Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Folgeprobleme von Malware (https://www.trojaner-board.de/89320-folgeprobleme-malware.html)

AngeDeDiable 09.08.2010 21:59
Folgeprobleme von Malware
 
Hallo Zusammen,

ich habe mir gestern wohl Maleware eingefangen gleich im Doppelpack.
-> Antimalware Doctor <-
-> Antivir Solution Por <-

Anfangs hatte ich damit zu kämpfen überhaupt irgend etwas zu machen da immer folgende Meldung kam:

" Ein kritischer Fehler ist aufgetreten. Windows wird in einer Minute neu gestartet. Speichern Sie die Daten"

Ich habe dann das System mit einer Boot CD gestartet wo Desinfec't drauf ist, da hab ich dann mit virensuche mit Desinfec't losgelegt. Nach einiger Zeit ist alles durchgelaufen. Es wurde auch was gefunden aber bei dem versuch in Quarantäne zu verschieben kam eine Fehlermeldung. Leider hab ich vergessen die Log-Datei zu speichern somit keine Infos für euch.

Dann bin ich auf dieses Forum gestoßen und habe dieses Thema durchgearbeitet: http://www.trojaner-board.de/83172-a...entfernen.html

Die Programme hab ich mir auf mein USB Stick gezogen und das System normal gestartet. Wenn ich keine Internetverbindung habe kommt die oben genannte Fehlermeldung von Windows nicht. Also Internet ab und die Programme nach der reihe laufen lassen. Bei Malewarebytes wurde auch einiges gefunden (log Datei im Anhang).

Nach dem ganzen habe ich Avira und Malewarebytes noch mal laufen lassen und es wurde nichts mehr gefunden. Und Antimalware Doctor, antivir Solution Pro starten auch nicht mehr.

So und hier jetz mein folge Problem:
Sobald ich das Internet anstecke kommt immer noch diese Fehlermeldung:
" Ein kritischer Fehler ist aufgetreten. Windows wird in einer Minute neu gestartet. Speichern Sie die Daten"

Wenn ich mich beim Anmelden unter dem Benutzer von meiner Freundin anmelden will kommt da wo normalerweise steht "Windows wird gestartet" (oder so ähnlihc) "...Abmelden" und bin gleich wieder da wo ich den Benutzer auswähle.

Könnt ihr mir weiterhelfen? Platt machen würde ich nur sehr sehr sehr ungerne da ich nur eine Vista 64bit Installations CD habe und ich befürchte das dann einige Programme die ich für die Arbeit brauche darauf nicht mehr laufen.

Vielen Dank schon mal!

cosinus 10.08.2010 09:58
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

AngeDeDiable 10.08.2010 12:46
Hallo Arne,

Danke für deine Hilfe.
Am Vormittag habe ich mit einem bekannten gesprochen der meinte Systemwiederherstellung machen da nur noch eine Datei in Avira angezeigt wurde
(C:\Windows\System32\drivers\qbixeby.sys

Das hatte ich jetzt gemacht. Nun kann ich wieder normal ins Internet ohne der Meldung vonwegen Windows wird herunter gefahren und Avira findet auch nichts mehr.

Jetzt habe ich gerade noch deinen Post gesehen und das auch noch gleich gemacht ich denke kann ja nie schaden.
Im Anhang die zwei Logfiles.


OTL.txt
[CODE]
OTL Logfile:
Code:
OTL logfile created on: 10.08.2010 13:33:37 - Run 1
OTL by OldTimer - Version 3.2.9.1    Folder = C:\Users\AngeDeDiable\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 135,05 Gb Total Space | 30,32 Gb Free Space | 22,45% Space Free | Partition Type: NTFS
Drive D: | 12,04 Gb Total Space | 7,18 Gb Free Space | 59,63% Space Free | Partition Type: NTFS
Drive E: | 1,95 Gb Total Space | 1,73 Gb Free Space | 88,57% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 14,89 Gb Total Space | 14,83 Gb Free Space | 99,56% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded
 
Computer Name: ANGEDEDIABLE-PC
Current User Name: AngeDeDiable
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\AngeDeDiable\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\System32\UTSCSI.EXE ()
PRC - C:\Programme\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Programme\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe ()
PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
PRC - C:\Programme\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - C:\Windows\SMINST\Scheduler.exe ()
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Windows\System32\StkASv2K.exe (Syntek America Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\AngeDeDiable\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (osppsvc) -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (UTSCSI) -- C:\Windows\System32\UTSCSI.EXE ()
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (TVersityMediaServer) -- C:\Users\AngeDeDiable\AppData\Local\TVersity\Media Server\MediaServer.exe ()
SRV - (Autodesk Licensing Service) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (MSSQL$IMOS) SQL Server (IMOS) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (NVIDIA Performance Driver Service) -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe ()
SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (pdfcDispatcher) -- C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (StkASSrv) -- C:\Windows\System32\StkASv2K.exe (Syntek America Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (vmm) -- C:\Windows\System32\drivers\VMM.sys (Microsoft Corporation)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (androidusb) -- C:\Windows\System32\drivers\androidusb.sys (Google Inc)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (VPCNetS2) -- C:\Windows\System32\drivers\VMNetSrv.sys (Microsoft Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (Blfp) -- C:\Windows\System32\drivers\basp.sys (Broadcom Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\System32\drivers\LV302V32.SYS (Logitech Inc.)
DRV - (Hardlock) -- C:\Windows\system32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.)
DRV - (aksusb) -- C:\Windows\System32\drivers\aksusb.sys (Aladdin Knowledge Systems Ltd.)
DRV - (akshasp) -- C:\Windows\System32\drivers\akshasp.sys (Aladdin Knowledge Systems Ltd.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (pnetmdm) -- C:\Windows\System32\drivers\pnetmdm.sys (June Fabrics Technology)
DRV - (StkAMini) -- C:\Windows\System32\drivers\StkAMini.sys (Syntek America Inc.)
DRV - (StkScan) -- C:\Windows\System32\drivers\StkScan.sys (Syntek America Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Babylon Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}:2.3.0.4
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {1b8cc170-8c85-11db-b606-0800200c9a66}:3.3.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.29 23:10:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.29 23:10:10 | 000,000,000 | ---D | M]
 
