Cyberwolf#1 | 30.09.2012 20:37 | So...
1 Anti-Malware log :
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org
Datenbank Version: v2012.09.29.05
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
w :: ***** [Administrator]
30.09.2012 05:12:03
mbam-log-2012-09-30 (05-12-03).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|G:\|H:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 386952
Laufzeit: 1 Stunde(n), 29 Minute(n), 44 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 2
HKLM\SYSTEM\CurrentControlSet\Services\SVKP (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Control center (Rogue.ControlCenter) -> Erfolgreich gelöscht und in Quarantäne gestellt.
Infizierte Registrierungswerte: 4
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|agent.exe (Trojan.FraudPack) -> Daten: C:\Dokumente und Einstellungen\w\Anwendungsdaten\pc\agent.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Firewall Administrating (Trojan.Backdoor) -> Daten: C:\WINDOWS\infocard.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run|Firewall Administrating (Trojan.Backdoor) -> Daten: C:\WINDOWS\infocard.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Regedit32 (Trojan.Agent) -> Daten: C:\WINDOWS\system32\regedit.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
Infizierte Dateiobjekte der Registrierung: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.Homepage) -> Bösartig: (hxxp://www.postarticles.net) Gut: (hxxp://www.Google.com//) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.Homepage) -> Bösartig: (hxxp://www.postarticles.net) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 4
C:\Dokumente und Einstellungen\w\Lokale Einstellungen\Temp\wpbt0.dll (Exploit.Drop.GS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\WINDOWS\system32\secupdat.dat (Backdoor.Bot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Dokumente und Einstellungen\w\secupdat.dat (Worm.Autorun) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\WINDOWS\system32\SVKP.sys (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
(Ende)
2 Defogger log :
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:06 on 30/09/2012 (w)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
3 OTL Logfile: Code:
OTL logfile created on: 30.09.2012 17:25:43 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\w\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,22 Gb Available Physical Memory | 61,02% Memory free
4,85 Gb Paging File | 4,28 Gb Available in Paging File | 88,22% Paging File free
Paging file location(s): C:\pagefile.sys 3070 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 149,05 Gb Total Space | 32,38 Gb Free Space | 21,72% Space Free | Partition Type: NTFS
Drive D: | 1,81 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: ***** | User Name: w | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.09.30 17:25:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\w\Desktop\OTL.exe
PRC - [2012.09.28 03:14:55 | 000,033,208 | ---- | M] () -- C:\Dokumente und Einstellungen\w\tastylbojozt.exe
PRC - [2012.09.07 19:15:24 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.10.08 17:24:42 | 000,040,960 | ---- | M] () -- C:\Dokumente und Einstellungen\w\Anwendungsdaten\OCS\SM\SearchAnonymizerHelper.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.09.06 19:56:38 | 000,247,096 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe
PRC - [2009.11.16 10:04:30 | 000,735,960 | ---- | M] (ESET) -- C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009.11.16 10:03:32 | 002,054,360 | ---- | M] (ESET) -- C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004.12.20 20:41:22 | 000,033,792 | ---- | M] () -- C:\Programme\Winamp\winampa.exe
========== Modules (No Company Name) ==========
MOD - [2012.09.28 03:14:55 | 000,033,208 | ---- | M] () -- C:\Dokumente und Einstellungen\w\tastylbojozt.exe
MOD - [2012.09.07 19:15:24 | 002,244,064 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012.06.18 10:53:27 | 001,712,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\359fd69eb60e9844ffd497e92345178c\Microsoft.VisualBasic.ni.dll
MOD - [2012.06.18 01:50:51 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012.06.18 01:50:39 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012.06.18 01:50:38 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MOD - [2012.05.10 15:37:07 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012.05.10 15:36:33 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2011.10.08 17:24:42 | 000,040,960 | ---- | M] () -- C:\Dokumente und Einstellungen\w\Anwendungsdaten\OCS\SM\SearchAnonymizerHelper.exe
