Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Westernunion Startseite löschen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 23.12.2011, 13:01   #1
kallisto
 
Westernunion Startseite löschen - Beitrag

Westernunion Startseite löschen



Servus,

ich habe mir bereits einige Dinge dazu durchgelesen und würde gern die Westernunion-Startseite gern wieder los werden. Nutze den Rechner nicht beruflich, mache keine Überweisungen etc., deshalb würde ich ungern formatieren.

Habe mir den OTL runtergeladen wie hier beschrieben und poste hier nun meine individuellen Logfiles:

Code:
ATTFilter
OTL logfile created on: 12/23/2011 11:51:53 AM - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Martin\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.97 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 65.23% Memory free
5.93 Gb Paging File | 4.65 Gb Available in Paging File | 78.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 351.51 Gb Total Space | 180.32 Gb Free Space | 51.30% Space Free | Partition Type: NTFS
Drive D: | 99.15 Gb Total Space | 13.79 Gb Free Space | 13.91% Space Free | Partition Type: NTFS
 
Computer Name: M-KALLISTO-W7 | User Name: Martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Martin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Martin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\service4g.exe (4G Systems GmbH & Co. KG)
PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
PRC - C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe ()
PRC - C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\XSManager\WTGService.exe ()
PRC - C:\PROGRA~1\samsung\SAMSUN~2\SUPNOT~1.EXE ()
PRC - C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
PRC - C:\Windows\System32\Rezip.exe ()
PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files\DAEMON Tools Pro\cryptapi.dll ()
MOD - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
MOD - C:\Program Files\WinRAR\rarext.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3531.38495__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3531.38598__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3531.38570__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3531.38481__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3531.38537__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3531.38501__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3531.38570__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3531.38538__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3531.38551__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3531.38490__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3531.38533__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3531.38537__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3531.38571__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3531.38569__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3531.38524__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3531.38490__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3531.38595__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3531.38526__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3531.38502__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3531.38546__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3531.38532__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3531.38506__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3531.38501__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3531.38530__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3531.38525__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3531.38530__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3531.38505__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3531.38525__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3531.38520__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3531.38524__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3531.38525__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3531.38531__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3498.37534__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3498.37533__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3498.37558__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3498.37615__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3498.37612__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3498.37554__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3498.37610__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3498.37541__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3498.37518__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3498.37515__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3498.37517__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3498.37674__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3498.37536__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3498.37540__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3498.37526__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3498.37551__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - C:\windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3498.37571__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3498.37544__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3498.37574__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3498.37547__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3498.37579__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3498.37582__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3498.37603__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3498.37602__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3498.37575__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3498.37580__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3498.37555__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3531.38593__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3498.37583__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3498.37578__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3498.37577__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3531.38575__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3498.37582__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3498.37557__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3498.37572__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3498.37552__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\APM.Foundation\2.0.3498.37553__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3498.37535__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3531.38478__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3531.38565__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3531.38563__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3498.37522__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3498.37528__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3498.37531__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3498.37547__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3531.38559__90ba9c70f846762e\CLI.Component.Systemtray.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3531.38495__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3531.38480__90ba9c70f846762e\CLI.Component.SkinFactory.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3531.38479__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3498.37546__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3498.37548__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3531.38486__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3498.37538__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3498.37549__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3498.37585__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3531.38565__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\APM.Server\2.0.3531.38477__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Server\2.0.3531.38478__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\3871fc2b96345aa6f3be81d9e3c97160\System.Web.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\4bdeb88758dccd625f4703ed77aaf348\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b1350e31ff09cc583b34854816d8036\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll ()
MOD - C:\PROGRA~1\samsung\SAMSUN~2\SUPNOT~1.EXE ()
MOD - C:\PROGRA~1\samsung\SAMSUN~2\HMXML.dll ()
MOD - C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
MOD - C:\Program Files\DAEMON Tools Pro\Plugins\Images\bw5mount.dll ()
MOD - C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (vatpzhww) --  File not found
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (vsmon) -- C:\windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (XS Stick Service) -- C:\Windows\service4g.exe (4G Systems GmbH & Co. KG)
SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (OberonGameConsoleService) -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe ()
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WTGService) -- C:\Program Files\XSManager\WTGService.exe ()
SRV - (yksvc) -- C:\Windows\System32\yk62x86.dll (Marvell)
SRV - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (Rezip) -- C:\Windows\System32\Rezip.exe ()
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (Vsdatant) -- C:\Windows\System32\drivers\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (sptd) -- C:\windows\System32\Drivers\sptd.sys ()
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (VMC326) -- C:\Windows\System32\drivers\VMC326.sys (Vimicro Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwusbfake) -- C:\Windows\System32\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.)
DRV - (rtl819xp) Realtek RTL8190\RTL8192E 802.11n Wireless LAN (Mini-) -- C:\Windows\System32\drivers\rtl819xp.sys (Realtek Semiconductor Corporation                           )
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (cmnsusbser) -- C:\Windows\System32\drivers\cmnsusbser.sys (Mobile Connector)
DRV - (tcpipBM) -- C:\windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.westernunion.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.westernunion.de/"
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.3.0.4
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.736
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.99
FF - prefs.js..extensions.enabledItems: {184AA5E6-741D-464a-820E-94B3ABC2F3B4}:1.0
FF - prefs.js..network.proxy.type: 0
 