[2009.09.04 22:35:25 | 000,000,000 | ---D | M] -- C:\Users\AngeDeDiable\AppData\Roaming\mozilla\Extensions
[2010.08.08 18:24:53 | 000,000,000 | ---D | M] -- C:\Users\AngeDeDiable\AppData\Roaming\mozilla\Firefox\Profiles\ubcxrprg.default\extensions
[2009.11.15 15:16:31 | 000,000,000 | ---D | M] (ShareThis) -- C:\Users\AngeDeDiable\AppData\Roaming\mozilla\Firefox\Profiles\ubcxrprg.default\extensions\{1b8cc170-8c85-11db-b606-0800200c9a66}
[2009.11.09 20:17:45 | 000,000,000 | ---D | M] (myBabylon English Toolbar) -- C:\Users\AngeDeDiable\AppData\Roaming\mozilla\Firefox\Profiles\ubcxrprg.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
[2009.09.04 22:38:47 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\AngeDeDiable\AppData\Roaming\mozilla\Firefox\Profiles\ubcxrprg.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.02.17 19:37:58 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.02.17 19:37:59 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.02.28 19:24:15 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.11.09 20:17:46 | 000,002,204 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\babylon.xml
[2010.02.28 19:24:15 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.02.28 19:24:16 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.02.28 19:24:16 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.02.28 19:24:16 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [MbWzdFPAP-EXL600] C:\Windows\System32\FPAP-EXL600\PdtGuide.exe ()
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Windows\System32\nwiz.exe ()
O4 - HKLM..\Run: [PDF Complete] C:\Programme\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UVS10 Preload] C:\Programme\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe (Ulead Systems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ST Recovery Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\AngeDeDiable\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\AngeDeDiable\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3239cac8-93ef-11de-860c-001f29014938}\Shell - "" = AutoRun
O33 - MountPoints2\{3239cac8-93ef-11de-860c-001f29014938}\Shell\AutoRun\command - "" = I:\PdtStart.exe -- File not found
O33 - MountPoints2\{4b50889d-c165-11de-bbee-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4b50889d-c165-11de-bbee-806e6f6e6963}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{4b5088cc-c165-11de-bbee-001f29014938}\Shell - "" = AutoRun
O33 - MountPoints2\{4b5088cc-c165-11de-bbee-001f29014938}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{4b5088ce-c165-11de-bbee-001f29014938}\Shell - "" = AutoRun
O33 - MountPoints2\{4b5088ce-c165-11de-bbee-001f29014938}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{4b5088d0-c165-11de-bbee-001f29014938}\Shell - "" = AutoRun
O33 - MountPoints2\{4b5088d0-c165-11de-bbee-001f29014938}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{5cbef484-bfea-11de-9eaa-001f29014938}\Shell - "" = AutoRun
O33 - MountPoints2\{5cbef484-bfea-11de-9eaa-001f29014938}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{cc184548-44d1-11df-a6e7-001f29014938}\Shell - "" = AutoRun
O33 - MountPoints2\{cc184548-44d1-11df-a6e7-001f29014938}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.10 13:31:18 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\AngeDeDiable\Desktop\OTL.exe
[2010.08.10 12:34:49 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010.08.10 12:34:49 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010.08.10 08:17:31 | 000,000,000 | ---D | C] -- C:\avrescue
[2010.08.10 00:04:34 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.08.09 01:13:32 | 000,000,000 | ---D | C] -- C:\Users\AngeDeDiable\AppData\Roaming\Avira
[2010.08.09 01:10:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira(1)
[2010.08.09 01:10:31 | 000,000,000 | ---D | C] -- C:\Programme\Avira(0)
[2010.08.08 23:57:57 | 000,000,000 | ---D | C] -- C:\Users\AngeDeDiable\AppData\Roaming\Malwarebytes
[2010.08.08 23:57:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.08 22:07:18 | 000,000,000 | ---D | C] -- C:\.Trash-500
[2010.08.08 21:33:19 | 000,000,000 | ---D | C] -- C:\DesinfectLogs
[2010.08.08 19:10:24 | 000,000,000 | ---D | C] -- C:\Users\AngeDeDiable\AppData\Local\rsdfmlmat
[2010.08.08 19:10:05 | 000,000,000 | -HSD | C] -- C:\Users\AngeDeDiable\AppData\Roaming\lowsec
[2010.08.08 19:08:59 | 000,000,000 | ---D | C] -- C:\Users\AngeDeDiable\AppData\Roaming\A65CBF341FA096891D5DD98DB4456A3F
[2010.08.08 17:01:53 | 000,000,000 | ---D | C] -- C:\Users\AngeDeDiable\Desktop\Paul Kalkbrenner-Reworks2006
[2010.08.08 17:01:36 | 000,000,000 | ---D | C] -- C:\Users\AngeDeDiable\Desktop\Paul Kalkbrenner - Berlin Calling
[2010.08.02 21:24:54 | 000,073,728 | ---- | C] ( ) -- C:\Windows\System\vdremote.dll
[2010.08.02 21:24:54 | 000,065,536 | ---- | C] ( ) -- C:\Windows\System\vdsvrlnk.dll
[2010.07.30 20:59:30 | 000,000,000 | ---D | C] -- C:\Users\AngeDeDiable\Documents\Videoprojekte
[2010.07.30 20:58:00 | 000,000,000 | ---D | C] -- C:\Users\AngeDeDiable\AppData\Roaming\FreeScreenToVideo
[2010.07.30 20:58:00 | 000,000,000 | ---D | C] -- C:\Programme\Free Screen To Video
[2010.07.23 23:27:03 | 000,000,000 | ---D | C] -- C:\Programme\QS
[2010.07.23 22:50:28 | 000,000,000 | ---D | C] -- C:\Programme\TeamViewer
[2010.07.23 22:41:07 | 000,000,000 | ---D | C] -- C:\Users\AngeDeDiable\Documents\AutoCAD-Tools
[2010.07.23 22:20:17 | 000,000,000 | ---D | C] -- C:\Users\AngeDeDiable\Documents\Anwendungen
[2010.07.21 19:33:35 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Analysis Services
[2010.07.21 19:32:56 | 000,000,000 | ---D | C] -- C:\Users\AngeDeDiable\AppData\Local\Microsoft Help
[2010.07.21 19:32:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010.07.21 19:32:44 | 000,000,000 | RH-D | C] -- C:\MSOCache
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.10 13:34:59 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CCA8D50B-F3C8-4177-8E78-B20CEBC99C04}.job
[2010.08.10 13:32:40 | 003,407,872 | -HS- | M] () -- C:\Users\AngeDeDiable\ntuser.dat
[2010.08.10 13:31:23 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\AngeDeDiable\Desktop\OTL.exe
[2010.08.10 12:44:34 | 001,575,996 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.10 12:44:34 | 000,676,888 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.10 12:44:34 | 000,643,180 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.10 12:44:34 | 000,144,246 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.10 12:44:34 | 000,121,828 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.10 12:40:29 | 000,000,432 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{FD26FCD1-C73C-4683-9195-ED5C104DEBBF}.job
[2010.08.10 12:36:32 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.10 12:36:32 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.10 12:36:30 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.10 12:36:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.10 12:36:21 | 3488,968,704 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.10 12:35:33 | 000,524,288 | -HS- | M] () -- C:\Users\AngeDeDiable\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000001.regtrans-ms
[2010.08.10 12:35:33 | 000,065,536 | -HS- | M] () -- C:\Users\AngeDeDiable\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TM.blf
[2010.08.10 12:35:22 | 004,424,753 | -H-- | M] () -- C:\Users\AngeDeDiable\AppData\Local\IconCache.db
[2010.08.05 18:50:05 | 000,000,501 | ---- | M] () -- C:\Windows\System32\tversity.cookies
[2010.08.02 21:30:25 | 000,026,624 | ---- | M] () -- C:\Users\AngeDeDiable\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.31 00:39:53 | 000,062,558 | ---- | M] () -- C:\test.swf
[2010.07.31 00:39:13 | 000,000,666 | ---- | M] () -- C:\test.html
[2010.07.30 20:58:01 | 000,000,923 | ---- | M] () -- C:\Users\AngeDeDiable\Desktop\Free Screen To Video.lnk
[2010.07.29 23:53:30 | 000,116,564 | ---- | M] () -- C:\Users\AngeDeDiable\Documents\OTTO-Merkzettel.pdf
[2010.07.23 22:50:32 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 5.lnk
[2010.07.21 19:48:55 | 000,124,296 | ---- | M] () -- C:\Users\AngeDeDiable\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.07.21 19:46:28 | 000,412,280 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2010.07.31 00:39:53 | 000,062,558 | ---- | C] () -- C:\test.swf
[2010.07.31 00:39:13 | 000,000,666 | ---- | C] () -- C:\test.html
[2010.07.30 20:58:01 | 000,000,923 | ---- | C] () -- C:\Users\AngeDeDiable\Desktop\Free Screen To Video.lnk
[2010.07.29 23:53:29 | 000,116,564 | ---- | C] () -- C:\Users\AngeDeDiable\Documents\OTTO-Merkzettel.pdf
[2010.07.23 22:50:32 | 000,000,955 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 5.lnk
[2010.06.29 23:56:11 | 000,000,400 | ---- | C] () -- C:\Windows\g_iclink337.ini
[2010.03.07 12:56:11 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.03.07 12:56:11 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2009.11.09 20:16:35 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.11.09 20:16:35 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009.10.30 20:42:25 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.10.30 20:42:25 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.10.30 20:41:22 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.10.28 21:34:07 | 000,000,110 | ---- | C] () -- C:\Windows\IOEMR17.INI
[2009.10.28 21:34:07 | 000,000,110 | ---- | C] () -- C:\Windows\System32\imoscam.INI
[2009.08.26 20:52:18 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2009.05.13 16:53:45 | 001,724,416 | ---- | C] () -- C:\Windows\System32\nvwdmcpl.dll
[2009.05.13 16:53:45 | 001,503,232 | ---- | C] () -- C:\Windows\System32\nView.dll
[2009.05.13 16:53:45 | 001,101,824 | ---- | C] () -- C:\Windows\System32\nvwimg.dll
[2009.05.13 16:53:45 | 000,466,944 | ---- | C] () -- C:\Windows\System32\nvShell.dll
[2007.10.25 18:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007.05.09 20:35:54 | 000,057,126 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2007.01.10 08:44:26 | 001,457,024 | R--- | C] () -- C:\Windows\System32\SSCProt.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
< End of report >
--- --- ---