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.09.06 19:56:38 | 000,247,096 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe
MOD - [2008.05.14 18:12:01 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll
MOD - [2007.09.20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2004.12.20 20:41:22 | 000,033,792 | ---- | M] () -- C:\Programme\Winamp\winampa.exe
========== Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012.09.07 19:15:24 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011.10.08 17:24:42 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Dokumente und Einstellungen\w\Anwendungsdaten\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2011.09.12 05:43:49 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.03.16 11:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.09.06 19:56:38 | 000,247,096 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.11.16 10:12:54 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Programme\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009.11.16 10:04:30 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2005.04.04 01:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004.11.02 17:59:50 | 000,316,544 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\symwsc.exe -- (SymWSC)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva380.sys -- (XDva380)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva375.sys -- (XDva375)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\w\LOKALE~1\Temp\sipfltdr.sys -- (sipfltdr)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\w\LOKALE~1\Temp\pfsvgae.sys -- (pfsvgae)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\2a3b8.sys -- (2a3b8)
DRV - [2009.11.16 10:06:50 | 000,096,408 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009.11.16 10:03:36 | 000,108,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009.11.16 09:56:12 | 000,116,520 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009.08.05 16:22:01 | 000,279,712 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2009.08.05 16:22:01 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009.03.25 17:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2009.03.25 17:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018unic.sys -- (s1018unic)
DRV - [2009.03.25 17:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mgmt.sys -- (s1018mgmt)
DRV - [2009.03.25 17:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2009.03.25 17:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018bus.sys -- (s1018bus)
DRV - [2009.03.25 17:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018nd5.sys -- (s1018nd5)
DRV - [2009.03.25 17:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2007.11.01 08:38:56 | 004,620,288 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007.10.23 12:51:04 | 000,103,296 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006.03.26 14:22:14 | 000,051,200 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01)
DRV - [2006.03.24 18:27:01 | 000,050,176 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfsync04.sys -- (sfsync04)
DRV - [2006.03.13 11:38:23 | 000,006,656 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02)
DRV - [2005.11.03 16:40:07 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfvfs02.sys -- (sfvfs02)
DRV - [2005.07.09 20:00:36 | 000,081,408 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SSHDRV86.sys -- (SSHDRV86)
DRV - [2005.02.11 19:11:32 | 000,016,640 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvcchflt.sys -- (nvcchflt)
DRV - [2005.02.11 19:11:02 | 000,089,856 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2001.08.17 13:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)
DRV - [2001.08.17 12:50:34 | 000,166,720 | ---- | M] (S3 Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3m.sys -- (s3m)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.Google.com/
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\SearchScopes,DefaultScope = {EB27EBC9-BE5F-4E7D-A83D-BDD2E6015798}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F464F524D3D4945464D3126713D7B7365617263685465726D737D267372633D7B72656665727265723A736F757263653F7D&st={searchTerms}&clid=69355a56-9568-4f2a-8bee-2ed3c725ca2a&pid=icqt&k=0
IE - HKCU\..\SearchScopes\{0F9766CC-8CBA-43D7-AEEC-9019BBEACDFA}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=69355a56-9568-4f2a-8bee-2ed3c725ca2a&pid=icqt&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{267F835D-055E-4E56-A67E-C90B2905A6A9}: "URL" = hxxp://go.1und1.de.anonymize-me.de/?anonymto=687474703A2F2F676F2E31756E64312E64652F73756368626F782F616D617A6F6E3F7461673D31756E643169636F6E2D3231266669656C642D6B6579776F7264733D7B7365617263685465726D737D&st={searchTerms}&clid=69355a56-9568-4f2a-8bee-2ed3c725ca2a&pid=icqt&k=0
