Schwarzes Fenster öffnet sich kurz, Roaming? |
||
---|---|---|
#0
| ||
05.03.2011, 12:06
Member
Beiträge: 56 |
||
|
||
06.03.2011, 10:16
Passwort: gast
Beiträge: 0 |
#2
Arbeite bitte folgendes ab:
http://board.protecus.de/t40182.htm Mache erst bitte ein Mbam scan, lasse alle Funde loeschen und poste den Report http://www.trojaner-board.de/51187-anleitung-malwarebytes-anti-malware.html |
|
|
||
06.03.2011, 14:30
Member
Themenstarter Beiträge: 56 |
#3
Hier der Mbam Scan, sieht schon mal gut aus.
Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 5972 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 06.03.2011 14:29:13 mbam-log-2011-03-06 (14-29-13).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 163578 Laufzeit: 4 Minute(n), 36 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 4 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU (Trojan.Downloader) -> Value: HKCU -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Users\marc\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully. c:\Users\marc\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully. c:\Users\marc\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully. c:\Users\marc\AppData\Roaming\com\server.exe (Trojan.Downloader) -> Quarantined and deleted successfully. Und hier OTL: Extra.txt OTL Extras logfile created on: 06.03.2011 19:48:16 - Run 1 OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\marc\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 280,99 Gb Total Space | 199,02 Gb Free Space | 70,83% Space Free | Partition Type: NTFS Drive D: | 16,81 Gb Total Space | 2,43 Gb Free Space | 14,46% Space Free | Partition Type: NTFS Drive E: | 99,34 Mb Total Space | 89,69 Mb Free Space | 90,29% Space Free | Partition Type: FAT32 Drive F: | 327,38 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: MR_MOJITO | User Name: marc | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{10F539B1-31AF-43BF-9F0C-0EB66E918922}" = HP Quick Launch "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java(TM) 6 Update 17 (64-bit) "{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{55A4978B-CC3A-E5C2-5567-95B70A1D1432}" = ccc-utility64 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = Broadcom 2070 Bluetooth 2.1 + EDR "{B2FDEA1B-9B78-41CE-8A80-01D99D687D09}" = HP Wireless Assistant "{C9083B9D-9092-FF22-DDCC-9776E69BE816}" = ATI Catalyst Install Manager "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) "6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) "7E38E30BB92ED94B21CF062A7386554CBA991FEB" = Windows Driver Package - Broadcom Bluetooth (12/16/2009 6.2.0.9414) "Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00FF3F93-F2CE-BFBE-347E-C49F3A1780D9}" = CCC Help Dutch "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{08DB3902-2CE0-474D-BCE3-0177766CE9F1}" = HP Support Assistant "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{223B6018-B8A2-7090-7BA9-4E2002DCAB86}" = Catalyst Control Center InstallProxy "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 24 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2BC0D0E6-13E7-4CCB-98ED-1D8CDF89D96B}" = HP Software Framework "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7 "{3ECBC47D-7913-8D9D-8703-DC1969CB252A}" = CCC Help Danish "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor "{43861B2A-0548-46B7-56E3-F2AB01311C7E}" = CCC Help Greek "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4EDCB0CC-305A-2D52-E9A5-E6CA59DFF2F7}" = CCC Help Turkish "{4F80ACED-DE98-ECF3-0559-098936A13994}" = Catalyst Control Center Graphics Full New "{51343725-98F7-D613-E46D-3C2198DF0162}" = Catalyst Control Center Core Implementation "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{621E909B-9AD0-8E66-336F-5B0284145719}" = CCC Help Japanese "{63CE9AEA-F3F7-C1DC-EC4E-27A0DF0B9261}" = Catalyst Control Center Graphics Previews Common "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}" = LightScribe System Software "{6B78BA3C-795D-C47D-5DD3-BEA98FF7CD6C}" = CCC Help Norwegian "{6F4B5D6B-6FA4-ACDE-F89C-BF437D2302AF}" = Catalyst Control Center Graphics Light "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{76E108BF-C1B2-A945-9EFC-FFA030D20E1E}" = CCC Help Russian "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{8354E8D3-B6FF-079F-E82F-73128A84A354}" = CCC Help Hungarian "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90170407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003 "{90510407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003 "{90A10407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003 "{934B3B9F-8B5F-AA7F-770E-117C9B7B4DCA}" = CCC Help Czech "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{99CFB83D-D10A-F740-2EE5-02BB86F79BBB}" = CCC Help Chinese Standard "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B90C530-7A5F-7997-6275-A66AB973148B}" = CCC Help Italian "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAC22E56-5466-8E1E-4533-81E0AC51120B}" = CCC Help Spanish "{AB4CE98A-220A-1F05-A513-6CA5C9F34A8A}" = Catalyst Control Center Graphics Previews Vista "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.2 MUI "{C1A0D5F7-02F3-4D95-872A-0E56CF968DC6}" = Catalyst Control Center - Branding "{C2483D27-D725-95FD-6EBF-8AAE23A8342C}" = CCC Help Portuguese "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C388F68C-5AA9-ECE2-6FD7-73EB09FD5130}" = CCC Help Korean "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{C829AA7D-3113-0942-06D1-1A2CFA850920}" = CCC Help French "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CC639DE4-356A-B032-BE59-52ED46879591}" = CCC Help Thai "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D3058349-D2ED-4A3B-651B-9882B3BD7F8D}" = Catalyst Control Center Localization All "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! "{D3E9CA09-20E8-F218-15F3-3E1CA0EEFB4D}" = PX Profile Update "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update "{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver "{D895ACBB-697F-1C12-6E3F-3A6229D19857}" = CCC Help German "{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player "{D9ABACA0-5C8B-6D8E-6881-65EF2F13B987}" = CCC Help Polish "{DE22695F-CB6A-B64F-8477-275C1FCF3001}" = Catalyst Control Center Graphics Full Existing "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E10AD9B8-1A7C-87E9-2ABE-8F852A89A369}" = CCC Help English "{E2831862-F131-4327-B9CC-FA30F587EB6C}" = HP Setup "{EAA941D9-93E7-2C0B-0754-0806755CD5F3}" = ccc-core-static "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{EF0970F3-19FE-CDA9-837B-C9EA53D5DBED}" = CCC Help Finnish "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F37935A0-AFC8-47F9-8B7D-D09E88FCA0B8}" = HP User Guides 0211 "{F580D6C2-140E-143A-1013-3C3A4FCCB3A1}" = CCC Help Chinese Traditional "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{F9842DD1-81B6-AF2C-72C2-F28B56A5B6DF}" = CCC Help Swedish "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Age of Empires 2.0" = Microsoft Age of Empires II "Applian Director2.0" = Applian Director "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "BitTorrent" = BitTorrent "DivX Setup.divx.com" = DivX-Setup "EasyBits Magic Desktop" = Magic Desktop "FLV-Media Player" = FLV-Media Player 1.8 "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8 "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Mozilla Firefox (3.6.14)" = Mozilla Firefox (3.6.14) "My HP Game Console" = HP Game Console "Nero8Lite_is1" = Nero 8 Lite "NIS" = Norton Internet Security "Replay Video Capture4.2" = Replay Video Capture "Uninstall_is1" = Uninstall 1.0.0.1 "WildTangent hp Master Uninstall" = HP Games "WinGimp-2.0_is1" = GIMP 2.6.11 "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR "WT082124" = Blasterball 3 "WT082141" = FATE "WT082168" = Penguins! "WT082172" = Polar Bowler "WT082192" = Bejeweled 2 Deluxe "WT082200" = Chuzzle Deluxe "WT082222" = Insaniquarium Deluxe "WT082241" = Virtual Villagers - The Secret City "WT082246" = Zuma Deluxe "WT082396" = Diner Dash 2 Restaurant Rescue "WT082409" = Mahjongg Artifacts "WT082414" = Mystery P.I. - The Vegas Heist "WT082422" = Wedding Dash "WT082427" = Slingo Deluxe "WT082439" = Bus Driver "WT083492" = Agatha Christie - Death on the Nile "WT083510" = Jewel Quest Solitaire "WT083514" = Jewel Quest II "WT083521" = Dream Chronicles "WT083529" = Gem Shop [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 18.02.2011 16:15:52 | Computer Name = mr_mojito | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 1372 Error - 18.02.2011 16:15:52 | Computer Name = mr_mojito | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 1372 Error - 18.02.2011 16:15:53 | Computer Name = mr_mojito | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 18.02.2011 16:15:53 | Computer Name = mr_mojito | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 2402 Error - 18.02.2011 16:15:53 | Computer Name = mr_mojito | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 2402 Error - 19.02.2011 14:55:45 | Computer Name = mr_mojito | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 19.02.2011 14:55:45 | Computer Name = mr_mojito | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 16006 Error - 19.02.2011 14:55:45 | Computer Name = mr_mojito | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 16006 Error - 20.02.2011 08:30:32 | Computer Name = mr_mojito | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 20.02.2011 08:31:25 | Computer Name = mr_mojito | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files (x86)\Nero\nero toolkit\nero discspeed\DiscSpeed.