Extras.Txt
[CODE]
OTL Logfile:
Code:
OTL Extras logfile created on: 10.08.2010 13:33:38 - Run 1
OTL by OldTimer - Version 3.2.9.1    Folder = C:\Users\AngeDeDiable\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 135,05 Gb Total Space | 30,32 Gb Free Space | 22,45% Space Free | Partition Type: NTFS
Drive D: | 12,04 Gb Total Space | 7,18 Gb Free Space | 59,63% Space Free | Partition Type: NTFS
Drive E: | 1,95 Gb Total Space | 1,73 Gb Free Space | 88,57% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 14,89 Gb Total Space | 14,83 Gb Free Space | 99,56% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded
 
Computer Name: ANGEDEDIABLE-PC
Current User Name: AngeDeDiable
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.scr [@ = imosActScriptFile] -- "%windir%\system32\notepad.exe" "%1"
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [TVersity] -- "C:\Users\AngeDeDiable\AppData\Local\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{27D6D1E0-9176-43DD-A6CC-B372BBB25FF9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2C483E7D-90ED-4B2F-A58A-A33AA606B5A7}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2E2676A6-1E5D-4061-ABE8-0628C9168702}" = lport=2869 | protocol=6 | dir=in | app=system |
"{461A1B19-2B60-483A-BE41-319136D7D672}" = lport=445 | protocol=6 | dir=in | app=system |
"{4E375748-A2A3-4770-88DE-7BD87118E7E4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6762DFB9-9028-4C04-BB35-907EC3D8EE3C}" = lport=139 | protocol=6 | dir=in | app=system |
"{69BDA49B-4408-4EEA-8811-ECC9EA5430C7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9D30EBF9-CC8F-40D0-9E43-05EC292BC272}" = rport=445 | protocol=6 | dir=out | app=system |
"{BB51B3AC-0C8E-4931-8496-528091EF8DB1}" = lport=41952 | protocol=6 | dir=in | name=medienserver |
"{BC907BB8-C96F-4431-B85E-365B6C1334D1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C463E8BA-A415-41CC-BCAB-EB24232BA9B0}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{CCC47A7E-D690-427A-BC63-0A2EDD60E45A}" = lport=137 | protocol=17 | dir=in | app=system |
"{D0A79390-FFFA-4446-A2FE-318CA30EC3F2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D0B987E7-A910-41E9-BB40-405C2FD0ECA9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D0EB68B4-3AD7-44D9-B51E-9977E50BF7CF}" = rport=138 | protocol=17 | dir=out | app=system |
"{D4781EC6-FFBF-4284-82ED-7BD159B64B9A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{DD608E85-DE38-4DC5-9F93-A5A3487703AE}" = rport=139 | protocol=6 | dir=out | app=system |
"{E432693D-9C03-4B86-BDD5-2188813B6C36}" = lport=138 | protocol=17 | dir=in | app=system |
"{F9A09998-3A77-44D2-A5FC-4D3718BE8BD7}" = rport=137 | protocol=17 | dir=out | app=system |
"{FBF413DD-0655-488D-9029-70C009052627}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{FE0A8E97-9ACB-45CF-B6C3-13D2C3A53BF3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06485A1C-200A-41E7-BE94-60208D2CFB60}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{19419217-31E0-40AA-A8E7-FD333ED8B86E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1D2A5A10-0181-4E51-9B45-5D4CB789BC06}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{224CF96F-5B4C-44E1-870E-F0AE0CA62CC8}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{266F571F-BCDB-48A4-8DB1-2D9E5800007F}" = protocol=6 | dir=in | app=c:\users\angedediable\appdata\local\tversity\media server\mediaserver.exe |
"{27FC06A5-76D5-4C9E-AA83-E24953A484D9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{3BE6027E-645E-4F7A-BE70-73D580DC63B6}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\monitor.exe |
"{41C4710B-4C05-4EC6-824A-5580DA3D25C6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{435E13F1-E6E6-4B32-A2C6-1DC7C08B34D9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4FCAA873-C43F-46F6-A8C6-C6791B368F77}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{5228A141-D092-4690-BF23-1A20CF115532}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{649ED429-88E8-4278-8D46-617DCEF279F9}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\server.exe |
"{669C8D65-D622-4800-90FC-9E343992999D}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{68EC42C4-832F-405E-923E-B2243E171EAA}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\manager.exe |
"{6AAC27C9-D887-4BC0-BCC8-E990AE42BB97}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{6FBB7AB8-783B-4EF2-B701-299905A946B7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7E82D6AB-EDA6-499E-979E-5C307F6D2F28}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{9A0F0201-0F10-4085-89E7-A5C3BDB8344B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9D062237-FB84-4802-9A84-8CF08745ABF1}" = protocol=17 | dir=in | app=c:\users\angedediable\appdata\local\tversity\media server\mediaserver.exe |
"{BF70814A-C1B8-4469-B8B5-78F418451967}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{C0BEAFB1-334D-4797-807D-BEBEAE0DE3AB}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\server.exe |
"{C4BED522-206C-4DD4-9B48-4F24DA9977CA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{CC15708B-76D4-4114-A6DF-07F603A24BC2}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\monitor.exe |
"{D63EAD06-22BC-40A7-B7EF-6FEC665C4020}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D9944AE9-F4AC-456D-94AD-BAA9375E50F2}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{E134FF62-F8C2-4E58-B439-985FBEA1C216}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EDEF626B-FB23-41C4-B958-4095CA681565}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{F29FB3DF-D8EF-45A9-A022-099BB0273C87}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{FAD5BA17-5B5A-4C04-96F2-12540F7E3530}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{FB727D74-464C-411A-B17C-AC4CBEB1760A}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\manager.exe |
"TCP Query User{01184BAD-5B0D-4679-B7F6-77B0C467CF96}C:\hettich_katalog\catalogue\java\bin\java.exe" = protocol=6 | dir=in | app=c:\hettich_katalog\catalogue\java\bin\java.exe |
"TCP Query User{1F4EAA61-7103-4D2F-B141-AE1A1DBAAD50}C:\imos\bin\imos.exe" = protocol=6 | dir=in | app=c:\imos\bin\imos.exe |
"TCP Query User{3709324A-34E5-4B1E-8703-B660AEA5190D}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{4B611BF9-6510-4137-861D-52E86AF1A108}C:\program files\java\jre1.6.0\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0\bin\javaw.exe |
"TCP Query User{51D6B452-7A12-4FDD-983C-852E1363C165}C:\imos\bin\imos.exe" = protocol=6 | dir=in | app=c:\imos\bin\imos.exe |
"TCP Query User{764A3DA8-477F-4FBF-BE23-328B27314444}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{7680DD9A-2D3A-45AD-8BA7-E69327729E71}C:\users\angedediable\appdata\local\temp\rar$ex00.943\ftpserver.exe" = protocol=6 | dir=in | app=c:\users\angedediable\appdata\local\temp\rar$ex00.943\ftpserver.exe |
