|
mbam Trojaner gefunden Hallöchen, antivir hat heut beim surfen einen virus gefunden, darauf hin hab ich mit mbam gescannt und es wurde ein trojaner gefunden. ich bin deshalb jetz im abgesicherten modus und wollte die geforderten logfiles erstellen, jedoch stürzt gmer immer wieder ab. also hier sin nur die OTL files. Kann mir bitte jemand helfen?!? Danke VG LOLA OTL.txt OTL logfile created on: 22.01.2012 22:42:45 - Run 5 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Lola\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,39 Gb Available Physical Memory | 69,68% Memory free 4,21 Gb Paging File | 3,87 Gb Available in Paging File | 91,88% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 140,11 Gb Total Space | 14,81 Gb Free Space | 10,57% Space Free | Partition Type: NTFS Computer Name: LOLA-PC | User Name: Lola | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.01.22 21:23:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Lola\Desktop\OTL.exe PRC - [2011.08.12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService) SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.10.05 08:26:56 | 003,070,944 | ---- | M] (Emsi Software GmbH) [Auto | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware) SRV - [2011.09.23 14:35:34 | 001,086,568 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent) SRV - [2011.08.12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE) SRV - [2011.07.03 10:05:43 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.05.11 19:30:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) [Auto | Stopped] -- C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe -- (ScrybeUpdater) SRV - [2011.04.28 16:53:58 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2008.04.04 18:10:26 | 000,030,152 | ---- | M] (Viewpoint Corporation) [Auto | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Service) SRV - [2008.01.19 08:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2008.01.19 08:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2007.07.24 18:26:38 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service) SRV - [2007.07.05 18:12:52 | 000,292,152 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr) SRV - [2007.03.06 09:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service) SRV - [2007.02.25 20:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2007.01.04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) ========== Driver Services (SafeList) ========== DRV - [2012.01.22 21:05:36 | 000,037,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Users\Lola\AppData\Local\Temp\00000f99.nmc\nse\bin\nsak.sys -- (nsak_8800D5EA) DRV - [2011.08.12 14:32:00 | 000,051,632 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Stopped] -- C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys -- (a2acc) DRV - [2011.07.22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV) DRV - [2011.07.12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2011.07.03 10:05:43 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.07.03 10:05:43 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.05.19 13:10:34 | 000,017,904 | ---- | M] (Emsi Software GmbH) [Kernel | System | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys -- (A2DDA) DRV - [2010.06.23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.04.11 05:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb) DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.11.11 12:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem) DRV - [2008.11.11 12:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag) DRV - [2008.11.11 12:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus) DRV - [2007.07.07 01:10:36 | 002,591,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2007.06.30 12:04:34 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R) DRV - [2007.06.27 18:29:58 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall) DRV - [2007.06.16 01:17:13 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007.06.06 01:00:39 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony) DRV - [2007.05.30 19:14:58 | 000,016,640 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter) DRV - [2007.04.24 18:36:00 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (tosrfusb) DRV - [2007.04.24 12:20:06 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd) DRV - [2007.04.20 01:01:10 | 000,073,472 | ---- | M] (Ricoh) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\R5U870FLx86.sys -- (R5U870FLx86) DRV - [2007.04.20 01:01:10 | 000,043,904 | ---- | M] (Ricoh) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\R5U870FUx86.sys -- (R5U870FUx86) DRV - [2007.04.17 19:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\regi.sys -- (regi) DRV - [2007.03.01 15:53:12 | 000,073,728 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid) DRV - [2007.02.13 18:06:36 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr) DRV - [2006.11.20 16:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp) DRV - [2006.11.06 09:29:32 | 000,027,520 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SonyNC.sys -- (SNC) DRV - [2006.10.10 18:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte) DRV - [2005.08.01 15:45:00 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom) DRV - [2005.02.11 10:21:10 | 000,089,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750mdm.sys -- (k750mdm) DRV - [2005.02.11 10:21:02 | 000,006,576 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750mdfl.sys -- (k750mdfl) DRV - [2005.02.11 10:19:20 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM) DRV - [2005.01.06 12:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7C 55 40 99 EF B1 CC 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.groupon.de/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2 FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.2.5.2 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Lola\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( ) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lola\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lola\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2008.03.09 15:01:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.11 16:42:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.02 20:22:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.14 14:42:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.12.17 10:07:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.01.14 14:42:12 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{A89AED22-9133-424c-88E7-C8235C5FF302}: C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\ [2009.06.19 19:28:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lola\AppData\Roaming\mozilla\Extensions [2012.01.09 17:47:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lola\AppData\Roaming\mozilla\Firefox\Profiles\qvdnm9g2.default\extensions [2012.01.09 17:47:12 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Lola\AppData\Roaming\mozilla\Firefox\Profiles\qvdnm9g2.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2011.07.16 12:30:46 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Lola\AppData\Roaming\mozilla\Firefox\Profiles\qvdnm9g2.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.01.09 17:46:59 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\Lola\AppData\Roaming\mozilla\Firefox\Profiles\qvdnm9g2.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2011.04.01 09:48:42 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Lola\AppData\Roaming\mozilla\Firefox\Profiles\qvdnm9g2.default\extensions\engine@conduit.com [2010.07.27 20:14:08 | 000,000,873 | ---- | M] () -- C:\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\qvdnm9g2.default\searchplugins\conduit.xml [2009.02.02 09:53:50 | 000,001,632 | ---- | M] () -- C:\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\qvdnm9g2.default\searchplugins\live-search.xml [2010.11.03 18:30:51 | 000,002,057 | ---- | M] () -- C:\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\qvdnm9g2.default\searchplugins\youtube-videosuche.xml [2011.11.25 14:38:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2012.01.02 20:22:26 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.05.12 20:36:25 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.03.21 11:08:41 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll [2012.01.02 20:22:22 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.01.02 20:22:22 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.01.02 20:22:22 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.01.02 20:22:22 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.02 20:22:22 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.01.02 20:22:22 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google () CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} Hosts file not found O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - No CLSID value found. O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [NWEReboot] File not found O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Free YouTube Download - C:\Users\Lola\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Lola\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O13 - gopher Prefix: missing O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20090921024610 (PhotoboxPhotowaysUploader5 Control) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1225017435 (Image Uploader