Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   TR/Crypt.ZPACK.Gen2 (https://www.trojaner-board.de/99176-tr-crypt-zpack-gen2.html)

Laylow 16.05.2011 21:02
TR/Crypt.ZPACK.Gen2
 
Schönen guten Abend,

ich bin wirklich ganz neu hier und bin mir nicht sicher, ob ich trotz lesens der Checkliste alles richtig gemacht habe....

Aber ich versuchs mal:

Mein Problem ist folgendes:

ich benutze Opera (oder auch firefox).

beim Surfen kamen auf einmal folgende 2 Nachrichten von Avir


1)
In der Datei 'C:\Users\AnGoe\AppData\Local\Temp\0.8982463739596128.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen2' [trojan] gefunden.
Ausgeführte Aktion: Datei löschen

2)
In der Datei 'C:\Users\AnGoe\AppData\Local\Temp\0.8982463739596128.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen2' [trojan] gefunden.
Ausgeführte Aktion: Datei löschen

Wie ihr Anhand der Logs (?) sehen könnt, habe ich die Datei gelöscht (oder es zumindest versucht). Eine erneute Suche mit Avir ergab keinen Fund, was laut zahlreicher Internetforen wohl nichts zu bedeuten hat.

Meine Recherche im Internet ergab, dass der Trojaner wohl Passwörter an den Hacker schickt. Eine Neuinstallation wird in den meisten Fällen empfohlen. Es gab aber auch öfters die Nachricht, dass es sich um einen Fehlarlarm seitens Avir handelt.

- Neuaufspielen ist problematisch, da ich einen vorinstallierten Rechner habe, und bereits einige Programme (z.B. ImageJ + plug-ins) installiert habe, bei denen ich Probleme haben werde, diese wieder so schön konfiguriert hinzubekommen, wie sie eben zur Zeit laufen.

Den Hilferufen im Trojaner-Board zu urteilen, ist dieser Trojaner wohl nicht allzu selten.

Meine Fragen an euch lauten:

- ist die Avir-Meldung korrekt oder eine Falschmeldung?

- Wurde der Trojaner entfernt durch Avir? Was kann ich tun um hier sicher zu gehen?

- Muss ich mein System neu installieren (sehr ungern) oder gibt es andere Möglichkeiten

- Welche weiteren Schritte muss ich vornehmen (bin eigentlich ein vorsichtiger Surfer)

Und letzte Frage:

Ich speichere keine Passwörter auf meinem Rechner und lösche nach jedem Online banking meine Privaten Daten.... Muss ich trotzdem sicherheitshalber alle PW ändern und mich gegebenenfalls bei meiner Bank melden?

Puuh, ich hoffe, das war einigermaßen verständlich.

Ich freue mich auf eure Antworten

Vielen Dank im Voraus.

Swisstreasure 16.05.2011 21:08
:hallo:

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

Downloade Dir bitte Malwarebytes
  • Installiere das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Schritt 2

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
/md5start
explorer.exe
winlogon.exe
wininit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Laylow 16.05.2011 23:07
Hallo Swiss,

vielen Dank für deine rasche Antwort. Ich mach mich gleich mal ran

Laylow 16.05.2011 23:07
Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 6593

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19048

17.05.2011 00:04:26
mbam-log-2011-05-17 (00-04-26).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 164457
Laufzeit: 7 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 12

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4E3E0230AEBB4E96 (Trojan.SpyEyes) -> Value: 4E3E0230AEBB4E96 -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\Users\AnGoe\AppData\Local\Temp\0.33319233155083183.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\AnGoe\AppData\Local\Temp\0.1305663442157582.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\AnGoe\AppData\Local\Temp\0.2996849246483495.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\AnGoe\AppData\Local\Temp\0.3531717886170844.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\AnGoe\AppData\Local\Temp\0.4755838817407886.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\AnGoe\AppData\Local\Temp\0.6278697421971406.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\AnGoe\AppData\Local\Temp\0.7536244325821444.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\AnGoe\AppData\Local\Temp\0.9693267161192914.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\AnGoe\AppData\Local\Temp\0.9824939819579354.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\Rundll32.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Recycle.Bin\recycle.bin.exe (Trojan.SpyEyes) -> Quarantined and deleted successfully.
c:\Recycle.Bin\config.bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.

Laylow 16.05.2011 23:20
Schritt 2: OTL

Laylow 16.05.2011 23:37
OTL Logfile:
Code:
OTL logfile created on: 17.05.2011 00:20:56 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\AnGoe\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 56,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,65 Gb Total Space | 12,78 Gb Free Space | 18,35% Space Free | Partition Type: NTFS
Drive D: | 69,64 Gb Total Space | 36,76 Gb Free Space | 52,79% Space Free | Partition Type: NTFS
 