"TCP Query User{91647369-B0D5-4DC6-B6EC-E4A753838D57}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{9AB0E968-6404-4B46-8460-BA23A1DDE181}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{D3A74659-3C60-4E42-AB04-08B7CAF5AEFC}C:\program files\provendis software\pv planer 3.1\pvplaner.exe" = protocol=6 | dir=in | app=c:\program files\provendis software\pv planer 3.1\pvplaner.exe |
"TCP Query User{DACDA820-A906-4751-A3F2-CF213F883F8C}C:\program files\java\jre1.6.0\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0\bin\javaw.exe |
"UDP Query User{04330216-ACF3-49B5-89BD-EBE1E8816C46}C:\program files\java\jre1.6.0\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0\bin\javaw.exe |
"UDP Query User{1BAB12B2-A51F-421D-9008-03EC8C22158B}C:\hettich_katalog\catalogue\java\bin\java.exe" = protocol=17 | dir=in | app=c:\hettich_katalog\catalogue\java\bin\java.exe |
"UDP Query User{35FCFA5B-F3EC-45A0-98AF-4E9E3A0878F3}C:\imos\bin\imos.exe" = protocol=17 | dir=in | app=c:\imos\bin\imos.exe |
"UDP Query User{52F56F5D-EA8C-44E1-A744-B5B62F1E2966}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{75F3040C-3E98-4B99-BDE2-DE4C69CBB781}C:\users\angedediable\appdata\local\temp\rar$ex00.943\ftpserver.exe" = protocol=17 | dir=in | app=c:\users\angedediable\appdata\local\temp\rar$ex00.943\ftpserver.exe |
"UDP Query User{8AAF6FCF-3D0F-4F5B-84D3-03033D58A23B}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{9B310CD4-60CE-4D27-889A-F7E572267BF5}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{AA95E0B6-A441-4F52-89C2-648E4ECD3270}C:\imos\bin\imos.exe" = protocol=17 | dir=in | app=c:\imos\bin\imos.exe |
"UDP Query User{B7517FD7-F052-494C-A131-1B3E3B9D4A9F}C:\program files\java\jre1.6.0\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0\bin\javaw.exe |
"UDP Query User{C6EEE245-E787-49BD-A490-FAB95B9C6468}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{CEA24F36-D7F4-48A6-83F8-97F3D1386371}C:\program files\provendis software\pv planer 3.1\pvplaner.exe" = protocol=17 | dir=in | app=c:\program files\provendis software\pv planer 3.1\pvplaner.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01107B22-152B-40D7-8CC5-51A7C866B26F}" = Hettich Katalog imos 9.0
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1E9A9E08-0366-45EE-9B66-51852F8D9812}" = Open Workbench
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (IMOS)
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{342F5437-C87D-4BB5-89B9-B23E16C6A395}" = Microsoft Visual C++ 8.0 Support DLLs
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D347E6D-5A03-0407-B5BA-6A771885F379}" = Backburner
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup & Recovery Manager
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{450063AA-643B-417C-8CF5-405BA3F4EF40}" = Autodesk Design Review 2009
"{4C0A8D65-4286-4B58-87FE-18AD24289285}" = NVIDIA Performance Drivers
"{4D4C7CA5-3912-40A3-94BF-9B8089188A7A}" = FRITZBox Anrufmonitor
"{4ECA4128-8B48-44A0-90E8-B93C6A69CE4B}" = LightScribe Template Designs - Music Pack 1
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{5783F2D7-7001-0407-0002-0060B0CE6BBA}" = AutoCAD 2009 - Deutsch
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74747EF3-657F-409F-8ABE-A5DC9FC3492B}" = imos 9.0 OEM SR1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C8B5E63-821A-4DFB-BDFA-19854D88EC5C}" = 3dsmax ancillary install
"{7FD71A9E-C4D3-42ED-A998-CDA8290C39A3}" = LightScribe Template Labeler
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}" = Ulead VideoStudio SE DVD
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95E1E426-EE9E-4F68-8F02-58A5A09B38F3}" = Rhinoceros 4.0 Testversion
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A8F1CA85-C713-4B1F-B3B4-B2B7A6824146}" = LightScribe System Software
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AD483998-2E9A-4405-83FF-6E503AF49CBB}" = Microsoft Virtual PC 2007 SP1
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C2725D84-AF44-4EA7-AD2F-3C2BF484F540}" = HP Performance Tuning Framework
"{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}" = Vodafone Mobile Connect Lite
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D761BBA0-FBDD-4E81-96E1-43B957D91BD8}" = LightScribe Template Designs - Quick and Simple Pack 1
"{E337B156-DF81-48D8-8977-B1574EE87BCF}" = USB2.0 Capture Device
"{E86AA946-5CE2-4C21-B660-D2C186B6FDB3}" = Broadcom Management Programs
"{EC2A8F27-4FBF-4E41-B27B-FE822511B761}" = iTunes
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F82E9B29-EE4B-418F-9CA4-A70DA610553D}" = LightScribe Template Designs - Street Style Pack 1
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom NetXtreme Ethernet Controller
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows-Treiberpaket - MobileTop (sshpmdm) Modem  (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows-Treiberpaket - MobileTop (sshpusb) USB  (02/23/2007 2.5.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AFPL Ghostscript 8.53" = AFPL Ghostscript 8.53
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"AutoCAD 2009 - Deutsch" = AutoCAD 2009 - Deutsch
"Autodesk Design Review 2009" = Autodesk Design Review 2009
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"Casino.com" = Casino.com
"CINEMA 4D Release 10" = CINEMA 4D Release 10
"DDA23392-9C73-4909-A221-BC12C6D2664D" = GmoteServer
"DeskProto 5.0 Trial_is1" = DeskProto 5.0 Trial
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"E24870CB6AA1C3511635FF9020A3E9471287FBE7" = Windows-Treiberpaket - MobileTop (sshpmdm) Modem  (01/26/2008 2.6.0.0)
"ffdshow" = ffdshow (remove only)
"ffdshow_is1" = ffdshow [rev 1723] [2007-12-24]
"fpdfwatermark" = FreePDF XP Watermarker
"Free Screen To Video_is1" = Free Screen To Video V 1.2
"FreePDF_XP" = FreePDF (Remove only)
"HxD Hex Editor_is1" = HxD Hex Editor Version 1.7.7.0
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
"NVIDIA Autodesk AutoCAD 2009 Performance Driver" = NVIDIA Performance Driver for Autodesk AutoCAD 2009
"NVIDIA Drivers" = NVIDIA Drivers
"nView Desktop Manager" = NVIDIA nView Desktop Manager
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"PDF Complete" = PDF Complete
"Provendis MerkFixx" = Provendis MerkFixx
"Provendis Planer 3.1" = PV Planer 3.1
"RealPlayer 12.0" = RealPlayer
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"TeamViewer 5" = TeamViewer 5
"TVersity Codec Pack" = TVersity Codec Pack 1.2
"TVersity Media Server" = TVersity Media Server 1.7.2.1 Beta
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Xvid_is1" = Xvid 1.2.2 final uninstall
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MANSION Casino" = MansionCasino
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 10.08.2010 02:07:10 | Computer Name = AngeDeDiable-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 10.08.2010 02:08:28 | Computer Name = AngeDeDiable-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 10.08.2010 02:17:23 | Computer Name = AngeDeDiable-PC | Source = VSS | ID = 12289
Description =
 