FF - user.js..browser.startup.homepage: "hxxp://www.westernunion.de/"
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ [2010/02/08 08:16:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2011/02/17 19:47:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Martin\AppData\Roaming\5015 [2011/04/09 14:04:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/02 23:18:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/20 17:29:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/08/12 11:16:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/12/20 17:29:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Martin\AppData\Roaming\5015 [2011/04/09 14:04:27 | 000,000,000 | ---D | M]
 
[2009/12/19 01:44:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Extensions
[2009/12/19 01:44:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/12/20 19:24:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\kowu53au.default\extensions
[2011/07/29 23:47:44 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\kowu53au.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/12/02 23:18:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
() (No name found) -- C:\USERS\MARTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KOWU53AU.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
() (No name found) -- C:\USERS\MARTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KOWU53AU.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/11/21 05:21:43 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/21 02:17:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/11/21 02:09:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/21 02:17:49 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/11/21 02:17:49 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/11/21 02:17:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/11/21 02:17:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\9.0.597.107\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\9.0.597.107\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\9.0.597.107\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.180.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U18 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
 
O1 HOSTS File: ([2011/03/20 01:40:44 | 000,000,940 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 173.192.170.88 drghwaweg45j4i6u3q32fg2h.com
O1 - Hosts: 218.10.17.178 2b.yigeyuming.com
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Martin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.50.140.248 195.50.140.246
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3CB3CEB7-7AC2-4218-97AE-D118E2FD92F9}: DhcpNameServer = 195.50.140.248 195.50.140.246
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F5F71BB9-19E0-4F8B-9B81-F9E48FB3BE86}: DhcpNameServer = 139.7.30.126 139.7.30.125
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{05fe9f92-ed02-11de-9114-00245416ef1e}\Shell - "" = AutoRun
O33 - MountPoints2\{05fe9f92-ed02-11de-9114-00245416ef1e}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{58e86f73-2ffc-11df-b364-001e101f2b52}\Shell - "" = AutoRun
O33 - MountPoints2\{58e86f73-2ffc-11df-b364-001e101f2b52}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{5beb6ce5-41aa-11e0-9ebb-f24067824f0d}\Shell - "" = AutoRun
O33 - MountPoints2\{5beb6ce5-41aa-11e0-9ebb-f24067824f0d}\Shell\AutoRun\command - "" = F:\PcOptions.exe
O33 - MountPoints2\{730ebcc9-f7e1-11df-908c-00245416ef1e}\Shell - "" = AutoRun
O33 - MountPoints2\{730ebcc9-f7e1-11df-908c-00245416ef1e}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{73a09aa6-29d8-11df-aedc-00245416ef1e}\Shell - "" = AutoRun
O33 - MountPoints2\{73a09aa6-29d8-11df-aedc-00245416ef1e}\Shell\AutoRun\command - "" = H:\SETUP.EXE
O33 - MountPoints2\{73a09aa6-29d8-11df-aedc-00245416ef1e}\Shell\configure\command - "" = H:\SETUP.EXE
O33 - MountPoints2\{73a09aa6-29d8-11df-aedc-00245416ef1e}\Shell\install\command - "" = H:\SETUP.EXE
O33 - MountPoints2\{87a45b2a-5877-11df-9502-00245416ef1e}\Shell - "" = AutoRun
O33 - MountPoints2\{87a45b2a-5877-11df-9502-00245416ef1e}\Shell\AutoRun\command - "" = K:\autorun.exe
O33 - MountPoints2\{aabbfa8b-04c3-11df-8ff1-00245416ef1e}\Shell - "" = AutoRun
O33 - MountPoints2\{aabbfa8b-04c3-11df-8ff1-00245416ef1e}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{aabbfa9b-04c3-11df-8ff1-00245416ef1e}\Shell - "" = AutoRun