Computer Name: MENKOU | User Name: AnGoe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.05.17 00:08:59 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\AnGoe\Desktop\OTL.exe
PRC - [2011.02.28 16:15:30 | 000,427,008 | ---- | M] (Sony Ericsson) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
PRC - [2010.12.13 14:52:46 | 000,074,960 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
PRC - [2010.12.10 19:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2010.12.10 19:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2010.11.18 10:06:44 | 000,215,944 | ---- | M] (Geek Software GmbH) -- C:\Programme\PDF24\pdf24.exe
PRC - [2010.09.16 22:04:06 | 001,164,584 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.07.12 18:32:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Winamp\winampa.exe
PRC - [2009.09.28 17:23:28 | 000,529,664 | ---- | M] (O&O Software GmbH) -- C:\Programme\OO Software\DriveLED\oodlag.exe
PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.05.05 09:30:20 | 000,221,300 | ---- | M] (Creative Technology Ltd) -- C:\Programme\Creative\Sound Blaster Play\Volume Panel\VolPanlu.exe
PRC - [2008.05.02 02:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\SetPoint.exe
PRC - [2008.05.02 02:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008.04.30 10:27:50 | 000,417,792 | ---- | M] (Creative Technology Ltd) -- C:\Programme\Creative\Shared Files\CTAudSvc.exe
PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.19 09:33:30 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2008.01.19 09:33:04 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008.01.16 05:29:16 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\AnGoe\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2007.10.26 15:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2007.08.29 11:35:38 | 000,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
PRC - [2007.07.24 12:21:26 | 000,450,560 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2007.07.12 17:36:12 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.07.12 17:36:10 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007.07.03 11:40:10 | 000,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007.06.28 19:50:52 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007.06.15 07:45:00 | 000,850,704 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe
PRC - [2007.06.13 17:56:18 | 000,765,952 | R--- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNMTray.exe
PRC - [2007.06.13 17:54:36 | 000,135,168 | R--- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
PRC - [2007.06.13 12:23:54 | 000,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
PRC - [2007.05.29 02:29:00 | 004,472,832 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.04.25 17:34:30 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
PRC - [2007.04.25 17:33:36 | 000,457,216 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
PRC - [2007.04.23 10:53:48 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2007.02.12 13:18:50 | 000,924,160 | ---- | M] (Nero AG) -- C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe
PRC - [2007.02.09 07:35:54 | 000,397,312 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2007.01.19 20:51:16 | 000,711,472 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006.11.24 13:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2002.03.08 17:30:50 | 001,748,992 | ---- | M] (FirebirdSQL Project) -- C:\Programme\Firebird\bin\ibserver.exe
PRC - [2002.03.07 13:18:50 | 000,032,768 | ---- | M] (FirebirdSQL Project) -- C:\Programme\Firebird\bin\ibguard.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.05.17 00:08:59 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\AnGoe\Desktop\OTL.exe
MOD - [2010.08.31 17:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (CLTNetCnService)
SRV - [2011.02.10 15:29:24 | 000,150,528 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2010.08.24 00:28:00 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010.08.24 00:01:24 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009.09.28 17:23:28 | 000,529,664 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\DriveLED\oodlag.exe -- (O&O DriveLED)
SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008.11.19 20:22:20 | 000,015,872 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2008.04.30 10:27:50 | 000,417,792 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Programme\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007.10.26 15:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007.07.12 17:36:12 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007.07.03 11:40:10 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007.06.28 19:50:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007.06.13 17:54:36 | 000,135,168 | R--- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2007.06.13 12:23:54 | 000,167,936 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2007.04.25 17:34:30 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007.04.23 10:53:48 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2007.02.12 13:18:50 | 000,924,160 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2006.11.24 13:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2002.03.08 17:30:50 | 001,748,992 | ---- | M] (FirebirdSQL Project) [On_Demand | Running] -- C:\Program Files\Firebird\bin\ibserver.exe -- (InterBaseServer)
SRV - [2002.03.07 13:18:50 | 000,032,768 | ---- | M] (FirebirdSQL Project) [Auto | Running] -- C:\Program Files\Firebird\bin\ibguard.exe -- (InterBaseGuardian)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.04.02 16:08:35 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2010.12.23 19:25:50 | 000,082,304 | ---- | M] (Fengtao Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dvdfab.sys -- (dvdfab)
DRV - [2009.12.08 20:11:40 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.09.28 17:24:10 | 000,025,608 | ---- | M] (O&O Software GmbH) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\OODrvled.sys -- (OODrvled)
DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.11.19 20:22:36 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2008.04.10 10:20:20 | 000,020,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\twtyfilt.sys -- (twtyfilt)
DRV - [2008.02.29 03:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008.02.29 03:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008.02.29 03:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008.01.19 07:56:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2007.11.28 01:21:56 | 000,310,016 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GrabsterSeries.X86.SYS -- (GrabsterSeries.X86)
DRV - [2007.10.26 15:27:00 | 000,306,300 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007.08.08 18:26:06 | 002,226,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007.07.28 09:36:40 | 002,929,664 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007.07.17 05:28:52 | 000,269,056 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVerAF15.sys -- (AVerAF15)
DRV - [2007.05.02 13:52:00 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2007.03.02 19:19:34 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2007.02.12 13:17:40 | 000,033,792 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007.02.12 13:17:24 | 000,031,360 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007.02.12 13:14:42 | 000,112,384 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\Windows\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2007.02.07 19:35:10 | 001,729,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007.01.31 14:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007.01.18 17:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.11.29 02:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006.11.02 17:51:58 | 000,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4c74-92FE-5B863F82066B})
DRV - [2006.11.02 09:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006.11.02 09:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006.11.02 09:30:52 | 000,467,456 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2006.10.01 15:37:02 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0801.sys -- (tap0801)
DRV - [2006.09.19 17:47:04 | 000,080,744 | ---- | M] (Wasay) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSVD.sys -- (WSVD)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! Deutschland
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Deutschland
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = SPIEGEL ONLINE - Nachrichten
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.tagesschau.de/"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.12
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2
FF - prefs.js..extensions.enabledItems: {446c03e0-2c35-11db-a98b-0800200c9a67}:0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..network.proxy.autoconfig_url: "hxxp://proxy.charite.de/"
FF - prefs.js..network.proxy.type: 2
 
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.10 21:03:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.10 21:03:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009.10.12 21:52:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.01.10 19:25:23 | 000,000,000 | ---D | M]
 