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest. [ Hewlett-Packard Events ] Error - 03.10.2010 06:28:36 | Computer Name = mr_mojito | Source = Hewlett-Packard | ID = 0 Description = de-CH Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) bei System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks, Int32 bufferSize) bei System.IO.StreamReader..ctor(String path, Encoding encoding) bei System.IO.File.ReadAllText(String path, Encoding encoding) bei n.a() Error - 24.10.2010 11:00:52 | Computer Name = mr_mojito | Source = Hewlett-Packard | ID = 0 Description = de-CH Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) bei System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks, Int32 bufferSize) bei System.IO.StreamReader..ctor(String path, Encoding encoding) bei System.IO.File.ReadAllText(String path, Encoding encoding) bei n.a() Error - 07.11.2010 05:20:16 | Computer Name = mr_mojito | Source = Hewlett-Packard | ID = 0 Description = de-CH Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) bei System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks, Int32 bufferSize) bei System.IO.StreamReader..ctor(String path, Encoding encoding) bei System.IO.File.ReadAllText(String path, Encoding encoding) bei n.a() Error - 14.11.2010 15:12:06 | Computer Name = mr_mojito | Source = Hewlett-Packard | ID = 0 Description = de-CH Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) bei System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks, Int32 bufferSize) bei System.IO.StreamReader..ctor(String path, Encoding encoding) bei System.IO.File.ReadAllText(String path, Encoding encoding) bei n.a() Error - 21.11.2010 13:58:34 | Computer Name = mr_mojito | Source = Hewlett-Packard | ID = 0 Description = de-CH Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt. Configurator bei Configurator.ConfiguratorClass.loadXML() bei Configurator.ConfiguratorClass..ctor(Boolean loadxml) bei HPSFConfigReader.ConfigHelper..ctor() bei HPAssistant.csSettings.loadApplicationResources(Boolean isOnAppLoad) Error - 12.12.2010 06:09:31 | Computer Name = mr_mojito | Source = Hewlett-Packard | ID = 0 Description = de-CH Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) bei System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks, Int32 bufferSize) bei System.IO.StreamReader..ctor(String path, Encoding encoding) bei System.IO.File.ReadAllText(String path, Encoding encoding) bei n.a() [ HP Wireless Assistant Events ] Error - 02.03.2011 11:55:58 | Computer Name = mr_mojito | Source = HP WA Service | ID = 0 Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE Error - 02.03.2011 11:55:58 | Computer Name = mr_mojito | Source = HP WA Service | ID = 0 Description = Unable to access panel brightness tables. Error - 02.03.2011 11:55:59 | Computer Name = mr_mojito | Source = HP WA Service | ID = 0 Description = System.Management.ManagementException Nicht unterstützt bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus errorCode) bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext() bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage() Error - 03.03.2011 02:20:46 | Computer Name = mr_mojito | Source = HP WA Service | ID = 0 Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE Error - 03.03.2011 10:17:13 | Computer Name = mr_mojito | Source = HP WA Service | ID = 0 Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE Error - 04.03.2011 20:12:56 | Computer Name = mr_mojito | Source = HP WA Service | ID = 0 Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE Error - 05.03.2011 05:12:09 | Computer Name = mr_mojito | Source = HP WA Service | ID = 0 Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE Error - 05.03.2011 10:44:33 | Computer Name = mr_mojito | Source = HP WA Service | ID = 0 Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE Error - 06.03.2011 08:41:15 | Computer Name = mr_mojito | Source = HP WA Service | ID = 0 Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE Error - 06.03.2011 09:34:12 | Computer Name = mr_mojito | Source = HP WA Service | ID = 0 Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE [ System Events ] Error - 13.12.2010 02:56:59 | Computer Name = mr_mojito | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst HPWMISVC erreicht. Error - 13.12.2010 08:05:49 | Computer Name = mr_mojito | Source = Service Control Manager | ID = 7030 Description = Der Dienst "ICQ Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error - 13.12.2010 08:05:49 | Computer Name = mr_mojito | Source = Service Control Manager | ID = 7030 Description = Der Dienst "ICQ Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. < End of report > OTL logfile created on: 06.03.2011 19:48:16 - Run 1 OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\marc\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 280,99 Gb Total Space | 199,02 Gb Free Space | 70,83% Space Free | Partition Type: NTFS Drive D: | 16,81 Gb Total Space | 2,43 Gb Free Space | 14,46% Space Free | Partition Type: NTFS Drive E: | 99,34 Mb Total Space | 89,69 Mb Free Space | 90,29% Space Free | Partition Type: FAT32 Drive F: | 327,38 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: MR_MOJITO | User Name: marc | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - C:\Users\marc\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10n_ActiveX.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) PRC - C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.0.0.136\InstStub.exe (Symantec Corporation) PRC - C:\Windows\SysWOW64\explorer.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe (Symantec Corporation) [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - C:\Users\marc\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (HPWMISVC) -- C:\Programme\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe () SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.) SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (AERTFilters) -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation) SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe (Symantec Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.) DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1100000.088\srtsp64.sys (Symantec Corporation) DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NISx64\1100000.088\srtspx64.sys (Symantec Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell) DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (KMWDFILTER) -- C:\Windows\SysNative\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider) DRV - (RSUSBSTOR) -- C:\Windows\SysWOW64\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20090829.019\EX64.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20090829.019\ENG64.SYS (Symantec Corporation) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/12 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON/12 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/12 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.google.ch" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ FF - HKLM\software\mozilla\Firefox\Extensions\\{4C0766D3-67A7-45a3-85A2-752F77312F32}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ FF - HKLM\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.03.05 01:07:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.05 01:07:22 | 000,000,000 | ---D | M] [2010.09.01 12:33:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\marc\AppData\Roaming\mozilla\Extensions [2011.02.07 10:43:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\marc\AppData\Roaming\mozilla\Firefox\Profiles\jh8lz2zq.default\extensions [2011.02.21 08:09:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010.09.30 19:13:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.11.20 12:56:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.12.29 13:37:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.02.21 08:09:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.10.06 16:31:22 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.10.06 16:31:22 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.10.06 16:31:22 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.10.06 16:31:22 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.10.06 16:31:22 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\IPSBHO.DLL (Symantec Corporation) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [HP Quick Launch] C:\Programme\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company) O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe () O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS) O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe (Symantec Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [HKCU] C:\Users\marc\AppData\Roaming\com\server.exe (Microsoft Corporation) O4 - HKCU..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe () O4 - HKCU..