O33 - MountPoints2\{aabbfa9b-04c3-11df-8ff1-00245416ef1e}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{aabbfaed-04c3-11df-8ff1-001e101f859f}\Shell - "" = AutoRun
O33 - MountPoints2\{aabbfaed-04c3-11df-8ff1-001e101f859f}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{bedcdd92-02b2-11df-90e0-00245416ef1e}\Shell - "" = AutoRun
O33 - MountPoints2\{bedcdd92-02b2-11df-90e0-00245416ef1e}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{bedcdda2-02b2-11df-90e0-00245416ef1e}\Shell - "" = AutoRun
O33 - MountPoints2\{bedcdda2-02b2-11df-90e0-00245416ef1e}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{c557cf40-36a6-11e0-a88b-9f394dde7519}\Shell - "" = AutoRun
O33 - MountPoints2\{c557cf40-36a6-11e0-a88b-9f394dde7519}\Shell\AutoRun\command - "" = F:\PcOptions.exe
O33 - MountPoints2\{e51d67cc-6297-11e0-8eb2-d5216a6cb11c}\Shell - "" = AutoRun
O33 - MountPoints2\{e51d67cc-6297-11e0-8eb2-d5216a6cb11c}\Shell\AutoRun\command - "" = F:\PcOptions.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/12/23 11:49:42 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe
[2011/12/22 11:11:03 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Avira
[2011/12/22 10:45:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/12/22 10:45:02 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys
[2011/12/22 10:45:01 | 000,134,856 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys
[2011/12/22 10:45:01 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avgntflt.sys
[2011/12/22 10:45:01 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avkmgr.sys
[2011/12/22 10:45:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/12/22 10:45:00 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/12/22 09:36:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2011/12/22 09:36:31 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2011/12/20 17:32:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2011/12/20 17:30:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2011/12/20 17:30:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/12/20 17:30:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2011/12/20 17:26:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2011/11/28 00:42:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[1 C:\Users\Martin\AppData\Roaming\*.tmp files -> C:\Users\Martin\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/12/23 11:49:46 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe
[2011/12/23 11:39:00 | 000,001,098 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/23 11:35:22 | 000,014,832 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/23 11:35:22 | 000,014,832 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/23 11:30:51 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/23 11:28:26 | 000,000,202 | ---- | M] () -- C:\windows\tasks\AutoKMS.job
[2011/12/23 11:28:02 | 000,000,318 | -HS- | M] () -- C:\windows\tasks\gzhmnb.job
[2011/12/23 11:28:02 | 000,000,300 | -HS- | M] () -- C:\windows\tasks\faiqpbab.job
[2011/12/23 11:27:57 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/12/23 11:27:47 | 2388,086,784 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/20 18:23:00 | 000,714,814 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2011/12/20 18:23:00 | 000,665,570 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/12/20 18:23:00 | 000,155,694 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2011/12/20 18:23:00 | 000,125,960 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/12/20 17:41:33 | 000,614,400 | ---- | M] () -- C:\windows\AutoKMS.exe
[2011/12/20 17:41:33 | 000,000,135 | ---- | M] () -- C:\windows\AutoKMS.ini
[2011/12/20 17:38:27 | 003,787,800 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2011/12/15 15:00:00 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys
[2011/12/15 15:00:00 | 000,074,640 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avgntflt.sys
[2011/12/15 15:00:00 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avkmgr.sys
[1 C:\Users\Martin\AppData\Roaming\*.tmp files -> C:\Users\Martin\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/12/20 17:41:33 | 000,614,400 | ---- | C] () -- C:\windows\AutoKMS.exe
[2011/12/20 17:41:33 | 000,000,202 | ---- | C] () -- C:\windows\tasks\AutoKMS.job
[2011/12/20 17:41:33 | 000,000,135 | ---- | C] () -- C:\windows\AutoKMS.ini
[2011/12/02 23:18:52 | 000,001,108 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/09/21 20:11:08 | 000,000,008 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\vg204d58on9ct1gp.dat
