Barrachiel
2008-12-07, 14:25
hello,
I surfed through the internet to serve my problem and it really seems that nothing and nobody can help me. My Windows Vista is almost fucked up, I've got no internet-connection and even my Avast can't handle the thing I've on my laptop... :oops:
So, you guys are my last hope to solve my problem...
In advance, I read some other threads here before and I downloaded several programs to my desktop (Spybot, ATF-Cleaner, ComboFix, HiJackThis, etc.) but I didn't use it until now. (except HiJackThis and ComboFix for the logs)
So, here is, what HiJackThis says:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:53:58, on 07.12.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Admin\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Admin\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [EPSON Stylus Photo R220 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /FU "C:\Windows\TEMP\E_S31D9.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Admin\AppData\Local\Temp\tuVNHywV.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Admin\AppData\Local\Temp\vtUmJDuV.dll,c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: Adobe Acrobat - Schnellstart.lnk = ?
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Version Cue CS3 {de_DE} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe
--
End of file - 11587 bytes
Here is, what [B]ComboFix says:
ComboFix 08-12-06.06 - Admin 2008-12-07 12:59:44.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1031.18.2154 [GMT 1:00]
ausgeführt von:: c:\users\Admin\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Acer\Acer Bio Protection\PwdFilter.dll
c:\users\Admin\AppData\Roaming\.#
.
((((((((((((((((((((((( Dateien erstellt von 2008-11-07 bis 2008-12-07 ))))))))))))))))))))))))))))))
.
2008-12-07 13:04 . 2008-12-07 13:05 353,074,267 --a------ c:\windows\MEMORY.DMP
2008-12-07 08:42 . 2008-06-30 16:30 188,547 --a------ C:\wubildr
2008-12-07 08:42 . 2008-06-30 16:30 8,192 --a------ C:\wubildr.mbr
2008-12-07 08:41 . 2008-12-07 08:41 <DIR> d-------- C:\ubuntu
2008-12-07 08:38 . 2008-12-07 08:38 <DIR> d-------- C:\ubuntu-backup
2008-12-05 00:18 . 2008-12-05 00:18 183,112 --a------ c:\windows\System32\PnkBstrB.exe
2008-12-05 00:18 . 2008-12-05 00:18 138,184 --a------ c:\windows\System32\drivers\PnkBstrK.sys
2008-12-05 00:18 . 2008-12-05 00:18 66,872 --a------ c:\windows\System32\PnkBstrA.exe
2008-12-04 20:48 . 2008-12-04 20:48 <DIR> d-------- c:\users\Admin\AppData\Roaming\Leadertech
2008-12-04 19:15 . 2008-12-04 19:15 <DIR> d-------- c:\program files\EA Games
2008-11-28 15:43 . 2008-11-28 15:43 <DIR> d-------- c:\windows\Sun
2008-11-28 15:38 . 2008-11-28 15:38 <DIR> d-------- c:\users\Admin\Scilab
2008-11-28 15:20 . 2008-11-28 15:21 <DIR> d-------- c:\program files\scilab-4.1.1
2008-11-28 14:05 . 2008-12-04 11:47 <DIR> d-------- c:\program files\Java
2008-11-28 14:05 . 2008-11-10 05:43 410,984 --a------ c:\windows\System32\deploytk.dll
2008-11-18 20:25 . 2008-11-18 20:25 <DIR> d-------- c:\users\All Users\TuneUp Software
2008-11-18 20:25 . 2008-11-18 20:25 <DIR> d-------- c:\users\Admin\AppData\Roaming\TuneUp Software
2008-11-18 20:25 . 2008-11-18 20:25 <DIR> d-------- c:\programdata\TuneUp Software
2008-11-18 20:25 . 2008-11-18 20:25 <DIR> d-------- c:\program files\TuneUp Utilities 2009
2008-11-18 20:25 . 2008-11-18 20:25 603,904 --a------ c:\windows\System32\TUProgSt.exe
2008-11-18 20:25 . 2008-11-18 20:25 362,240 --a------ c:\windows\System32\TuneUpDefragService.exe
2008-11-18 20:25 . 2008-11-12 16:44 27,904 --a------ c:\windows\System32\uxtuneup.dll
2008-11-18 20:25 . 2008-11-12 16:44 17,152 --a------ c:\windows\System32\authuitu.dll
2008-11-18 20:24 . 2008-11-18 20:24 <DIR> d--hs---- c:\users\All Users\{55A29068-F2CE-456C-9148-C869879E2357}
2008-11-18 20:24 . 2008-11-18 20:24 <DIR> d--hs---- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2008-11-18 18:07 . 2008-11-18 18:09 <DIR> d-------- c:\users\All Users\EPSON
2008-11-18 18:07 . 2008-11-18 18:09 <DIR> d-------- c:\programdata\EPSON
2008-11-18 18:07 . 2008-11-18 18:07 <DIR> d-------- c:\program files\EPSON
2008-11-18 18:07 . 2006-12-08 02:04 76,800 --a------ c:\windows\System32\E_FLBAIE.DLL
2008-11-18 18:07 . 2006-04-19 02:00 62,976 --a------ c:\windows\System32\E_FD4BAIE.DLL
2008-11-18 18:07 . 2004-09-10 20:12 49,152 --a------ c:\windows\System32\E_DCINST.DLL
2008-11-17 10:11 . 2008-11-17 10:11 <DIR> d-------- c:\users\All Users\Acronis
