TR/Vundo.gen löschen |
||
---|---|---|
#0
| ||
29.01.2007, 19:59
Member
Beiträge: 19 |
||
|
||
30.01.2007, 01:32
Ehrenmitglied
Beiträge: 29434 |
#2
Tinwian
Avenger http://virus-protect.org/artikel/tools/avenger.html kopiere rein: Zitat Registry values to delete:Klicke die gruene Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
30.01.2007, 18:22
Member
Themenstarter Beiträge: 19 |
#3
Also ich weiß nich, ob das Logfile noch benötigt wird, aber ich post es mal:
Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\ngfyvjtm ******************* Script file located at: \??\E:\WINDOWS\qsfkncvd.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at E:\Avenger ******************* Beginning to process script file: File E:\WINDOWS\system32\ddccayw.dll deleted successfully. File E:\WINDOWS\system32\winxtx32.dll not found! Deletion of file E:\WINDOWS\system32\winxtx32.dll failed! Could not process line: E:\WINDOWS\system32\winxtx32.dll Status: 0xc0000034 Could not delete registry value HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{C1B4DEC2-2623-438e-9CA2-C9043AB28508} Deletion of registry value HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{C1B4DEC2-2623-438e-9CA2-C9043AB28508} failed! Status: 0xc0000034 Registry value HKLM\software\microsoft\windows\currentversion\explorer\shellexecutehooks|{C505F4FA-0AFD-4E83-B73E-5084E813154A} deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddccayw deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winxtx32 deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C1B4DEC2-2623-438e-9CA2-C9043AB28508} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C1B4DEC2-2623-438e-9CA2-C9043AB28508} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C505F4FA-0AFD-4E83-B73E-5084E813154A} deleted successfully. Registry key HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C505F4FA-0AFD-4E83-B73E-5084E813154A} not found! Deletion of registry key HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C505F4FA-0AFD-4E83-B73E-5084E813154A} failed! Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate. Hab mit AntiVir mal durchlaufen lassen und kam nix. Also vielen Dank für die Hilfe und Mühe. |
|
|
||
19.10.2009, 10:21
...neu hier
Beiträge: 9 |
#4
Hallo, habe auch das Problem, kann mir bitte jemand weiterhelfen?
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:18:31, on 19.10.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\ngvpnmgr.exe C:\Programme\ASUS\ASUS Data Security Manager\ADSMSrv.exe C:\Programme\ATKGFNEX\GFNEXSrv.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\Bonjour\mDNSResponder.exe C:\Programme\Intel\Wireless\Bin\EvtEng.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe C:\Programme\Microsoft SQL Server\MSSQL$PP40\Binn\sqlservr.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programme\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Programme\WAGO Software\CoDeSys ENI Server\ENI.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\sm56hlpr.exe C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Programme\ATK Hotkey\HcontrolUser.exe C:\Programme\ATK Hotkey\Hcontrol.exe C:\Programme\ATK Hotkey\MsgTranAgt.exe C:\Programme\ASUS\ATK Media\DMEDIA.EXE C:\Programme\ATKOSD2\ATKOSD2.exe C:\Programme\Wireless Console 2\wcourier.exe C:\Programme\ASUS\Splendid\ACMON.exe C:\Programme\ASUS\Net4Switch\Net4Switch.exe C:\Programme\ASUS\ASUS Live Update\ALU.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\ACEngSvr.exe C:\Programme\FreePDF_XP\fpassist.exe C:\Programme\ATK Hotkey\ATKOSD.exe C:\Programme\WAGO Software\CoDeSys ENI Server\ENISysTray.exe C:\Programme\3S CoDeSys\GatewayPLC\GatewaySysTray.exe C:\Programme\3S CoDeSys\GatewayPLC\CoDeSysSPSysTray.exe C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\Programme\ATK Hotkey\WDC.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\Java\jre6\bin\jusched.exe C:\Programme\Unlocker\UnlockerAssistant.exe C:\Programme\HTC\HTC Sync\Application Launcher\Application Launcher.exe C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe C:\Programme\Microsoft ActiveSync\wcescomm.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\MICROS~4\rapimgr.exe C:\Programme\Logitech\SetPoint\SetPoint.exe C:\Programme\Windows Desktop Search\WindowsSearch.exe C:\Programme\openoffice\OpenOffice.org 3\program\soffice.exe C:\Programme\openoffice\OpenOffice.org 3\program\soffice.bin C:\Programme\Gemeinsame Dateien\Teleca Shared\CapabilityManager.exe C:\Programme\Gemeinsame Dateien\Teleca Shared\logger.exe C:\Programme\iPod\bin\iPodService.exe C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe C:\Programme\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe C:\Programme\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe C:\Programme\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe C:\Programme\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe C:\Programme\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.inhaus-gmbh.de/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local> R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Programme\AskSearch\bin\DefaultSearch.dll O1 - Hosts: 89.163.145.235 www.party-games.org O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programme\TechSmith\SnagIt 7\SnagItBHO.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\TechSmith\SnagIt 7\SnagItIEAddin.dll O4 - HKLM\..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HControlUser] "C:\Programme\ATK Hotkey\HcontrolUser.exe" O4 - HKLM\..\Run: [ATKHOTKEY] "C:\Programme\ATK Hotkey\Hcontrol.exe" O4 - HKLM\..\Run: [MsgTranAgt] "C:\Programme\ATK Hotkey\MsgTranAgt.exe" O4 - HKLM\..\Run: [ATKMEDIA] C:\Programme\ASUS\ATK Media\DMEDIA.EXE O4 - HKLM\..\Run: [ATKOSD2] "C:\Programme\ATKOSD2\ATKOSD2.exe" O4 - HKLM\..\Run: [Wireless Console 2] "C:\Programme\Wireless Console 2\wcourier.exe" O4 - HKLM\..\Run: [ACMON] "C:\Programme\ASUS\Splendid\ACMON.exe" O4 - HKLM\..\Run: [Net4Switch] C:\Programme\ASUS\Net4Switch\Net4Switch.exe O4 - HKLM\..\Run: [ASUS Live Update] C:\Programme\ASUS\ASUS Live Update\ALU.exe O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\WINDOWS\ASScrProlog.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe O4 - HKLM\..\Run: [ENISysTray] C:\Programme\WAGO Software\CoDeSys ENI Server\ENISysTray.exe O4 - HKLM\..\Run: [GatewaySysTray] "C:\Programme\3S CoDeSys\GatewayPLC\GatewaySysTray.exe" O4 - HKLM\..\Run: [CoDeSysSPSysTray] "C:\Programme\3S CoDeSys\GatewayPLC\CoDeSysSPSysTray.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programme\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [Mobile Connectivity Suite] "C:\Programme\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Power2GoExpress] NA O4 - Startup: OpenOffice.org 3.0.lnk = C:\Programme\openoffice\OpenOffice.org 3\program\quickstart.exe O4 - Startup: Text To Wave.lnk = C:\Programme\TextToMp3\TextToWave.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Windows Search.lnk = C:\Programme\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = inHausGmbH.local O17 - HKLM\Software\..\Telephony: DomainName = inHausGmbH.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = inHausGmbH.local O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Programme\ASUS\ASUS Data Security Manager\ADSMSrv.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Programme\ATKGFNEX\GFNEXSrv.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: ENI Server - 3S-Smart Software Solutions GmbH - C:\Programme\WAGO Software\CoDeSys ENI Server\ENI.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Update Service (gupdate1c9d551191fa16d) (gupdate1c9d551191fa16d) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe O23 - Service: Aventail VPN Client (NgVpnMgr) - Aventail Corporation - C:\WINDOWS\system32\ngvpnmgr.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Programme\PostgreSQL\8.3\bin\pg_ctl.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Programme\WinPcap\rpcapd.exe O23 - Service: RT Service 3S KM (RTService) - 3S-Smart Software Solutions GmbH - C:\Programme\WAGO Software\CoDeSys SP RTE\RTService.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe -- End of file - 13157 bytes |
|
|
||
19.10.2009, 11:41
Moderator
Beiträge: 5694 |
#5
>>
Da einige Programme und Anti-Spy-Programme uns u. U. bei der Bereinigung behindern (z. B. durch ständig laufende Hintergrundwächter), unnötig oder schädlich sind oder einfach nicht mehr gebraucht werden, bitte ich darum, die folgenden Programme über Systemsteuerung => Software komplett zu deinstallieren. Code Ask ToolbarBerichte mir, falls sich ein Programm nicht deinstallieren lässt. Nach Beendigung der Bereinigung können wir schauen, welche davon Du wieder installieren kannst/sollest. >> Dateien löschen Gehe in den abgesicherten Modus (Link bitte unbedingt anklicken & lesen!) von windows Drücke beim Hochfahren des rechners [F8] (bei win xp) solange, bis du eine auswahlmöglichkeit hast. Wähle hier:Abgesicherter Modus mit Netzwerktreibern Dann lösche folgenden Ordner im Explorer: C:\Programme\AskSearch >> Nun arbeite bitte zuerst den Link aus meiner SIgnatur durch. |
|
|
||
20.10.2009, 10:22
...neu hier
Beiträge: 9 |
#6
Ok, vielen Dank erstmal.