[2011/03/20 00:43:52 | 000,000,216 | --S- | C] () -- C:\windows\System32\1227841333.dat
[2011/03/09 12:31:09 | 000,146,344 | -H-- | C] () -- C:\windows\System32\mlfcache.dat
[2011/01/22 21:03:16 | 000,000,056 | -H-- | C] () -- C:\windows\System32\ezsidmv.dat
[2010/12/15 17:48:34 | 000,000,113 | ---- | C] () -- C:\windows\(null)toolkit.ini
[2010/09/24 03:03:12 | 000,000,017 | ---- | C] () -- C:\Users\Martin\AppData\Local\resmon.resmoncfg
[2010/03/15 08:48:49 | 000,000,544 | ---- | C] () -- C:\windows\eReg.dat
[2010/02/21 16:03:08 | 000,000,062 | ---- | C] () -- C:\windows\wininit.ini
[2010/02/21 15:57:53 | 000,004,096 | ---- | C] () -- C:\windows\d3dx.dat
[2010/02/02 11:29:37 | 000,008,192 | ---- | C] () -- C:\Users\Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/24 16:29:36 | 000,000,047 | ---- | C] () -- C:\windows\nfsc_patch.ini
[2009/12/30 12:21:18 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2009/12/20 12:13:11 | 000,000,094 | ---- | C] () -- C:\Users\Martin\AppData\Local\fusioncache.dat
[2009/12/20 02:45:10 | 000,022,328 | ---- | C] () -- C:\windows\System32\drivers\PnkBstrK.sys
[2009/12/20 02:45:10 | 000,022,328 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\PnkBstrK.sys
[2009/12/20 02:44:51 | 000,103,736 | ---- | C] () -- C:\windows\System32\PnkBstrB.exe
[2009/12/20 02:44:48 | 000,066,872 | ---- | C] () -- C:\windows\System32\PnkBstrA.exe
[2009/12/20 02:44:46 | 000,669,184 | ---- | C] () -- C:\windows\System32\pbsvc.exe
[2009/12/20 01:40:11 | 000,168,448 | ---- | C] () -- C:\windows\System32\unrar.dll
[2009/12/20 01:40:11 | 000,000,038 | ---- | C] () -- C:\windows\avisplitter.ini
[2009/12/20 01:40:10 | 003,596,288 | ---- | C] () -- C:\windows\System32\qt-dx331.dll
[2009/12/20 01:40:10 | 000,881,664 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2009/12/20 01:40:10 | 000,205,824 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
[2009/12/20 01:40:09 | 000,085,504 | ---- | C] () -- C:\windows\System32\ff_vfw.dll
[2009/12/18 16:13:16 | 000,000,002 | ---- | C] () -- C:\windows\HotFixList.ini
[2009/12/18 15:57:05 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2009/09/17 15:19:57 | 000,714,814 | ---- | C] () -- C:\windows\System32\perfh007.dat
[2009/09/17 15:19:57 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat
[2009/09/17 15:19:57 | 000,155,694 | ---- | C] () -- C:\windows\System32\perfc007.dat
[2009/09/17 15:19:57 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat
[2009/09/17 15:02:34 | 000,294,912 | ---- | C] () -- C:\windows\System32\ATIODE.exe
[2009/09/17 15:02:34 | 000,197,654 | ---- | C] () -- C:\windows\System32\atiicdxx.dat
[2009/09/17 15:02:34 | 000,045,056 | ---- | C] () -- C:\windows\System32\ATIODCLI.exe
[2009/09/17 14:41:26 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2009/09/16 23:27:24 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2009/09/16 22:57:47 | 000,311,296 | ---- | C] () -- C:\windows\System32\Rezip.exe
[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 05:33:53 | 003,787,800 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/14 03:05:48 | 000,665,570 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/14 03:05:48 | 000,125,960 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/07/14 00:19:28 | 000,006,672 | ---- | C] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1s.dat
[2009/07/14 00:19:28 | 000,005,648 | ---- | C] () -- C:\windows\System32\adsldpy.dat
[2009/07/14 00:11:12 | 001,659,648 | ---- | C] () -- C:\windows\System32\qjuypxzd.dat
[2009/07/14 00:11:12 | 000,633,600 | ---- | C] () -- C:\windows\System32\ivnlinuq.dat
[2009/07/14 00:11:12 | 000,152,320 | ---- | C] () -- C:\windows\System32\xfmnnvbd.dat
[2009/07/14 00:11:12 | 000,151,296 | ---- | C] () -- C:\windows\System32\uvqqbyxj.dat
[2009/07/14 00:11:12 | 000,050,432 | ---- | C] () -- C:\windows\System32\cheonmjg.dat
[2009/07/14 00:11:12 | 000,039,680 | ---- | C] () -- C:\windows\System32\znrcygnq.dat
[2009/07/14 00:11:12 | 000,034,560 | ---- | C] () -- C:\windows\System32\hevhcplm.dat
[2009/07/13 23:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2009/07/13 23:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2009/07/13 23:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin
[2009/07/13 23:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2009/06/16 13:25:02 | 000,121,512 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:5C5A503E
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:E1F04E8D

