03:30 . 2010-10-14 15:07 308736 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-27 03:30 . 2010-10-14 15:07 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-26 04:39 . 2010-10-14 15:07 109056 ----a-w- c:\windows\system32\t2embed.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 151064]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-11 7739936]
"MDS_Menu"="c:\program files\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2009-04-27 50472]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"BullGuard"="c:\program files\BullGuard Ltd\BullGuard\bullguard.exe" [2010-03-14 304464]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"WEB.DE Update"="c:\program files\WEB.DE\LiveUpdate\m2LUTray.exe" [2009-10-30 2276744]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2010-10-22 524288]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AutoUpdate Monitor.lnk - c:\program files\Sophos\AutoUpdate\ALMon.exe [2010-4-6 245760]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Sophos\SOPHOS~1\sophos_detoured.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BgMainSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [2010-04-06 20288]
S1 afw;Agnitum Firewall Driver;c:\windows\system32\DRIVERS\afw.sys [2009-03-23 29208]
S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys [2010-06-03 93688]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2010-10-22 386560]
S2 BdFileSpy;BullGuard File Monitor Driver;c:\windows\system32\drivers\BdFileSpy.sys [2009-01-23 55504]
S2 BsFileScan;BullGuard File Scan Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 BsFire;BullGuard Firewall Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 BsMailProxy;BullGuard Email Monitoring Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-02-03 1155072]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
S2 SAVAdminService;Sophos Anti-Virus Statusreporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2010-04-06 80936]
S2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [2010-04-06 98304]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-12-17 497856]
S3 afwcore;afwcore;c:\windows\system32\DRIVERS\afwcore.sys [2009-03-23 305688]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-14 116064]
S3 JME;JMicron Ethernet Adapter NDIS6 Driver;c:\windows\system32\DRIVERS\JME.sys [2009-07-14 82272]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-08-19 859648]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
BullGuard REG_MULTI_SZ BgMainSvc BsFileScan BsMailProxy BsFire
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://go.web.de/suchbox/webdesuche?su=%s
IE: An OneNote s&enden - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4
LSP: c:\windows\system32\BGLsp.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\gl2lk6no.default\
FF - prefs.js: browser.search.defaulturl - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=
FF - prefs.js: browser.startup.homepage - hxxp://go.web.de/mff_mailcheck | hxxp://www.web.de
FF - prefs.js: keyword.URL - hxxp://wa.ui-portal.de/webde/webde/s?produkte.browser.link.searchlink&s_brand=webde&t_link=searchlink&ns_type=clickin&ns_url=hxxp://suche.web.de/search/web/?origin=searchplugin&su=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\users\Andreas\AppData\Roaming\5008\components\AcroFF008.dll
FF - component: c:\users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\gl2lk6no.default\extensions\allglassv2@ambroos.neowin.net\components\dwmxpcom.dll
FF - plugin: c:\progra~1\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Sophos Message Router]
"ImagePath"="\"c:\program files\Sophos\Remote Management System\RouterNT.exe\" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'Explorer.exe'(1148)
c:\program files\BullGuard Ltd\BullGuard\BackupShellHook.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\PSIService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Sophos\Remote Management System\ManagementAgentNT.exe
c:\program files\Sophos\AutoUpdate\ALsvc.exe
c:\program files\Sophos\Remote Management System\RouterNT.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-11-23 10:47:49 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-11-23 09:47
Vor Suchlauf: 9 Verzeichnis(se), 423.486.873.600 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 424.307.908.608 Bytes frei
- - End Of File - - 34927D5C668BC72DF61FE82B87BB9648
|
|
23.11.2010, 11:51
| #10 |
| /// Malware-holic | Fehler in C:\Dokumente und Einstellungen\Benutzer\AppData\Roaming starte den pc bitte mal im abgesicherten modus, sollte bei pc start die f8-taste sein, bitte nicht den abges mit netzwerk. dort versuche combofix erneut auszuführen und poste das log.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
23.11.2010, 14:03
| #11 |
| | Fehler in C:\Dokumente und Einstellungen\Benutzer\AppData\Roaming Combofix Logfile: Code:
ATTFilter ComboFix 10-11-22.05 - Andreas 23.11.2010 13:49:22.2.2 - x86 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3005.2002 [GMT 1:00]
ausgeführt von:: c:\users\Andreas\Desktop\ComboFix.exe
.
((((((((((((((((((((((( Dateien erstellt von 2010-10-23 bis 2010-11-23 ))))))))))))))))))))))))))))))
.