DIe Software ist deinstalliert und der Ordner im abgesicherten Modus gelöscht worden. Mein Problem ist, dass mir AntiVir folgenden Virus meldet, wenn ich mich mit unserem Server synchronisieren will: TR/Vundo.Gen Ich habe jetzt Malewarebytes drüberlaufen lassen, mit folgendem Report: Malwarebytes' Anti-Malware 1.41 Datenbank Version: 2996 Windows 5.1.2600 Service Pack 3 20.10.2009 08:47:13 mbam-log-2009-10-20 (08-47-13).txt Scan-Methode: Quick-Scan Durchsuchte Objekte: 153717 Laufzeit: 6 minute(s), 10 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Scheint also nichts gefunden zu haben. Ich werd jetzt mit Gmer weitermachen und dann berichten. |
|
|
||
20.10.2009, 14:42
...neu hier
Beiträge: 9 |
#7
So habe jetzt 2x versucht den Gmer durchlaufen zu lassen, allerdings stürzt dieser nach ca. 1,5h mit einem Blue Screen ab. Was kann ich weiterhin machen? Vielen Dank schonmal.
|
|
|
||
20.10.2009, 18:16
...neu hier
Beiträge: 9 |
#8
Habe es jetzt mit Hijackthis gemacht, da kommt folgendes:
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:15:07, on 20.10.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\ngvpnmgr.exe C:\Programme\ASUS\ASUS Data Security Manager\ADSMSrv.exe C:\Programme\ATKGFNEX\GFNEXSrv.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\Bonjour\mDNSResponder.exe C:\Programme\Intel\Wireless\Bin\EvtEng.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe C:\Programme\Microsoft SQL Server\MSSQL$PP40\Binn\sqlservr.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programme\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Programme\WAGO Software\CoDeSys ENI Server\ENI.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Programme\iPod\bin\iPodService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\sm56hlpr.exe C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Programme\ATK Hotkey\HcontrolUser.exe C:\Programme\ATK Hotkey\Hcontrol.exe C:\Programme\ATK Hotkey\MsgTranAgt.exe C:\Programme\ASUS\ATK Media\DMEDIA.EXE C:\Programme\ATKOSD2\ATKOSD2.exe C:\Programme\Wireless Console 2\wcourier.exe C:\Programme\ASUS\Splendid\ACMON.exe C:\Programme\ASUS\Net4Switch\Net4Switch.exe C:\Programme\ASUS\ASUS Live Update\ALU.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\FreePDF_XP\fpassist.exe C:\Programme\WAGO Software\CoDeSys ENI Server\ENISysTray.exe C:\WINDOWS\system32\ACEngSvr.exe C:\Programme\3S CoDeSys\GatewayPLC\GatewaySysTray.exe C:\Programme\3S CoDeSys\GatewayPLC\CoDeSysSPSysTray.exe C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\Java\jre6\bin\jusched.exe C:\Programme\Unlocker\UnlockerAssistant.exe C:\Programme\HTC\HTC Sync\Application Launcher\Application Launcher.exe C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe C:\Programme\Microsoft ActiveSync\wcescomm.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\MICROS~4\rapimgr.exe C:\Programme\Gemeinsame Dateien\Teleca Shared\CapabilityManager.exe C:\Programme\Logitech\SetPoint\SetPoint.exe C:\Programme\Gemeinsame Dateien\Teleca Shared\logger.exe C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE C:\Programme\Windows Desktop Search\WindowsSearch.exe C:\Programme\openoffice\OpenOffice.org 3\program\soffice.exe C:\Programme\openoffice\OpenOffice.org 3\program\soffice.bin C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe C:\Programme\ATK Hotkey\ATKOSD.exe C:\Programme\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe C:\Programme\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe C:\Programme\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe C:\Programme\ATK Hotkey\WDC.exe C:\Programme\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe C:\Programme\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\Trend Micro\Kopie von HijackThis\HJT.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xxx.de/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local> R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Programme\AskSearch\bin\DefaultSearch.dll (file missing) O1 - Hosts: 89.163.145.235 www.party-games.org O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programme\TechSmith\SnagIt 7\SnagItBHO.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\TechSmith\SnagIt 7\SnagItIEAddin.dll O4 - HKLM\..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HControlUser] "C:\Programme\ATK Hotkey\HcontrolUser.exe" O4 - HKLM\..\Run: [ATKHOTKEY] "C:\Programme\ATK Hotkey\Hcontrol.exe" O4 - HKLM\..\Run: [MsgTranAgt] "C:\Programme\ATK Hotkey\MsgTranAgt.exe" O4 - HKLM\..\Run: [ATKMEDIA] C:\Programme\ASUS\ATK Media\DMEDIA.EXE O4 - HKLM\..\Run: [ATKOSD2] "C:\Programme\ATKOSD2\ATKOSD2.exe" O4 - HKLM\..\Run: [Wireless Console 2] "C:\Programme\Wireless Console 2\wcourier.exe" O4 - HKLM\..\Run: [ACMON] "C:\Programme\ASUS\Splendid\ACMON.exe" O4 - HKLM\..\Run: [Net4Switch] C:\Programme\ASUS\Net4Switch\Net4Switch.exe O4 - HKLM\..\Run: [ASUS Live Update] C:\Programme\ASUS\ASUS Live Update\ALU.exe O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\WINDOWS\ASScrProlog.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe O4 - HKLM\..\Run: [ENISysTray] C:\Programme\WAGO Software\CoDeSys ENI Server\ENISysTray.exe O4 - HKLM\..\Run: [GatewaySysTray] "C:\Programme\3S CoDeSys\GatewayPLC\GatewaySysTray.exe" O4 - HKLM\..\Run: [CoDeSysSPSysTray] "C:\Programme\3S CoDeSys\GatewayPLC\CoDeSysSPSysTray.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programme\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [Mobile Connectivity Suite] "C:\Programme\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Power2GoExpress] NA O4 - Startup: OpenOffice.org 3.0.lnk = C:\Programme\openoffice\OpenOffice.org 3\program\quickstart.exe O4 - Startup: Text To Wave.lnk = C:\Programme\TextToMp3\TextToWave.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Windows Search.lnk = C:\Programme\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = xxx.local O17 - HKLM\Software\..\Telephony: DomainName = xxx.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = xxx.local O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Programme\ASUS\ASUS Data Security Manager\ADSMSrv.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Programme\ATKGFNEX\GFNEXSrv.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: ENI Server - 3S-Smart Software Solutions GmbH - C:\Programme\WAGO Software\CoDeSys ENI Server\ENI.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Update Service (gupdate1c9d551191fa16d) (gupdate1c9d551191fa16d) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe O23 - Service: Aventail VPN Client (NgVpnMgr) - Aventail Corporation - C:\WINDOWS\system32\ngvpnmgr.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Programme\PostgreSQL\8.3\bin\pg_ctl.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Programme\WinPcap\rpcapd.exe O23 - Service: RT Service 3S KM (RTService) - 3S-Smart Software Solutions GmbH - C:\Programme\WAGO Software\CoDeSys SP RTE\RTService.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe -- End of file - 13102 bytes Dieser Beitrag wurde am 20.10.2009 um 18:19 Uhr von DCR911 editiert.
|
|
|
||
20.10.2009, 18:43
Moderator
Beiträge: 5694 |
#9
>>
Download: HostsXpert.zip http://www.funkytoad.com/download/HostsXpert.zip Starte Klicke: 'Restore MS Hosts File' - und klicke 'OK' Exit Program. >> Rootkitscan mit RootRepeal • Gehe hierhin, scrolle runter und downloade RootRepeal.zip. • Entpacke die Datei auf Deinen Desktop. • Doppelklicke die RootRepeal.exe, um den Scanner zu starten. • Klicke auf den Reiter Report und dann auf den Button Scan. • Mache einen Haken bei den folgenden Elementen und klicke Ok. . Drivers Files Processes SSDT Stealth Objects Hidden Services Shadow SSDT . • Im Anschluss wirst Du gefragt, welche Laufwerke gescannt werden sollen. • Wähle C:\ und klicke wieder Ok. • Der Suchlauf beginnt automatisch, es wird eine Weile dauern, bitte Geduld. • Wenn der Suchlauf beendet ist, klicke auf Save Report. • Speichere das Logfile als RootRepeal.txt auf dem Desktop. • Kopiere den Inhalt hier in den Thread. Nun das Logfile posten. |
|
|
||
20.10.2009, 19:22
...neu hier
Beiträge: 9 |
#10
Alles klar.