\Run: [Testing] C:\ProgramData\Svg64.exe (Elaborate Bytes AG) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\marc\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\marc\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [1999.09.25 17:28:22 | 000,000,971 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{a808627d-b502-11df-91b0-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{a808627d-b502-11df-91b0-806e6f6e6963}\Shell\AutoRun\command - "" = F:\aoesetup.exe -- [2000.09.27 20:17:58 | 000,585,790 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{a808627d-b502-11df-91b0-806e6f6e6963}\Shell\directx\command - "" = F:\DIRECTX\DXSETUP.EXE -- [1999.01.09 04:10:00 | 000,096,768 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{a808627d-b502-11df-91b0-806e6f6e6963}\Shell\dplay\command - "" = F:\DIRECTX\DPLAY61A.EXE -- [1999.06.19 01:35:30 | 000,485,600 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{a808627d-b502-11df-91b0-806e6f6e6963}\Shell\dxdiag\command - "" = F:\GOODIES\AR40DEU.EXE -- [1999.06.29 17:17:26 | 005,994,880 | R--- | M] (InstallShield Software Corporation) O33 - MountPoints2\{a808627d-b502-11df-91b0-806e6f6e6963}\Shell\dxinfo\command - "" = F:\GOODIES\DIRECTX\DXINFO.EXE -- [1997.07.15 10:00:00 | 000,299,520 | R--- | M] (Microsoft Corp.) O33 - MountPoints2\{a808627d-b502-11df-91b0-806e6f6e6963}\Shell\dxtest\command - "" = F:\DIRECTX\DXDIAG.EXE -- [1999.01.09 04:10:00 | 001,253,648 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{a808627d-b502-11df-91b0-806e6f6e6963}\Shell\dxtool\command - "" = F:\GOODIES\DIRECTX\DXTOOL.EXE -- [1997.07.15 10:00:00 | 000,033,280 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{a808627d-b502-11df-91b0-806e6f6e6963}\Shell\log\command - "" = F:\goodies\machine\machine.exe -- [1999.08.17 23:05:36 | 000,208,896 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{a808627d-b502-11df-91b0-806e6f6e6963}\Shell\machine\command - "" = F:\GOODIES\MACHINE\MACHINE.EXE -- [1999.08.17 23:05:36 | 000,208,896 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{a808627d-b502-11df-91b0-806e6f6e6963}\Shell\setup\command - "" = F:\aoesetup.exe -- [2000.09.27 20:17:58 | 000,585,790 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{a808627d-b502-11df-91b0-806e6f6e6963}\Shell\zone\command - "" = F:\GOODIES\MSZONE\ZONEA600.EXE -- [1999.09.02 01:16:04 | 006,753,985 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011.03.06 14:07:41 | 000,000,000 | ---D | C] -- C:\Users\marc\AppData\Roaming\Malwarebytes [2011.03.06 14:03:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.03.06 14:03:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.03.06 14:03:26 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.03.06 14:03:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.03.06 13:39:13 | 000,000,000 | ---D | C] -- C:\Users\marc\AppData\Local\{A492AC06-6D91-45AD-B95E-19895F3CC1A9} [2011.03.05 22:10:42 | 000,000,000 | ---D | C] -- C:\Users\marc\AppData\Local\{293BD176-8775-43C1-A059-1A195111709F} [2011.03.05 15:51:32 | 000,000,000 | ---D | C] -- C:\Users\marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2011.03.05 15:50:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games [2011.03.05 15:49:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games [2011.03.05 12:03:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elaborate Bytes [2011.03.05 10:10:10 | 000,000,000 | ---D | C] -- C:\Users\marc\AppData\Local\{9894C2E4-BC81-4D1E-A14F-D412625A0C77} [2011.03.05 00:56:14 | 000,000,000 | ---D | C] -- C:\Users\marc\AppData\Roaming\com [2011.03.05 00:56:13 | 001,388,544 | ---- | C] (Elaborate Bytes AG) -- C:\ProgramData\Svg64.exe [2011.03.04 15:47:49 | 000,000,000 | ---D | C] -- C:\Users\marc\AppData\Local\{B5532089-9716-498A-8345-DB9995B7C7A2} [2011.03.04 15:44:37 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2011.02.27 14:29:51 | 000,000,000 | ---D | C] -- C:\Users\marc\AppData\Local\{D087D82C-97E9-443F-9740-F427DF7CE109} [2011.02.25 13:52:42 | 000,000,000 | ---D | C] -- C:\Users\marc\AppData\Local\{71FD5A30-6726-4291-8EC4-8EE70886F23B} [2011.02.23 13:14:54 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2011.02.23 13:14:54 | 000,475,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2011.02.23 13:14:54 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2011.02.23 13:14:54 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2011.02.22 21:04:40 | 000,000,000 | ---D | C] -- C:\Users\marc\AppData\Local\{31F1BBBE-8B28-4CA1-9F9B-A33BDD92F1D2} [2011.02.21 08:09:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2011.02.21 08:09:29 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2011.02.21 08:09:29 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2011.02.21 08:09:29 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2011.02.16 15:42:44 | 000,000,000 | ---D | C] -- C:\Users\marc\AppData\Local\{8144DC00-4603-4571-B71A-EF8A468C8DD8} [2011.02.12 22:16:07 | 000,000,000 | ---D | C] -- C:\Users\marc\AppData\Local\{3F203FE6-80C5-4CC8-B8F8-42F6B08F5979} [2011.02.12 08:18:15 | 000,000,000 | ---D | C] -- C:\Users\marc\AppData\Local\{20E3AFB5-8CC7-4A31-AE93-C1FB5DC8E2BA} [2011.02.11 15:28:32 | 000,000,000 | ---D | C] -- C:\Users\marc\AppData\Local\{29B2E0C2-B1CD-4A91-98B7-BDB28D776031} [2011.02.09 19:58:07 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2011.02.09 19:58:06 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2011.02.09 19:58:05 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2011.02.09 19:58:05 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2011.02.09 19:58:05 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2011.02.09 19:58:05 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011.02.09 19:58:05 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2011.02.09 19:58:05 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2011.02.09 19:58:05 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2011.02.09 19:58:05 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2011.02.09 19:58:04 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2011.02.09 19:58:04 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2011.02.09 19:57:55 | 000,264,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\upnp.dll [2011.02.09 19:57:55 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\upnp.dll [2011.02.09 19:57:52 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll [2011.02.09 19:57:51 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscapi.dll [2011.02.09 19:57:50 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\davclnt.dll [2011.02.09 19:57:50 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll [2011.02.09 19:57:50 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll [2011.02.09 19:57:50 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll [2011.02.09 19:57:49 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2011.02.09 19:57:47 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys [2011.02.09 19:57:47 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2011.02.09 19:57:45 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2011.02.09 19:57:45 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2011.02.09 19:57:45 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2011.02.09 19:57:43 | 005,510,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2011.02.09 19:57:43 | 001,739,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2011.02.09 19:57:42 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2011.02.09 19:57:42 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2011.02.09 19:57:41 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2011.02.09 19:57:41 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2011.02.09 19:57:41 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2011.02.09 19:57:41 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011.03.06 19:42:54 | 000,024,183 | -H-- | M] () -- C:\Users\marc\AppData\Roaming\logs.dat [2011.03.06 19:07:23 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.03.06 19:07:23 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.03.06 19:00:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.03.06 18:59:53 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys [2011.03.06 14:31:56 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFormarc.job [2011.03.06 13:38:08 | 000,427,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.03.05 15:26:42 | 000,000,085 | -HS- | M] () -- C:\ProgramData\.zreglib [2011.03.05 00:56:13 | 001,388,544 | ---- | M] (Elaborate Bytes AG) -- C:\ProgramData\Svg64.exe [2011.03.04 17:04:25 | 001,512,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.03.04 17:04:25 | 000,659,004 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.03.04 17:04:25 | 000,620,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.03.04 17:04:25 | 000,132,542 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.03.04 17:04:25 | 000,108,332 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.03.03 18:52:58 | 000,000,877 | ---- | M] () -- C:\Users\marc\.recently-used.xbel [2011.02.07 09:47:55 | 000,000,047 | ---- | M] () -- C:\Windows\NeroDigital.ini [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011.03.05 15:26:42 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib [2011.03.04 15:46:11 | 000,002,495 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk [2011.03.03 18:52:58 | 000,000,877 | ---- | C] () -- C:\Users\marc\.recently-used.xbel [2011.02.07 09:47:55 | 000,000,047 | ---- | C] () -- C:\Windows\NeroDigital.ini [2011.01.29 18:28:13 | 000,017,408 | ---- | C] () -- C:\Users\marc\AppData\Local\WebpageIcons.db [2011.01.20 14:07:36 | 000,004,096 | -H-- | C] () -- C:\Users\marc\AppData\Local\keyfile3.drm [2010.12.26 11:00:11 | 000,011,264 | ---- | C] () -- C:\Users\marc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.12.26 02:41:45 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.09.11 12:28:41 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2010.09.01 12:33:42 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.07.10 21:49:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.07.10 21:47:03 | 000,001,105 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2010.07.10 21:38:31 | 000,000,268 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini [2010.07.10 21:38:31 | 000,000,209 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini [2010.05.16 21:05:17 | 000,000,202 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini [2010.05.16 20:06:19 | 000,009,988 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat [2010.03.03 07:08:14 | 000,870,544 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2010.03.03 07:08:14 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll [2010.03.03 07:08:14 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll [2010.03.03 07:08:12 | 000,051,068 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2010.03.03 07:08:10 | 000,127,896 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2010.02.23 20:15:02 | 000,001,105 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010.02.09 17:58:12 | 000,012,800 | ---- | C] () -- C:\Windows\LPRES.DLL [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2005.04.08 03:16:43 | 000,024,183 | -H-- | C] () -- C:\Users\marc\AppData\Roaming\logs.dat [2003.02.20 16:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI [1997.06.14 09:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll [color=#E56717]========== LOP Check ==========[/color] [2011.01.17 11:19:44 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\BitTorrent [2011.03.06 19:00:47 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\com [2010.09.01 12:33:31 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\DVDVideoSoftIEHelpers [2011.03.03 18:52:58 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\gtk-2.0 [2010.12.26 10:59:18 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\Video DVD Maker FREE [2011.01.30 11:01:06 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\Xilisoft [2011.02.16 23:32:46 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] < End of report > Den Rootkit-Scan mit gmer hab ich jetzt nur bei Service, Registry und Files gemacht. Reicht das? Hier: GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2011-03-06 20:23:33 Windows 6.1.7600 Running: k3lfhrts.exe ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713c305bf Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f3955ed82f Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002713c305bf (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f3955ed82f (not active ControlSet) ---- EOF - GMER 1.0.15 ---- Dieser Beitrag wurde am 06.03.2011 um 20:24 Uhr von eric_oiseau editiert.
|
|
|
||
12.03.2011, 09:07
Member
Themenstarter Beiträge: 56 |
#4
Hallo? Kann mir jemand weiterhelfen?
|
|
|
||
12.03.2011, 11:32
Moderator
Beiträge: 7805 |
#5
Zur Info:
Folgende Dateien sind von Malware gesammelte und bereits verschickte Passworte und aehnliches. c:\Users\marc\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully. c:\Users\marc\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully. c:\Users\marc\AppData\Local\Temp\XxX.xXx (Malware.Trace) ->nstallie Also ist es schon mal extrem wichtig, alle Passworte von einem sauberen Rechner aus zu aendern.. Aus welcher Quelle hast du Elaborate Bytes AG (clonecd/Clonedvd?) SChau bitte, was sich in dem Ordner C:\Users\marc\AppData\Roaming\com noch alles befindet... Es ist sicherer den REchner komplett neu aufzusetzen... __________ MfG Ralf SEO-Spam Hunter |
|
|
||
12.03.2011, 12:56
Member
Themenstarter Beiträge: 56 |
#6
Danke raman.
Was heisst alle Passworte? Also auf meinem Rechner benutze ich nicht viele Passworte, nur für Portale wie hier z.B. Welche Passworte meinst du? Email z.B.? Elaborate Bytes AG Clone CD habe ich glaube ich über chip.de oder über irgendeine Englische Seite, die aber einen seriösen Eindruck machte und vom CloneCd direkt schien. Den Rechner komplett neu aufsetzen? Habe ich noch nie gemacht und weiss ich auch net wies geht... Das heisst alles formatieren? In dem genannten Ordner befindet sich nur eine Anwendung "server", löschen? danke nochmals. |
|
|
||
12.03.2011, 13:24
Moderator
Beiträge: 7805 |
#7
Ja, mit Passworte meine ich alle, sowie alles was mit Onlinebanking, Foren usw... zu tun hat.