2010-11-23 12:53 . 2010-11-23 12:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-23 08:42 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{24268093-1E87-4189-96F0-C57A29F58408}\mpengine.dll
2010-11-22 18:48 . 2010-11-22 19:06 -------- d-----w- C:\_OTL
2010-11-21 14:33 . 2010-11-21 14:33 -------- d-----w- c:\program files\pdfforge Toolbar
2010-11-21 14:33 . 2010-11-21 14:33 -------- d-----w- c:\program files\Common Files\Spigot
2010-11-21 14:33 . 2010-11-21 14:33 -------- d-----w- c:\program files\Application Updater
2010-11-16 22:39 . 2010-11-16 22:39 -------- d-----w- c:\users\Andreas\AppData\Local\ALDI
2010-11-09 12:33 . 2010-11-09 12:33 -------- d-----w- c:\users\Andreas\AppData\Roaming\5008
2010-11-05 16:17 . 2010-11-14 13:53 -------- d-----w- c:\users\Andreas\AppData\Roaming\UAs
2010-11-05 16:02 . 2010-11-05 16:02 -------- d-----w- c:\users\Andreas\AppData\Roaming\5006
2010-11-05 16:02 . 2010-11-05 16:02 112 ----a-w- c:\users\Andreas\AppData\Roaming\srvblck2.tmp
2010-11-05 16:02 . 2010-11-14 15:14 -------- d-----w- c:\users\Andreas\AppData\Roaming\xmldm
2010-11-05 16:02 . 2010-11-05 16:02 -------- d-----w- c:\users\Andreas\AppData\Roaming\cock
2010-10-28 04:04 . 2010-10-28 04:04 -------- d-----w- c:\users\Andreas\AppData\Local\AOL
2010-10-28 04:04 . 2010-11-14 15:08 -------- d-----w- c:\program files\ICQ7.2
2010-10-27 05:07 . 2010-08-04 06:18 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-10-27 05:07 . 2010-08-04 06:17 417792 ----a-w- c:\windows\system32\msdri.dll
2010-10-27 05:07 . 2010-08-04 06:15 204288 ----a-w- c:\windows\system32\MSNP.ax
2010-10-27 05:07 . 2010-08-04 06:15 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2010-10-27 05:07 . 2010-07-13 05:22 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 09:41 . 2009-10-14 09:39 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-15 16:00 . 2010-10-15 16:00 2300696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2010-10-15 15:59 . 2010-10-15 15:59 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2010-10-15 15:59 . 2010-10-15 15:59 1113408 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-09-08 09:17 . 2010-09-08 09:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 09:17 . 2010-09-08 09:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-08 04:30 . 2010-10-14 15:07 978432 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 04:28 . 2010-10-14 15:07 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 03:22 . 2010-10-14 15:07 386048 ----a-w- c:\windows\system32\html.iec
2010-09-08 02:48 . 2010-10-14 15:07 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-01 04:23 . 2010-10-14 15:07 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-01 02:34 . 2010-10-14 15:07 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-08-31 04:32 . 2010-10-14 15:07 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 04:32 . 2010-10-14 15:07 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-27 05:46 . 2010-10-14 15:07 168448 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 03:31 . 2010-10-14 15:07 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-27 03:30 . 2010-10-14 15:07 308736 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-27 03:30 . 2010-10-14 15:07 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-26 04:39 . 2010-10-14 15:07 109056 ----a-w- c:\windows\system32\t2embed.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 151064]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-11 7739936]
"MDS_Menu"="c:\program files\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2009-04-27 50472]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"BullGuard"="c:\program files\BullGuard Ltd\BullGuard\bullguard.exe" [2010-03-14 304464]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"WEB.DE Update"="c:\program files\WEB.DE\LiveUpdate\m2LUTray.exe" [2009-10-30 2276744]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2010-10-22 524288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AutoUpdate Monitor.lnk - c:\program files\Sophos\AutoUpdate\ALMon.exe [2010-4-6 245760]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Sophos\SOPHOS~1\sophos_detoured.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BgMainSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