< End of report >
         
Hier das EXTRA-log:

Code:
ATTFilter
OTL Extras logfile created on: 12/23/2011 11:51:53 AM - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Martin\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.97 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 65.23% Memory free
5.93 Gb Paging File | 4.65 Gb Available in Paging File | 78.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 351.51 Gb Total Space | 180.32 Gb Free Space | 51.30% Space Free | Partition Type: NTFS
Drive D: | 99.15 Gb Total Space | 13.79 Gb Free Space | 13.91% Space Free | Partition Type: NTFS
 
Computer Name: M-KALLISTO-W7 | User Name: Martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{0613F79E-C012-BC98-6E9C-5A47AEE6D37A}" = CCC Help Korean
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0A8CE3AA-99F2-5632-A8D2-636BE6CFE856}" = Catalyst Control Center Core Implementation
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{1664EB8B-057B-0E23-7245-ECE92849FF4C}" = ccc-core-static
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}" = AnyPC Client
"{1B343C8C-F170-4829-8481-E163317C5830}" = iTunes
"{1D1D8ADC-BF08-4E61-9393-5FA305B16864}" = Microsoft SQL Server Native Client
"{1DBD8607-39EE-B7F3-CDE6-A2095B0EE0C9}" = CCC Help Chinese Traditional
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20167022-64F2-4836-B9C9-1DBAA6721FD4}" = CCC Help Hungarian
"{204DD5C2-441A-DADC-E765-595B5C1EDE88}" = CCC Help Norwegian
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{218E2C0C-4740-DBCB-C8E8-D67201A6500A}" = CCC Help English
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}" = Need for Speed™ Carbon
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{26D20F5D-1D37-5BD1-34AB-6411AC34E2A9}" = ccc-utility
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3501AF2D-A97E-F6DB-521A-4E64EAEF5BDC}" = CCC Help Thai
"{359FCAA7-B544-4147-AE3B-8C8A526E2427}" = Sony Image Data Suite
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A7C46AC-060B-6CBF-1862-969F79A5B758}" = CCC Help French
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EB37B26-432C-467C-9FBC-9BDA0E6FBDD7}" = Catalyst Control Center InstallProxy
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{411429D5-83D1-2F9B-9F53-4524DCE99E6D}" = CCC Help Portuguese
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP1
"{4D2121FE-5CCC-4D47-B3A0-BF56045A5099}" = Samsung Support Center
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54FBC914-82D7-E646-2916-B3C6D320E0B4}" = Catalyst Control Center Graphics Previews Vista
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C759B74-34F4-43C6-A5D9-039CB754C5E9}" = Microsoft SQL Server VSS Writer
"{5D221DF2-F206-681F-75FE-1C7620BE69A7}" = CCC Help Greek
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{63eafc52-b963-4297-a7eb-d412944e7065}_is1" = Game Pack
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6848704E-C8D4-4F4F-9181-5926D4A11E98}" = ATI Catalyst Install Manager
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B9EFC04-713D-F238-E388-F3CDA52E7880}" = Catalyst Control Center Graphics Light
"{6CB778E6-693F-7A2A-C5AD-C7743500D249}" = CCC Help Turkish
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{71A51B59-E7D3-11DB-A386-005056C00008}" = Namuga 1.3M Webcam
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}" = Vodafone Mobile Connect Lite
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114072167}" = Go-Go Gourmet
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115246907}" = Elf Bowling Hawaiian Vacation
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BBB5E4C-3F5E-4C07-BFBE-33B34600783A}" = LogMeIn Hamachi
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader
"{8D88074D-4378-C049-4264-EB3EE8AC155C}" = CCC Help Japanese
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{93E42FF5-065E-0D52-2777-8A1849CB8574}" = CCC Help Swedish
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{94D5097B-46D0-A1D9-8983-284E3C675CA9}" = Catalyst Control Center Localization All
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{961B4059-D1C0-43C8-095B-75A18BD0F8C8}" = CCC Help Polish
"{9781A96F-71AC-4738-984B-5AB597DFE678}" = WER WIRD MILLIONÄR VIERTE EDITION
"{9B84A151-81CC-6133-D844-A189FDA1C34F}" = CCC Help Chinese Standard
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AA16A9E5-40E9-44F5-801E-6B3D3CFE79E5}" = BatteryLifeExtender
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{AE86495C-42F9-F5BE-E878-7798456A509A}" = CCC Help Spanish
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B660E0D0-A8CB-45A7-96FB-93E8C915A0B2}" = Easy Network Manager
"{B6D8DC8C-F077-4631-A221-4D5E1D8E87E7}" = Catalyst Control Center - Branding
"{B7493783-F638-BEAE-C8C7-665C5A03E652}" = CCC Help Dutch
"{B82ABF2C-CBD3-5528-26DF-F1161A2B34BF}" = Catalyst Control Center Graphics Full New
"{B9B1B5D9-F96D-0257-A23C-8EA9ACCCF8CB}" = CCC Help Czech
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C3181764-B8F3-A705-5362-86E37C476710}" = Catalyst Control Center Graphics Full Existing
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA146D61-5542-2F55-C5E4-49D26EBAAA5B}" = CCC Help Russian
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DB0EF3C1-8AF4-1E28-267E-024999C11828}" = CCC Help Finnish
"{DBB62E6B-66F5-09D2-D2CC-C1877CDD9A8B}" = CCC Help Italian
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5141E62-8A90-D9A1-EB2D-C4D0D9940D90}" = CCC Help German
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{EFCEF949-9821-4759-A573-3EB8C857DF46}" = Windows Live Family Safety
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F293A67D-04BB-6960-5D13-13F158796960}" = CCC Help Danish
"{F2BC3383-F000-410C-A038-3846ADBE8D90}" = REALTEK Wireless LAN Software
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F38FD0E4-B991-462B-873D-F2115EADD093}" = Nokia PC Suite
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FC123EEA-330A-4685-911C-95B8F5E9DE68}" = Thief - Deadly Shadows
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"6DA48AFDE796708D5A4C9121A83E7617A63A9A15" = Windows-Treiberpaket - Nokia Modem  (10/07/2010 4.6)
"7-Zip" = 7-Zip 9.20
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Avira AntiVir Desktop" = Avira Free Antivirus
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP1
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Crash Time III_is1" = Crash Time III
"DivX Setup.divx.com" = DivX-Setup
"E5372C32E8562C76C24DBA6525002B1031495F34" = Windows-Treiberpaket - Nokia Modem  (06/09/2010 7.01.0.8)
"FMCODEC" = FM Screen Capture Codec (Remove Only)
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.9.5 (Full)
"LogMeIn Hamachi" = LogMeIn Hamachi
"LSI Soft Modem" = LSI HDA Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 8.0.1 (x86 de)" = Mozilla Firefox 8.0.1 (x86 de)
"Mozilla Thunderbird (3.1.11)" = Mozilla Thunderbird (3.1.11)
"Nero - Burning Rom!UninstallKey" = Ahead Nero Burning ROM
"Nokia PC Suite" = Nokia PC Suite
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"RACE_is1" = RACE
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Trillian" = Trillian
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"XSManager" = XSManager
"ZoneAlarm" = ZoneAlarm
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"GameRanger" = GameRanger
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 12/8/2011 7:00:55 PM | Computer Name = M-Kallisto-W7 | Source = Avira AntiVir | ID = 4117
Description = 
 