ROOTREPEAL (c) AD, 2007-2009 ================================================== Scan Start Time: 2009/10/20 18:50 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: dump_iaStor.sys Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys Address: 0xA9AA3000 Size: 851968 File Visible: No Signed: - Status: - Name: PCI_PNP2058 Image Path: \Driver\PCI_PNP2058 Address: 0x00000000 Size: 0 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0x9E48E000 Size: 49152 File Visible: No Signed: - Status: - Name: sphe.sys Image Path: sphe.sys Address: 0xBA6A6000 Size: 1052672 File Visible: No Signed: - Status: - Name: sptd Image Path: \Driver\sptd Address: 0x00000000 Size: 0 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: C:\ADSM_PData_0150 Status: Invisible to the Windows API! Path: \\?\C:\ADSM_PData_0150\* Status: Could not enumerate files with the Windows API (0x00000006)! Path: C:\ADSM_PData_0150\DB Status: Invisible to the Windows API! Path: C:\ADSM_PData_0150\DragWait.exe Status: Invisible to the Windows API! Path: C:\ADSM_PData_0150\_avt Status: Invisible to the Windows API! Path: \\?\C:\ADSM_PData_0150\DB\* Status: Could not enumerate files with the Windows API (0x00000006)! Path: C:\ADSM_PData_0150\DB\SI.db Status: Invisible to the Windows API! Path: C:\ADSM_PData_0150\DB\UL.db Status: Invisible to the Windows API! Path: C:\ADSM_PData_0150\DB\VL.db Status: Invisible to the Windows API! Path: C:\ADSM_PData_0150\DB\_avt Status: Invisible to the Windows API! Path: C:\Dokumente und Einstellungen\_DELET\Gesichertes Dokument Status: Invisible to the Windows API! Path: C:\Dokumente und Einstellungen\_DELET\Gesicherte Musik Status: Invisible to the Windows API! Path: C:\Dokumente und Einstellungen\_DELET\Gesichertes Video Status: Invisible to the Windows API! Path: \\?\C:\Dokumente und Einstellungen\_DELET\Gesichertes Dokument\* Status: Could not enumerate files with the Windows API (0x00000006)! Path: C:\Dokumente und Einstellungen\_DELET\Gesichertes Dokument\_avt Status: Invisible to the Windows API! Path: C:\Dokumente und Einstellungen\_DELET\Gesichertes Dokument\_lit Status: Invisible to the Windows API! Path: \\?\C:\Dokumente und Einstellungen\_DELET\Gesicherte Musik\* Status: Could not enumerate files with the Windows API (0x00000006)! Path: C:\Dokumente und Einstellungen\_DELET\Gesicherte Musik\_avt Status: Invisible to the Windows API! Path: C:\Dokumente und Einstellungen\_DELET\Gesicherte Musik\_lit Status: Invisible to the Windows API! Path: \\?\C:\Dokumente und Einstellungen\_DELET\Gesichertes Video\* Status: Could not enumerate files with the Windows API (0x00000006)! Path: C:\Dokumente und Einstellungen\_DELET\Gesichertes Video\_avt Status: Invisible to the Windows API! Path: C:\Dokumente und Einstellungen\_DELET\Gesichertes Video\_lit Status: Invisible to the Windows API! Path: C:\Programme\ASUS\ASUS Data Security Manager\driver\x86 Status: Invisible to the Windows API! Path: \\?\C:\Programme\ASUS\ASUS Data Security Manager\driver\x86\* Status: Could not enumerate files with the Windows API (0x00000006)! Path: C:\Programme\ASUS\ASUS Data Security Manager\driver\x86\AsDsm.sys Status: Invisible to the Windows API! Path: C:\Programme\ASUS\ASUS Data Security Manager\driver\x86\_avt Status: Invisible to the Windows API! SSDT ------------------- #: 041 Function Name: NtCreateKey Status: Hooked by "<unknown>" at address 0xbaebfd06 #: 053 Function Name: NtCreateThread Status: Hooked by "<unknown>" at address 0xbaebfcfc #: 063 Function Name: NtDeleteKey Status: Hooked by "<unknown>" at address 0xbaebfd0b #: 065 Function Name: NtDeleteValueKey Status: Hooked by "<unknown>" at address 0xbaebfd15 #: 071 Function Name: NtEnumerateKey Status: Hooked by "sphe.sys" at address 0xba6c5ca4 #: 073 Function Name: NtEnumerateValueKey Status: Hooked by "sphe.sys" at address 0xba6c6032 #: 098 Function Name: NtLoadKey Status: Hooked by "<unknown>" at address 0xbaebfd1a #: 119 Function Name: NtOpenKey Status: Hooked by "sphe.sys" at address 0xba6a70c0 #: 122 Function Name: NtOpenProcess Status: Hooked by "<unknown>" at address 0xbaebfce8 #: 128 Function Name: NtOpenThread Status: Hooked by "<unknown>" at address 0xbaebfced #: 160 Function Name: NtQueryKey Status: Hooked by "sphe.sys" at address 0xba6c610a #: 177 Function Name: NtQueryValueKey Status: Hooked by "sphe.sys" at address 0xba6c5f8a #: 193 Function Name: NtReplaceKey Status: Hooked by "<unknown>" at address 0xbaebfd24 #: 204 Function Name: NtRestoreKey Status: Hooked by "<unknown>" at address 0xbaebfd1f #: 247 Function Name: NtSetValueKey Status: Hooked by "<unknown>" at address 0xbaebfd10 #: 257 Function Name: NtTerminateProcess Status: Hooked by "<unknown>" at address 0xbaebfcf7 Stealth Objects ------------------- Object: Hidden Thread [ETHREAD: 0x850b1020, TID: 7868] Process: firefox.exe (PID: 4532) Address: 0x03b5e2cb Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE] Process: System Address: 0x8ab091f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE] Process: System Address: 0x8ab091f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ] Process: System Address: 0x8ab091f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE] Process: System Address: 0x8ab091f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x8ab091f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION] Process: System Address: 0x8ab091f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA] Process: System Address: 0x8ab091f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA] Process: System Address: 0x8ab091f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8ab091f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x8ab091f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x8ab091f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x8ab091f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x8ab091f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8ab091f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN] Process: System Address: 0x8ab091f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x8ab091f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP] Process: System Address: 0x8ab091f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x8ab091f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY] Process: System Address: 0x8ab091f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x8ab091f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA] Process: System Address: 0x8ab091f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP] Process: System Address: 0x8ab091f8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE] Process: System Address: 0x89ecb1f8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE] Process: System Address: 0x89ecb1f8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ] Process: System Address: 0x89ecb1f8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE] Process: System Address: 0x89ecb1f8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x89ecb1f8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION] Process: System Address: 0x89ecb1f8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA] Process: System Address: 0x89ecb1f8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA] Process: System Address: 0x89ecb1f8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x89ecb1f8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x89ecb1f8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x89ecb1f8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x89ecb1f8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x89ecb1f8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89ecb1f8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN] Process: System Address: 0x89ecb1f8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x89ecb1f8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP] Process: System Address: 0x89ecb1f8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP] Process: System Address: 0x89ecb1f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE] Process: System Address: 0x89e6a500 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE] Process: System Address: 0x89e6a500 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ] Process: System Address: 0x89e6a500 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE] Process: System Address: 0x89e6a500 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x89e6a500 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89e6a500 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x89e6a500 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN] Process: System Address: 0x89e6a500 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER] Process: System Address: 0x89e6a500 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x89e6a500 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP] Process: System Address: 0x89e6a500 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE] Process: System Address: 0x8ab0b1f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE] Process: System Address: 0x8ab0b1f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_READ] Process: System Address: 0x8ab0b1f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE] Process: System Address: 0x8ab0b1f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8ab0b1f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8ab0b1f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8ab0b1f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN] Process: System Address: 0x8ab0b1f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_POWER] Process: System Address: 0x8ab0b1f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8ab0b1f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_PNP] Process: System Address: 0x8ab0b1f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE] Process: System Address: 0x89f701f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE] Process: System Address: 0x89f701f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89f701f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x89f701f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER] Process: System Address: 0x89f701f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x89f701f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP] Process: System Address: 0x89f701f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE] Process: System Address: 0x8aa991f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ] Process: System Address: 0x8aa991f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE] Process: System Address: 0x8aa991f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8aa991f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8aa991f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8aa991f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN] Process: System Address: 0x8aa991f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP] Process: System Address: 0x8aa991f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER] Process: System Address: 0x8aa991f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8aa991f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP] Process: System Address: 0x8aa991f8 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE] Process: System Address: 0x89ead1f8 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE] Process: System Address: 0x89ead1f8 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89ead1f8 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x89ead1f8 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP] Process: System Address: 0x89ead1f8 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP] Process: System Address: 0x89ead1f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE] Process: System Address: 0x89f581f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE] Process: System Address: 0x89f581f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89f581f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x89f581f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER] Process: System Address: 0x89f581f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x89f581f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP] Process: System Address: 0x89f581f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE] Process: System Address: 0x898921f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE] Process: System Address: 0x898921f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE] Process: System Address: 0x898921f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ] Process: System Address: 0x898921f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE] Process: System Address: 0x898921f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x898921f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION] Process: System Address: 0x898921f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA] Process: System Address: 0x898921f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA] Process: System Address: 0x898921f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x898921f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x898921f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x898921f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x898921f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x898921f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x898921f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x898921f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN] Process: System Address: 0x898921f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x898921f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP] Process: System Address: 0x898921f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT] Process: System