2008-11-17 10:11 . 2008-11-17 10:11 <DIR> d-------- c:\users\Admin\AppData\Roaming\Acronis
2008-11-17 10:11 . 2008-11-17 10:11 <DIR> d-------- c:\programdata\Acronis
2008-11-17 10:08 . 2008-11-17 10:08 950,848 --a------ c:\windows\System32\drivers\tdrpm124.sys
2008-11-17 10:08 . 2008-11-17 10:08 539,104 --a------ c:\windows\System32\drivers\timntr.sys
2008-11-17 10:08 . 2008-11-17 10:08 134,272 --a------ c:\windows\System32\drivers\snman378.sys
2008-11-17 10:08 . 2008-11-17 10:08 44,704 --a------ c:\windows\System32\drivers\tifsfilt.sys
2008-11-17 10:07 . 2008-11-17 10:07 <DIR> d-------- c:\program files\Common Files\Acronis
2008-11-17 10:07 . 2008-11-17 10:07 <DIR> d-------- c:\program files\Acronis
2008-11-14 14:18 . 2008-11-14 14:18 <DIR> d-------- c:\users\Admin\AppData\Roaming\Apple Computer
2008-11-14 14:13 . 2008-11-14 14:13 <DIR> d-------- c:\program files\Safari
2008-11-14 14:12 . 2008-11-14 14:12 <DIR> d-------- c:\users\All Users\Apple
2008-11-14 14:12 . 2008-11-14 14:12 <DIR> d-------- c:\programdata\Apple
2008-11-14 14:12 . 2008-11-14 14:12 <DIR> d-------- c:\program files\Apple Software Update
2008-11-12 22:02 . 2008-11-12 22:07 <DIR> d-------- c:\users\Admin\Option
2008-11-12 21:58 . 2008-11-12 21:58 <DIR> d-------- c:\users\All Users\Seagate
2008-11-12 21:58 . 2008-11-12 21:58 <DIR> d-------- c:\programdata\Seagate
2008-11-12 21:58 . 2008-11-12 21:58 <DIR> d-------- c:\program files\Seagate
2008-11-12 10:11 . 2008-11-12 10:11 <DIR> d--h----- c:\windows\PIF
2008-11-10 12:25 . 2008-11-10 12:25 <DIR> d-------- c:\program files\Opera
2008-11-07 19:03 . 2008-11-07 19:03 <DIR> d-------- c:\users\Admin\AppData\Roaming\Aptana
2008-11-07 19:02 . 2008-11-07 19:02 <DIR> d-------- C:\Aptana
2008-11-07 00:43 . 2008-12-07 12:45 <DIR> d-------- c:\users\Admin\AppData\Roaming\skypePM
2008-11-07 00:43 . 2008-11-07 00:43 56 ---h----- c:\users\All Users\ezsidmv.dat
2008-11-07 00:43 . 2008-11-07 00:43 56 ---h----- c:\programdata\ezsidmv.dat
2008-11-07 00:40 . 2008-12-07 12:45 <DIR> d-------- c:\users\Admin\AppData\Roaming\Skype
2008-11-07 00:39 . 2008-11-07 00:39 <DIR> d-------- c:\users\All Users\Skype
2008-11-07 00:39 . 2008-11-07 00:39 <DIR> d-------- c:\programdata\Skype
2008-11-07 00:39 . 2008-11-07 00:39 <DIR> d-------- c:\program files\Skype
2008-11-07 00:39 . 2008-11-07 00:39 <DIR> d-------- c:\program files\Common Files\Skype
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-07 11:48 --------- d-----w c:\users\Admin\AppData\Roaming\OpenOffice.org2
2008-12-04 23:26 27,839 ----a-w c:\users\All Users\nvModes.dat
2008-12-04 23:26 27,839 ----a-w c:\programdata\nvModes.dat
2008-11-26 17:17 51,792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys
2008-11-20 18:03 --------- d-----w c:\program files\Acer GameZone
2008-11-20 11:23 --------- d-----w c:\program files\Mozilla Thunderbird
2008-11-14 13:12 --------- d-----w c:\program files\Bonjour
2008-11-12 20:59 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-04 15:52 --------- d---a-w c:\programdata\TEMP
2008-11-04 15:43 --------- d-----w c:\programdata\JollyBear
2008-11-04 15:27 --------- d-----w c:\users\Admin\AppData\Roaming\FloodLightGames
2008-11-02 16:12 --------- d-----w c:\users\Admin\AppData\Roaming\dvdcss
2008-10-30 10:53 --------- d-----w c:\users\Admin\AppData\Roaming\FileZilla
2008-10-28 11:49 --------- d-----w c:\users\Admin\AppData\Roaming\vlc
2008-10-27 23:23 --------- d-----w c:\program files\QuickPar
2008-10-27 20:28 --------- d-----w c:\users\Admin\AppData\Roaming\Verimount
2008-10-27 20:27 --------- d-----w c:\program files\VideoLAN
2008-10-27 20:27 --------- d-----w c:\program files\Verimount
2008-10-27 17:11 --------- d-----w c:\programdata\NtiDvdCopy
2008-10-27 17:09 --------- d-----w c:\programdata\LightScribe
2008-10-17 13:13 --------- d-----w c:\users\Admin\AppData\Roaming\Subversion
2008-10-17 13:05 --------- d-----w c:\users\Admin\AppData\Roaming\ICSharpCode
2008-10-17 13:04 --------- d-----w c:\program files\SharpDevelop
2008-10-17 08:42 --------- d-----w c:\users\Admin\AppData\Roaming\Scilab
2008-10-16 13:06 --------- d-----w c:\program files\UltraISO
2008-10-16 10:05 --------- d-----w c:\program files\Common Files\Adobe
2008-10-16 10:02 --------- d-----w c:\program files\Common Files\Control Panels
2008-10-16 10:00 --------- d-----w c:\programdata\ALM
2008-10-16 09:53 --------- d-----w c:\program files\QuickTime
2008-10-16 09:39 --------- d-----w c:\program files\Common Files\Macrovision Shared