Error - 12/8/2011 7:01:10 PM | Computer Name = M-Kallisto-W7 | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 12/8/2011 7:01:16 PM | Computer Name = M-Kallisto-W7 | Source = Lavasoft Ad-Aware Service | ID = 0
Description = 
 
Error - 12/8/2011 7:01:21 PM | Computer Name = M-Kallisto-W7 | Source = Lavasoft Ad-Aware Service | ID = 0
Description = 
 
Error - 12/9/2011 8:53:02 PM | Computer Name = M-Kallisto-W7 | Source = Lavasoft Ad-Aware Service | ID = 0
Description = 
 
Error - 12/9/2011 8:53:03 PM | Computer Name = M-Kallisto-W7 | Source = Avira AntiVir | ID = 4110
Description = 
 
Error - 12/9/2011 8:53:03 PM | Computer Name = M-Kallisto-W7 | Source = Avira AntiVir | ID = 4117
Description = 
 
Error - 12/9/2011 8:53:05 PM | Computer Name = M-Kallisto-W7 | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 12/9/2011 8:53:11 PM | Computer Name = M-Kallisto-W7 | Source = Lavasoft Ad-Aware Service | ID = 0
Description = 
 
Error - 12/9/2011 8:53:16 PM | Computer Name = M-Kallisto-W7 | Source = Lavasoft Ad-Aware Service | ID = 0
Description = 
 