IE - HKCU\..\SearchScopes\{2BA4D89E-CCDA-4EAD-9A35-72666CFE9C0D}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=69355a56-9568-4f2a-8bee-2ed3c725ca2a&pid=icqt&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{64332E84-E0AF-4F82-AF00-C6D490FD2B6F}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=69355a56-9568-4f2a-8bee-2ed3c725ca2a&pid=icqt&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E6963712E636F6D2F7365617263682F726573756C74732E7068703F713D7B7365617263685465726D737D2663685F69643D6F7364&st={searchTerms}&clid=69355a56-9568-4f2a-8bee-2ed3c725ca2a&pid=icqt&k=0
IE - HKCU\..\SearchScopes\{687D3271-3D43-4268-8EDB-8605AA06E6E4}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=69355a56-9568-4f2a-8bee-2ed3c725ca2a&pid=icqt&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{716C87F2-6B8C-4D87-81AD-4165CD699398}: "URL" = hxxp://go.web.de.anonymize-me.de/?anonymto=687474703A2F2F676F2E7765622E64652F73756368626F782F676F6F676C653F713D7B7365617263685465726D737D&st={searchTerms}&clid=69355a56-9568-4f2a-8bee-2ed3c725ca2a&pid=icqt&k=0
IE - HKCU\..\SearchScopes\{8A7FBE46-5E1A-44AF-867E-F05A75A8A279}: "URL" = hxxp://go.web.de.anonymize-me.de/?anonymto=687474703A2F2F676F2E7765622E64652F73756368626F782F656261793F71756572793D7B7365617263685465726D737D&st={searchTerms}&clid=69355a56-9568-4f2a-8bee-2ed3c725ca2a&pid=icqt&k=0
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E636F6E647569742E636F6D2F526573756C74734578742E617370783F713D7B7365617263685465726D737D26536561726368536F757263653D3426637469643D435432323639303530&st={searchTerms}&clid=69355a56-9568-4f2a-8bee-2ed3c725ca2a&pid=icqt&k=0
IE - HKCU\..\SearchScopes\{D171BB4F-5860-4B02-8EB4-A15E765F09BD}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=69355a56-9568-4f2a-8bee-2ed3c725ca2a&pid=icqt&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{DA5ACE1B-7023-4965-B63E-420AA77288E2}: "URL" = hxxp://de.search.yahoo.com.anonymize-me.de/?anonymto=687474703A2F2F64652E7365617263682E7961686F6F2E636F6D2F7365617263683F66723D6368722D677265656E747265655F69652665693D7574662D3826747970653D38363730333426703D7B7365617263685465726D737D&st={searchTerms}&clid=69355a56-9568-4f2a-8bee-2ed3c725ca2a&pid=icqt&k=0
IE - HKCU\..\SearchScopes\{EB27EBC9-BE5F-4E7D-A83D-BDD2E6015798}: "URL" = hxxp://go.1und1.de.anonymize-me.de/?anonymto=687474703A2F2F676F2E31756E64312E64652F73756368626F782F31756E643173756368653F73753D7B7365617263685465726D737D&st={searchTerms}&clid=69355a56-9568-4f2a-8bee-2ed3c725ca2a&pid=icqt&k=0
IE - HKCU\..\SearchScopes\{F261FB8F-4C1F-4777-ABF9-C3424401FF99}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=69355a56-9568-4f2a-8bee-2ed3c725ca2a&pid=icqt&mode=bounce&k=0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 0.0.86.208:80
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "hxxp://www.bing.com/?scope=web&mkt=de-DE"
FF - prefs.js..extensions.enabledAddons: youtubeunblocker@unblocker.yt:0.1.0
FF - prefs.js..extensions.enabledAddons: firefox@ghostery.com:2.8.3
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Programme\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Dokumente und Einstellungen\w\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Dokumente und Einstellungen\w\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Programme\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.09.07 19:15:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Programme\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009.11.30 11:04:43 | 000,000,000 | ---D | M]
[2012.02.29 21:39:05 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\w\Anwendungsdaten\Mozilla\Extensions
[2012.09.20 18:10:33 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\w\Anwendungsdaten\Mozilla\Firefox\Profiles\7y1e0yk9.default\extensions
[2012.04.21 22:44:10 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Dokumente und Einstellungen\w\Anwendungsdaten\Mozilla\Firefox\Profiles\7y1e0yk9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.09.20 18:10:33 | 000,000,000 | ---D | M] (Ghostery) -- C:\Dokumente und Einstellungen\w\Anwendungsdaten\Mozilla\Firefox\Profiles\7y1e0yk9.default\extensions\firefox@ghostery.com
[2012.05.28 04:50:24 | 000,010,013 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\w\Anwendungsdaten\Mozilla\Firefox\Profiles\7y1e0yk9.default\extensions\youtubeunblocker@unblocker.yt.xpi