Address: 0x898921f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x898921f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY] Process: System Address: 0x898921f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER] Process: System Address: 0x898921f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x898921f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE] Process: System Address: 0x898921f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x898921f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA] Process: System Address: 0x898921f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP] Process: System Address: 0x898921f8 Size: 121 Object: Hidden Code [Driver: CdfsЅఅ瑎獆냀귘싀, IRP_MJ_CREATE] Process: System Address: 0x89ec31f8 Size: 121 Object: Hidden Code [Driver: CdfsЅఅ瑎獆냀귘싀, IRP_MJ_CLOSE] Process: System Address: 0x89ec31f8 Size: 121 Object: Hidden Code [Driver: CdfsЅఅ瑎獆냀귘싀, IRP_MJ_READ] Process: System Address: 0x89ec31f8 Size: 121 Object: Hidden Code [Driver: CdfsЅఅ瑎獆냀귘싀, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x89ec31f8 Size: 121 Object: Hidden Code [Driver: CdfsЅఅ瑎獆냀귘싀, IRP_MJ_SET_INFORMATION] Process: System Address: 0x89ec31f8 Size: 121 Object: Hidden Code [Driver: CdfsЅఅ瑎獆냀귘싀, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x89ec31f8 Size: 121 Object: Hidden Code [Driver: CdfsЅఅ瑎獆냀귘싀, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x89ec31f8 Size: 121 Object: Hidden Code [Driver: CdfsЅఅ瑎獆냀귘싀, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x89ec31f8 Size: 121 Object: Hidden Code [Driver: CdfsЅఅ瑎獆냀귘싀, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89ec31f8 Size: 121 Object: Hidden Code [Driver: CdfsЅఅ瑎獆냀귘싀, IRP_MJ_SHUTDOWN] Process: System Address: 0x89ec31f8 Size: 121 Object: Hidden Code [Driver: CdfsЅఅ瑎獆냀귘싀, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x89ec31f8 Size: 121 Object: Hidden Code [Driver: CdfsЅఅ瑎獆냀귘싀, IRP_MJ_CLEANUP] Process: System Address: 0x89ec31f8 Size: 121 Object: Hidden Code [Driver: CdfsЅఅ瑎獆냀귘싀, IRP_MJ_PNP] Process: System Address: 0x89ec31f8 Size: 121 ==EOF== |
|
|
||
20.10.2009, 20:25
Moderator
Beiträge: 5694 |
#11
>>
Lade Dir Registry Search by Bobbi Flekman und doppelklicken, um zu starten. in das Feld: "Enter search strings" (reinschreiben oder reinkopieren) sphe in edit und klicke "Ok". Notepad wird sich öffnen -- kopiere den Text ab und poste ihn. >> Sophos Antirootkit Scanner • Gehe zu Sophos und lade dir ihren Rootkitescanner herunter. Du bekommst eine Installationsdatei sarsfx.exe. • Starte diese, akzeptiere die Lizenz und lass das Programm installieren, ändere den Pfad C:\SOPHTEMP nicht. • Gehe mit dem Explorer in diesen Ordner und starte sargui.exe, schließe danach alle anderen Programme. • Lass unter Area alles angehalt und starte den Scan mit "Start scan". Der Scan dauert einige Zeit, wenn er fertig ist poppt ein Fenster auf mit einer Zusammenfassung, klicke dort "Ok". Beende den Sophos Rootkitscanner, dieser Scan dient nur der Analyse. • Starte den Explorer und gib in der Adresszeile "%temp%" ein (ohne Anführungsstriche), dort gibt es eine Datei sarscan.log, deren Inhalt bitte posten. >> wende bitte RSIT an + poste die zwei Logs http://virus-protect.org/artikel/tools/random.html |
|
|
||
20.10.2009, 20:35
...neu hier
Beiträge: 9 |
#12
So das sagt mir Registry Search by Bobbi Flekman:
REGEDIT4 ; RegSrch.vbs © Bill James ; Registry search results for string "sphe" 20.10.2009 20:32:56 ; NOTE: This file will be deleted when you close WordPad. ; You must manually save this file to a new location if you want to refer to it again later. ; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3E4D4F1C-2AEE-11D1-9D3D-00C04FC30DF6}\ProgID] @="OlePrn.AspHelp.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3E4D4F1C-2AEE-11D1-9D3D-00C04FC30DF6}\VersionIndependentProgID] @="OlePrn.AspHelp" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\00002109E60070400000000000F01FEC] "MSPHELPIntl_1031"="MSOfficeDocumentImagingIntl_1031" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\68AB67CA7DA71301B7449A0100000010] "Atmosphere_3D"="Reader_Big_Features" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3E4D4F1B-2AEE-11D1-9D3D-00C04FC30DF6}] @="Iasphelp" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\OlePrn.AspHelp] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\OlePrn.AspHelp\CLSID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\OlePrn.AspHelp\CurVer] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\OlePrn.AspHelp\CurVer] @="OlePrn.AspHelp.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\OlePrn.AspHelp.1] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\OlePrn.AspHelp.1\CLSID] [HKEY_LOCAL_MACHINE\SOFTWARE\HTC\HTC Sync\Mobile Phone Monitor\DbgOut\ECSPHEXT] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\064DC8258C400D8666E5F138C8732AFB] "12F610CC0793ED118B87000565084666"="C:\\Programme\\Google\\Google Earth\\shaders\\atmosphere_common.ini" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12EA8F814DB70AB41B898B561C3AAAB1] "00002109E60070400000000000F01FEC"="C:\\Programme\\Microsoft Office\\Office12\\1031\\MSPHELP.CHM" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\33D1215A636390BE311CF4975ED6128B] "163D42EF8E3AED11883F000565084666"="C:\\Programme\\Google\\Google Earth\\plugin\\shaders\\atmosphere_common.ini" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\51AE916FE0731F148BB211C570801A7C] "F238E42F4B447CA4AA88E89FB47967CB"="C:\\Programme\\HTC\\HTC Sync\\Mobile Phone Monitor\\ecsphext.dll" "MSOfficeDocumentImagingIntl_1031"="e@PwA{cAS?O5Bud0_].CPLM9k[TI0?8+nGS9p3&c8=Su5@U0Q=8eX'[G!T.w" "MSPHELPIntl_1031"="_94%+e`&B@7.vcHScnt+MSOfficeDocumentImagingIntl_1031" "Atmosphere_3D"="d33*h_E![=*b5gTGiv$aZY4FfL$GK?%m_xV!&KMn^X)x8c*bF9uX[Yk=h*t02=eUxr-88=X[^'-qu[uWuq35L?Q0o8]jc!1GgjE*u?zcG%.hX?W4c98w2^aD10_ByZ$2=@2dw0e74ry9`=HG4M'zU9NN5fuuFLci(a.6-RP!j?*{-[jrF7ZpReader_Big_Features" "P"="]n~WD8ikc=y,L.z2A$nZQG4zAU=7j9Fn0,CRpdDrovuY']Tze?W~O0^p3{nD6DaM?6&z8@YG(euQq9}23eUgcex=S@cag_jOM@X?=@^F$9)z-9p0eG[JrSz6H1H'RpXh,AM1EfK(UB6tq='CaJ8(??poHBmyhHTw.R=D@)__5@0IT4?HWHV%z1HRw%Sj39J$&le5$zT?OX'*G(v=HBl^'*KY!7!pY'J'TJc8%kxd+w'fq'wC!uCoqZF?Z%,`I_4}%j!!3LY$AO?@GSqRN]nG&o(n*wBU..QAr91-0'G`8lJhWHp?5U$@MP'ZjtqlOOM63HqQS@0?q2[1Q]w7JiqI&~MGv)f=!1(WZ5!Ql+g.Md`QzeT9'u_1,3.%Uec7^W.5YQ!?n=Qci!$?KA!ml~1zdG6A1yGY'$u5AhN~tlTyA[t86U$k_e%oKma'.a5EJR`?a(J*@Tb&Z]6,s&ZR4TI?aI[XS1QdL&z=OVR`)~U9*=lqIFFphb?uA$b=5OT?86oJ9iBfvT4F]zPTm$CAhFXmabVgZYls6ukQJcy?1~cdUe8*4F``EzP^lX9A3((n*9)x`Re}Ilw-.}XAy,ECO^4Z'*vT@tbqDuf?Z+4hO}wZ(d3`Wvp-TpR@V&{[!%{gf`aiBfw$_H_8ZLf5K~OxpKGRB6S4F5Z9d],}0hFKiu7$cYOWm^K?So^Y]UH,,T-dIlKNl&V?E^`*,LdnooTQl`]o!N)9&O7cIkZk4E@l{6BmU6J=C1Z]I_{Q@w=Y}pY+8TOAZ*x'YbkvDZK%Gct.i&A6hte0sscH@{t`8E8-Vf@1qZ_W][&h`EhJ.5saPm8S_Zg`0iABMdRHPh3odWAm5pccgZ$59tC=9f*?!j?UBy0IaRLE2@fKlB9DPy=704+W(LR-n5)ZLp{-%aAxi{(iyfa.!