Control) O16 - DPF: {741747F6-83B4-4FB9-A268-8CA4010762C8} hxxp://www3.snapfish.de/SnapfishActivia2.cab (Snapfish Activia2) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{33FE9BC3-FC54-4248-B154-2B975A9721AA}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8D3B9EF-A0AB-41E2-979F-2C01C0F80089}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation) O24 - Desktop WallPaper: C:\Users\Lola\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Lola\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk - C:\PROGRA~1\Toshiba\BLUETO~1\TosBtMng.exe - (TOSHIBA CORPORATION.) MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Magic-i Visual Effects.lnk - C:\PROGRA~1\ArcSoft\MAGIC-~1\MAGIC-~1.EXE - (ArcSoft, Inc.) MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Scrybe.lnk - C:\Windows\Installer\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe - (Acresso Software Inc.) MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Photo Downloader - hkey= - key= - File not found MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found MsConfig - StartUpReg: AdVantage Setup - hkey= - key= - File not found MsConfig - StartUpReg: AlcoholAutomount - hkey= - key= - File not found MsConfig - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) MsConfig - StartUpReg: BrMfcWnd - hkey= - key= - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.) MsConfig - StartUpReg: ControlCenter3 - hkey= - key= - C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MsConfig - StartUpReg: Easy-PrintToolBox - hkey= - key= - C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.) MsConfig - StartUpReg: fssui - hkey= - key= - File not found MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - File not found MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\Lola\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) MsConfig - StartUpReg: ICQ - hkey= - key= - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) MsConfig - StartUpReg: IndexSearch - hkey= - key= - C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.) MsConfig - StartUpReg: ISBMgr.exe - hkey= - key= - C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: MBBalloon - hkey= - key= - File not found MsConfig - StartUpReg: msnmsgr - hkey= - key= - File not found MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) MsConfig - StartUpReg: PaperPort PTD - hkey= - key= - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) MsConfig - StartUpReg: PPort11reminder - hkey= - key= - C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) MsConfig - StartUpReg: SSBkgdUpdate - hkey= - key= - C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.) MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - File not found MsConfig - StartUpReg: SUPERAntiSpyware - hkey= - key= - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) MsConfig - StartUpReg: Symantec PIF AlertEng - hkey= - key= - File not found MsConfig - StartUpReg: SynTPEnh - hkey= - key= - File not found MsConfig - StartUpReg: Windows Defender - hkey= - key= - File not found MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation) MsConfig - State: "startup" - 2 MsConfig - State: "bootini" - 2 CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2012.01.22 22:08:29 | 000,100,864 | ---- | C] (GMER) -- C:\kxldapow.sys [2012.01.22 21:23:21 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Lola\Desktop\OTL.exe [2012.01.14 14:41:13 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.01.11 17:03:04 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll [2012.01.11 17:03:00 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll [2012.01.11 17:02:58 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2012.01.11 17:02:04 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll [2012.01.11 17:02:04 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll [2012.01.04 17:27:58 | 000,000,000 | ---D | C] -- C:\Users\Lola\AppData\Roaming\pdfforge [2012.01.04 17:27:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2012.01.04 17:27:54 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMAPI32.OCX [2012.01.04 17:27:51 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCMCDE.DLL [2012.01.04 17:27:51 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6DE.DLL [2012.01.04 17:27:51 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCC2DE.DLL [2012.01.04 17:27:51 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPIDE.DLL [2012.01.04 17:27:51 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator [2012.01.04 01:48:42 | 000,354,176 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl [1 C:\Users\Lola\AppData\Roaming\*.tmp files -> C:\Users\Lola\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.01.22 