[2008.08.29 01:47:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Extensions
[2011.05.04 19:16:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions
[2011.01.24 20:45:54 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2011.01.24 20:45:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.01.23 10:05:01 | 000,000,000 | ---D | M] (F5 Networks Cache Cleaner Plugin) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\{3191E4CE-790E-42be-B2E0-223475263B7E}
[2009.02.27 11:42:22 | 000,000,000 | ---D | M] (Favicon Picker 3) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\{446c03e0-2c35-11db-a98b-0800200c9a67}
[2011.01.24 20:45:55 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009.01.23 10:09:37 | 000,000,000 | ---D | M] (F5 Networks Host Plugin) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52}
[2009.10.22 21:25:35 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011.01.24 20:45:54 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2009.04.26 10:07:18 | 000,000,000 | ---D | M] ("Unofficial Myspace Toolbar") -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\myspacetoolbar@gmail.com
[2011.05.16 20:27:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\sulic17f.Privat\extensions
[2010.07.24 23:21:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\sulic17f.Privat\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.05.01 22:00:49 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\sulic17f.Privat\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010.09.09 20:19:46 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.09.09 20:19:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2008.08.29 01:47:21 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\inspector@mozilla.org
[2008.08.29 01:47:21 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\talkback@mozilla.org
[2008.03.23 22:59:16 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008.08.01 02:09:27 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008.11.26 20:26:56 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2009.01.11 10:36:23 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009.03.30 09:02:08 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2010.09.09 20:19:46 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011.05.10 21:03:42 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.07.12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll
[2011.05.10 21:03:44 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.05.10 21:03:44 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml
[2011.05.10 21:03:44 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.05.10 21:03:44 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.05.10 21:03:44 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.05.10 21:03:44 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.09.18 20:39:59 | 000,331,258 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O1 - Hosts: 127.0.0.1        007guard.com - 007guard and Free Antivirus
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        Avast | Free Zip Unzip | Enable Java Script | Vim at 0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        100sexlinks.com - Informationen zum Thema Sex links. Diese Website steht zum Verkauf!
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 11347 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} -  File not found
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acer Tour]  File not found
O4 - HKLM..\Run: [alphadixxLightS]  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PLFSet] C:\Windows\PLFSet.dll ( )
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster Play\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Acer Tour Reminder]  File not found
O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000047 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\AnGoe\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\AnGoe\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{488adfcc-07c2-11de-8533-463500000031}\Shell\AutoRun\command - "" = F:\USBNB.exe
O33 - MountPoints2\{8f5a1926-86e4-11df-91df-000000000000}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\secure32.exe
O33 - MountPoints2\{be2730e1-e347-11de-aa68-463500000031}\Shell - "" = AutoRun
O33 - MountPoints2\{be2730e1-e347-11de-aa68-463500000031}\Shell\AutoRun\command - "" = F:\setup.exe AUTORUN=1
O33 - MountPoints2\{eabba07b-c2fc-11df-900e-000000000000}\Shell\AutoRun\command - "" = F:\installer.exe
O33 - MountPoints2\{eabba07b-c2fc-11df-900e-000000000000}\Shell\verb\command - "" = F:\installer.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux5 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux6 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux7 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux8 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi5 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi6 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi7 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi8 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi9 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer5 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer6 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer7 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer8 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer9 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave5 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave6 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave7 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave8 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave9 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.17 00:13:07 | 000,000,000 | ---D | C] -- C:\Users\AnGoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
[2011.05.17 00:08:56 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\AnGoe\Desktop\OTL.exe
[2011.05.16 23:53:56 | 000,000,000 | ---D | C] -- C:\Users\AnGoe\AppData\Roaming\Malwarebytes
[2011.05.16 23:53:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.05.16 23:53:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.05.16 23:53:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.05.16 23:53:45 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.05.16 23:53:45 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.05.09 23:40:48 | 000,000,000 | ---D | C] -- C:\Programme\Sony Media Go Install
[2011.05.09 23:40:48 | 000,000,000 | ---D | C] -- C:\Users\AnGoe\AppData\Roaming\Sony
[2008.10.01 21:50:37 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\AnGoe\AppData\Roaming\pcouffin.sys
[2007.10.28 06:12:48 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
[2007.10.28 05:49:06 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2007.10.28 05:49:06 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2007.10.28 05:49:06 | 000,045,056 | ---- | C] ( ) -- C:\Windows\PLFSet.dll
[2007.07.04 18:20:35 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.17 00:18:20 | 000,686,620 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.05.17 00:18:20 | 000,643,612 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.05.17 00:18:20 | 000,150,694 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.05.17 00:18:20 | 000,122,500 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.05.17 00:12:52 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.05.17 00:12:40 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.17 00:12:39 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.17 00:12:33 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2011.05.17 00:10:23 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.05.17 00:09:17 | 000,037,096 | ---- | M] () -- C:\Users\AnGoe\AppData\Roaming\wklnhst.dat
[2011.05.17 00:08:59 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\AnGoe\Desktop\OTL.exe
[2011.05.16 23:48:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.02.06 18:05:07 | 000,004,096 | -H-- | C] () -- C:\Users\AnGoe\AppData\Local\keyfile3.drm
[2011.01.10 19:35:03 | 000,000,016 | -H-- | C] () -- C:\ProgramData\obtf5
[2010.08.24 00:02:15 | 000,025,113 | R--- | C] () -- C:\Windows\System32\cttwty.ini
[2010.08.24 00:02:15 | 000,000,053 | R--- | C] () -- C:\Windows\System32\ctzapxx.ini
[2010.08.24 00:02:11 | 000,000,917 | R--- | C] () -- C:\Windows\twtycfg.ini
[2010.08.24 00:02:07 | 000,127,488 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2010.08.24 00:02:07 | 000,069,120 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2009.12.23 22:19:53 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2009.11.25 14:40:50 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.08.23 13:04:38 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
[2009.08.23 13:04:20 | 000,906,784 | ---- | C] () -- C:\Windows\System32\owl52f.dll
[2009.08.23 13:04:19 | 000,385,024 | ---- | C] () -- C:\Windows\System32\UTILib36.dll
[2009.08.23 13:04:19 | 000,065,536 | ---- | C] () -- C:\Windows\System32\EZTW32.DLL
[2009.02.05 17:50:11 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNWISE.EXE
[2009.02.02 09:23:19 | 000,241,664 | ---- | C] () -- C:\Windows\System32\hppapr04.dll
[2009.02.02 09:23:19 | 000,000,647 | ---- | C] () -- C:\Windows\System32\hppapr04.dat
[2009.01.16 02:13:14 | 000,000,680 | ---- | C] () -- C:\Users\AnGoe\AppData\Local\d3d9caps.dat
[2008.12.02 17:02:50 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2008.12.02 17:01:46 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008.12.02 16:59:18 | 000,370,944 | ---- | C] () -- C:\Windows\System32\drivers\GrabsterSeries.X64.SYS
[2008.12.02 16:59:18 | 000,310,016 | ---- | C] () -- C:\Windows\System32\drivers\GrabsterSeries.X86.SYS
[2008.12.02 16:59:18 | 000,256,000 | ---- | C] () -- C:\Windows\System32\drivers\GrabsterSeries.C64.SYS
[2008.12.02 16:59:18 | 000,253,824 | ---- | C] () -- C:\Windows\System32\drivers\GrabsterSeries.C86.SYS
[2008.11.06 16:21:19 | 000,000,350 | ---- | C] () -- C:\Windows\System32\AP6RMHV.BIN
[2008.11.06 16:21:19 | 000,000,252 | ---- | C] () -- C:\Windows\System32\AP6RMJH.BIN
[2008.11.06 16:21:19 | 000,000,238 | ---- | C] () -- C:\Windows\System32\AP6RMFP.BIN
[2008.11.06 16:21:19 | 000,000,126 | ---- | C] () -- C:\Windows\System32\AP6RMHR.BIN
[2008.11.06 16:20:39 | 000,049,152 | R--- | C] () -- C:\Windows\System32\AVerIO.dll
[2008.11.06 16:20:39 | 000,003,456 | R--- | C] () -- C:\Windows\System32\AVerIO.sys
[2008.11.06 16:20:34 | 000,258,048 | R--- | C] () -- C:\Windows\System32\sptlib01.dll
[2008.11.06 16:20:34 | 000,253,952 | R--- | C] () -- C:\Windows\System32\sptlib02.dll
[2008.10.01 21:50:37 | 000,087,608 | ---- | C] () -- C:\Users\AnGoe\AppData\Roaming\inst.exe
[2008.10.01 21:50:37 | 000,007,887 | ---- | C] () -- C:\Users\AnGoe\AppData\Roaming\pcouffin.cat
[2008.10.01 21:50:37 | 000,001,144 | ---- | C] () -- C:\Users\AnGoe\AppData\Roaming\pcouffin.inf
[2008.08.13 00:42:19 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008.08.13 00:42:19 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.07.16 02:10:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.03.31 17:46:56 | 000,037,096 | ---- | C] () -- C:\Users\AnGoe\AppData\Roaming\wklnhst.dat
[2008.03.31 17:43:00 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.02.11 17:16:31 | 000,001,442 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008.01.22 19:35:02 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008.01.16 01:49:06 | 000,131,072 | ---- | C] () -- C:\Users\AnGoe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.10.28 15:36:00 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2007.10.28 15:36:00 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007.10.28 15:36:00 | 000,144,773 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2007.10.28 06:13:30 | 000,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2007.10.28 06:13:30 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2007.10.28 06:12:48 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2007.10.28 06:12:14 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2007.10.28 05:49:06 | 001,729,152 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2007.10.28 05:48:27 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007.10.26 15:28:18 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2007.07.05 05:31:13 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007.07.05 03:03:04 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2007.07.05 03:03:03 | 000,686,620 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2007.07.05 03:03:03 | 000,150,694 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2007.07.05 03:03:03 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.07.05 02:54:52 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007.07.04 18:20:33 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2007.07.04 17:32:20 | 000,001,132 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2007.04.25 17:33:22 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007.04.25 17:32:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007.04.25 17:32:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2007.04.25 17:31:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2007.04.25 17:30:52 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2007.04.25 17:30:44 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2007.04.18 11:19:21 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2007.04.18 11:19:21 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2007.04.18 11:19:21 | 000,000,041 | ---- | C] () -- C:\Windows\PreLaunch.ini
[2007.01.19 20:11:16 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006.12.25 16:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006.11.13 06:50:06 | 000,071,680 | ---- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin
[2006.11.02 14:57:28 | 000,067,584 | ---- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,413,392 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,643,612 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,122,500 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2002.05.11 06:36:02 | 000,053,760 | ---- | C] () -- C:\Windows\System32\zlib.dll
[2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[1999.12.15 22:16:06 | 000,204,800 | ---- | C] () -- C:\Windows\System32\Lpng.dll
 