=eA[iP*L)9.U{qaiXLX_n5dQ-i[.@3wsS,&dZmT?a(gV{}E?nOPt`![N_W_2]o3J9Er9!6XCE2i$5PCbh~4nH_3@7o`cN{T6q8}S&$X)-i9AX@4-+SHvcmy50V*^XP79kOXk.$[BiZ=+hl0?*'K@pcxBlBZ1H2Bz{Z`Fxw(9y`72'KKd+gOl1[-P]O6@&'zLjl-)vs+(m'Z)Wk}8oArOn'GHYn4FX$-+GsB9}6~sECL02F~pwZ[b*uH?6Uf6eB,+q8E'_9W.+CD@b-p'6xSemtkBv-CJ94e@L$1KVw-9.[z0=xeBdq6=f~@v*0MPU]z&,=5MS,??]Cd5JN1ePklKiZyv4VD@xKQ3xlnh_VM^Pf4H5a)AKkaHG,SRucYQ*5cL3WQ@Y+`pYzDUk4fyJ{1@lyF=atx]n46ZBb_'FDrHHjg=wu6_s3s~.,G)gpA@N[(?UD]@vV%s?+x0U}d{*n'Ae$7M2F{~l?gO{z=f4%n?2Po(sK2]*'6$8uO1D0r=jQd0o$Vk76]{.NaN{uR=mldeoOQa()zb=w1IF$QAR2$xJKttd5WxN,pwWjU9A?2dsewyxtJS3c7Vj$p?)C$TZa8Q9]3aZGU]IUf@e{t{WtfmsgR'7bO*n8SAY(85.}$rHyuRfu,37,[AcXL&Pbo9AY,hdiq-Lb,?s5}F3~fdnHvayGZN5Sc8kO`W@S3Gp7dzpTFo!]r=zLc`(ldqOEE]Z-]V7O!=!A}*TTLG44ko'&n6l9h9SgM^klV^rmR'bXSc=6m@OD%lCuJH3CaQ`v8r'=`A*QryPq1kE'BGJDjj32N9jkXyq~U(GcwZGek`OkP@M)9^2U@e(-MkTm`k'1.9221asDYIsygIJtpvjZp8nd,{g$$m?[E6jP,7ppr=Yz$~(HOR4,M[2,kpCqe8Xhv$3WPi@Ds(lzkN%G+9Dq@$ofq3TYa~yR,jk&DA]8NF(Z-c'V^d=_KJ!~j@jg92&bf@?w]U-3[sV5F@CHU([~9BoOIpCV%EEgL9ou$+9TCZth5=uv%gg3V9=s5,L,a%BQuFr`UJxUt?Q(]u?Hz?A.*DveDZu,$9R=B9B$&sXR+&kr]{ECh98tZwvAIn^0eza86VjXg=TWhWbu{xWk,eL}z&$JNAF8]WC1St3%uJRY]Nn~q8Xt}6Tk'3etDU4@Dutn0@oD+s^wjZC.6_&J90qo2A^].!x}oND=q*gaPAaux8w)5pF,RZo^p0L}(TP4ZA(nff2rd5}e7XwW@,ZQg=!7]uTTqfUWp=ouKZ2dP9i8KOY1-n8NY9nKLHPWE9hj]X?R&J~Wa]Qz]gOAY9.GI$Rof'Pw8*h5.j-0k@[2m,,MI++&F,-]i0)BP@rEAV.nu*Tnm+0}c85u?@ztea0u[oqZB_(TCu`-u8325,g])1X17p!N0GU+W=Tx%Z.-1_Iz~!f%p}Erx?'w6s[pNXX.JdQB(7kw@@LM2@]__79edR=9@tuL,=i{$5itfqNe-yM[P(?My8WC2uwHbr,.ovF,4vh_29Oq,,sN.=j8T8qHRf(&]9X}=-P}ll_InOApDAn`OAt.[ujZ7Y.5Adrvqa%5t=tE-7],]&B8$&jz`c2tP@Gf(j?+osO.?zLPXpITS9-)j_z3J6[hKZmYkB5?S=zF3.5b^rb^Uv8_62a5d=_!OA${$,+4[=@x7MTLq9mM{R]tcJTxqEN%(dX8p8Cg!@8+u&eoJrK-F?+=q?G~Ia3zvW2@!oC$XgnD1A8AuiXquL8!}GV1Ceqls?.=_~9zptYQd-?9g{NfQA~S07I[)27Jkod=Nl)Rn?-ZQ?.Pd%A-ncRMQx!n&@p'HUvI2de@0Z^V4aafD9!GVJ2BPNZj$Q8%iV)bBAGPF~87z1gggRE)`O[=NAZ_RXVmq{]QRZY}[~Cn6AYYr~7N-'iUsG5spHe]&9^^1P?+*Dbhbl%uE&}DaAz5IZ7@ej37SOPKwT`@]8R8i&nCEe%&9Ry,w+?K7=4^Bk1s[B.NkW!vDOA!c?Gh6^TP0TNaJ^dCGiMst=X&sx?N),ah6Q2=VKQlI@({Fvy(moy4'Ac3&YVlY@~?d81~}(?.y(=2g*]}W@iw7`=CZLtMu^}k+,c&t=JICl9M!c-eOoOA)TJ),9R]=@`X.z887Q@EK-LKt?K=F6FrU%DH^%PF*1lgU@?ziet2X~PMHX{So(16p=fxV=u[o%5+D0iZ%'5a6=9Em=QtrZMDR4Ona$5D{@UJej^ji`Q^T78RN$,&[8kHsipn!w48~!pz8%Qvj8v3Hb+?tY8MiT%4h6tIz8T[yzqBI*-IS'ywT0q%}?=pZm-nG~F+M_e`p$wGBAyx8onfZ61cmeUEW3?_,@K[aYCA^fZ,g])8%rcnb@=5hMu)).}C!jd.!LfVP9?4qfS3m5mS%Tq3E~-Dy@Y),k_D)eX^~R$!2AzpQAsL7RQJR!J7*Bm-OC=s-9XcobqnPxry^U9x0T3~(=XM}'B+&r?6mwlCVO_v^@Nkpg6&4tOYZ4'i*isEn=('lQ([1*I`PuVgOf,hS94i{(%yTp@edFVe.hWj9=J5d,6Ta+IO$}4C?L]!9=*N0C3z7bVJz$hkSPt]39$Eh?Zp5@BpdV?Zt0pKM9oA-2j5.sp7MK2W[h*P}80wVXO9V@tnb+^fR1]{w=k7WNlT3B~-H}0blqBU}9vgiumH[mOae}hqND_Mu9JH,hG0%=[O5H`$zf^fl9C~^AdR,(HhXO}2)9FG)A~B^NCo[w_93)gm''cx=A[`5^_Oyu]wz8Xb=R7Qx=?T6KJatK$2_q5q1-Ebu=Hr+[i2Eg)`4HrScgS1[?4+~t54s!E4UmU=rLp_z9)(,gTEZ,{w)*1lVT@9o8L+KU3?zRDtzqG$ob7D&?V6Y[i2(.4=X,'M]LV$G=*_H@o[)fRD`!bwB2Qf&9T}Q`OLhy5IR8aStn-Ka@42e+s22Y@-~.6x*eeWa@Xj0NUZc^A%WAS?OXhmZ=K8FUM7.!qy7.cHucSeO?CP~Sq~p,IE}yZi^M.Eg(RG2XaPN'?tG5(YAehhX9P$G2N~C=BsEtWtj^!EB@vkzvX1wri4&TmUHO,QP9Fe`R6K]+aQR~zC3*J*%=J{fz'l^bVytAB^F9`-k9&(lTl,)a91HT-$Q}}G(@fkp?Q6ao?po2*`kW'qJ=g]_-Y?,ZG=LQ}B&rtP!A'XIBfmhA]GGy3@[gjsN=WCHT@5wab]t`!KN)i,m9i20tx39h8ZgI~Eh_92i=D`~@Gh*qxyE*X(J_V{EA)F4+daz7p'khNMbpqW{9j_L_6hBD1FqATG^mTt%?6LCfXk%2'X7mxdh'M%^8o4]b$5m3)xxTM.^k^3x=HF99D8~M`PX'0X+40=R@OFxER,o)&[~N?VPov{h?*M.CqhnoXIUJ.7&L'LZ8Qqeymv+iZ6vJcpO{iA}=Z[%8rL)Xi&`u2yaFnO9@a(6{YUMblX]M90QT8+t?G0CBeZLSGab,)E+R-CF@7ZxU.*Qb3Je(HGn9__Y@tB56l}QME*4pYwF1dDCAr]E]6yX)`94iIZdTclf97iu,cnQ4k*lJBM9Kq4[8iRNGN~Sx`^*Smd[pVLV9`'7synHh.7$C^D[ywX3=BJW]+vX{'mujr=xdNH8Ad4x(Idj,we^hF&x!7B%?C*u8{P0N^_.a}8g=UKSAK!pjZLYX-uF-$QYYC&G?6CD2_,ZQoUtFZX_.s6*Ai`c8xJzQ?gVRF7Ralqa?hKJlc67fjOp,UY)pA7Z9(2C+.3?I4l0jnl)N+2m@,eu4zzjL%N=2y+kn['-=r[t)&Ck[CD3-%ISCZKZ@3[?gssi=_ey%Qh^[ce!9N7bF2gG!1TwYEI(bRr+@*-1Lw^6.8`ZZ8JMV@&y@GWHd`DhK_!0NQ?oUhH6=gh^~VdGkCP8+Ox@(18o@eumbQ{dm!knI(_a}qCc8Iw-JLyf3+-]M$e!?Qlc?b0+Me((Cu5cVBGgna+r902oxl-Ipi&7PjB%_w}G@ooLQcP%4Q(f[`wgDxPo=4HMHf6~9pm&m_a+UJ5D=2?70nzb%IQ8@}9z.ywG9of$7DJuYtEmY,v'z{C-A9b)3Am*ZOGklh9^Fd'+9hiv=kr*'jO!F%g`&P!59nDL=5F'EcDhuV6jiWRo=4lu=UiaJKmqL%J'URm`@KZHhJ{b-oHIM8sTb~T+?W1fMoB*~R3VGghp@%ds8s[N-2%&epPE-vQtG`bj?ix,GT~z]KJ^h(%19*vx@niuIu%gnd+Iqi)VB!Xz9LR?(aG!XBvHc9ll5=kl9@[b{wcngGCMu}Is@-V2=k+B}cvxd?aB&b@K*(tw=c$.ZvhX(A1o75xi5Rof9iFU9mEqC$H{Hf%l)k,s8K2eD6%2Ii((~v`6a*j(@%Pjqpgx^}X18HGlHazS?2T9p+1R%'scPj-7MNHm9LjR3F3y!'UpyA&'.}do9I}-MZ^{G{S6mS}?XkLe=sDP!v{@~%evHP[raIe6?ZHvQ57U][X18gPPG6_x95eYy.^F]at1Q8VdI?cNAM^qsyMWr$wC[61_e1LG@c3Q=wSv(-{7$t+,G=*0@sF'u)G_T4DwwY,(42O'=XV}$$gAUV&%1.fd.cW`8*A*BM($jwC?L%qR'~SM9FwqO(1=52yF+!KNn2-^8BNUd3([Q3sUh=Y$z[i6@{+-2uLF*Zu*&OQ)3dmZ=Ua{FjS@mkbmkN*[AkA]A$Tm`*[&ms%Xy(g^-Fw*@hr&*4!bQY)a72A8Xf+u?k&6c'FW2z80Y!7'6WA]Ad(I$ei!b?J+!vhdHU8J9%62Uqiq`)XZ.'(a3.t@?1M6Hhi&zlE!,y4f)tBD9Nb}w5Phyl^1f7Rpe8Y]Aqr-21?YqBvV6zJSfjJU=-lRD!Sh@D0q(cRn-GOo=RQso(%WFo%p]AAopQs697]dH^=jFI&*OLtwj?f&9nJ'9IisfO.SLCSF~m~x@bIV='ndCgOMvPinbwRs9KIMa_LW0ps(rq!0gU(*@ZH@JBIy.=lmyULw7VO_=Eh$sdZynV&IsIH.NVMo8mb&*=7K0'w~0X.XxNX.@+^c@'MJ4L.o^Cxx}anQAdk~Eml24S3'8?_D[m%H9e@1ZXQgdB?7aev4cge^?MQ*fYUaY~6!5e6fj,.V@Y'_M'&im]-+Ka70t]g(=hVBh4f(ii4!VxxO~?mK=hzU8LbP5dYYD40owIm_@)NAdI)xLG7buvejk*H!?n+],g51`CsyU]U`TsP2AlT),RnR8Z7vkzA=!6zd@*xnJM}hrVW4_@xNcdRN9g*(iSL$V9Ga!&{Ube8.9h^'vWj63.fXu1c@F&44=!Tf88pjFJ9M0C'wY={c?l1'C)teL^gt]%EHi5ND?=R%3_9OhU[FvmQmnm=79G+@?pv35Q_}2'.APF~7A]Q3OiV^Wu@FVdN21N~u8]sN'Mhs?kXDMrXkBvj{8Vje*wT{'KvhFd+sb9',=TZO`Q'cmFasC3PSzkZVArY[{$=@YRNJC+1b3R}P?zo2yw1)'!gaG2umS^A==iK)Fh~8,imd2Ig&Fy6U@}pc%E'cpXG)d&,r-XF(9DKVBClvzm6.%LpwI~CX=T4h]!=*I}Y'd!d$af.3=PkICscmUYhkx~jZ+~ZQ9Ek!JfQ`kQ,j+ra.bzz`@NRlVUvr!WUTzO3iaxb`@?xepNsTXQkPv(QxJf[NAjUOtb*.&Egh({r(G670=e0g]G`_ZEs?~Qc'~j0X?b!RX2D8M264qWnY^N-d89i}T7_s$A&94b6z6!D59^Dr]VS0?FYSqwQ3F`oZ@Ce2ca~CTP0d~CC*A7V1=W%x_piC199$[]0''+}bA9MQtM=sTP9[f3q9`}jm@a)lkyJ{duCWvm_V5P.K@-.I&{+{gf%V3)CXUI$a?KG~LA9{gLXi-ZQYQ-e@A7uuD(=?V)$%0?{7G.RF?ChxIh(DR0prsOH%vQwI?DQ=H(gLaj(P6uB^$H]V=OG'Os6jD?=I$MmV[_HB=_G{njfse$dZ]vD.(9N`A(rr{&a2[1RsQWa0S]b,@k8x{Uig'QEm^h(z}lSR=%6Tlq@MAOdPwzkwz.x39{}LH!F-eB8`M)?3tOVa8+7H3v^wY$+$@)UQ1zVn8=Q!3R!9l,aMxPyumxQa?R+l7%x0anH$l(1XG8wl8HhK`')!ZPQ'.F*abSw+As&+PG1WaVlDo(L[^a'Y=lESuSCcz$Gy?TkcIOOh9Xkwt5)LJZ5Fvg*SURbS9C+dJ=_,VAZG*oBWU1wB9BBF7ke96lx*=`Q.tkPs@^26N9~3Wr]uvq%OqG,WASQ-tA`ogfviBO0+D$eZ?B%$(O%t'OLLrJZej{0_811jK3Ix'gJ0Vy&3cCVe?oe~8[!9XpBlRt-qG[UH@!+fYUk[JXf6cudmXujn@K@5v6yRNCv,qL(z!Gh'?R2*.cpC)bMc~srQF_Xb=U(An3kz`4'mEGsO`YO[9l={5c9x+mHzqo3S[pzr85Z0?Y)8G3xJT+(dRO?3A}.-,KoupmwRR.22*=BJA2n[nr}%Fwy.-Dre@K'Z@uNqIpD.`iqv01gdAtBd?Y.A{fF2OJxoavh)iqwx=Aekp4N*gj_GKE3GakYX8BOSSsH(o4WvF0Fw((H*?(P2X*xMg.pRHrVQ2RB?=i(2VB[*60a**Uub}dEO@^VFpay8_QOU0Sz-ZkG9=d6o[JwCt6ta1Di8p?[Y@go-ikehuicQu.bFhr4@=bitO%&Fc.V,x4X6&OFk8%n7fc54czk)zzWIF1G%=xcJUVW1R%@U$FjeAs6I=Mr7AdLsW1(q2X(nO2.6?g7%Q't@Ge9Z3FQSoNm3?kQ0(QCBUsp2,3x`sq[X=43L[rSHae*~}^_O}y!Q=X1c*agIKVke_NfkgH+S?Nr(aQ+vYyoB)k=K7ogs?,!uv0}03_0y~X`ZM,AY9b=PMOm7p~K_5jX-a}?j=ve~dz7=*~$?