Error - 10.08.2010 02:17:26 | Computer Name = AngeDeDiable-PC | Source = VSS | ID = 12289
Description =
 
Error - 10.08.2010 02:17:26 | Computer Name = AngeDeDiable-PC | Source = VSS | ID = 12289
Description =
 
Error - 10.08.2010 02:17:32 | Computer Name = AngeDeDiable-PC | Source = VSS | ID = 12289
Description =
 
Error - 10.08.2010 06:33:00 | Computer Name = AngeDeDiable-PC | Source = Avira AntiVir | ID = 4122
Description = Die Datei AVPREF.DLL konnte nicht geladen werden.  Fehlercode: 0x45a
 
Error - 10.08.2010 06:33:01 | Computer Name = AngeDeDiable-PC | Source = SQLBrowser | ID = 5111809
Description = The SQL configuration for SQL is inaccessible or invalid.
 
Error - 10.08.2010 06:33:03 | Computer Name = AngeDeDiable-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 10.08.2010 06:34:11 | Computer Name = AngeDeDiable-PC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 06.02.2010 13:04:03 | Computer Name = AngeDeDiable-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
 
Error - 06.02.2010 13:05:10 | Computer Name = AngeDeDiable-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 07.02.2010 01:32:25 | Computer Name = AngeDeDiable-PC | Source = VDS Dynamic Provider | ID = 16908298
Description =
 
Error - 07.02.2010 01:32:37 | Computer Name = AngeDeDiable-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
 
Error - 07.02.2010 01:33:49 | Computer Name = AngeDeDiable-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 15.02.2010 09:47:09 | Computer Name = AngeDeDiable-PC | Source = VDS Dynamic Provider | ID = 16908298
Description =
 
Error - 15.02.2010 09:47:25 | Computer Name = AngeDeDiable-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
 
Error - 15.02.2010 09:47:50 | Computer Name = AngeDeDiable-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 17.02.2010 03:52:58 | Computer Name = AngeDeDiable-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
 
Error - 17.02.2010 03:53:22 | Computer Name = AngeDeDiable-PC | Source = Service Control Manager | ID = 7026
Description =
 
 
< End of report >
--- --- ---

cosinus 10.08.2010 19:55
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
O33 - MountPoints2\{3239cac8-93ef-11de-860c-001f29014938}\Shell - "" = AutoRun
O33 - MountPoints2\{3239cac8-93ef-11de-860c-001f29014938}\Shell\AutoRun\command - "" = I:\PdtStart.exe -- File not found
O33 - MountPoints2\{4b50889d-c165-11de-bbee-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4b50889d-c165-11de-bbee-806e6f6e6963}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{4b5088cc-c165-11de-bbee-001f29014938}\Shell - "" = AutoRun
O33 - MountPoints2\{4b5088cc-c165-11de-bbee-001f29014938}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{4b5088ce-c165-11de-bbee-001f29014938}\Shell - "" = AutoRun
O33 - MountPoints2\{4b5088ce-c165-11de-bbee-001f29014938}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{4b5088d0-c165-11de-bbee-001f29014938}\Shell - "" = AutoRun
O33 - MountPoints2\{4b5088d0-c165-11de-bbee-001f29014938}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{5cbef484-bfea-11de-9eaa-001f29014938}\Shell - "" = AutoRun
O33 - MountPoints2\{5cbef484-bfea-11de-9eaa-001f29014938}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{cc184548-44d1-11df-a6e7-001f29014938}\Shell - "" = AutoRun
O33 - MountPoints2\{cc184548-44d1-11df-a6e7-001f29014938}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe -- File not found
[2010.08.08 19:10:24 | 000,000,000 | ---D | C] -- C:\Users\AngeDeDiable\AppData\Local\rsdfmlmat
[2010.08.08 19:10:05 | 000,000,000 | -HSD | C] -- C:\Users\AngeDeDiable\AppData\Roaming\lowsec
[2010.08.08 19:08:59 | 000,000,000 | ---D | C] -- C:\Users\AngeDeDiable\AppData\Roaming\A65CBF341FA096891D5DD98DB4456A3F
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann auf den Button Run Fixes!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