22:39:49 | 003,932,160 | -HS- | M] () -- C:\Users\Lola\NTUSER.DAT [2012.01.22 22:15:44 | 000,002,032 | ---- | M] () -- C:\Users\Lola\AppData\Local\d3d9caps.dat [2012.01.22 22:12:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.01.22 22:12:24 | 131,775,807 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.01.22 22:08:29 | 000,100,864 | ---- | M] (GMER) -- C:\kxldapow.sys [2012.01.22 21:53:17 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2758217544-4115683230-4201137011-1000UA.job [2012.01.22 21:41:34 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.01.22 21:41:33 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.01.22 21:41:33 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.01.22 21:41:31 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2012.01.22 21:40:42 | 000,524,288 | -HS- | M] () -- C:\Users\Lola\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2012.01.22 21:40:42 | 000,065,536 | -HS- | M] () -- C:\Users\Lola\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2012.01.22 21:25:35 | 000,000,000 | ---- | M] () -- C:\Users\Lola\defogger_reenable [2012.01.22 21:24:07 | 000,302,592 | ---- | M] () -- C:\Users\Lola\Desktop\40rble00.exe [2012.01.22 21:23:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Lola\Desktop\OTL.exe [2012.01.22 21:22:50 | 000,050,477 | ---- | M] () -- C:\Users\Lola\Desktop\Defogger.exe [2012.01.22 17:12:42 | 000,000,000 | ---- | M] () -- C:\Users\Lola\AppData\Local\{2DC0DC1F-7795-48EB-951D-D3D8B60F1C81} [2012.01.22 17:06:16 | 000,000,000 | ---- | M] () -- C:\Users\Lola\AppData\Local\{AB681BC9-38AD-40E0-A129-E51516C14CF8} [2012.01.22 16:39:27 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.01.21 20:59:33 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2758217544-4115683230-4201137011-1000Core.job [2012.01.20 09:09:56 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.01.20 09:04:22 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2012.01.20 09:04:16 | 000,155,136 | ---- | M] () -- C:\Users\Lola\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.01.20 09:00:31 | 001,453,716 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2012.01.20 09:00:31 | 000,632,252 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.01.20 09:00:31 | 000,598,900 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.01.20 09:00:31 | 000,127,270 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.01.20 09:00:31 | 000,104,914 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.01.17 20:53:04 | 000,002,735 | ---- | M] () -- C:\Users\Lola\Desktop\Microsoft Office Outlook 2007.lnk [2012.01.17 20:37:06 | 000,225,123 | ---- | M] () -- C:\Users\Lola\Documents\Flug Melbourne.xps [2012.01.15 15:15:18 | 000,000,098 | ---- | M] () -- C:\Windows\WirelessFTP.INI [2012.01.14 17:40:40 | 000,002,631 | ---- | M] () -- C:\Users\Lola\Desktop\Microsoft Office Word 2007.lnk [2012.01.07 11:55:13 | 000,002,037 | ---- | M] () -- C:\Users\Lola\Desktop\Google Chrome.lnk [2012.01.04 17:18:22 | 000,001,899 | ---- | M] () -- C:\Users\Lola\Desktop\Netzwerk.lnk [2012.01.04 01:48:42 | 000,354,176 | ---- | M] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl [1 C:\Users\Lola\AppData\Roaming\*.tmp files -> C:\Users\Lola\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.01.22 22:05:50 | 131,775,807 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012.01.22 21:25:35 | 000,000,000 | ---- | C] () -- C:\Users\Lola\defogger_reenable [2012.01.22 21:23:55 | 000,302,592 | ---- | C] () -- C:\Users\Lola\Desktop\40rble00.exe [2012.01.22 21:22:57 | 000,050,477 | ---- | C] () -- C:\Users\Lola\Desktop\Defogger.exe [2012.01.22 17:12:42 | 000,000,000 | ---- | C] () -- C:\Users\Lola\AppData\Local\{2DC0DC1F-7795-48EB-951D-D3D8B60F1C81} [2012.01.22 17:06:16 | 000,000,000 | ---- | C] () -- C:\Users\Lola\AppData\Local\{AB681BC9-38AD-40E0-A129-E51516C14CF8} [2012.01.17 20:37:02 | 000,225,123 | ---- | C] () -- C:\Users\Lola\Documents\Flug Melbourne.xps [2012.01.04 17:27:53 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2012.01.04 17:15:10 | 000,001,899 | ---- | C] () -- C:\Users\Lola\Desktop\Netzwerk.lnk [2011.12.03 19:47:04 | 000,000,036 | ---- | C] () -- C:\Users\Lola\AppData\Roaming\blckdom.res [2011.05.02 18:14:53 | 000,000,061 | ---- | C] () -- C:\Windows\dcmvwr.INI [2011.03.16 15:10:23 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2011.03.16 15:10:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011.03.16 15:10:23 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe [2011.03.16 15:10:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.03.16 15:10:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011.01.29 10:13:28 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2011.01.26 