2008-10-15 07:43 --------- d-----w c:\program files\Totally Free Burner
2008-10-14 15:01 --------- d-----w c:\program files\Macromedia
2008-10-14 15:01 --------- d-----w c:\program files\Common Files\Macromedia
2008-10-14 14:07 --------- d-----w c:\users\Admin\AppData\Roaming\Acer
2008-10-14 08:25 --------- d-----w c:\programdata\CyberLink
2008-10-12 09:46 --------- d-----w c:\programdata\FLEXnet
2008-10-09 16:59 --------- d-----w c:\program files\Lavalys
2008-10-09 12:27 --------- d-----w c:\program files\Alwil Software
2008-10-09 08:36 352,840 ----a-w c:\program files\NSD.EXE
2008-10-07 18:49 --------- d-----w c:\program files\7-Zip
2008-10-06 19:26 409,600 ----a-w c:\windows\System32\wrap_oal.dll
2008-10-06 19:26 114,688 ----a-w c:\windows\System32\OpenAL32.dll
2008-09-25 19:54 21,840 ----atw c:\windows\System32\SIntfNT.dll
2008-09-25 19:54 17,212 ----atw c:\windows\System32\SIntf32.dll
2008-09-25 19:54 12,067 ----atw c:\windows\System32\SIntf16.dll
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
2008-08-04 13:02 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-08-04 13:02 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-08-04 13:02 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-25 07:39 121392 --------- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-29 21755688]
"EPSON Stylus Photo R220 Series"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE" [2006-12-25 177664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-03-11 397312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-07 13527584]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-07 92704]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-10-03 178712]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2008-04-24 3642368]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"Adobe_ID0EYTHM"="c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1884160]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768]
"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-09-15 4353088]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-09-15 962456]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-09-15 165144]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-11 c:\windows\RtHDVCpl.exe]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat - Schnellstart.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [16.10.2008 10:52:38 295606]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [22.10.2006 23:01:50 734872]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [24.04.2007 17:50:32 723760]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2008-04-24 17:10 3024384 c:\program files\Acer\Acer Bio Protection\WinNotify.dll
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
backup=c:\windows\pss\Acer VCM.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2006-10-22 22:24 620152 c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
--a------ 2008-02-25 18:57 34040 c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
--------- 2008-03-04 23:38 526896 c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
--a------ 2008-03-13 10:24 805384 c:\progra~1\LAUNCH~1\LManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
--a------ 2008-01-29 08:03 303104 c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3E4BFDCE-E39C-42D1-BAC7-197FC7865DBF}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E9A6E6E6-D8AF-4037-A7B5-77B6299AAD62}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{34D57345-043F-40FA-AF98-9A250A6754C1}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{F31BCE89-8993-4828-8D15-4192EAC315BC}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{E9E175FD-2D92-4F79-BC2D-A4807DD37939}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{3F96D564-BABC-47BD-A99D-78A5E29167A5}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{7A036DBC-8E61-442A-A28D-EEC4A438DE80}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{7184E325-445B-4C2F-BFF9-A1A1B571D85B}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{CB42C434-9F2B-4488-9035-8100747E1084}"= c:\program files\Acer\Acer VCM\VC.exe:Acer VCM
"{C5446ADD-47AF-448D-B172-2A6FC44FF3E3}"= UDP:3703:Adobe Version Cue CS3 Server
"{65AB6F20-7575-4ADC-9439-899434DFC328}"= UDP:3704:Adobe Version Cue CS3 Server
"{83D16AF4-463B-4382-BDA0-5BEF27196470}"= UDP:50900:Adobe Version Cue CS3 Server
"{404C8D48-5C89-4056-8488-E0EFF671042B}"= UDP:50901:Adobe Version Cue CS3 Server