[2012.07.24 22:30:13 | 000,741,958 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\w\Anwendungsdaten\Mozilla\Firefox\Profiles\7y1e0yk9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.09.07 19:15:16 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.07 19:15:24 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.02.16 13:02:53 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.29 09:01:10 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.02.16 13:02:53 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.16 13:02:53 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.16 13:02:53 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.16 13:02:53 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - homepage: hxxp://googel.de/
CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = hxxp://www.bing.com/search?setmkt=de-DE&q={searchTerms}
CHR - default_search_provider: suggest_url = hxxp://api.bing.com/osjson.aspx?query={searchTerms}&language={language}
CHR - homepage: hxxp://googel.de/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Dokumente und Einstellungen\w\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Dokumente und Einstellungen\w\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Dokumente und Einstellungen\w\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Dokumente und Einstellungen\w\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Programme\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Dokumente und Einstellungen\w\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Programme\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Programme\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Programme\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = C:\Dokumente und Einstellungen\w\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Dokumente und Einstellungen\w\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\w\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Dokumente und Einstellungen\w\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.45_0\
CHR - Extension: DvdVideoSoft Free Youtube Download = C:\Dokumente und Einstellungen\w\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\
CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\w\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2011.03.30 21:46:00 | 000,001,017 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 71i.de
O1 - Hosts: 127.0.0.1 im.adtech.de
O1 - Hosts: 127.0.0.1 adserver.adtech.de
O1 - Hosts: 127.0.0.1 adtech.de
O1 - Hosts: 127.0.0.1 ar.atwola.com
O1 - Hosts: 127.0.0.1 atwola.com
O1 - Hosts: 127.0.0.1 adserver.71i.de
O1 - Hosts: 127.0.0.1 adicqserver.71i.de
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Programme\Gemeinsame Dateien\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Programme\Gemeinsame Dateien\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ATIPTA] File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [egui] C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVMixerTray] "C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe" File not found
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Ocs_SM] C:\Dokumente und Einstellungen\w\Anwendungsdaten\OCS\SM\SearchAnonymizer.exe (OCS)
O4 - HKLM..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe File not found
O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe ()
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [EA Core] "C:\Programme\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKCU..\Run: [ICQ] C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [Steam] C:\Programme\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [tastylbojozt] C:\Dokumente und Einstellungen\w\tastylbojozt.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube Download - C:\Dokumente und Einstellungen\w\Anwendungsdaten\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\w\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{407BD2F8-260F-449F-BA7C-51E9C2D48358}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\w\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\w\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.04.09 09:42:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004.10.05 15:11:12 | 003,871,580 | R--- | M] (Macromedia, Inc.) - D:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2005.01.06 20:08:48 | 000,000,144 | RH-- | M] () - D:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2002.07.15 13:41:18 | 000,024,576 | RH-- | M] () - D:\AutoRunMorrowind.exe -- [ UDF ]
O33 - MountPoints2\{14eb4cec-bd7e-11de-9b6a-001966654e0c}\Shell - "" = AutoRun
O33 - MountPoints2\{14eb4cec-bd7e-11de-9b6a-001966654e0c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{14eb4cec-bd7e-11de-9b6a-001966654e0c}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{14eb4cee-bd7e-11de-9b6a-001966654e0c}\Shell - "" = AutoRun