16:45:18 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat [2011.01.26 16:45:16 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.01.26 16:41:00 | 000,031,864 | ---- | C] () -- C:\Windows\maxlink.ini [2010.11.03 08:59:57 | 000,171,288 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2010.10.02 09:39:18 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll [2010.10.02 09:39:18 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll [2010.10.02 09:39:18 | 000,000,073 | ---- | C] () -- C:\Windows\System32\ssprs.dll [2010.10.02 09:39:17 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll [2010.10.02 09:39:17 | 000,000,335 | ---- | C] () -- C:\Windows\System32\lsprst7.dll [2010.10.02 09:38:18 | 000,032,768 | ---- | C] () -- C:\Windows\System32\osclpthread.dll [2010.06.14 17:30:52 | 000,003,766 | ---- | C] () -- C:\Windows\scad3.INI [2009.12.21 16:43:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.12.21 16:43:49 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.12.21 16:43:20 | 000,368,640 | ---- | C] () -- C:\Windows\System32\msjetoledb40.dll [2009.12.03 09:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2009.10.17 15:51:17 | 000,000,098 | ---- | C] () -- C:\Windows\WirelessFTP.INI [2009.10.05 11:02:43 | 000,221,291 | ---- | C] () -- C:\Windows\Imei_dll.dll [2009.10.05 11:02:43 | 000,040,960 | ---- | C] () -- C:\Windows\Sublock.dll [2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.08.03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2009.05.12 10:38:38 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2008.12.04 00:30:10 | 000,000,151 | ---- | C] () -- C:\Windows\PhotoSnapViewer.INI [2008.12.02 12:57:15 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2008.11.25 18:16:04 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2008.11.25 10:36:43 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2008.11.25 10:36:27 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2008.11.18 11:00:02 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.11.06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.11.06 17:34:00 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest [2008.10.16 20:16:44 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI [2008.10.13 15:48:59 | 000,091,923 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2008.10.13 15:48:59 | 000,076,956 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2008.10.13 15:48:59 | 000,039,121 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2008.10.13 15:48:59 | 000,027,965 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_JP.dat [2008.06.05 17:03:49 | 000,060,124 | ---- | C] () -- C:\Windows\System32\tcpmon.ini [2008.03.09 15:01:28 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2008.01.02 21:38:23 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI [2008.01.02 21:33:14 | 000,007,680 | ---- | C] () -- C:\Windows\System32\CNMVS64.DLL [2007.12.31 13:34:35 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI [2007.12.31 13:34:24 | 000,000,013 | ---- | C] () -- C:\Windows\vbaddin.ini [2007.12.30 18:38:28 | 004,590,949 | ---- | C] () -- C:\Users\Lola\AppData\Roaming\UserTile.png [2007.12.28 21:31:27 | 000,155,136 | ---- | C] () -- C:\Users\Lola\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.12.28 21:31:25 | 000,136,864 | ---- | C] () -- C:\Users\Lola\AppData\Local\GDIPFONTCACHEV1.DAT [2007.12.28 21:31:25 | 000,002,032 | ---- | C] () -- C:\Users\Lola\AppData\Local\d3d9caps.dat [2007.09.08 02:22:22 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI [2007.08.13 23:00:50 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll [2007.08.13 23:00:50 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2007.08.13 23:00:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1244.dll [2007.08.13 23:00:49 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2007.08.13 23:00:48 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2007.08.13 23:00:48 | 000,145,050 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2007.08.13 13:46:45 | 000,000,031 | ---- | C] () -- C:\Windows\System32\elcric.dat [2007.08.13 04:25:16 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2006.12.05 12:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll [2006.11.02 16:33:31 | 000,632,252 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 16:33:31 | 000,127,270 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,454,240 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 001,453,716 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI [2006.11.02 11:33:01 | 000,598,900 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,104,914 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:24:31 | 