"{C66E2C6E-AE5F-4556-B72F-D7AA47541E21}"= UDP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{7C942553-E20B-4422-8B60-C999885D10D8}"= TCP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{3DACEC3B-02C2-48E1-89C9-D081171DDE2B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{183BEC28-97A0-4613-8B1B-C0BE832820E3}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{D82B78B3-C3D6-422A-B740-792A1EEF9E8E}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{611F8975-9789-4F15-9C7B-11E151C0C73E}c:\\aptana\\aptana studio\\jre\\bin\\javaw.exe"= UDP:c:\aptana\aptana studio\jre\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{13D4EA69-5039-4D53-8DF3-F3E1CD86E02E}c:\\aptana\\aptana studio\\jre\\bin\\javaw.exe"= TCP:c:\aptana\aptana studio\jre\bin\javaw.exe:Java(TM) Platform SE binary
R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\Drivers\AlfaFF.sys [24.04.2008 17:10:12 43184]
R0 snapman378;Acronis Snapshots Manager (Build 378);c:\windows\system32\DRIVERS\snman378.sys [17.11.2008 10:08:12 134272]
R0 tdrpman124;Acronis Try&Decide and Restore Points filter (build 124);c:\windows\system32\DRIVERS\tdrpm124.sys [17.11.2008 10:08:31 950848]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [09.10.2008 13:27:18 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [09.10.2008 13:27:18 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [09.10.2008 13:27:02 51792]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [29.03.2008 03:47:57 24576]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [24.04.2008 17:30:17 233472]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [18.11.2008 20:25:52 603904]
R2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [15.02.2008 08:09:30 595248]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [29.03.2008 03:47:10 54784]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1E60x86.sys [28.03.2008 20:22:22 48128]
R3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [15.02.2008 08:09:46 40752]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [29.03.2008 03:46:09 80912]
S4 BUNAgentSvc;NTI Backup Now 5 Agent Service;"c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe" [25.02.2008 18:57:22 21752]
S4 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [25.02.2008 02:02:54 49152]
S4 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [25.02.2008 18:53:16 131072]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ddf84fb-b0ee-11dd-ad84-00a0d1a52fe2}]
\shell\AutoRun\command - H:\Launch.exe /run
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{321e1d75-7cc3-11dd-8eed-001de0ab414f}]
\shell\AutoRun\command - E:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a52f18b3-7b1a-11dd-bd28-001de0ab414f}]
\shell\AutoRun\command - G:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d82f23af-b890-11dd-9685-00a0d1a52fe2}]
\shell\AutoRun\command - I:\LaunchU3.exe -a
.
Inhalt des "geplante Tasks" Ordners
2008-12-07 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-13 12:03]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.at/
mStart Page = hxxp://de.intl.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: An vorhandenes PDF anfügen - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
FireFox -: Profile - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pu4of9yd.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.at/
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-07 13:05:12
Windows 6.0.6001 Service Pack 1 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'Explorer.exe'(4044)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\system32\btmmhook.dll
c:\windows\System32\SysHook.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\System32\rundll32.exe
c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\windows\System32\agrsmsvc.exe
c:\program files\Seagate\Basics\Service\SyncServicesBasics.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\windows\System32\PnkBstrA.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\System32\rundll32.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\ehome\ehmsas.exe
c:\users\Admin\AppData\Local\Temp\RtkBtMnt.exe
c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2008-12-07 13:08:38 - PC wurde neu gestartet [Admin]
ComboFix-quarantined-files.txt 2008-12-07 12:08:34
Vor Suchlauf: 24 Verzeichnis(se), 68.147.396.608 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 67,625,394,176 Bytes frei
314
It would be great if anyone could help me...