[ System Events ]
Error - 12/22/2011 5:25:57 PM | Computer Name = M-Kallisto-W7 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Bluetooth Radio USB Support" wurde mit folgendem Fehler
 beendet:   %%126
 
Error - 12/22/2011 5:26:03 PM | Computer Name = M-Kallisto-W7 | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Lavasoft Ad-Aware Service" wurde unerwartet beendet. Dies
 ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 12/22/2011 5:26:03 PM | Computer Name = M-Kallisto-W7 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   tcpipBM
 
Error - 12/22/2011 5:26:10 PM | Computer Name = M-Kallisto-W7 | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Lavasoft Ad-Aware Service" wurde unerwartet beendet. Dies
 ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 12/22/2011 5:26:16 PM | Computer Name = M-Kallisto-W7 | Source = Service Control Manager | ID = 7034
Description = Dienst "Lavasoft Ad-Aware Service" wurde unerwartet beendet. Dies 
ist bereits 3 Mal passiert.
 
Error - 12/23/2011 6:28:04 AM | Computer Name = M-Kallisto-W7 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Bluetooth Radio USB Support" wurde mit folgendem Fehler
 beendet:   %%126
 
Error - 12/23/2011 6:28:15 AM | Computer Name = M-Kallisto-W7 | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Lavasoft Ad-Aware Service" wurde unerwartet beendet. Dies
 ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 12/23/2011 6:28:15 AM | Computer Name = M-Kallisto-W7 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   tcpipBM
 
Error - 12/23/2011 6:28:22 AM | Computer Name = M-Kallisto-W7 | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Lavasoft Ad-Aware Service" wurde unerwartet beendet. Dies
 ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 12/23/2011 6:28:27 AM | Computer Name = M-Kallisto-W7 | Source = Service Control Manager | ID = 7034
Description = Dienst "Lavasoft Ad-Aware Service" wurde unerwartet beendet. Dies 
ist bereits 3 Mal passiert.
 
 
< End of report >
         
Wie geht es jetzt weiter, welche Passage müsste ich in das OTL kopieren?

Danke für eure Hilfe!

Alt 23.12.2011, 13:50   #2
kallisto
 
Westernunion Startseite löschen - Standard

Westernunion Startseite löschen



http://www.trojaner-board.de/106789-...-loeschen.html

auf diesen Thread beziehe ich mich, konnte dort aber keine Antwort posten.
Wäre jetzt dann bei Schritt 3 sozusagen...
__________________


Alt 23.12.2011, 16:51   #3
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Westernunion Startseite löschen - Standard

Westernunion Startseite löschen



Erstmal bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________
__________________

Alt 24.12.2011, 15:58   #4
kallisto
 
Westernunion Startseite löschen - Standard

Westernunion Startseite löschen



Alles klar, hab ich gemacht.

Hier die beiden LOG-Dateien.

Malwarebytes' Anti-Malware:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 911122308

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

24.12.2011 01:37:39
mbam-log-2011-12-24 (01-37-39).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 406834
Laufzeit: 2 Stunde(n), 54 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{C689C99E-3A8C-4c87-A79C-C80DC9C81632} (Trojan.Banker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C689C99E-3A8C-4C87-A79C-C80DC9C81632} (Trojan.Banker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\2SPI9KEA4C (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\program files\alcohol soft\alcohol 120\Langs\AX_RU.dll (Malware.Packer.GenX) -> Quarantined and deleted successfully.
c:\Users\Martin\AppData\Local\Temp\0.7169280906571907.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
         
Eset:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f884228046fe0f46b50a6f8131bf8a98
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-24 02:54:25
# local_time=2011-12-24 03:54:25 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=1024 16777215 100 0 55694788 55694788 0 0
# compatibility_mode=1792 16777215 100 0 180002 180002 0 0
# compatibility_mode=5893 16776574 100 94 24786089 76354693 0 0
# compatibility_mode=8192 67108863 100 0 3815 3815 0 0
# compatibility_mode=9217 16777214 75 66 8088684 47000732 0 0
# scanned=244348
# found=4
# cleaned=0
# scan_time=14963
C:\Program Files\DAEMON Tools Pro\dtprohlp.dll	Win32/Adware.WhenU.SaveNow application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Martin\Desktop\Programme\misc\My Downloads\Adobe Premiere Pro 7.0 (With Key).ISO	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Users\Martin\Downloads\Nero_6.6.0.16_inkl.med.rar	a variant of Win32/Keygen.AW application (unable to clean)	00000000000000000000000000000000	I
C:\Windows\AutoKMS.exe	Win32/HackKMS application (unable to clean)	00000000000000000000000000000000	I
         

Und nun?