AngeDeDiable 11.08.2010 20:35
Hallo Arne,

hier die das Logfile

Code:
All processes killed
========== OTL ==========
Service NwlnkFwd stopped successfully!
Service NwlnkFwd deleted successfully!
File  C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found not found.
Service NwlnkFlt stopped successfully!
Service NwlnkFlt deleted successfully!
File  C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found not found.
Service IpInIp stopped successfully!
Service IpInIp deleted successfully!
File  C:\Windows\System32\DRIVERS\ipinip.sys File not found not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3239cac8-93ef-11de-860c-001f29014938}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3239cac8-93ef-11de-860c-001f29014938}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3239cac8-93ef-11de-860c-001f29014938}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3239cac8-93ef-11de-860c-001f29014938}\ not found.
File I:\PdtStart.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b50889d-c165-11de-bbee-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4b50889d-c165-11de-bbee-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b50889d-c165-11de-bbee-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4b50889d-c165-11de-bbee-806e6f6e6963}\ not found.
File I:\setup_vmc_lite.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b5088cc-c165-11de-bbee-001f29014938}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4b5088cc-c165-11de-bbee-001f29014938}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b5088cc-c165-11de-bbee-001f29014938}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4b5088cc-c165-11de-bbee-001f29014938}\ not found.
File G:\setup_vmc_lite.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b5088ce-c165-11de-bbee-001f29014938}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4b5088ce-c165-11de-bbee-001f29014938}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b5088ce-c165-11de-bbee-001f29014938}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4b5088ce-c165-11de-bbee-001f29014938}\ not found.
File G:\setup_vmc_lite.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b5088d0-c165-11de-bbee-001f29014938}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4b5088d0-c165-11de-bbee-001f29014938}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b5088d0-c165-11de-bbee-001f29014938}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4b5088d0-c165-11de-bbee-001f29014938}\ not found.
File G:\setup_vmc_lite.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5cbef484-bfea-11de-9eaa-001f29014938}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5cbef484-bfea-11de-9eaa-001f29014938}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5cbef484-bfea-11de-9eaa-001f29014938}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5cbef484-bfea-11de-9eaa-001f29014938}\ not found.
File G:\setup_vmc_lite.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cc184548-44d1-11df-a6e7-001f29014938}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc184548-44d1-11df-a6e7-001f29014938}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cc184548-44d1-11df-a6e7-001f29014938}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc184548-44d1-11df-a6e7-001f29014938}\ not found.
File H:\setup_vmc_lite.exe not found.
C:\Users\AngeDeDiable\AppData\Local\rsdfmlmat folder moved successfully.
C:\Users\AngeDeDiable\AppData\Roaming\lowsec folder moved successfully.
C:\Users\AngeDeDiable\AppData\Roaming\A65CBF341FA096891D5DD98DB4456A3F folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]

cosinus 11.08.2010 21:16
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

AngeDeDiable 11.08.2010 22:32
hallo Arne,

habe alles wie beschrieben ausgeführt, hier das Logfile

Code:
ComboFix 10-08-11.04 - AngeDeDiable 11.08.2010  23:15:49.1.4 - x86
Microsoft® Windows Vista™ Business  6.0.6002.2.1252.49.1031.18.3326.2225 [GMT 2:00]
ausgeführt von:: c:\users\AngeDeDiable\Desktop\cofi.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_osppsvc


(((((((((((((((((((((((  Dateien erstellt von 2010-07-11 bis 2010-08-11  ))))))))))))))))))))))))))))))
.

2010-08-11 21:06 . 2010-08-11 21:06        --------        d-----w-        c:\program files\CCleaner
2010-08-11 19:16 . 2010-08-11 19:16        --------        d-----w-        C:\_OTL
2010-08-10 10:34 . 2009-05-11 10:49        51992        ----a-w-        c:\windows\system32\drivers\avgntdd.sys
2010-08-10 10:34 . 2009-05-11 10:49        17016        ----a-w-        c:\windows\system32\drivers\avgntmgr.sys
2010-08-10 06:17 . 2010-08-10 06:17        --------        d-----w-        C:\avrescue
2010-08-09 22:04 . 2010-08-09 22:04        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2010-08-08 23:13 . 2010-08-08 23:13        --------        d-----w-        c:\users\AngeDeDiable\AppData\Roaming\Avira
2010-08-08 23:10 . 2010-08-08 23:10        --------        d-----w-        c:\programdata\Avira(1)
2010-08-08 23:10 . 2010-08-08 23:10        --------        d-----w-        c:\program files\Avira(0)
2010-08-08 21:57 . 2010-08-08 21:57        --------        d-----w-        c:\users\AngeDeDiable\AppData\Roaming\Malwarebytes
2010-08-08 21:57 . 2010-08-08 21:57        --------        d-----w-        c:\programdata\Malwarebytes
2010-08-08 20:07 . 2010-08-08 20:13        --------        d---a-w-        C:\.Trash-500
2010-08-08 19:33 . 2010-08-08 19:33        --------        d---a-w-        C:\DesinfectLogs
2010-08-02 19:24 . 2010-04-09 12:35        73728        ----a-w-        c:\windows\system\vdremote.dll
2010-08-02 19:24 . 2010-04-09 12:34        65536        ----a-w-        c:\windows\system\vdsvrlnk.dll
2010-07-30 18:58 . 2010-07-30 19:11        --------        d-----w-        c:\users\AngeDeDiable\AppData\Roaming\FreeScreenToVideo
2010-07-30 18:58 . 2010-07-30 18:58        --------        d-----w-        c:\program files\Free Screen To Video
2010-07-23 21:27 . 2010-07-23 21:27        --------        d-----w-        c:\program files\QS
2010-07-23 20:50 . 2010-07-23 20:50        --------        d-----w-        c:\program files\TeamViewer
2010-07-22 19:36 . 2010-08-10 17:38        --------        d-----w-        c:\users\PearlWhip\AppData\Local\Microsoft Help
2010-07-21 17:33 . 2010-07-21 17:33        --------        d-----w-        c:\program files\Microsoft Analysis Services
2010-07-21 17:32 . 2010-07-21 17:32        --------        d-----w-        c:\users\AngeDeDiable\AppData\Local\Microsoft Help
2010-07-21 17:32 . 2010-07-22 01:00        --------        d-----w-        c:\programdata\Microsoft Help
2010-07-21 17:32 . 2010-07-21 17:32        --------        d-----r-        C:\MSOCache