R1 afw;Agnitum Firewall Driver;c:\windows\system32\DRIVERS\afw.sys [2009-03-23 29208]
R1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys [2010-06-03 93688]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2010-10-22 386560]
R2 BdFileSpy;BullGuard File Monitor Driver;c:\windows\system32\drivers\BdFileSpy.sys [2009-01-23 55504]
R2 BsFileScan;BullGuard File Scan Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
R2 BsFire;BullGuard Firewall Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
R2 BsMailProxy;BullGuard Email Monitoring Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-02-03 1155072]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
R2 SAVAdminService;Sophos Anti-Virus Statusreporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2010-04-06 80936]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-12-17 497856]
R3 afwcore;afwcore;c:\windows\system32\DRIVERS\afwcore.sys [2009-03-23 305688]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-14 116064]
R3 JME;JMicron Ethernet Adapter NDIS6 Driver;c:\windows\system32\DRIVERS\JME.sys [2009-07-14 82272]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-08-19 859648]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [2010-04-06 20288]
S2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [2010-04-06 98304]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
BullGuard REG_MULTI_SZ BgMainSvc BsFileScan BsMailProxy BsFire
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://go.web.de/suchbox/webdesuche?su=%s
IE: An OneNote s&enden - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4
LSP: c:\windows\system32\BGLsp.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\gl2lk6no.default\
FF - prefs.js: browser.search.defaulturl - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=
FF - prefs.js: browser.startup.homepage - hxxp://go.web.de/mff_mailcheck | hxxp://www.web.de
FF - prefs.js: keyword.URL - hxxp://wa.ui-portal.de/webde/webde/s?produkte.browser.link.searchlink&s_brand=webde&t_link=searchlink&ns_type=clickin&ns_url=hxxp://suche.web.de/search/web/?origin=searchplugin&su=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\users\Andreas\AppData\Roaming\5008\components\AcroFF008.dll
FF - component: c:\users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\gl2lk6no.default\extensions\allglassv2@ambroos.neowin.net\components\dwmxpcom.dll
FF - plugin: c:\progra~1\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
HKLM-RunOnce-<NO NAME> - (no file)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Sophos Message Router]
"ImagePath"="\"c:\program files\Sophos\Remote Management System\RouterNT.exe\" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2010-11-23 13:55:04
ComboFix-quarantined-files.txt 2010-11-23 12:55
ComboFix2.txt 2010-11-23 09:47
Vor Suchlauf: 12 Verzeichnis(se), 424.354.512.896 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 424.212.742.144 Bytes frei
- - End Of File - - 0AB2211A2F3F0A28C3AEE26F90B47EB1
|
|
23.11.2010, 14:12
| #12 |
| /// Malware-holic | Fehler in C:\Dokumente und Einstellungen\Benutzer\AppData\Roaming lade den CCleaner slim: Piriform - Builds instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
23.11.2010, 14:37
| #13 |