Du kannst dich gerne einmal hier durchlesen: http://www.trojaner-board.de/51262-anleitung-neuaufsetzen-des-systems-absicherung.html http://forum.avira.com/wbb/index.php?page=Thread&threadID=6123 __________ MfG Ralf SEO-Spam Hunter |
|
|
||
13.03.2011, 12:36
Member
Themenstarter Beiträge: 56 |
#8
Danke.
Soll ich die Anwendung "server" im Ordner C:\Users\marc\AppData\Roaming\com löschen? |
|
|
||
18.03.2011, 17:43
Member
Themenstarter Beiträge: 56 |
#9
Hallo? Ja oder nein?
Edit: Ist das gut oder schlecht: Windows 7 Service Pack 1 für x64-basierte Systeme (KB976932) Downloadgröße: 73.6 MB - 892.6 MB Sie müssen ggf. den Computer neu starten, damit die Änderungen wirksam werden. Updatetyp: Wichtig Windows 7 Service Pack 1 ist eine empfohlene Sammlung von Updates und Verbesserungen für Windows, die zu einem einzigen, installierbaren Update zusammengefasst wurden. Mit dem Service Pack können Sicherheit und Zuverlässigkeit Ihres Computers verbessert werden. Eine normale Installation nimmt etwa 30Minuten in Anspruch, und Sie müssen den Computer neu starten, nachdem etwa die Hälfte des Installationsverfahrens abgeschlossen ist. Weitere Informationen: http://go.microsoft.com/fwlink/?LinkId=206783 Hilfe und Support: http://go.microsoft.com/fwlink/?LinkId=206784 Dieser Beitrag wurde am 18.03.2011 um 18:59 Uhr von eric_oiseau editiert.
|
|
|
||
19.03.2011, 09:02
Moderator
Beiträge: 7805 |
#10
Zitat Soll ich die Anwendung "server" im Ordner C:\Users\marc\AppData\Roaming\com löschen?Nein, du solltest das System neu aufsetzen! Siehe obige Links von mir. .....und ja, nach dem neu aufsetzen sind alle Updates fuer Windows 7 incl. das SP1 zu installieren. __________ MfG Ralf SEO-Spam Hunter |
|
|
||
19.03.2011, 10:50
Member
Themenstarter Beiträge: 56 |
#11
Falls ich ihn nicht neu aufsetze, was wären die Konsequenzen oder Gefahren?
|
|
|
||
19.03.2011, 11:06
Moderator
Beiträge: 7805 |
#12
Das Problem dabei ist, das wir nicht wissen, was der Banker und Bifrose RAT alles sonst noch auf deinem Rechner veraendert und installiert hat.
Den Ordner C:\Users\marc\AppData\Roaming\com solltest du ganz loeschen und div. Scans mit Mbam, Antivir KAV AVP Tool http://board.protecus.de/t37785.htm Drweb Cureit http://board.protecus.de/t29350.htm esets Onlinescanner http://www.eset.de/onlinescanner und Emsis Eek http://www.emsisoft.de/de/software/eek/ __________ MfG Ralf SEO-Spam Hunter |
|
|
||
15.08.2011, 13:50
Member
Beiträge: 15 |
#13
Ich rate dir dringenst dazu das System neu aufzusetzen sonst wirst du immer weiter ausspioniert etc... und wer weiss was die person mit deinen passwörtern und accounts anstellen will. Windows neu aufzusetzen ist eigentlich garnicht so schwer du befolgst einfach die schritte und kannst so eig. nix falsch machen.
|
|
|
||
15.08.2011, 14:50
Moderator
Beiträge: 7805 |
#14
Wenn der User das nach 5 Monaten nicht gemacht hat, wird er es nun bestimmt nicht mehr machen....
__________ MfG Ralf SEO-Spam Hunter |
|
|
||
15.08.2011, 15:50
Member
Beiträge: 15 |
#15
ist ja nicht nur für ihn den tipp sondern auch für leute die das selbe problem haben und auf den thread stoßen
|
|
|
||
Vielen Dank für die Hilfe und liebe Grüsse,