Alt 24.12.2011, 16:28   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Westernunion Startseite löschen - Standard

Westernunion Startseite löschen



Zitat:
C:\Users\Martin\Downloads\Nero_6.6.0.16_inkl.med.rar a variant of Win32/Keygen.

Und nun?
Und nun darfst du eine Neuinstallation machen

Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 24.12.2011, 16:41   #6
kallisto
 
Westernunion Startseite löschen - Standard

Westernunion Startseite löschen



Diese Datei ist schon sehr alt und deutlich länger auf der Festplatte, als ich diesen Trojaner habe.
Eine Neuinstallation würde viel zu viel Zeit in Anspruch nehmen, ich habe auch kein Problem damit, besagte Keygens etc. zu löschen, aber kannst du mir nicht trotzdem bitte helfen?
Ich hab gestern und heut schon viel Zeit damit aufgebracht, das ganze Zeug da untersuchen zu lassen

Alt 24.12.2011, 17:01   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Westernunion Startseite löschen - Standard

Westernunion Startseite löschen



Sry aber bei Cracks/Keygens gibts nur noch Hilfe bei der Neuinstallation von Windows
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Westernunion Startseite löschen
7-zip, ad-aware, alternate, antivir, autorun, avira, bho, bonjour, branding, document, error, firefox, flash player, google chrome, google earth, helper, home, install.exe, installation, microsoft office 2003, microsoft office word, mozilla, mozilla thunderbird, object, office 2007, plug-in, realtek, registry, scan, sched.exe, security, senden, software, stick, taskhost.exe, teamspeak, updates, version=1.0, vodafone, webcheck, windows




Ähnliche Themen: Westernunion Startseite löschen


  1. Awesomehp als Startseite löschen
    Log-Analyse und Auswertung - 26.02.2014 (16)
  2. Startseite Awesomehp lässt sich nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 04.02.2014 (7)
  3. Startseite ist nicht mehr Startseite
    Log-Analyse und Auswertung - 17.10.2013 (5)
  4. Firefox startet immer mit Westernunion Startseite
    Log-Analyse und Auswertung - 24.09.2013 (10)
  5. portaldosites als Startseite im IE und FireFox lässt sich nicht löschen!
    Plagegeister aller Art und deren Bekämpfung - 29.08.2013 (20)
  6. Ratlos! Westernunion lässt sich nicht als Startseite entfernen
    Plagegeister aller Art und deren Bekämpfung - 09.02.2012 (1)
  7. Westernunion als Startrseite entfernen
    Mülltonne - 23.12.2011 (1)
  8. Searchqu Startseite im Mozilla lässt sich nicht löschen
    Log-Analyse und Auswertung - 20.12.2011 (18)
  9. WesternUnion als Startbildschirm. Lässt sich nicht entfernen. Virus?
    Log-Analyse und Auswertung - 06.11.2011 (15)
  10. WesternUnion seid gestern als Startseite
    Plagegeister aller Art und deren Bekämpfung - 04.11.2011 (11)
  11. fire fox startseite westernunion.de
    Log-Analyse und Auswertung - 31.10.2011 (2)
  12. Startseite kommt immer Westernunion
    Log-Analyse und Auswertung - 22.10.2011 (5)
  13. w*w.westernunion(dot)com als unerwünschte startseite in ie9
    Log-Analyse und Auswertung - 21.10.2011 (7)
  14. Westernunion die dritte...
    Plagegeister aller Art und deren Bekämpfung - 20.10.2011 (16)
  15. Kein Virenprogramm kann trojanisches Pferd löschen! Wie soll ich es löschen?
    Mülltonne - 19.03.2008 (1)
  16. Startseite Search for... AdAware laufen lassen --> logs; nicht zu löschen?
    Log-Analyse und Auswertung - 06.02.2005 (11)
  17. Startseite: "searchfor" lässt sich nicht löschen. Außerdem lässtige Nachrichtena
    Log-Analyse und Auswertung - 10.01.2005 (7)

Zum Thema Westernunion Startseite löschen - Servus, ich habe mir bereits einige Dinge dazu durchgelesen und würde gern die Westernunion-Startseite gern wieder los werden. Nutze den Rechner nicht beruflich, mache keine Überweisungen etc., deshalb würde ich - Westernunion Startseite löschen...
Archiv
Du betrachtest: Westernunion Startseite löschen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.