Thanks a lot!
I surfed through the internet to serve my problem and it really seems that nothing and nobody can help me. My Windows Vista is almost fucked up, I've got no internet-connection and even my Avast can't handle the thing I've on my laptop... :oops:
So, you guys are my last hope to solve my problem...
In advance, I read some other threads here before and I downloaded several programs to my desktop (Spybot, ATF-Cleaner, ComboFix, HiJackThis, etc.) but I didn't use it until now. (except HiJackThis and ComboFix for the logs)
So, here is, what HiJackThis says:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:53:58, on 07.12.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Admin\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Admin\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [EPSON Stylus Photo R220 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /FU "C:\Windows\TEMP\E_S31D9.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Admin\AppData\Local\Temp\tuVNHywV.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Admin\AppData\Local\Temp\vtUmJDuV.dll,c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: Adobe Acrobat - Schnellstart.lnk = ?
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Version Cue CS3 {de_DE} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe
--
End of file - 11587 bytes
Here is, what [B]ComboFix says:
ComboFix 08-12-06.06 - Admin 2008-12-07 12:59:44.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1031.18.2154 [GMT 1:00]
ausgeführt von:: c:\users\Admin\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Acer\Acer Bio Protection\PwdFilter.dll
c:\users\Admin\AppData\Roaming\.#
.
((((((((((((((((((((((( Dateien erstellt von 2008-11-07 bis 2008-12-07 ))))))))))))))))))))))))))))))
.
2008-12-07 13:04 . 2008-12-07 13:05 353,074,267 --a------ c:\windows\MEMORY.DMP
2008-12-07 08:42 . 2008-06-30 16:30 188,547 --a------ C:\wubildr
2008-12-07 08:42 . 2008-06-30 16:30 8,192 --a------ C:\wubildr.mbr
2008-12-07 08:41 . 2008-12-07 08:41 <DIR> d-------- C:\ubuntu
2008-12-07 08:38 . 2008-12-07 08:38 <DIR> d-------- C:\ubuntu-backup
2008-12-05 00:18 . 2008-12-05 00:18 183,112 --a------ c:\windows\System32\PnkBstrB.exe
2008-12-05 00:18 . 2008-12-05 00:18 138,184 --a------ c:\windows\System32\drivers\PnkBstrK.sys
2008-12-05 00:18 . 2008-12-05 00:18 66,872 --a------ c:\windows\System32\PnkBstrA.exe
2008-12-04 20:48 . 2008-12-04 20:48 <DIR> d-------- c:\users\Admin\AppData\Roaming\Leadertech
2008-12-04 19:15 . 2008-12-04 19:15 <DIR> d-------- c:\program files\EA Games
2008-11-28 15:43 . 2008-11-28 15:43 <DIR> d-------- c:\windows\Sun
2008-11-28 15:38 . 2008-11-28 15:38 <DIR> d-------- c:\users\Admin\Scilab
2008-11-28 15:20 . 2008-11-28 15:21 <DIR> d-------- c:\program files\scilab-4.1.1
2008-11-28 14:05 . 2008-12-04 11:47 <DIR> d-------- c:\program files\Java
2008-11-28 14:05 . 2008-11-10 05:43 410,984 --a------ c:\windows\System32\deploytk.dll
2008-11-18 20:25 . 2008-11-18 20:25 <DIR> d-------- c:\users\All Users\TuneUp Software
2008-11-18 20:25 . 2008-11-18 20:25 <DIR> d-------- c:\users\Admin\AppData\Roaming\TuneUp Software
2008-11-18 20:25 . 2008-11-18 20:25 <DIR> d-------- c:\programdata\TuneUp Software
2008-11-18 20:25 . 2008-11-18 20:25 <DIR> d-------- c:\program files\TuneUp Utilities 2009
2008-11-18 20:25 . 2008-11-18 20:25 603,904 --a------ c:\windows\System32\TUProgSt.exe
2008-11-18 20:25 . 2008-11-18 20:25 362,240 --a------ c:\windows\System32\TuneUpDefragService.exe
2008-11-18 20:25 . 2008-11-12 16:44 27,904 --a------ c:\windows\System32\uxtuneup.dll
2008-11-18 20:25 . 2008-11-12 16:44 17,152 --a------ c:\windows\System32\authuitu.dll
2008-11-18 20:24 . 2008-11-18 20:24 <DIR> d--hs---- c:\users\All Users\{55A29068-F2CE-456C-9148-C869879E2357}
2008-11-18 20:24 . 2008-11-18 20:24 <DIR> d--hs---- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2008-11-18 18:07 . 2008-11-18 18:09 <DIR> d-------- c:\users\All Users\EPSON
2008-11-18 18:07 . 2008-11-18 18:09 <DIR> d-------- c:\programdata\EPSON
2008-11-18 18:07 . 2008-11-18 18:07 <DIR> d-------- c:\program files\EPSON
2008-11-18 18:07 . 2006-12-08 02:04 76,800 --a------ c:\windows\System32\E_FLBAIE.DLL
2008-11-18 18:07 . 2006-04-19 02:00 62,976 --a------ c:\windows\System32\E_FD4BAIE.DLL
2008-11-18 18:07 . 2004-09-10 20:12 49,152 --a------ c:\windows\System32\E_DCINST.DLL
2008-11-17 10:11 . 2008-11-17 10:11 <DIR> d-------- c:\users\All Users\Acronis