{d5ksiK{?J=HolkiHwcF=`@b@NldAm]Zzw?$gD+TkT*Pai6Z8*)(X1)]0Pi~7kH.HStS=p_]Isj1RH*Hxo,67B`e?pQ%4h5~Lq]IM*T$8i16=cV&680tMdiRt?S1ii=0=!@z8m8n3wq7}Of=5n!7@I$qx]pj@uD7)af_O@,y90Ak=0,6Kd^mns8sa@!c=jdVlo`?W9Y*N*+J!p6Y?loNG*PP.*nW2=5!qR{IAW29XSf(ztQ1a`qkZRDJ9!~l!YJq$l@02l_*i,V1@5ky{j1XhIT'oUT,W+.[@ey)]6ds%AKwuIoGQk9s9*p(~`Okfc*@O]Xu2=M[A_R{0c[%OFXN4MD.Vb-=A*yz}E@JB[?E*fI'&cFLAm0ciHOUEOWAz)2%9RUM9%B1bo%@XTKCkl!?CKBu=oE.]in~}T[7@`Q$!0,69Yo+=48.]oue*%mJ=+er@cTi4^.W?w6YWaE'p+HV=R~GJUzOa0Ff+t_2S`y)@E%$.QzNLabNWgNOjBW^@nB=N'E.&_$8ThRiaJZ)9&{~dfnK'%L8XfOnY(0'@HB97P`qM$M*Umc*)?9Pyg!1Q4i!@IVKLh_ISO1RG6D{rihLkot}6&=3nvKSaMUso1'Hn=oXN$Xr[2ae=3{16t8`kM7ADCr6SpgY?OdJcxNUYmNT%^AER6{5@Ktm~Z}^voldXW1]ei2N=k(OpDZ0MQ%8e`DaVi]NAr=D,M{ih?SO9Dc-dnYR=TZ5]V)YT=qOVB!tv@@f?.{aIojCwg3y*oZL}4U,?JM(i?ZU}$Gj.5&feIGY9{rF{31?&6Ith,k@gNN2@tBZ*f4hAgVv~@gnuaid9&L=C2C&SNfVj(}')Fih@@+zWAP,XkC[FYdFKYk[A-3@*'o!9C]h.4%k@[ODAnevW$ZM'Y`D0e[gf-7k=0]CThKE^I," [HKEY_USERS\.DEFAULT\Software\Microsoft\MediaPlayer\Battery\Presets\BrightSphere] [HKEY_USERS\.DEFAULT\Software\Microsoft\MediaPlayer\Battery\Presets\BrightSphere\CurrentShiftInfo] [HKEY_USERS\.DEFAULT\Software\Microsoft\MediaPlayer\Battery\Presets\BrightSphere\CurrentShiftInfo\0] [HKEY_USERS\.DEFAULT\Software\Microsoft\MediaPlayer\Battery\Presets\BrightSphere\PreShiftInfo] [HKEY_USERS\.DEFAULT\Software\Microsoft\MediaPlayer\Battery\Presets\BrightSphere\PreShiftInfo\0] [HKEY_USERS\S-1-5-19\Software\Microsoft\MediaPlayer\Battery\Presets\BrightSphere] [HKEY_USERS\S-1-5-19\Software\Microsoft\MediaPlayer\Battery\Presets\BrightSphere\CurrentShiftInfo] [HKEY_USERS\S-1-5-19\Software\Microsoft\MediaPlayer\Battery\Presets\BrightSphere\CurrentShiftInfo\0] [HKEY_USERS\S-1-5-19\Software\Microsoft\MediaPlayer\Battery\Presets\BrightSphere\PreShiftInfo] [HKEY_USERS\S-1-5-19\Software\Microsoft\MediaPlayer\Battery\Presets\BrightSphere\PreShiftInfo\0] [HKEY_USERS\S-1-5-20\Software\Microsoft\MediaPlayer\Battery\Presets\BrightSphere] [HKEY_USERS\S-1-5-20\Software\Microsoft\MediaPlayer\Battery\Presets\BrightSphere\CurrentShiftInfo] [HKEY_USERS\S-1-5-20\Software\Microsoft\MediaPlayer\Battery\Presets\BrightSphere\CurrentShiftInfo\0] [HKEY_USERS\S-1-5-20\Software\Microsoft\MediaPlayer\Battery\Presets\BrightSphere\PreShiftInfo] [HKEY_USERS\S-1-5-20\Software\Microsoft\MediaPlayer\Battery\Presets\BrightSphere\PreShiftInfo\0] [HKEY_USERS\S-1-5-21-2455313365-41544371-727635962-1183\Software\Microsoft\MediaPlayer\Battery\Presets\BrightSphere] [HKEY_USERS\S-1-5-21-2455313365-41544371-727635962-1183\Software\Microsoft\MediaPlayer\Battery\Presets\BrightSphere\CurrentShiftInfo] [HKEY_USERS\S-1-5-21-2455313365-41544371-727635962-1183\Software\Microsoft\MediaPlayer\Battery\Presets\BrightSphere\CurrentShiftInfo\0] [HKEY_USERS\S-1-5-21-2455313365-41544371-727635962-1183\Software\Microsoft\MediaPlayer\Battery\Presets\BrightSphere\PreShiftInfo] [HKEY_USERS\S-1-5-21-2455313365-41544371-727635962-1183\Software\Microsoft\MediaPlayer\Battery\Presets\BrightSphere\PreShiftInfo\0] [HKEY_USERS\S-1-5-21-3325933522-2071879195-4179878093-1012\Software\Microsoft\MediaPlayer\Battery\Presets\BrightSphere] [HKEY_USERS\S-1-5-21-3325933522-2071879195-4179878093-1012\Software\Microsoft\MediaPlayer\Battery\Presets\BrightSphere\CurrentShiftInfo] [HKEY_USERS\S-1-5-21-3325933522-2071879195-4179878093-1012\Software\Microsoft\MediaPlayer\Battery\Presets\BrightSphere\CurrentShiftInfo\0] [HKEY_USERS\S-1-5-21-3325933522-2071879195-4179878093-1012\Software\Microsoft\MediaPlayer\Battery\Presets\BrightSphere\PreShiftInfo] [HKEY_USERS\S-1-5-21-3325933522-2071879195-4179878093-1012\Software\Microsoft\MediaPlayer\Battery\Presets\BrightSphere\PreShiftInfo\0] [HKEY_USERS\S-1-5-18\Software\Microsoft\MediaPlayer\Battery\Presets\BrightSphere] [HKEY_USERS\S-1-5-18\Software\Microsoft\MediaPlayer\Battery\Presets\BrightSphere\CurrentShiftInfo] [HKEY_USERS\S-1-5-18\Software\Microsoft\MediaPlayer\Battery\Presets\BrightSphere\CurrentShiftInfo\0] [HKEY_USERS\S-1-5-18\Software\Microsoft\MediaPlayer\Battery\Presets\BrightSphere\PreShiftInfo] [HKEY_USERS\S-1-5-18\Software\Microsoft\MediaPlayer\Battery\Presets\BrightSphere\PreShiftInfo\0] |
|
|
||
21.10.2009, 08:14
...neu hier
Beiträge: 9 |
#13
Und diesen Report gint mir Sophos:
Was kann ich weiter machen? Sophos Anti-Rootkit Version 1.5.0 (c) 2009 Sophos Plc Started logging on 20.10.2009 at 20:43:49 User "xxx" on computer "xxx-NB2" Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x100 PT=0x1 Win32 Info: Starting process scan. Info: Starting registry scan. Info: Starting disk scan of C: (NTFS). Hidden: file C:\ADSM_PData_0150\DragWait.exe Hidden: file C:\Programme\ASUS\ASUS Data Security Manager\driver\x86\_avt Hidden: file C:\ADSM_PData_0150\_avt Hidden: file C:\ADSM_PData_0150\DB\SI.db Hidden: file C:\ADSM_PData_0150\DB\VL.db Hidden: file C:\ADSM_PData_0150\DB\UL.db Hidden: file C:\ADSM_PData_0150\DB\_avt Hidden: file C:\Programme\ASUS\ASUS Data Security Manager\driver\x86\AsDsm.sys Hidden: file C:\Dokumente und Einstellungen\xxx\Desktop\Neheim_Annastraße aktualisiert.pr4 Hidden: file C:\Dokumente und Einstellungen\xxx\Gesichertes Dokument\_avt Hidden: file C:\Dokumente und Einstellungen\xxx\Gesicherte Musik\_avt Hidden: file C:\Dokumente und Einstellungen\xxx\Gesichertes Video\_avt Hidden: file C:\Dokumente und Einstellungen\xxx\Gesichertes Dokument\_lit Hidden: file C:\Dokumente und Einstellungen\xxx\Gesicherte Musik\_lit Hidden: file C:\Dokumente und Einstellungen\xxx\Gesichertes Video\_lit Hidden: file C:\Programme\Microsoft Office\Office12\NLSMODELS0009.dll Hidden: file C:\WINDOWS\system32\spool\drivers\w32x86\3\KMRC448L.DLL Hidden: file C:\WINDOWS\system32\spool\drivers\w32x86\3\KMRC44C2.DLL Hidden: file C:\WINDOWS\SoftwareDistribution\Download\d53a19238e3664857cfe3ba9425b011d\SP2GDR\dxtmsft.dll Hidden: file C:\WINDOWS\CSC\d3\80000152 Hidden: file C:\WINDOWS\system32\drivers\sptd.sys Info: Starting disk scan of D: (NTFS). Hidden: file D:\_EIB\Hager\Alt\CD_Applikation_Produkte\tebisEIB\Marketing\virthaus.exe Info: Starting disk scan of F: (FAT). Stopped logging on 20.10.2009 at 21:49:03 |
|
|
||
21.10.2009, 09:25
Ehrenmitglied
Beiträge: 6028 |
||
|
||
21.10.2009, 14:11
Moderator
Beiträge: 5694 |
#15
Beantworte noch die Frage von Argus danach:
Bekannt???: Zitat D:\_EIB\Hager\Alt\CD_Applikation_Produkte\tebisEIB\Marketing\virthaus.exe>> Poste ein aktuelles Log von Avira mit folgenden Einstellungen: http://www.paules-pc-forum.de/forum/4-pc-sicherheit/112535-avira-antivir-anleitung-zur-einrichtung.html#post687405 Gruss Swiss |
|
|
||
Hab mit AntiVir den Trojaner TR/Vundo.gen gefunden, ihn zu löschen hat aber leider nichts gebracht. Ich habs auch mit hijackthis versucht, doch nach dem neustart waren alle dateien wieder da. Jetzt weiß ich nicht was ich machen soll. Ist der PC meiner Eltern und erst ein paar Monate alt.
Hoffe ihr könnt mir helfen. Danke!