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-11 19:23 . 2009-05-14 00:20        676888        ----a-w-        c:\windows\system32\perfh007.dat
2010-08-11 19:23 . 2009-05-14 00:20        144246        ----a-w-        c:\windows\system32\perfc007.dat
2010-08-11 07:44 . 2010-02-17 17:38        --------        d-----w-        c:\users\PearlWhip\AppData\Roaming\Skype
2010-08-11 07:16 . 2010-02-17 17:43        --------        d-----w-        c:\users\PearlWhip\AppData\Roaming\skypePM
2010-08-10 16:56 . 2010-07-03 19:25        680        ----a-w-        c:\users\PearlWhip\AppData\Local\d3d9caps.dat
2010-08-10 11:31 . 2009-11-18 20:14        --------        d-----w-        c:\programdata\Ulead Systems
2010-08-10 11:31 . 2009-11-11 21:17        --------        d-----w-        c:\program files\GmoteServer
2010-08-10 11:31 . 2009-11-09 18:16        --------        d-----w-        c:\program files\TVersity Codec Pack
2010-08-10 11:30 . 2009-12-26 18:47        --------        d-----w-        c:\programdata\Avira
2010-08-10 11:30 . 2009-12-26 18:47        --------        d-----w-        c:\program files\Avira
2010-08-09 04:05 . 2009-11-11 21:17        --------        d--h--w-        c:\program files\InstallJammer Registry
2010-08-02 22:05 . 2010-02-18 11:47        --------        d-----w-        c:\users\AngeDeDiable\AppData\Roaming\Skype
2010-08-02 22:05 . 2010-02-21 16:32        --------        d-----w-        c:\users\AngeDeDiable\AppData\Roaming\skypePM
2010-07-23 20:54 . 2009-11-15 13:27        --------        d-----w-        c:\users\AngeDeDiable\AppData\Roaming\TeamViewer
2010-07-21 17:50 . 2009-10-30 23:24        124296        ----a-w-        c:\users\PearlWhip\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-21 17:48 . 2009-08-24 19:44        124296        ----a-w-        c:\users\AngeDeDiable\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-21 17:35 . 2009-10-28 19:35        --------        d-----w-        c:\program files\Microsoft.NET
2010-07-14 06:49 . 2006-11-02 11:18        --------        d-----w-        c:\program files\Windows Mail
2010-07-07 19:17 . 2010-07-07 19:17        0        ---ha-w-        c:\windows\msds.dat
2010-07-07 19:17 . 2010-07-07 19:17        --------        d-----w-        c:\program files\DeskProto 5.0 Trial
2010-06-29 21:56 . 2010-06-29 21:56        400        ----a-w-        c:\windows\system32\drivers\eaxext_244.set
2010-06-29 21:56 . 2010-06-29 21:56        400        ----a-w-        c:\windows\system32\drivers\bcompbg792.dat
2010-06-29 21:56 . 2010-06-29 21:55        --------        d-----w-        c:\program files\Rhinoceros 4.0
2010-06-29 21:55 . 2010-06-29 21:55        --------        d-----w-        c:\program files\Common Files\McNeel Shared
2010-06-29 21:55 . 2010-06-29 21:55        --------        d-----w-        c:\programdata\McNeel
2010-06-15 17:02 . 2010-06-15 17:02        680        ----a-w-        c:\users\AngeDeDiable\AppData\Local\d3d9caps.dat
2010-06-14 17:53 . 2010-06-14 17:53        --------        d-----w-        c:\program files\Common Files\Skype
2010-05-26 17:06 . 2010-06-10 19:38        34304        ----a-w-        c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-10 19:38        289792        ----a-w-        c:\windows\system32\atmfd.dll
2010-05-21 12:14 . 2009-10-30 20:50        221568        ------w-        c:\windows\system32\MpSigStub.exe
2009-09-25 16:41 . 2009-09-25 16:41        1044480        ----a-w-        c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41        200704        ----a-w-        c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-14 00:25 . 2009-05-14 00:25        8192        --sha-w-        c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2010-02-28 00:20        561552        ----a-w-        c:\progra~1\MICROS~1\Office14\URLREDIR.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlay1EXL600]
@="{BF9B13E4-FE9B-4121-853F-866F4E9E2830}"
[HKEY_CLASSES_ROOT\CLSID\{BF9B13E4-FE9B-4121-853F-866F4E9E2830}]
2007-11-13 02:08        599552        ----a-w-        c:\windows\System32\FPAP-EXL600\FileptcIconOverlay.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-04-22 2363392]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2008-05-14 318488]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-11 13584928]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-11 92704]
"nwiz"="nwiz.exe" [2008-09-10 1657376]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-27 4702208]
"MbWzdFPAP-EXL600"="c:\windows\system32\FPAP-EXL600\PdtGuide.exe" [2007-12-05 1030656]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-08 305440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-31 198160]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2009-08-06 381440]
"UVS10 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe" [2006-08-09 36864]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-07-04 2072576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ST Recovery Launcher"="c:\windows\SMINST\launcher.exe" [2008-02-22 44168]

c:\users\PearlWhip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):91,ae,54,72,3b,87,ca,01

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [2009-05-14 25728]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-07-15 36608]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm.sys [2006-09-28 9472]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 MSSQL$IMOS;SQL Server (IMOS);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
S2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2008-09-10 3653632]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2008-05-14 576024]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-07-04 14336]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-09-17 180736]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork        REG_MULTI_SZ          PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-04-22 11:09        451872        ----a-w-        c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners

2010-08-11 c:\windows\Tasks\User_Feed_Synchronization-{CCA8D50B-F3C8-4177-8E78-B20CEBC99C04}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:25]

2010-08-11 c:\windows\Tasks\User_Feed_Synchronization-{FD26FCD1-C73C-4683-9195-ED5C104DEBBF}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:25]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.babylon.com/home
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\AngeDeDiable\AppData\Roaming\Mozilla\Firefox\Profiles\ubcxrprg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.de
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\users\AngeDeDiable\AppData\Roaming\Mozilla\Firefox\Profiles\ubcxrprg.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll
FF - plugin: c:\progra~1\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
.
.
------- Dateityp-Verknüpfung -------
.
.scr=imosActScriptFile
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-NVIDIA Autodesk AutoCAD 2009 Performance Driver - c:\program files\AutoCAD 2009\drv\nvunin.exe ACAD NVIDIA Autodesk AutoCAD 2009 Performance Driver Software\Autodesk\AutoCAD\R17.2\ACAD-7001:407\



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-08-11 23:22
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(2220)
c:\windows\System32\FPAP-EXL600\FileptcIconOverlay.dll
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\System32\StkASv2K.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\UTSCSI.EXE
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conime.exe
c:\windows\SMINST\scheduler.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-08-11  23:25:12 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-08-11 21:25

Vor Suchlauf: 15 Verzeichnis(se), 36.760.342.528 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 36.540.514.304 Bytes frei

- - End Of File - - FA26AD2D461D2BC4091217D30C3FBC9C

Gruß Mathias

cosinus 12.08.2010 08:53
Zitat:
C:\.Trash-500
Kennst Du diesen Ordner?

Bitte Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.
Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.

AngeDeDiable 13.08.2010 22:09
Liste der Anhänge anzeigen (Anzahl: 1)
Hi,

den Ordner kenne ich so nicht. Ich habe ihn jetzt zum ersten mal gesehen weil du es geschrieben hattest.

Habe alles so ausgeführt wie beschrieben.
Bei GMER weiß ich nicht genau ob der jetzt fertig war oder nicht. Er hat dann nichts mehr gescannt aber vonwegen er sei fertig ist auch nichts gekommen.
Hier das Logfiel

Code:
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-08-13 22:48:59
Windows 6.0.6002 Service Pack 2
Running: ex4s45wh.exe; Driver: C:\Users\ANGEDE~1\AppData\Local\Temp\fwxirpog.sys


---- Kernel code sections - GMER 1.0.15 ----

.text                                                                                                                                C:\Windows\system32\DRIVERS\nvlddmkm.sys  section is writeable [0x8EC00320, 0x3E05F7, 0xE8000020]
.text                                                                                                                                C:\Windows\system32\drivers\hardlock.sys  section is writeable [0x9FE0D400, 0x87EE2, 0xE8000020]
.protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0x9FEB1620]  C:\Windows\system32\drivers\hardlock.sys  entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0x9FEB1620]
.protectÿÿÿÿhardlockunknown last code section [0x9FEB1400, 0x5126, 0xE0000020]                                                        C:\Windows\system32\drivers\hardlock.sys  unknown last code section [0x9FEB1400, 0x5126, 0xE0000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice                                                                                                                        \FileSystem\fastfat \Fat                  fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice                                                                                                                        \FileSystem\fastfat \Fat                  fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Disk sectors - GMER 1.0.15 ----

Disk                                                                                                                                  \Device\Harddisk0\DR0                    sector 02: copy of MBR

---- EOF - GMER 1.0.15 ----

OSAM habe so durchgemacht wie bei dem Post beschrieben bis zu Punkt 10 (Logfile posten)

Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 22:58:23 on 13.08.2010

OS: Windows Vista Business Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.5.11

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"BACSCPL.cpl" - ? - C:\Windows\system32\BACSCPL.cpl
"bdeadmin.cpl" - ? - C:\Windows\system32\bdeadmin.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\Windows\system32\javacpl.cpl
"nView.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nView.cpl
"plotman.cpl" - "Autodesk, Inc." - C:\Windows\system32\plotman.cpl
"styleman.cpl" - "Autodesk, Inc." - C:\Windows\system32\styleman.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\cofi\catchme.sys  (File not found)
"FsUsbExDisk" (FsUsbExDisk) - ? - C:\Windows\system32\FsUsbExDisk.SYS  (File found, but it contains no detailed information)
"fwxirpog" (fwxirpog) - ? - C:\Users\ANGEDE~1\AppData\Local\Temp\fwxirpog.sys  (Hidden registry entry, rootkit activity | File not found)
"PdaNet Modem" (pnetmdm) - "June Fabrics Technology" - C:\Windows\System32\DRIVERS\pnetmdm.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"Syntek STK1150" (StkAMini) - "Syntek America Inc." - C:\Windows\System32\Drivers\StkAMini.sys
"Syntek STK1150 Filter Driver" (StkScan) - "Syntek America Inc." - C:\Windows\System32\Drivers\StkScan.sys
"Virtual Machine Monitor" (vmm) - "Microsoft Corporation" - C:\Windows\system32\Drivers\vmm.sys
"WimFltr" (WimFltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\wimfltr.sys

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{8A0BC933-7552-42E2-A228-3BE055777227} "AcColumnHandler" - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{8A0BC933-7552-42E2-A228-3BE055777227} "AcColumnHandler" - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll
{ADC46291-D8A1-4486-A24C-86FFB392AEFA} "AcDgnImageExtractor" - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\AcDgnCOM17.dll
{5800AD5B-72C1-477B-9A08-CA112DF06D97} "AcInfoTipHandler" - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll
{36A21736-36C2-4C11-8ACB-D4136F2B57BD} "AcSignIcon" - "Autodesk, Inc." - C:\Windows\system32\AcSignIcon.dll
{AC1DB655-4F9A-4c39-8AD2-A65324A4C446} "ACTHUMBNAIL" - "Autodesk, Inc." - C:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcThumbnail16.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\Windows\System32\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\Windows\System32\nvshell.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\Windows\System32\nvshell.dll
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{7F67036B-66F1-411A-AD85-759FB9C5B0DB} "ShellViewRTF" - "XSS" - C:\Windows\System32\ShellvRTF.dll
{DBD8E168-244D-448C-9922-25508950D1DC} "USIShellExt Class" - "Ulead Systems, Inc." - C:\Program Files\Common Files\Ulead Systems\DVD\USIShex.dll
{8932AEFE-9DB6-4f43-AFB2-5682F55E773A} "VPCHostCopyHook" - "Microsoft Corporation" - C:\Program Files\Microsoft Virtual PC\VPCShExH.DLL
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} "Java Plug-in 1.6.0" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} "ClsidExtension" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
"ICQ6" - "ICQ, LLC." - C:\Program Files\ICQ6.5\ICQ.exe
{FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "SSVHelper Class" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -  (File not found | COM-object registry key not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\AngeDeDiable\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"LightScribe Control Panel" - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
"Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"FreePDF Assistant" - "shbox.de" - C:\Program Files\FreePDF_XP\fpassist.exe
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"MbWzdFPAP-EXL600" - ? - C:\Windows\system32\FPAP-EXL600\PdtGuide.exe
"MobileConnect" - "Vodafone" - %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
"nwiz" - "NVIDIA Corporation" - nwiz.exe /install
"PDF Complete" - "PDF Complete Inc" - C:\Program Files\PDF Complete\pdfsty.exe
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"TkBellExe" - "RealNetworks, Inc." - "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
"UVS10 Preload" - "Ulead Systems, Inc." - C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce )-----
"ST Recovery Launcher" - "soft thinks" - %WINDIR%\SMINST\launcher.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"avm:" - "AVM Berlin GmbH" - C:\Windows\system32\avmprmon.dll
"PDFC" - "PDF Complete, Inc." - C:\Windows\system32\pdfc_port.dll
"Redirected Port" - ? - C:\Windows\system32\redmonnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
"Autodesk Licensing Service" (Autodesk Licensing Service) - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Bonjour-Dienst" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"CLCV0" (UTSCSI) - ? - C:\Windows\system32\UTSCSI.EXE
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"NVIDIA Performance Driver Service" (NVIDIA Performance Driver Service) - ? - C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"PDF Document Manager" (pdfcDispatcher) - "PDF Complete Inc" - C:\Program Files\PDF Complete\pdfsvc.exe
"ServiceLayer" (ServiceLayer) - "Nokia." - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
"SQL Server (IMOS)" (MSSQL$IMOS) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
"SQL Server Browser" (SQLBrowser) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
"Syntek STK1150 Service" (StkASSrv) - "Syntek America Inc." - C:\Windows\System32\StkASv2K.exe
"TeamViewer 5" (TeamViewer5) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
"Ulead Burning Helper" (UleadBurningHelper) - "Ulead Systems, Inc." - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
"Vodafone Mobile Connect Service" (VMCService) - "Vodafone" - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
Bei der remover.exe hat er glaub ich garnichts gemacht.
Ich habe es als Admin gestartet kam kurz ein fenster und das wars im Anhang ein screenshot.

Gruß Mathias

cosinus 14.08.2010 17:06
Das sieht ok aus. Was ist in diesem Trash500 Ordner drin?

AngeDeDiable 14.08.2010 21:12
Nur 3 leere Unterordner
expunged
files
info

cosinus 15.08.2010 00:00
Dann benenn ihn erstmal nur um und trash500.bak oder so.

Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

AngeDeDiable 15.08.2010 20:03
Log Malwarebytes
Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4432

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

15.08.2010 16:26:39
mbam-log-2010-08-15 (16-26-39).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 361618
Laufzeit: 37 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Casino\MansionCasino\_SetupMANSIONCasino_2bc6d5.exe (Adware.Casino) -> Quarantined and deleted successfully.
Log SASW
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 08/15/2010 at 06:46 PM

Application Version : 4.41.1000

Core Rules Database Version : 5359
Trace Rules Database Version: 3171

Scan type      : Complete Scan
Total Scan Time : 01:20:02

Memory items scanned      : 729
Memory threats detected  : 0
Registry items scanned    : 9769
Registry threats detected : 0
File items scanned        : 223204
File threats detected    : 1

Adware.Vundo/Variant-X32[Header]
        C:\PROGRAM FILES\FIREBIRD\FIREBIRD_1_5\UDF\FREEADHOCUDF_BORC5_32.DLL
Gruß Mathias

cosinus 15.08.2010 20:15
Sieht ok aus. Der Fund in Firebird sieht nach einem Fehlalarm aus.
Noch weitere Probleme oder Funde?

AngeDeDiable 15.08.2010 20:19
Nur noch Mansion Casino aber das denke ich ist auch Fehlalarm das ist ja nur das OnlineCasino.
Sonst läuft alles ohne Probleme.


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:48 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19