2008-11-17 10:11 . 2008-11-17 10:11 <DIR> d-------- c:\users\Admin\AppData\Roaming\Acronis
2008-11-17 10:11 . 2008-11-17 10:11 <DIR> d-------- c:\programdata\Acronis
2008-11-17 10:08 . 2008-11-17 10:08 950,848 --a------ c:\windows\System32\drivers\tdrpm124.sys
2008-11-17 10:08 . 2008-11-17 10:08 539,104 --a------ c:\windows\System32\drivers\timntr.sys
2008-11-17 10:08 . 2008-11-17 10:08 134,272 --a------ c:\windows\System32\drivers\snman378.sys
2008-11-17 10:08 . 2008-11-17 10:08 44,704 --a------ c:\windows\System32\drivers\tifsfilt.sys
2008-11-17 10:07 . 2008-11-17 10:07 <DIR> d-------- c:\program files\Common Files\Acronis
2008-11-17 10:07 . 2008-11-17 10:07 <DIR> d-------- c:\program files\Acronis
2008-11-14 14:18 . 2008-11-14 14:18 <DIR> d-------- c:\users\Admin\AppData\Roaming\Apple Computer
2008-11-14 14:13 . 2008-11-14 14:13 <DIR> d-------- c:\program files\Safari
2008-11-14 14:12 . 2008-11-14 14:12 <DIR> d-------- c:\users\All Users\Apple
2008-11-14 14:12 . 2008-11-14 14:12 <DIR> d-------- c:\programdata\Apple
2008-11-14 14:12 . 2008-11-14 14:12 <DIR> d-------- c:\program files\Apple Software Update
2008-11-12 22:02 . 2008-11-12 22:07 <DIR> d-------- c:\users\Admin\Option
2008-11-12 21:58 . 2008-11-12 21:58 <DIR> d-------- c:\users\All Users\Seagate
2008-11-12 21:58 . 2008-11-12 21:58 <DIR> d-------- c:\programdata\Seagate
2008-11-12 21:58 . 2008-11-12 21:58 <DIR> d-------- c:\program files\Seagate
2008-11-12 10:11 . 2008-11-12 10:11 <DIR> d--h----- c:\windows\PIF
2008-11-10 12:25 . 2008-11-10 12:25 <DIR> d-------- c:\program files\Opera
2008-11-07 19:03 . 2008-11-07 19:03 <DIR> d-------- c:\users\Admin\AppData\Roaming\Aptana
2008-11-07 19:02 . 2008-11-07 19:02 <DIR> d-------- C:\Aptana
2008-11-07 00:43 . 2008-12-07 12:45 <DIR> d-------- c:\users\Admin\AppData\Roaming\skypePM
2008-11-07 00:43 . 2008-11-07 00:43 56 ---h----- c:\users\All Users\ezsidmv.dat
2008-11-07 00:43 . 2008-11-07 00:43 56 ---h----- c:\programdata\ezsidmv.dat
2008-11-07 00:40 . 2008-12-07 12:45 <DIR> d-------- c:\users\Admin\AppData\Roaming\Skype
2008-11-07 00:39 . 2008-11-07 00:39 <DIR> d-------- c:\users\All Users\Skype
2008-11-07 00:39 . 2008-11-07 00:39 <DIR> d-------- c:\programdata\Skype
2008-11-07 00:39 . 2008-11-07 00:39 <DIR> d-------- c:\program files\Skype
2008-11-07 00:39 . 2008-11-07 00:39 <DIR> d-------- c:\program files\Common Files\Skype
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-07 11:48 --------- d-----w c:\users\Admin\AppData\Roaming\OpenOffice.org2
2008-12-04 23:26 27,839 ----a-w c:\users\All Users\nvModes.dat
2008-12-04 23:26 27,839 ----a-w c:\programdata\nvModes.dat
2008-11-26 17:17 51,792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys
2008-11-20 18:03 --------- d-----w c:\program files\Acer GameZone
2008-11-20 11:23 --------- d-----w c:\program files\Mozilla Thunderbird
2008-11-14 13:12 --------- d-----w c:\program files\Bonjour
2008-11-12 20:59 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-04 15:52 --------- d---a-w c:\programdata\TEMP
2008-11-04 15:43 --------- d-----w c:\programdata\JollyBear
2008-11-04 15:27 --------- d-----w c:\users\Admin\AppData\Roaming\FloodLightGames
2008-11-02 16:12 --------- d-----w c:\users\Admin\AppData\Roaming\dvdcss
2008-10-30 10:53 --------- d-----w c:\users\Admin\AppData\Roaming\FileZilla
2008-10-28 11:49 --------- d-----w c:\users\Admin\AppData\Roaming\vlc
2008-10-27 23:23 --------- d-----w c:\program files\QuickPar
2008-10-27 20:28 --------- d-----w c:\users\Admin\AppData\Roaming\Verimount
2008-10-27 20:27 --------- d-----w c:\program files\VideoLAN
2008-10-27 20:27 --------- d-----w c:\program files\Verimount
2008-10-27 17:11 --------- d-----w c:\programdata\NtiDvdCopy
2008-10-27 17:09 --------- d-----w c:\programdata\LightScribe
2008-10-17 13:13 --------- d-----w c:\users\Admin\AppData\Roaming\Subversion
2008-10-17 13:05 --------- d-----w c:\users\Admin\AppData\Roaming\ICSharpCode
2008-10-17 13:04 --------- d-----w c:\program files\SharpDevelop
2008-10-17 08:42 --------- d-----w c:\users\Admin\AppData\Roaming\Scilab
2008-10-16 13:06 --------- d-----w c:\program files\UltraISO
2008-10-16 10:05 --------- d-----w c:\program files\Common Files\Adobe
2008-10-16 10:02 --------- d-----w c:\program files\Common Files\Control Panels
2008-10-16 10:00 --------- d-----w c:\programdata\ALM
2008-10-16 09:53 --------- d-----w c:\program files\QuickTime
2008-10-16 09:39 --------- d-----w c:\program files\Common Files\Macrovision Shared