| | Fehler in C:\Dokumente und Einstellungen\Benutzer\AppData\Roaming Activation Assistant for the 2007 Microsoft Office suites Microsoft Corporation 23.12.2009unbekannt Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 23.12.2009 10.0.32.18notwendig Adobe Flash Player 10 Plugin Adobe Systems Incorporated 23.09.2010 6,00MB 10.1.85.3notwendig Adobe Reader 9.3.2 - Deutsch Adobe Systems Incorporated 18.04.2010 167,8MB 9.3.2notwendig ALDI Süd Foto Manager Free MAGIX AG 28.09.2009 6.0.1.491unnötig ALDI Süd Foto Service MAGIX AG 28.09.2009 4.5.9.140unnötig Aldi Süd Fotoservice 28.09.2009 unnötig ALDI Süd Online Druck Service MAGIX AG 28.09.2009 4.5.1.0unnötig Apple Application Support Apple Inc. 07.09.2010 42,8MB 1.3.2unnötig Apple Mobile Device Support Apple Inc. 07.09.2010 20,1MB 3.2.0.47unnötig Apple Software Update Apple Inc. 25.08.2010 2,26MB 2.1.2.120unnötig Bonjour Apple Inc. 17.10.2010 1,10MB 2.0.3.0unnötig BullGuard 8.7 BullGuard Ltd. 23.12.2009 8.7unnötig CCleaner Piriform 22.11.2010 3.00notwendig Cisco AnyConnect VPN Client Cisco Systems, Inc. 09.09.2010 3,93MB 2.4.1012unbekannt Cisco EAP-FAST Module Cisco Systems, Inc. 28.09.2009 1,15MB 2.2.14unbekannt Cisco LEAP Module Cisco Systems, Inc. 28.09.2009 0,48MB 1.0.19unbekannt Cisco PEAP Module Cisco Systems, Inc. 28.09.2009 0,90MB 1.1.6unbekannt Compatibility Pack für 2007 Office System Microsoft Corporation 09.11.2010 131,2MB 12.0.6425.1000notwendig CyberLink LabelPrint CyberLink Corp. 29.09.2009 143,0MB 2.5.1927unbekannt CyberLink MediaShow CyberLink Corp. 29.09.2009 185,8MB 4.1.3121unbekannt CyberLink PhotoNow CyberLink Corp. 29.09.2009 21,8MB 1.1.6622unbekannt CyberLink Power2Go CyberLink Corp. 29.09.2009 104,4MB 6.1.3213unbekannt CyberLink PowerDirector CyberLink Corp. 29.09.2009 324MB 7.0.3003unbekannt CyberLink PowerDVD 9 CyberLink Corp. 29.09.2009 160,1MB 9.0.2010notwendig CyberLink PowerDVD Copy CyberLink Corp. 23.12.2009 1.0.6720notwendig CyberLink PowerProducer CyberLink Corp. 29.09.2009 168,1MB 5.0.2.2124unbekannt CyberLink YouCam CyberLink Corp. 29.09.2009 129,0MB 3.0.2104unbekannt e-Wörterbücher 23.12.2009 unnötig Firebird SQL Server - MAGIX Edition MAGIX AG 28.09.2009 10,1MB 2.1.23.0unbekannt Firefox 3.6 WEB.DE Edition WEB.DE 24.01.2010 notwendig Google Chrome Google Inc. 22.11.2010 7.0.517.44unbekannt ICQ Toolbar ICQ 03.01.2010 3.0.0unnötig ICQ7.2 ICQ 27.10.2010 7.2notwendig Intel(R) Graphics Media Accelerator Driver Intel Corporation 23.12.2009 54,3MB 8.15.10.1883unbekannt Intel(R) TV Wizard Intel Corporation 23.12.2009 unbekannt Intel® Matrix Storage Manager Intel Corporation 23.12.2009 unbekannt iTunes Apple Inc. 17.10.2010 138,7MB 10.0.1.22notwendig Java(TM) 6 Update 16 Sun Microsystems, Inc. 28.09.2009 97,7MB 6.0.160unbekannt JMicron Ethernet Adapter NDIS Driver JMicron Technology Corp. 23.12.2009 6.0.10.5unbekannt JMicron Flash Media Controller Driver JMicron Technology Corp. 23.12.2009 1.0.31.3unbekannt MEDION Fotos auf CD & DVD SE Sued MAGIX AG 28.09.2009 8.0.3.4unbekannt Medion Home Cinema CyberLink Corp. 29.09.2009 0,94MB 6.0.0000notwendig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 25.06.2010 38,8MB 4.0.30319unbekannt Microsoft Office Live Add-in 1.3 Microsoft Corporation 28.09.2009 0,48MB 2.0.2313.0unbekannt Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Corporation 09.11.2010 102,1MB 12.0.6425.1000unbekannt Microsoft Office Professional Plus 2010 Microsoft Corporation 09.09.2010 14.0.4763.1000unbekannt Microsoft Silverlight Microsoft Corporation 01.10.2010 88,6MB 4.0.50917.0unbekannt Microsoft SQL Server 2005 Compact Edition [DEU] Microsoft Corporation 28.09.2009 0,33MB 3.1.0000unbekannt Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 28.09.2009 1,72MB 3.1.0000unbekannt Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Corporation 28.09.2009 0,61MB 1.0.1215.0unbekannt Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Corporation 28.09.2009 1,45MB 1.0.1215.0unbekannt Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 13.10.2009 0,25MB 8.0.50727.4053unbekannt Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 28.09.2009 0,42MB 8.0.56336unbekannt Microsoft Works Microsoft Corporation 22.08.2010 711MB 9.7.0621unbekannt Mozilla Firefox (3.6.12) Mozilla 29.10.2010 3.6.12 (de)notwendig Mozilla Thunderbird (3.0) Mozilla 03.01.2010 3.0 (de)notwendig MSXML 4.0 SP2 (KB954430) Microsoft Corporation 13.10.2009 1,28MB 4.20.9870.0unbekannt MSXML 4.0 SP2 (KB973688) Microsoft Corporation 03.01.2010 1,33MB 