========== LOP Check ==========
 
[2008.02.11 17:14:18 | 000,000,000 | ---D | M] -- C:\Users\AnGoe\AppData\Roaming\AD ON Multimedia
[2008.11.30 01:14:48 | 000,000,000 | ---D | M] -- C:\Users\AnGoe\AppData\Roaming\Desktopicon
[2011.05.16 23:56:20 | 000,000,000 | ---D | M] -- C:\Users\AnGoe\AppData\Roaming\EndNote
[2010.12.05 15:50:47 | 000,000,000 | ---D | M] -- C:\Users\AnGoe\AppData\Roaming\eXPert PDF Editor
[2010.12.05 16:58:09 | 000,000,000 | ---D | M] -- C:\Users\AnGoe\AppData\Roaming\Foxit Software
[2008.07.28 05:21:45 | 000,000,000 | ---D | M] -- C:\Users\AnGoe\AppData\Roaming\FrostWire
[2011.01.10 19:35:02 | 000,000,000 | ---D | M] -- C:\Users\AnGoe\AppData\Roaming\GraphPad Software
[2010.08.31 20:00:32 | 000,000,000 | ---D | M] -- C:\Users\AnGoe\AppData\Roaming\gtk-2.0
[2008.03.02 02:00:06 | 000,000,000 | ---D | M] -- C:\Users\AnGoe\AppData\Roaming\ICQ
[2009.01.18 05:56:42 | 000,000,000 | ---D | M] -- C:\Users\AnGoe\AppData\Roaming\IrfanView
[2009.12.07 18:06:57 | 000,000,000 | ---D | M] -- C:\Users\AnGoe\AppData\Roaming\ISI ResearchSoft
[2009.08.10 23:47:54 | 000,000,000 | ---D | M] -- C:\Users\AnGoe\AppData\Roaming\Opera
[2011.05.09 23:40:48 | 000,000,000 | ---D | M] -- C:\Users\AnGoe\AppData\Roaming\Sony
[2008.05.11 20:29:46 | 000,000,000 | ---D | M] -- C:\Users\AnGoe\AppData\Roaming\Thinstall
[2008.01.22 19:28:12 | 000,000,000 | ---D | M] -- C:\Users\AnGoe\AppData\Roaming\Thunderbird
[2008.11.30 01:14:48 | 000,000,000 | ---D | M] -- C:\Users\AnGoe\AppData\Roaming\Toolbars
[2010.12.25 18:54:01 | 000,000,000 | ---D | M] -- C:\Users\AnGoe\AppData\Roaming\Vso
[2011.05.17 00:10:31 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.* >
[2007.10.28 06:10:21 | 000,003,380 | ---- | M] () -- C:\-20071028.log
[2006.09.18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008.01.19 09:45:45 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2006.11.11 09:41:41 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006.09.18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009.12.28 11:19:27 | 000,044,202 | ---- | M] () -- C:\hpfr5100.log
[2008.01.18 02:36:01 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008.01.18 02:36:01 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011.05.17 00:12:26 | 2459,627,520 | -HS- | M] () -- C:\pagefile.sys
[2007.10.17 04:11:16 | 000,008,035 | -HS- | M] () -- C:\Patch.rev
[2007.01.11 02:52:52 | 000,000,631 | ---- | M] () -- C:\PDVD.iss
[2007.07.04 18:38:26 | 000,000,137 | RHS- | M] () -- C:\preload.rev
[2007.04.18 11:19:23 | 000,000,004 | ---- | M] () -- C:\wps.dat
 
< %systemroot%\system32\*.wt >
 
< %systemroot%\system32\*.ruy >
 
< %systemroot%\Fonts\*.com >
[2006.11.02 14:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006.11.02 14:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006.11.02 14:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006.11.02 14:37:12 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2006.09.18 23:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008.04.04 22:01:40 | 000,272,896 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpcpp5r1.dll
[2006.11.02 14:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2007.04.09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.scr >
[2009.07.10 14:10:44 | 000,307,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
[2008.06.26 23:56:17 | 000,000,174 | -HS- | M] () -- C:\Programme\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2007.07.28 09:26:42 | 000,344,064 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\System32\ATIDEMGX.dll
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\user32.dll /md5 >
[2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2008.01.19 09:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
< %systemroot%\system32\ws2help.dll /md5 >
[2006.11.02 11:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\System32\ws2help.dll
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008.01.24 13:55:55 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008.01.24 13:55:54 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 09:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-05-13 16:12:09
 
<          >

< End of report >
--- --- ---

Laylow 16.05.2011 23:41
OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 17.05.2011 00:20:56 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\AnGoe\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 56,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,65 Gb Total Space | 12,78 Gb Free Space | 18,35% Space Free | Partition Type: NTFS
Drive D: | 69,64 Gb Total Space | 36,76 Gb Free Space | 52,79% Space Free | Partition Type: NTFS
 