2008-10-15 07:43 --------- d-----w c:\program files\Totally Free Burner
2008-10-14 15:01 --------- d-----w c:\program files\Macromedia
2008-10-14 15:01 --------- d-----w c:\program files\Common Files\Macromedia
2008-10-14 14:07 --------- d-----w c:\users\Admin\AppData\Roaming\Acer
2008-10-14 08:25 --------- d-----w c:\programdata\CyberLink
2008-10-12 09:46 --------- d-----w c:\programdata\FLEXnet
2008-10-09 16:59 --------- d-----w c:\program files\Lavalys
2008-10-09 12:27 --------- d-----w c:\program files\Alwil Software
2008-10-09 08:36 352,840 ----a-w c:\program files\NSD.EXE
2008-10-07 18:49 --------- d-----w c:\program files\7-Zip
2008-10-06 19:26 409,600 ----a-w c:\windows\System32\wrap_oal.dll
2008-10-06 19:26 114,688 ----a-w c:\windows\System32\OpenAL32.dll
2008-09-25 19:54 21,840 ----atw c:\windows\System32\SIntfNT.dll
2008-09-25 19:54 17,212 ----atw c:\windows\System32\SIntf32.dll
2008-09-25 19:54 12,067 ----atw c:\windows\System32\SIntf16.dll
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
2008-08-04 13:02 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-08-04 13:02 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-08-04 13:02 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-25 07:39 121392 --------- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-29 21755688]
"EPSON Stylus Photo R220 Series"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE" [2006-12-25 177664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-03-11 397312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-07 13527584]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-07 92704]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-10-03 178712]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2008-04-24 3642368]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"Adobe_ID0EYTHM"="c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1884160]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768]
"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-09-15 4353088]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-09-15 962456]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-09-15 165144]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-11 c:\windows\RtHDVCpl.exe]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat - Schnellstart.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [16.10.2008 10:52:38 295606]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [22.10.2006 23:01:50 734872]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [24.04.2007 17:50:32 723760]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2008-04-24 17:10 3024384 c:\program files\Acer\Acer Bio Protection\WinNotify.dll
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
backup=c:\windows\pss\Acer VCM.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2006-10-22 22:24 620152 c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
--a------ 2008-02-25 18:57 34040 c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
--------- 2008-03-04 23:38 526896 c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
--a------ 2008-03-13 10:24 805384 c:\progra~1\LAUNCH~1\LManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
--a------ 2008-01-29 08:03 303104 c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3E4BFDCE-E39C-42D1-BAC7-197FC7865DBF}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E9A6E6E6-D8AF-4037-A7B5-77B6299AAD62}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{34D57345-043F-40FA-AF98-9A250A6754C1}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{F31BCE89-8993-4828-8D15-4192EAC315BC}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{E9E175FD-2D92-4F79-BC2D-A4807DD37939}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{3F96D564-BABC-47BD-A99D-78A5E29167A5}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{7A036DBC-8E61-442A-A28D-EEC4A438DE80}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{7184E325-445B-4C2F-BFF9-A1A1B571D85B}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{CB42C434-9F2B-4488-9035-8100747E1084}"= c:\program files\Acer\Acer VCM\VC.exe:Acer VCM
"{C5446ADD-47AF-448D-B172-2A6FC44FF3E3}"= UDP:3703:Adobe Version Cue CS3 Server
"{65AB6F20-7575-4ADC-9439-899434DFC328}"= UDP:3704:Adobe Version Cue CS3 Server
"{83D16AF4-463B-4382-BDA0-5BEF27196470}"= UDP:50900:Adobe Version Cue CS3 Server
"{404C8D48-5C89-4056-8488-E0EFF671042B}"= UDP:50901:Adobe Version Cue CS3 Server