4.20.9876.0unbekannt PDFCreator Frank Heindörfer, Philip Chinery 10.10.2010 1.0.2notwendig pdfforge Toolbar v4.1 Spigot, Inc. 20.11.2010 2,55MB 4.1unbekannt QuickTime Apple Inc. 17.10.2010 73,7MB 7.68.75.0unbekannt Realtek High Definition Audio Driver Realtek Semiconductor Corp. 28.09.2009 6.0.1.5936unbekannt REALTEK Wireless LAN Driver REALTEK Semiconductor Corp. 28.09.2009 1.00.0124unbeaknnt Skype web features Skype Technologies S.A. 03.01.2010 4,32MB 1.0.3971unnötig Skype™ 4.2 Skype Technologies S.A. 22.07.2010 31,7MB 4.2.169unnötig Sophos Anti-Virus Sophos Plc 27.10.2010 16,2MB 7.6.20notwendig Sophos AutoUpdate Sophos Plc 02.06.2010 8,81MB 2.2.11notwendig Sophos Remote Management System Sophos Plc 02.06.2010 9,87MB 3.0.14notwendig Synaptics Pointing Device Driver Synaptics Incorporated 28.09.2009 14.0.0.3unbekannt Theme Park GameFabrique 06.01.2010unnötig Theme Park World 29.12.2009unnötig WEB.DE Update WEB.DE 24.01.2010 unbekannt Windows Live Anmelde-Assistent Microsoft Corporation 28.09.2009 1,94MB 5.000.818.5unbekannt Windows Live Essentials Microsoft Corporation 28.09.2009 14.0.8089.0726unbekannt Windows Live Sync Microsoft Corporation 28.09.2009 2,79MB 14.0.8089.726unbekannt Windows Live-Uploadtool Microsoft Corporation 28.09.2009 0,22MB 14.0.8014.1029unbekannt |
|
23.11.2010, 14:54
| #14 |
| /// Malware-holic | Fehler in C:\Dokumente und Einstellungen\Benutzer\AppData\Roaming deinstaliere: Activation Assistant for the 2007 Microsoft Office suites Adobe Reader 9.3.2 ersetzen durch adobe reader 10: Adobe - Adobe Reader herunterladen - Alle Versionen ohne mcafee security scan instalieren, auf der seite abhaken. öffne den adobe reader, bearbeiten, voreinstellungen, javascript, dort den haken raus, internet, ebenfalls alle haken raus. so werden keine pdfs mehr automatisch geladen und es kann dir kein schadcode mehr auf diese weise untergeschoben werden. unter allgemein, nur zertifizierte zusatzmodule verwenden anhaken. unter update, auf instalieren stellen. klicke übernehmen /ok bitte noch unnötige plugins verschieben: Adobe Reader schneller starten behalte aber: EScript.api Search.api Updater.api Spelling.api die anleitung ist für den adobe reader 9, trifft aber auf die 10 zu. deinstaliere: ALDI Süd Foto Manager ALDI Süd Foto Service MAGIX Aldi Süd Fotoservice ALDI Süd Online Druck Service Bonjour BullGuard alles von cisko CyberLink LabelPrint CyberLink MediaShow CyberLink PhotoNow CyberLink Power2Go CyberLink PowerDirector CyberLink PowerProducer CyberLink YouCam e-Wörterbücher Firebird SQL Server Firefox 3.6 deinstaliere: Google Chrome ICQ Toolbar ICQ7.2 sollte durch den schlanken, werbefreien, multimessenger miranda ersetzt werden. Miranda Fusion wenn dir miranda gefällt, runter mit icq Java(TM) 6 Update 16 ersetzen durch: Download der kostenlosen Java-Software klicke auf download jre deinstaliere weiter: MEDION Fotos auf CD & DVD Microsoft Silverlight o microsoft office, ist word, excel und so weiter, falls nicht benötigt, weg. Microsoft SQL Server 2005 Microsoft SQL Server 2005 Compact Edition pdfforge Toolbar QuickTime Skype web features Skype™ 4.2 Theme Park GameFabrique Theme Park World WEB.DE Update Windows Live Anmelde-Assistent Windows Live Essentials Windows Live Sync Windows Live-Uploadtool wenn du damit fertig bist, bereinige mit dem CCleaner dateien + registry. berichte, wie der pc läuft.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
27.11.2010, 17:59
| #15 |
| | Fehler in C:\Dokumente und Einstellungen\Benutzer\AppData\Roaming Hey, Hat einige Zeit gedauert alles zu deinstallieren, aber jetzt bin ich fertig. Das Internet läuft wieder mit normaler Geschwindigkeit. Danke, echt super |
|
| Themen zu Fehler in C:\Dokumente und Einstellungen\Benutzer\AppData\Roaming |
| appdata, arten, beim starten, benutzer, dokumente, einstellungen, fehler, fehlermeldung, gen, inter, interne, internet, langsamer, roaming, sophos, starte, starten, weiterhelfen, woche, wochen, zugriffe, zugriffen |
Linear-Darstellung