Computer Name: MENKOU | User Name: AnGoe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu -- (Acer Inc.)
"C:\Acer\Empowering Technology\eDataSecurity\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption -- (HiTRUST)
"C:\Acer\Empowering Technology\eDataSecurity\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption -- (HiTRUST)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E77E7F-DE13-4CF6-A9A9-C7578BBBEA2F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{065C9460-F936-4941-AE68-B274DF7C7DF4}" = rport=138 | protocol=17 | dir=out | app=system |
"{0BCDCBD0-43C0-45C9-87F4-F8D1DA30CFA8}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{1EABA1C6-A240-4B2C-AE5C-73C44F2C9F5E}" = rport=139 | protocol=6 | dir=out | app=system |
"{30D6649E-0305-4534-828B-A115E2FF35FD}" = lport=138 | protocol=17 | dir=in | app=system |
"{4AEB381A-FCF1-4AA7-BF6E-99EE287EF7C5}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{58F3D252-8911-4F8B-92E9-3F7695D4CCBF}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{66D87C95-50F0-44BA-9077-0237328C97E0}" = rport=445 | protocol=6 | dir=out | app=system |
"{7260CD35-A51B-498C-B35F-925C8BE4D7C8}" = lport=445 | protocol=6 | dir=in | app=system |
"{810BEBB9-DF61-4BD2-8164-A6FA487EA37B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{83527D8B-14B6-4AD9-A943-8EB5970887B2}" = rport=137 | protocol=17 | dir=out | app=system |
"{864BAC36-752E-49DF-B940-7E81517EC749}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9214F1D2-107F-4309-8E3B-B0246D092AD7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{95D0A141-A248-4A61-B7FB-2AFCEBA208CA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A2C3D533-203D-4C20-B734-F9750911335D}" = lport=139 | protocol=6 | dir=in | app=system |
"{A7DDC671-14A0-48A3-BD01-62F0CE4D4F68}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{AC8D1D60-B24F-4E7C-A0B0-6AC9B113061C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D1ABFF8A-F46D-4D43-A657-9125B3C1134B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{DA56E6D4-5D7B-4FDC-B86C-5E87492A83CF}" = lport=137 | protocol=17 | dir=in | app=system |
"{F4E6236B-3F95-41BE-B004-55918741470A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1176668C-D6A8-46D7-98AE-517791695A56}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{139CD6BA-A0ED-408D-859E-8E4B2296C0EF}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{269B078E-7E8D-40BE-905E-D2B26944C8D5}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{37433D6E-F9AF-488E-869D-7260249F2683}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe |
"{379A2A16-EB7D-4024-ABAF-D12DC084EED4}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe |
"{3CD4282D-7921-4C71-978D-E41E68B02695}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{480EB638-76A7-4094-94EF-1A6B24119727}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{587B7E37-A678-4498-9CA0-E63C6776DECC}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
"{5C647CD7-83AD-4093-A523-443F2BFB8334}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{63E6143C-BBB9-41A7-B8A7-CEE8FD8B166F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{71F9E79D-E8E4-42EC-9BD2-20DED870E42F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7D45DE3A-904D-486F-817B-78F1E14D91BB}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{CF743434-8C71-42B2-AA26-4C4DDF68C533}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe |
"{E4106503-5FA1-4202-A495-A766BF249CAB}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{E53E6766-5029-4473-B404-6A6B54572DB4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F5D3B397-3AF7-4627-9968-6AB1B050BFB6}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe |
"{F7AE5C78-0451-472A-A123-104F8A29C2C2}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{FD876DD9-1355-4B89-92F6-A6CA7A442ACC}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
"TCP Query User{0EDF04DA-E88A-4B6C-989C-EF369B206E45}C:\program files\imagej\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\imagej\jre\bin\javaw.exe |
"TCP Query User{2092FEA2-0AC6-4C42-9B9D-22C4264BD31A}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{36519C4D-1E71-4F2C-BA3F-095C43C767BC}C:\users\angoe\appdata\local\temp\par-angoe\cache-perlprimer_tmp\perlprimer.exe" = protocol=6 | dir=in | app=c:\users\angoe\appdata\local\temp\par-angoe\cache-perlprimer_tmp\perlprimer.exe |
"TCP Query User{46A32858-B65F-4F5D-8FDD-100A037A4AA2}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{49C2B847-5E39-41EA-9B5A-83A685F6C601}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{5A57C19C-C6E8-48C1-8F2B-F125954EDF31}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{622C23CC-031B-4F9D-A397-B1326028F1C0}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{674ABD60-825A-427B-990A-0ADF184D0636}D:\programm 2009\imagej 091117\neue plugins\fiji\fiji.app\fiji-win32.exe" = protocol=6 | dir=in | app=d:\programm 2009\imagej 091117\neue plugins\fiji\fiji.app\fiji-win32.exe |
"TCP Query User{B521E8E8-5D1F-46AA-B1C1-57EECB91FC68}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{BC14FB45-53C1-4021-988B-E79B71B307D7}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{C77AB2D6-3583-428C-924B-70DBE7FCBAD5}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{CDC6CAF7-59CE-4594-ADE4-FE4166159885}E:\d-link.exe" = protocol=6 | dir=in | app=e:\d-link.exe |
"UDP Query User{1CE0EC26-B122-4315-B2D7-6FCBA918EE7E}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{1FD3C2FF-9BA3-443A-A72A-D0944C610F7B}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{568F011F-C88C-429D-BC06-D65DEF3E2B4A}C:\program files\imagej\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\imagej\jre\bin\javaw.exe |
"UDP Query User{60FB7D84-2A2C-413A-8429-5157B4196D64}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{6CE11091-A3E4-49D8-AE2F-9CD8C6DF918E}E:\d-link.exe" = protocol=17 | dir=in | app=e:\d-link.exe |
"UDP Query User{74C9FF21-A374-4809-973B-06673F0427E8}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{7F3FB675-452C-402F-A532-23FD61FF817E}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{852403FE-1A85-4064-945F-13BAED756043}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{8AC756EC-3394-4623-B581-728111992FE8}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{8EDDBD09-E12B-4DB5-B366-3BB575FA976C}D:\programm 2009\imagej 091117\neue plugins\fiji\fiji.app\fiji-win32.exe" = protocol=17 | dir=in | app=d:\programm 2009\imagej 091117\neue plugins\fiji\fiji.app\fiji-win32.exe |
"UDP Query User{D6DC60AB-4414-447B-BA47-FB05E95F9F94}C:\users\angoe\appdata\local\temp\par-angoe\cache-perlprimer_tmp\perlprimer.exe" = protocol=17 | dir=in | app=c:\users\angoe\appdata\local\temp\par-angoe\cache-perlprimer_tmp\perlprimer.exe |
"UDP Query User{ED7FFC0B-DEB3-41F8-8292-0F4F1472080E}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0819B21B-E958-438C-B06C-5A54C98833E9}" = DSL Connection Manager
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0F0122E0-5665-4B91-9C71-85F98E20DCF2}" = Scion Image 4.0.3.2
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{120D9280-C7A0-F52B-0F0C-8F1DE9ACEAEE}" = Catalyst Control Center Localization Korean
"{15112D8C-D377-D1F9-3701-90E9CF9EC65B}" = Catalyst Control Center Localization Japanese
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{163B1CF0-6C0C-D558-341E-BA1DE37F9FA1}" = Catalyst Control Center Localization Danish
"{1E863F44-2D2D-4BD7-B25B-EDA9FF622267}" = Radiotracker
"{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}" = Adobe Media Player
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20D08187-7192-A65D-4ABA-BB09BF315E4F}" = Catalyst Control Center Core Implementation
"{226EF265-A4E4-4E10-BAA9-9C5D89F6EAF9}" = Catalyst Control Center Localization Turkish