"{C66E2C6E-AE5F-4556-B72F-D7AA47541E21}"= UDP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{7C942553-E20B-4422-8B60-C999885D10D8}"= TCP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{3DACEC3B-02C2-48E1-89C9-D081171DDE2B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{183BEC28-97A0-4613-8B1B-C0BE832820E3}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{D82B78B3-C3D6-422A-B740-792A1EEF9E8E}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{611F8975-9789-4F15-9C7B-11E151C0C73E}c:\\aptana\\aptana studio\\jre\\bin\\javaw.exe"= UDP:c:\aptana\aptana studio\jre\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{13D4EA69-5039-4D53-8DF3-F3E1CD86E02E}c:\\aptana\\aptana studio\\jre\\bin\\javaw.exe"= TCP:c:\aptana\aptana studio\jre\bin\javaw.exe:Java(TM) Platform SE binary
R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\Drivers\AlfaFF.sys [24.04.2008 17:10:12 43184]
R0 snapman378;Acronis Snapshots Manager (Build 378);c:\windows\system32\DRIVERS\snman378.sys [17.11.2008 10:08:12 134272]
R0 tdrpman124;Acronis Try&Decide and Restore Points filter (build 124);c:\windows\system32\DRIVERS\tdrpm124.sys [17.11.2008 10:08:31 950848]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [09.10.2008 13:27:18 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [09.10.2008 13:27:18 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [09.10.2008 13:27:02 51792]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [29.03.2008 03:47:57 24576]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [24.04.2008 17:30:17 233472]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [18.11.2008 20:25:52 603904]
R2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [15.02.2008 08:09:30 595248]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [29.03.2008 03:47:10 54784]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1E60x86.sys [28.03.2008 20:22:22 48128]
R3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [15.02.2008 08:09:46 40752]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [29.03.2008 03:46:09 80912]
S4 BUNAgentSvc;NTI Backup Now 5 Agent Service;"c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe" [25.02.2008 18:57:22 21752]
S4 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [25.02.2008 02:02:54 49152]
S4 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [25.02.2008 18:53:16 131072]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ddf84fb-b0ee-11dd-ad84-00a0d1a52fe2}]
\shell\AutoRun\command - H:\Launch.exe /run
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{321e1d75-7cc3-11dd-8eed-001de0ab414f}]
\shell\AutoRun\command - E:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a52f18b3-7b1a-11dd-bd28-001de0ab414f}]
\shell\AutoRun\command - G:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d82f23af-b890-11dd-9685-00a0d1a52fe2}]
\shell\AutoRun\command - I:\LaunchU3.exe -a
.
Inhalt des "geplante Tasks" Ordners
2008-12-07 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-13 12:03]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.at/
mStart Page = hxxp://de.intl.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: An vorhandenes PDF anfügen - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
FireFox -: Profile - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pu4of9yd.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.at/
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-07 13:05:12
Windows 6.0.6001 Service Pack 1 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'Explorer.exe'(4044)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\system32\btmmhook.dll
c:\windows\System32\SysHook.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\System32\rundll32.exe
c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\windows\System32\agrsmsvc.exe
c:\program files\Seagate\Basics\Service\SyncServicesBasics.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\windows\System32\PnkBstrA.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\System32\rundll32.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\ehome\ehmsas.exe
c:\users\Admin\AppData\Local\Temp\RtkBtMnt.exe
c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2008-12-07 13:08:38 - PC wurde neu gestartet [Admin]
ComboFix-quarantined-files.txt 2008-12-07 12:08:34
Vor Suchlauf: 24 Verzeichnis(se), 68.147.396.608 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 67,625,394,176 Bytes frei
314
It would be great if anyone could help me...
Thanks a lot!