000,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini [2006.11.02 11:23:31 | 000,000,240 | ---- | C] () -- C:\Windows\win.ini [2006.11.02 11:23:31 | 000,000,219 | ---- | C] () -- C:\Windows\system.ini [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.11.02 08:10:37 | 000,053,536 | ---- | C] () -- C:\Windows\System32\dosx.exe [2006.11.02 08:10:02 | 000,000,718 | ---- | C] () -- C:\Windows\System32\mscdexnt.exe [2006.11.02 08:10:00 | 000,002,842 | ---- | C] () -- C:\Windows\System32\redir.exe [2006.11.02 08:09:59 | 000,069,886 | ---- | C] () -- C:\Windows\System32\edit.com [2006.11.02 08:09:59 | 000,019,694 | ---- | C] () -- C:\Windows\System32\GRAPHICS.COM [2006.11.02 08:09:59 | 000,000,882 | ---- | C] () -- C:\Windows\System32\share.exe [2006.11.02 08:09:59 | 000,000,882 | ---- | C] () -- C:\Windows\System32\fastopen.exe [2006.11.02 08:09:57 | 000,014,710 | ---- | C] () -- C:\Windows\System32\KB16.COM [2006.11.02 08:09:56 | 000,007,052 | ---- | C] () -- C:\Windows\System32\nlsfunc.exe [2006.11.02 08:09:55 | 000,039,274 | ---- | C] () -- C:\Windows\System32\mem.exe [2006.11.02 08:09:55 | 000,001,131 | ---- | C] () -- C:\Windows\System32\LOADFIX.COM [2006.11.02 08:09:53 | 000,011,753 | ---- | C] () -- C:\Windows\System32\setver.exe [2006.11.02 08:09:52 | 000,020,634 | ---- | C] () -- C:\Windows\System32\debug.exe [2006.11.02 08:09:51 | 000,008,424 | ---- | C] () -- C:\Windows\System32\exe2bin.exe [2006.11.02 08:09:50 | 000,012,642 | ---- | C] () -- C:\Windows\System32\edlin.exe [2006.11.02 08:09:49 | 000,050,648 | ---- | C] () -- C:\Windows\System32\COMMAND.COM [2006.11.02 08:09:49 | 000,012,498 | ---- | C] () -- C:\Windows\System32\append.exe [2006.11.02 08:09:45 | 000,027,097 | ---- | C] () -- C:\Windows\System32\country.sys [2006.11.02 08:09:44 | 000,042,809 | ---- | C] () -- C:\Windows\System32\KEY01.SYS [2006.11.02 08:09:44 | 000,042,537 | ---- | C] () -- C:\Windows\System32\KEYBOARD.SYS [2006.11.02 08:09:42 | 000,009,029 | ---- | C] () -- C:\Windows\System32\ANSI.SYS [2006.11.02 08:09:41 | 000,004,768 | ---- | C] () -- C:\Windows\System32\HIMEM.SYS [2006.11.02 08:09:40 | 000,029,274 | ---- | C] () -- C:\Windows\System32\NTDOS412.SYS [2006.11.02 08:09:38 | 000,029,370 | ---- | C] () -- C:\Windows\System32\NTDOS411.SYS [2006.11.02 08:09:35 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS404.SYS [2006.11.02 08:09:31 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS804.SYS [2006.11.02 08:09:29 | 000,027,866 | ---- | C] () -- C:\Windows\System32\NTDOS.SYS [2006.11.02 08:09:26 | 000,035,536 | ---- | C] () -- C:\Windows\System32\NTIO412.SYS [2006.11.02 08:09:24 | 000,035,776 | ---- | C] () -- C:\Windows\System32\NTIO411.SYS [2006.11.02 08:09:23 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO404.SYS [2006.11.02 08:09:22 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO804.SYS [2006.11.02 08:09:20 | 000,033,952 | ---- | C] () -- C:\Windows\System32\NTIO.SYS [2006.11.02 07:25:08 | 000,013,312 | ---- | C] () -- C:\Windows\System32\win87em.dll [2005.07.22 20:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll [2005.04.28 05:22:34 | 000,831,488 | ---- | C] () -- C:\Windows\System32\libeay32.dll [2005.04.28 05:22:34 | 000,159,744 | ---- | C] () -- C:\Windows\System32\ssleay32.dll [2002.03.17 01:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000081.DLL [1999.04.29 22:00:00 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL ========== LOP Check ========== [2010.02.20 12:36:58 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\CoSoSys [2009.09.12 15:25:11 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\DAEMON Tools [2009.09.12 15:25:11 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\DAEMON Tools Lite [2011.07.21 16:44:16 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\DVDVideoSoft [2011.07.21 16:44:11 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\DVDVideoSoftIEHelpers [2010.06.28 10:38:36 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Facebook [2011.03.21 11:08:53 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Foxit [2011.09.24 09:37:14 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\GoPal Assistant [2011.06.11 13:00:55 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\ICQ [2008.01.02 21:38:54 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\ICQ Toolbar [2008.09.05 13:20:40 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\InterVideo [2011.12.03 19:46:57 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\kock [2009.01.29 10:41:04 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Leadertech [2009.10.05 11:02:33 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\LG Electronics [2008.11.25 10:40:07 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\MAGIX [2012.01.04 17:27:58 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\pdfforge [2011.10.15 09:45:16 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\SmartDraw [2009.08.05 11:26:01 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Snapfish [2011.12.06 20:43:56 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Synaptics [2007.12.29 13:37:26 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\temp [2011.12.17 10:07:56 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Thunderbird [2011.12.03 19:49:06 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\UAs [2008.10.10 17:04:20 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Ulead Systems [2011.12.03 19:49:08 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\xmldm [2012.01.22 21:06:55 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2007.12.28 21:32:31 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2010.06.19 12:19:49 | 000,000,000 | -H-D | M] -- C:\BJPrinter [2009.12.22 21:36:32 | 000,000,000 | -HSD | M] -- C:\Boot [2012.01.14 15:18:33 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2007.09.08 02:23:26 | 000,000,000 | ---D | M] -- C:\Documentation [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2007.08.13 13:08:30 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2009.11.09 23:04:10 | 000,000,000 | ---D | M] -- C:\DVDVideoSoft [2007.09.08 01:56:14 | 000,000,000 | -H-D | M] -- C:\InstantON [2009.12.23 10:31:00 | 000,000,000 | RH-D | M] -- C:\MSOCache [2012.01.04 17:27:51 | 000,000,000 | R--D | M] -- C:\Program Files [2012.01.22 21:02:06 | 000,000,000 | -H-D | M] -- C:\ProgramData [2007.08.13 13:08:31 | 000,000,000 | -HSD | M] -- C:\Programme [2012.01.22 21:49:26 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.12.10 15:30:16 | 000,000,000 | ---D | M] -- C:\Update [2008.07.12 22:33:29 | 000,000,000 | R--D | M] -- C:\Users [2007.09.08 02:33:46 | 000,000,000 | -H-D | M] -- C:\WAUUPGRD [2012.01.22 22:12:24 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > < MD5 for: AFD.SYS > [2011.04.21 14:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=3911B972B55FEA0478476B2E777B29FA -- C:\Windows\System32\drivers\afd.sys [2011.04.21 14:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=3911B972B55FEA0478476B2E777B29FA -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18457_none_d99fb42e5bb59d9b\afd.sys [2011.04.21 14:16:42 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=48EB99503533C27AC6135648E5474457 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18639_none_d7d0e0cc5e7d461c\afd.sys [2006.11.02 09:58:43 | 000,270,336 | ---- | M] (Microsoft Corporation) MD5=5D24CAF8EFD924A875698FF28384DB8B -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6000.16386_none_d5b1809661820e7c\afd.sys [2011.04.21 14:28:53 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=70EE0FC7A0F384DBD929A01384AEEB4B -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.22629_none_da4bc33774b91967\afd.sys [2008.01.19 06:57:03 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=763E172A55177E478CB419F88FD0BA03 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_d7e842925e6d1f50\afd.sys [2009.04.11 05:47:03 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=A201207363AA900ABF1A388468688570 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18005_none_d9d3bb9e5b8eea9c\afd.sys [2011.04.21 14:12:21 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=C8AF25017CECB75906A571AC70D2D306 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.22905_none_d876efff77862705\afd.sys < MD5 for: EXPLORER.EXE > [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2008.01.02 11:16:38 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe [2008.01.02 11:16:37 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe [2008.01.19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: REGEDIT.EXE > [2008.01.19 08:33:24 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe [2008.01.19 08:33:24 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe [2006.11.02 10:45:35 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=F13123E76FDA33E55F11E0EB832E832A -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6000.16386_none_f1f7f368deed95c3\regedit.exe < MD5 for: USERINIT.EXE > [2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WININIT.EXE > [2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-01-20 16:02:12 < > ========== Hard Links - Junction Points - Mount Points - Symbolic Links ========== [C:\Windows\$NtUninstallKB10488$] -> Error: Cannot create file handle -> Unknown point type < End of report > |
Hier noch die Extras.txtOTL EXTRAS Logfile: Code: OTL Extras logfile created on: 22.01.2012 22:42:45 - Run 5 |
Zitat:
Dafür antwortest du dir hier selbst und postest sogar Logs im Erinnerungsstrang :stirn: :balla: Ohne die Logs von Malwarebytes und Co wird das hier nichts. :glaskugel: Alles von Malwarebytes und den anderen Scannern muss hier gepostet werden. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code: hier steht das Log |
ja..., wie gesagt es tut mir sehr leid. ich habe selber auch gemerkt das ich vieles falsch gemacht habe, jedoch immer erst kurz danach, wie zB auch das mit dem Code-Tags. Ich hoffe du kannst mir trotzdem helfen. Hier die ganzen Logfiles: Code: Malwarebytes Anti-Malware 1.60.0.1800Code: OTL Extras logfile created on: 25.01.2012 16:59:25 - Run 6Code: OTL logfile created on: 25.01.2012 16:59:25 - Run 6PS: Ich musste meinen Beitrag trennen, denn bei der anzahl an logfiles hat sich mein FF aufgehangen. |
Code: 21:14:05.0692 1368 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04Code: Emsisoft Anti-Malware - Version 6.0 |
Und das Log von AntiVir ist wo? |
ich hätte auch noch einen logfile von dr.web zu bieten, jedoch ist der selbst gezipt immer noch zu groß um ihn hochzuladen! also keine ahnung...???? |
von antivir habe ich kein logfile, da ich damit gar nicht gescannt habe. es hat nur während ich gesurft habe, angezeigt das 2 trojaner gefunden wurden und gescannt habe ich dann mit den ganzen anderen programmen. und in zwischen hab ich es auch deinstalliert, da ich gelesen habe das MSE besser sein soll! |
Dann isses so. Emsisoft Anti-Malware - Version 6.0 bitte deinstallieren. Führe im Anschluss ESET aus, danach sehen wir weiter: ESET Online Scanner
|
Code: ESETSmartInstaller@High as downloader log: |
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code: hier steht das LogFalls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code: netsvcs
|
hier der geforderte logfile Code: OTL logfile created on: 29.01.2012 19:20:29 - Run 7 |
Zitat:
Ich würde dir erstmal für den Fall der Fälle eine Datensicherung empfehlen und dich darauf vorzubereiten, eine komplette Neuinstallation von Windows durchzuführen, den ZA kann man nämlich nicht immer per Bereinigung entfernen! Zum Thema Datensicherung von infizierten Systemen; mach das über ne Live-CD wie Knoppix, Ubuntu (zweiter Link in meiner Signatur) oder über PartedMagic. Grund: Bei einem Live-System sind keine Schädlinge des infizierten Windows-Systems aktiv, damit ist dann auch eine negative Beeinflussung des Backups durch Schädlinge ausgeschlossen. Du brauchst natürlich auch ein Sicherungsmedium, am besten dürfte eine externe Platte sein. Sofern du nicht allzuviel sichern musst, kann auch ein USB-Stick ausreichen. Hier eine kurze Anleitung zu PartedMagic, funktioniert prinzipell so aber fast genauso mit allen anderen Live-Systemen auch. 1. Lade Dir das ISO-Image von PartedMagic herunter, müssten ca. 180 MB sein 2. Brenn es per Imagebrennfunktion auf CD, geht zB mit ImgBurn unter Windows 3. Boote von der gebrannten CD, im Bootmenü von Option 1 starten und warten bis der Linux-Desktop oben ist http://partedmagic.com/lib/exe/fetch...ia=desktop.png 4. Du müsstest ein Symbol "Mount Devices" finden, das doppelklicken 5. Mounte die Partitionen wo Windows installiert ist, meistens isses /dev/sda1 und natürlich noch etwaige andere Partitionen, wo noch Daten liegen und die gesichert werden müssen - natürlich auch die der externen Platte (du bekommmst nur Lese- und Schreibzugriffe auf die Dateisysteme, wenn diese gemountet sind) 6. Kopiere die Daten der internen Platte auf die externe Platte - kopiere nur persönliche Dateien, Musik, Videos, etc. auf die Backupplatte, KEINE ausführbaren Dateien wie Programme/Spiele/Setups!! 7. Wenn fertig, starte den Rechner neu, schalte die ext. Platte ab und boote von der Windows-DVD zur Neuinstallation (Anleitung beachten) Wenn du dir sicher bist, dass du auch alle Daten unter Linux gesichert hast, führst du mal Combofix aus: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
|
ich werde die datensicherung anfang kommender woche durchführen, da ich mir erstmal eine externe festplatte organisieren muss, aber hab da schon eine idee. hab grad auch mal im netz gesucht was zero access so macht. hab dazu zwar nix gefunden (vllt kannst du es mir verraten?), aber hab da was von bitdefender gelesen, das diesen rootkit löschen soll. vllt bringt das ja was??? ach ja und noch was anderes..., muss ich angst haben, dass etwaige usb sticks, die an meinem laptop waren auch infiziert sind bzw. anderen laptops mit denen ich in verbinung stand??? |
Zitat:
Zudem sollte man immer eine Sicherung seiner Daten haben falls was schiefgeht und das System völlig zerstört wurde. |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 06:34 Uhr. |
Copyright ©2000-2025, Trojaner-Board