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{238BA203-497D-16EA-8495-A42A37A1D1DC}" = Catalyst Control Center Localization Russian
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 21
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2D72ACF2-C3A9-A980-FB98-0062C1F4AABF}" = Catalyst Control Center Localization Chinese Standard
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34ED728D-ECE5-4A0D-9963-B54B318D0932}" = ccc-Branding
"{35B73650-6899-11DA-6784-00232A9018BE}" = GraphPad Prism 5 (Trial)
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye webcam
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{487C2D48-A9E3-4F34-92BD-B6A847025C16}" = Free eXPert PDF Reader
"{4971AB6A-D3AF-4227-51BD-0165C56F35F6}" = Catalyst Control Center Localization Dutch
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{4EB4978B-F18F-A9BF-114D-275F675CD9E7}" = Catalyst Control Center Localization Polish
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53480150-81CB-4A86-B378-86B6F08AF80B}" = O&O DriveLED
"{53480870-02D8-48FB-BC27-72C956885168}" = O&O MediaRecovery
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5A44BF79-7923-E7D4-C8A6-F93F81EF48B9}" = Catalyst Control Center Localization Finnish
"{5DCE4F2F-427B-F3DA-AF1E-34FBFCF779ED}" = ccc-core-static
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{62F596B9-0DF7-AD7B-2D66-E6DC4BFB94C1}" = Catalyst Control Center Localization French
"{64B3A619-65FF-6AF5-ABF8-D7D17E20D8A1}" = Catalyst Control Center Localization German
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C8D0421-2896-45E0-AFDA-960BC2E2E2EF}" = Sound Blaster Play!
"{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"{7616F372-AFF8-355C-582D-6EA9BE9445CF}" = Catalyst Control Center Graphics Light
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}" = Ad-Aware SE Personal
"{79B92639-4B90-CD61-6CB3-72C1977D7256}" = Catalyst Control Center Localization Portuguese
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B8CFD39-A3EA-7469-344A-35715AA9DB10}" = Catalyst Control Center Localization Spanish
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 2.8.8
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{871DF2BE-41D2-4334-AC33-839AF16FC8FE}" = Cisco Systems VPN Client 5.0.02.0090
"{87F7773C-EC9C-461A-AA7B-4AF8EF54DF49}" = EndNote X1
"{88637F72-B46E-43F9-B306-6DA1FF478D51}" = WIDCOMM Bluetooth Software 6.0.1.3900
"{8DA83EA6-E731-4722-958D-613399AE1031}" = Nero 7 Essentials
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{958B08B0-C784-4A77-8D2B-C0A58F1E14B5}" = HP Officejet 6500 E710a-f Hilfe
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{99C2CE24-18E1-5779-642B-ED28AFBE912E}" = Catalyst Control Center Localization Thai
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AA047D7C-5E7C-4878-B75C-77589151B563}" = Acer Crystal Eye webcam
"{AAA58088-CBEE-466C-F225-E6DC91A9A067}" = Catalyst Control Center Localization Norwegian
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.5
"{AC76BA86-7AD7-1033-7B44-A81300000003}_814" = KB408682
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{B1286E7E-AAAF-955C-1C72-60C5EF8F5F2D}" = Catalyst Control Center Localization Italian
"{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4A0EFC6-0933-6AE9-8EE0-7D6C5D5E28A8}" = Catalyst Control Center Localization Swedish
"{B8DC25AB-AEF8-264E-072D-62EB71D331B6}" = Catalyst Control Center Localization Hungarian
"{BA0BE54D-BB87-4ED4-B5C5-5F7A8CE2B4EA}" = Scion FG Java Package for ImageJ
"{BDFD03D4-CA66-36B1-41DE-F10059E248C4}" = Catalyst Control Center Localization Greek
"{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = TIPCI
"{BEE7031E-5FC1-4A23-9F86-6D2A9F689E37}" = Sequencher 4.9 Demo
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C0B0893D-6DA2-4F14-B1D0-3C0F1272B398}" = Reference Manager 11
"{C438DF2B-C5DF-4783-9CA5-9B89E501FA62}" = Works Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C51975DE-6450-4B3A-908F-5CA91494B1D3}" = HP Officejet 6500 E710a-f - Grundlegende Software für das Gerät
"{C6A12D9B-D86A-4ee6-B980-95E4B26A2E13}" = Microsoft Works Suite-Add-Ins für Microsoft Word
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D273D5F0-5868-358A-F5EE-77565BD6AAD4}" = Catalyst Control Center Localization Chinese Traditional
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{D4E01931-9B3F-49BD-B19B-511000A1E039}" = Samsung PC Studio II 2.0 PIMS & File Manager
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.01.149
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F79E42D0-C1F2-C461-5E1A-3A169E25F2C2}" = ccc-utility
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FC87BEA8-5582-476C-A754-41F3A9D976D4}" = FSCTV
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"{FF9E6D14-CD96-B086-BF2B-1E5DE6A7780F}" = Catalyst Control Center Localization Czech
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALchemy" = Creative ALchemy
"alphabreaxx" = alphabreaxx
"alphacombixx" = alphacombixx
"alphadixx Light Spanisch" = alphadixx Light Spanisch
"alpharelaxx" = alpharelaxx
"Audiograbber-Lame" = Audiograbber Lame-MP3-Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CDex" = CDex extraction audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"conduitEngine" = Conduit Engine
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"DivX Setup.divx.com" = DivX-Setup
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 8_is1" = DVDFab 8.0.6.1 (18/12/2010)
"DVDFab Passkey 8_is1" = DVDFab Passkey 8.0.1.6 (24/12/2010)
"EndNote" = EndNote
"FBDBServer1_is1" = Firebird 1.0.0.796
"FILEminimizer Pictures_is1" = FILEminimizer Pictures
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Foxit Reader" = Foxit Reader
"FrostWire" = FrostWire 4.13.5
"GridVista" = Acer GridVista
"HijackThis" = HijackThis 2.0.2
"ImageTool" = ImageTool
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"InstallShield_{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{FC87BEA8-5582-476C-A754-41F3A9D976D4}" = FSCTV
"IrfanView" = IrfanView (remove only)
"ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper
"Litlink v3.5" = Litlink v3.5
"LManager" = Launch Manager
"MAGIX Filme auf CD & DVD TerraTec Edition D" = MAGIX Filme auf CD & DVD TerraTec Edition 6.0.3.7 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MiKTeX 2.7" = MiKTeX 2.7
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"Office 2007 Word Konverter_is1" = Office 2007 Word Konverter 1.0.1
"OpenVPN" = OpenVPN 2.1_rc15
"Opera 11.10.2092" = Opera 11.10
"PEAK CAN Driver" = PEAK CAN Driver
"Peak Drivers" = Peak Drivers
"PerlPrimer" = PerlPrimer 1.1.16
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"realplex" = realplex
"Recuva" = Recuva
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"REST 2008_is1" = REST 2008 2.0.7
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Slim Mobile USB DVB-T" = Slim Mobile USB DVB-T 1.0.0.29
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"Spanisch 01" = Spanisch 01
"ST6UNST #1" = Langenscheidts Vokabeltrainer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SysInfo" = Creative Systeminformationen
"TeXnicCenter_is1" = TeXnicCenter Version 1 Beta 7.50
"Update Service" = Sony Ericsson Update Service
"VLC media player" = VideoLAN VLC media player 0.8.6d
"WinAce Archiver 2.0" = WinAce Archiver 2.0
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Works2005Setup" = Setup-Start von Microsoft Works 2005
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 16.05.2011 16:07:17 | Computer Name = menkou | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 16.05.2011 18:10:07 | Computer Name = menkou | Source = EventSystem | ID = 4609
Description =
 