Tinwian
Logfile of HijackThis v1.99.1
Scan saved at 19:43:19, on 29.01.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
F:\Programme\Sygate\SPF\smc.exe
E:\WINDOWS\system32\brsvc01a.exe
E:\WINDOWS\system32\brss01a.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
F:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
E:\WINDOWS\system32\hkcmd.exe
E:\WINDOWS\system32\igfxpers.exe
E:\Programme\Java\jre1.5.0_09\bin\jusched.exe
F:\Programme\Adobe\apdproxy.exe
E:\WINDOWS\system32\ctfmon.exe
F:\Programme\Adobe\PhotoshopElementsFileAgent.exe
F:\Programme\Microsoft Office\Office\FINDFAST.EXE
F:\Programme\Microsoft Office\Office\OSA.EXE
F:\Programme\AntiVir PersonalEdition Classic\sched.exe
F:\Programme\AntiVir PersonalEdition Classic\avguard.exe
E:\WINDOWS\system32\svchost.exe
E:\Programme\OpenOffice.org 2.0\program\soffice.exe
E:\Programme\OpenOffice.org 2.0\program\soffice.BIN
F:\Programme\Mozilla Firefox\firefox.exe
F:\Programme\AntiVir PersonalEdition Classic\avcenter.exe
E:\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {C505F4FA-0AFD-4E83-B73E-5084E813154A} - E:\WINDOWS\system32\ddccayw.dll
O3 - Toolbar: (no name) - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O4 - HKLM\..\Run: [SmcService] F:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [avgnt] "F:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [igfxtray] E:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] E:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] E:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Programme\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\Programme\Adobe\apdproxy.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OpenOffice.org 2.0.lnk = E:\Programme\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = E:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Find Fast.lnk = F:\Programme\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = F:\Programme\Microsoft Office\Office\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O20 - Winlogon Notify: ddccayw - E:\WINDOWS\SYSTEM32\ddccayw.dll
O20 - Winlogon Notify: igfxcui - E:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: winxtx32 - E:\WINDOWS\SYSTEM32\winxtx32.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - F:\Programme\Adobe\PhotoshopElementsFileAgent.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - F:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - F:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - E:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - F:\Programme\Sygate\SPF\smc.exe
"Keáler" - 07-01-29 19:44:49 Service Pack 2
ComboFix 07-01-25 - Running from: "F:\Programme\Mozilla Firefox"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
E:\WINDOWS\system32\unsvchosts.lzma
E:\Programme\Gemeinsame Dateien\{2055E~1
E:\Programme\Gemeinsame Dateien\{3055E~1
((((((((((((((((((((((((((((((( Files Created from 2006-12-29 to 2007-01-29 ))))))))))))))))))))))))))))))))))
2007-01-29 19:42 <DIR> d-------- E:\Hijackthis
2007-01-29 19:11 <DIR> d-------- E:\backups
2007-01-21 18:07 <DIR> d-------- E:\Programme\The Panorama Factory
2007-01-21 11:32 22,029 ---hs---- E:\WINDOWS\system32\ddccayw.dll
2007-01-21 11:32 18,432 --a------ E:\WINDOWS\system32\winxtx32.dll
2007-01-20 20:55 <DIR> d-------- E:\Programme\Avanquest update
2007-01-20 20:54 25,600 --a------ E:\WINDOWS\system32\drivers\usbser.sys
2007-01-20 20:54 24,192 --a------ E:\DOKUME~1\KELER~1\usbsermptxp.sys
2007-01-20 20:54 22,768 --a------ E:\WINDOWS\system32\drivers\usbsermpt.sys
2007-01-20 20:54 22,768 --a------ E:\DOKUME~1\KELER~1\usbsermpt.sys
2007-01-20 20:54 <DIR> d-------- E:\Programme\Motorola Phone Tools
2007-01-20 20:54 <DIR> d-------- E:\DOKUME~1\ALLUSE~1\Anwendungsdaten\BVRP Software
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-01-29 19:13 -------- d-------- E:\DOKUME~1\KELER~1\Anwendungsdaten\openoffice.org2
2007-01-27 14:18 -------- d-------- E:\DOKUME~1\KELER~1\Anwendungsdaten\canon
2007-01-20 20:55 -------- d--h----- E:\Programme\installshield installation information
2006-12-27 12:55 -------- d-------- E:\Programme\speedfan
2006-12-11 19:55 -------- d-------- E:\DOKUME~1\KELER~1\Anwendungsdaten\opera
2006-12-11 19:49 -------- d-------- E:\DOKUME~1\KELER~1\Anwendungsdaten\adobe
2006-12-11 19:41 -------- d-------- E:\Programme\Gemeinsame Dateien\adobe
2006-12-11 19:39 20640 --------- E:\WINDOWS\system32\drivers\PxHelp20.sys
2006-12-11 19:39 109568 --------- E:\WINDOWS\system32\pxinsi64.exe
2006-12-11 19:39 108544 --------- E:\WINDOWS\system32\pxcpyi64.exe
2006-12-11 17:53 -------- d-------- E:\Programme\hmonitor
2006-12-09 22:21 -------- d-------- E:\Programme\hugin
2006-12-09 21:02 -------- d-------- E:\Programme\albatross
2006-12-07 19:41 -------- d-------- E:\Programme\gimp-2.0
2006-12-07 06:29 2374472 --a------ E:\WINDOWS\system32\wmvcore.dll
2006-12-05 09:26 7188 --a------ E:\WINDOWS\system32\drivers\Hmonitor.sys
2006-12-03 10:22 -------- d---s---- E:\DOKUME~1\KELER~1\Anwendungsdaten\microsoft
2006-11-14 18:39 62 --ahs---- E:\DOKUME~1\KELER~1\Anwendungsdaten\desktop.ini
2006-11-08 06:06 679424 --a------ E:\WINDOWS\system32\inetcomm.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="E:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SmcService"="F:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui"
"avgnt"="\"F:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"igfxtray"="E:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="E:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="E:\\WINDOWS\\system32\\igfxpers.exe"
"SunJavaUpdateSched"="\"E:\\Programme\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"Adobe Photo Downloader"="\"F:\\Programme\\Adobe\\apdproxy.exe\""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"="F:\\Programme\\Spybot - Search & Destroy\\TeaTimer.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{C505F4FA-0AFD-4E83-B73E-5084E813154A}"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentDocsOnExit"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddccayw
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winxtx32
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Completion time: 07-01-29 19:46:59
Volume in Laufwerk E: hat keine Bezeichnung.
Volumeseriennummer: 2055-E2D5
Verzeichnis von E:\WINDOWS\system32
29.01.2007 19:13 21.061 FFASTLOG.TXT
26.01.2007 20:44 12.620 wpa.dbl
22.01.2007 09:13 149.992 FNTCACHE.DAT
21.01.2007 11:32 22.029 ddccayw.dll
21.01.2007 11:32 18.432 winxtx32.dll
03.01.2007 00:19 10.980.776 MRT.exe
11.12.2006 19:39 28.672 vxblock.dll
11.12.2006 19:39 405.504 px.dll
Volume in Laufwerk E: hat keine Bezeichnung.
Volumeseriennummer: 2055-E2D5
Verzeichnis von E:\DOKUME~1\KELER~1\LOKALE~1\Temp
29.01.2007 19:47 289 datFind.zip
1 Datei(en) 289 Bytes
0 Verzeichnis(se), 9.490.386.944 Bytes frei
Volume in Laufwerk E: hat keine Bezeichnung.
Volumeseriennummer: 2055-E2D5
Verzeichnis von E:\WINDOWS
29.01.2007 19:13 157 wiadebug.log
29.01.2007 19:13 1.907.341 WindowsUpdate.log
29.01.2007 19:13 50 wiaservc.log
29.01.2007 19:13 0 0.log
29.01.2007 19:13 2.048 bootstat.dat
28.01.2007 12:13 486 win.ini
25.01.2007 15:06 430.533 setupapi.log
20.01.2007 21:11 26.596 ModemLog_Motorola USB Modem.txt
11.01.2007 18:39 70.190 iis6.log
11.01.2007 18:39 95.760 ntdtcsetup.log
11.01.2007 18:39 175.052 tsoc.log
11.01.2007 18:39 1.374 imsins.log
11.01.2007 18:39 159.010 comsetup.log
11.01.2007 18:39 25.443 ocmsn.log
11.01.2007 18:39 10.709 KB929969.log
11.01.2007 18:39 227.990 ocgen.log
11.01.2007 18:39 22.364 msgsocm.log
11.01.2007 18:39 442.972 FaxSetup.log
Verzeichnis von E:\
29.01.2007 19:50 0 sys.txt
29.01.2007 19:50 296 down.txt
29.01.2007 19:50 117 tmp.txt
29.01.2007 19:49 8.458 system.txt
29.01.2007 19:49 294 systemtemp.txt
29.01.2007 19:48 95.470 system32.txt
29.01.2007 19:46 4.994 ComboFix.txt
29.01.2007 19:43 3.980 hijackthis.log
29.01.2007 19:12 1.598.029.824 pagefile.sys
28.01.2007 13:59 4.398 ffastun.ffa
28.01.2007 13:59 49.152 ffastun.ffo
28.01.2007 13:59 163.840 ffastun.ffl
28.01.2007 13:59 2.088.960 ffastun0.ffx
14.11.2006 19:38 210 boot.ini
Volume in Laufwerk E: hat keine Bezeichnung.
Volumeseriennummer: 2055-E2D5
Verzeichnis von E:\WINDOWS\temp
Volume in Laufwerk E: hat keine Bezeichnung.
Volumeseriennummer: 2055-E2D5
Verzeichnis von E:\WINDOWS\Downloaded Program Files
14.11.2006 18:51 65 desktop.ini
1 Datei(en) 65 Bytes
0 Verzeichnis(se), 9.490.374.656 Bytes frei