Error - 16.05.2011 18:13:06 | Computer Name = menkou | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 16.05.2011 18:13:06 | Computer Name = menkou | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 16.05.2011 18:14:57 | Computer Name = menkou | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 16.05.2011 18:14:58 | Computer Name = menkou | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 16.05.2011 18:14:58 | Computer Name = menkou | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 16.05.2011 18:14:59 | Computer Name = menkou | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 16.05.2011 18:15:12 | Computer Name = menkou | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 16.05.2011 18:15:12 | Computer Name = menkou | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
[ System Events ]
Error - 15.05.2011 13:09:19 | Computer Name = menkou | Source = Service Control Manager | ID = 7000
Description =
 
Error - 15.05.2011 18:08:08 | Computer Name = menkou | Source = DCOM | ID = 10010
Description =
 
Error - 16.05.2011 12:29:47 | Computer Name = menkou | Source = HTTP | ID = 15016
Description =
 
Error - 16.05.2011 12:30:00 | Computer Name = menkou | Source = Service Control Manager | ID = 7000
Description =
 
Error - 16.05.2011 16:05:11 | Computer Name = menkou | Source = DCOM | ID = 10010
Description =
 
Error - 16.05.2011 16:06:52 | Computer Name = menkou | Source = HTTP | ID = 15016
Description =
 
Error - 16.05.2011 16:07:06 | Computer Name = menkou | Source = Service Control Manager | ID = 7000
Description =
 
Error - 16.05.2011 18:10:05 | Computer Name = menkou | Source = DCOM | ID = 10010
Description =
 
Error - 16.05.2011 18:12:35 | Computer Name = menkou | Source = HTTP | ID = 15016
Description =
 
Error - 16.05.2011 18:12:55 | Computer Name = menkou | Source = Service Control Manager | ID = 7000
Description =
 
 
< End of report >
--- --- ---

Laylow 16.05.2011 23:42
Da bin ich ja mal gespannt. Malwarebyte hat ja noch einiges gefunden. :(

Swisstreasure 17.05.2011 01:29
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Lade ComboFix von einem dieser Download-Spiegel herunter:

BleepingComputer - ForoSpyware

* Wichtig !! Speichere ComboFix auf dem Desktop
  • Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
  • Doppelklicke auf die ComboFix.exe und folge den Anweisungen.
  • ComboFix wird schauen, ob die Microsoft-Windows-Wiederherstellungskonsole installiert ist. Dies ist Teil des Prozesses. Angesichts der Art von Malware Infizierungen, die es heute gibt, wird dringend empfohlen, diese Wiederherstellungskonsole auf dem PC installiert zu haben, bevor jegliche Reinigung von Malware durchgeführt wird.
  • Folge den Anweisungen, um ComboFix das Herunterladen und Installieren der Wiederherstellungskonsole zu ermöglichen und stimme dem Lizenzvertrag (EULA) zu, sobald Du dazu aufgefordert wirst.
**Zur Information: Sollte die Wiederherstellungskonsole schon installiert sein, so wird ComboFix seine Malware-Entfernungsprozedur normal fortfahren.

http://i94.photobucket.com/albums/l8...eWHKonsole.jpg

Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:

http://i94.photobucket.com/albums/l8...nstalliert.jpg

Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.

Wenn ComboFix fertig ist, wird es ein Log erstellen. Bitte füge die C:\ComboFix.txt Deiner nächsten Antwort bei.

Laylow 18.05.2011 19:08
hallo swiss,

sorry hat etwas gedauert. schicke dir gleich die combofix log. das meintest du doch mit C:\ComboFix.txt?

Laylow 18.05.2011 19:11
Combofix Logfile:
Code:
ComboFix 11-05-17.03 - AnGoe 18.05.2011  19:40:25.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6001.1.1252.49.1031.18.2046.890 [GMT 2:00]
ausgeführt von:: c:\users\AnGoe\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\AnGoe\AppData\Roaming\AD ON Multimedia
c:\users\AnGoe\AppData\Roaming\AD ON Multimedia\eBay Shortcuts\config.ini
c:\users\AnGoe\AppData\Roaming\AD ON Multimedia\eBay Shortcuts\eBayShortcuts.exe
c:\users\AnGoe\AppData\Roaming\Desktopicon
c:\users\AnGoe\AppData\Roaming\Desktopicon\eBayShortcuts.exe
c:\users\AnGoe\AppData\Roaming\inst.exe
c:\windows\system32\Ijl11.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\UNWISE.EXE
c:\windows\system32\zip32.dll
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-04-18 bis 2011-05-18  ))))))))))))))))))))))))))))))
.
.
2011-05-17 17:02 . 2011-04-11 07:04        7071056        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{EBD065B0-1FDE-435C-9C43-3EA713FC3CEF}\mpengine.dll
2011-05-16 21:53 . 2011-05-16 21:53        --------        d-----w-        c:\users\AnGoe\AppData\Roaming\Malwarebytes
2011-05-16 21:53 . 2010-12-20 16:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-16 21:53 . 2011-05-16 21:53        --------        d-----w-        c:\programdata\Malwarebytes
2011-05-16 21:53 . 2011-05-16 21:53        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2011-05-16 21:53 . 2010-12-20 16:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-05-16 20:09 . 2011-05-16 20:09        404640        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-11 07:41 . 2011-04-07 12:01        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat
2011-05-10 19:03 . 2011-05-10 19:03        89048        ----a-w-        c:\program files\Mozilla Firefox\libEGL.dll
2011-05-10 19:03 . 2011-05-10 19:03        781272        ----a-w-        c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-10 19:03 . 2011-05-10 19:03        465880        ----a-w-        c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-10 19:03 . 2011-05-10 19:03        1874904        ----a-w-        c:\program files\Mozilla Firefox\mozjs.dll
2011-05-10 19:03 . 2011-05-10 19:03        15832        ----a-w-        c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-10 19:03 . 2011-05-10 19:03        1974616        ----a-w-        c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-10 19:03 . 2011-05-10 19:03        1892184        ----a-w-        c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-10 19:03 . 2011-05-10 19:03        142296        ----a-w-        c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-05-09 21:40 . 2011-05-09 21:40        --------        d-----w-        c:\program files\Sony Media Go Install
2011-05-09 21:40 . 2011-05-09 21:40        --------        d-----w-        c:\users\AnGoe\AppData\Roaming\Sony
2011-04-28 16:58 . 2011-03-03 14:56        28672        ----a-w-        c:\windows\system32\Apphlpdm.dll
2011-04-28 16:58 . 2011-03-03 13:01        4240384        ----a-w-        c:\windows\system32\GameUXLegacyGDFs.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-13 22:40 . 2011-04-13 22:40        4284416        ----a-w-        c:\windows\system32\GPhotos.scr
2011-04-02 14:08 . 2011-04-02 14:08        27632        ----a-w-        c:\windows\system32\drivers\seehcri.sys
2011-03-10 16:12 . 2011-04-15 16:48        1161728        ----a-w-        c:\windows\system32\mfc42u.dll
2011-03-10 16:12 . 2011-04-15 16:48        1136640        ----a-w-        c:\windows\system32\mfc42.dll
2011-03-03 15:00 . 2011-04-15 16:48        738816        ----a-w-        c:\windows\system32\inetcomm.dll
2011-03-03 14:56 . 2011-04-28 16:58        173056        ----a-w-        c:\windows\apppatch\AcXtrnal.dll
2011-03-03 14:56 . 2011-04-28 16:58        459776        ----a-w-        c:\windows\apppatch\AcSpecfc.dll
2011-03-03 14:56 . 2011-04-28 16:58        541696        ----a-w-        c:\windows\apppatch\AcLayers.dll
2011-03-03 14:56 . 2011-04-28 16:58        2153984        ----a-w-        c:\windows\apppatch\AcGenral.dll
2011-03-03 12:53 . 2011-04-15 16:48        2040832        ----a-w-        c:\windows\system32\win32k.sys
2011-03-02 14:49 . 2011-04-15 16:48        86528        ----a-w-        c:\windows\system32\dnsrslvr.dll
2011-02-22 12:52 . 2011-04-15 16:48        213504        ----a-w-        c:\windows\system32\drivers\mrxsmb10.sys
2011-02-22 12:52 . 2011-04-15 16:48        79360        ----a-w-        c:\windows\system32\drivers\mrxsmb20.sys
2011-02-22 12:51 . 2011-04-15 16:48        105984        ----a-w-        c:\windows\system32\drivers\mrxsmb.sys
2011-02-22 12:51 . 2011-04-15 16:48        69632        ----a-w-        c:\windows\system32\drivers\bowser.sys
2011-02-22 06:21 . 2011-04-15 16:48        916480        ----a-w-        c:\windows\system32\wininet.dll
2011-02-22 06:17 . 2011-04-15 16:48        43520        ----a-w-        c:\windows\system32\licmgr10.dll
2011-02-22 06:16 . 2011-04-15 16:48        1469440        ----a-w-        c:\windows\system32\inetcpl.cpl
2011-02-22 06:16 . 2011-04-15 16:48        71680        ----a-w-        c:\windows\system32\iesetup.dll
2011-02-22 06:16 . 2011-04-15 16:48        109056        ----a-w-        c:\windows\system32\iesysprep.dll
2011-02-22 05:20 . 2011-04-15 16:48        385024        ----a-w-        c:\windows\system32\html.iec
2011-02-22 04:43 . 2011-04-15 16:48        133632        ----a-w-        c:\windows\system32\ieUnatt.exe
2011-02-22 04:42 . 2011-04-15 16:48        1638912        ----a-w-        c:\windows\system32\mshtml.tlb
2011-02-18 13:31 . 2011-04-15 16:48        304640        ----a-w-        c:\windows\system32\drivers\srv.sys
2011-02-18 13:31 . 2011-04-15 16:48        146432        ----a-w-        c:\windows\system32\drivers\srv2.sys
2011-02-18 13:31 . 2011-04-15 16:48        102400        ----a-w-        c:\windows\system32\drivers\srvnet.sys
2011-05-10 19:03 . 2011-05-10 19:03        142296        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 11:26        3908192        ----a-w-        c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
2010-10-18 11:26        3908192        ----a-w-        c:\program files\softonic-de3\tbsoft.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2010-10-18 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2010-10-18 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-04-14 428544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-29 4472832]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-24 45056]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-06-15 850704]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"Skytel"="Skytel.exe" [2007-05-29 1826816]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"VolPanel"="c:\program files\Creative\Sound Blaster Play\Volume Panel\VolPanlu.exe" [2008-05-05 221300]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-07-12 74752]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2010-11-18 215944]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [N/A]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-1-19 711472]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-7-4 535336]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-8-18 805392]
VPN Client.lnk - c:\windows\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico [2008-1-20 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9876aa347e0fb;Google Update Service (gupdate1c9876aa347e0fb);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-05 133104]
R3 AVerAF15;AVerMedia BDA Digital Tuner;c:\windows\system32\Drivers\AVerAF15.sys [2007-07-17 269056]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-08-23 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-08-23 79360]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 GrabsterSeries.X86;GRABSTER SERIES, Service X86;c:\windows\system32\DRIVERS\GrabsterSeries.X86.SYS [2007-11-27 310016]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-05 133104]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-02-10 150528]
R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\DRIVERS\tap0801.sys [2006-10-01 26624]
R3 twtyfilt;twtyfilt;c:\windows\system32\drivers\twtyfilt.sys [2008-04-10 20480]
R3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\DRIVERS\covpnwlh.sys [x]
R3 WisINT15;WisINT15;c:\elements\1stboot\WisINT15.SYS [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2006-09-19 80744]
S0 OODrvled;OODrvled;c:\windows\system32\DRIVERS\OODrvled.sys [2009-09-28 25608]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 O&O DriveLED;O&O DriveLED Service;c:\program files\OO Software\DriveLED\oodlag.exe [2009-09-28 529664]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 179712]
S3 dvdfab;dvdfab;c:\windows\system32\drivers\dvdfab.sys [2010-12-23 82304]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2011-04-02 27632]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs        REG_MULTI_SZ          BthServ
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 18:02        114688        ----a-w-        c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-05 08:20]
.
2011-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-05 08:20]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://spiegel-online.de/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://de.intl.acer.yahoo.com
uSearchURL,(Default) = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/su/*Yahoo! Deutschland
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\system32\wpclsp.dll
FF - ProfilePath - c:\users\AnGoe\AppData\Roaming\Mozilla\Firefox\Profiles\sulic17f.Privat\
FF - prefs.js: browser.startup.homepage - tagesschau.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Acer Tour Reminder - (no file)
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)
HKLM-Run-alphadixxLightS - c:\program files\Alpha Institute\alphadixx Light Spanisch\awlight.exe
AddRemove-alphacombixx - c:\progra~1\ALPHAC~1\UNWISE32
AddRemove-alphadixx Light Spanisch - c:\progra~1\ALPHAI~1\ALPHAD~1\UNWISE32
AddRemove-Audiograbber-Lame - c:\program files\Audiograbber\Lame-Uninstall.exe
AddRemove-PEAK CAN Driver - c:\windows\System32\UNWISE.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-05-18 19:49
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
.
c:\users\AnGoe\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\InterBaseGuardian]
"ImagePath"="c:\program files\Firebird\bin\ibguard -s"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\InterBaseServer]
"ImagePath"="c:\program files\Firebird\bin\ibserver -s"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-05-18  19:55:01
ComboFix-quarantined-files.txt  2011-05-18 17:54
.
Vor Suchlauf: 11 Verzeichnis(se), 15.533.711.360 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 15.536.119.808 Bytes frei
.
- - End Of File - - FCC536BB22E13BD72F8B1A3683868725
--- --- ---

Laylow 18.05.2011 19:17
kleine Zwischenfrage: wie sieht es denn aus? ist mein rechner stark befallen?

Swisstreasure 18.05.2011 21:38
Er war mit einem Backdoor verseucht. Hier kann man von starke Infiezierung sprechen. Wieso meinst du?

Laylow 18.05.2011 21:52
na, ich dachte, da ist eventuell noch mehr drauf... weis auch nicht...z.b. wie nennt man das noch mal, wenn die ressourcen mehrerer computer für angriffe auf andere missbraucht werden....

ist er denn jetzt wieder "sauber"?

Swisstreasure 18.05.2011 21:55
Du meinst Teil eines BOTNetzes. Aber das schliesse ich aus.

Wie läuft das System mitlerweilen?


Alle Zeitangaben in WEZ +1. Es ist jetzt 05:50 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19