O33 - MountPoints2\{14eb4cee-bd7e-11de-9b6a-001966654e0c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{14eb4cee-bd7e-11de-9b6a-001966654e0c}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{14eb4cef-bd7e-11de-9b6a-001966654e0c}\Shell - "" = AutoRun
O33 - MountPoints2\{14eb4cef-bd7e-11de-9b6a-001966654e0c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{14eb4cef-bd7e-11de-9b6a-001966654e0c}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{14eb4cf0-bd7e-11de-9b6a-001966654e0c}\Shell - "" = AutoRun
O33 - MountPoints2\{14eb4cf0-bd7e-11de-9b6a-001966654e0c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{14eb4cf0-bd7e-11de-9b6a-001966654e0c}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{52f279bc-bcd3-11de-9b68-001966654e0c}\Shell - "" = AutoRun
O33 - MountPoints2\{52f279bc-bcd3-11de-9b68-001966654e0c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{52f279bc-bcd3-11de-9b68-001966654e0c}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{52f279bf-bcd3-11de-9b68-001966654e0c}\Shell - "" = AutoRun
O33 - MountPoints2\{52f279bf-bcd3-11de-9b68-001966654e0c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{52f279bf-bcd3-11de-9b68-001966654e0c}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{9a4c27b4-cc94-11df-9d06-001966654e0c}\Shell - "" = AutoRun
O33 - MountPoints2\{9a4c27b4-cc94-11df-9d06-001966654e0c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9a4c27b4-cc94-11df-9d06-001966654e0c}\Shell\AutoRun\command - "" = I:\Startme.exe
O33 - MountPoints2\{9ecc1d9a-3be5-11d8-a5fb-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{9ecc1d9a-3be5-11d8-a5fb-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9ecc1d9a-3be5-11d8-a5fb-806d6172696f}\Shell\AutoRun\command - "" = D:\AutoPlayStarter.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012.09.30 17:25:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\w\Desktop\OTL.exe
[2012.09.29 16:31:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\w\Anwendungsdaten\Malwarebytes
[2012.09.29 16:30:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.09.29 16:30:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.09.29 16:30:41 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.09.29 16:30:41 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.09.17 05:31:47 | 000,000,000 | ---D | C] -- C:\Breath of Fire II (Europe)
[2012.09.15 22:12:02 | 000,000,000 | ---D | C] -- C:\Terranigma (Germany)
[2012.09.07 19:15:15 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2012.08.31 18:26:14 | 000,992,352 | ---- | C] (Solid State Networks) -- C:\Dokumente und Einstellungen\w\Desktop\install_flashplayer11x32_mssd_aih.exe
[20 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.09.30 17:27:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2012.09.30 17:25:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\w\Desktop\OTL.exe
[2012.09.30 17:18:04 | 000,000,410 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{520E2701-9FE3-429A-A60D-60FB8C0A5785}.job
[2012.09.30 17:15:00 | 000,001,194 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3588590466-3322274812-248915221-1005UA.job
[2012.09.30 13:15:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.09.30 13:15:23 | 2146,750,464 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.30 03:15:00 | 000,001,142 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3588590466-3322274812-248915221-1005Core.job
[2012.09.29 19:07:20 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\w\Desktop\zzhyu4kk.exe
[2012.09.29 18:38:16 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\w\defogger_reenable
[2012.09.29 18:36:59 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\w\Desktop\Defogger.exe
[2012.09.29 16:30:43 | 000,000,801 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.29 16:19:19 | 000,012,620 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.09.28 03:14:55 | 000,033,208 | ---- | M] () -- C:\Dokumente und Einstellungen\w\tastylbojozt.exe
[2012.09.27 13:17:34 | 000,002,377 | ---- | M] () -- C:\Dokumente und Einstellungen\w\Desktop\Google Chrome.lnk
[2012.09.26 02:21:16 | 005,498,680 | ---- | M] () -- C:\Dokumente und Einstellungen\w\Eigene Dateien\My Pro 4.veg
[2012.09.26 02:21:15 | 005,498,680 | ---- | M] () -- C:\Dokumente und Einstellungen\w\Eigene Dateien\My Pro 4.veg.bak
[2012.09.22 06:29:59 | 005,185,240 | ---- | M] () -- C:\Dokumente und Einstellungen\w\Eigene Dateien\My Pro Part 22.veg
[2012.09.22 06:29:57 | 005,185,240 | ---- | M] () -- C:\Dokumente und Einstellungen\w\Eigene Dateien\My Pro Part 22.veg.bak
[2012.09.22 05:37:45 | 000,477,032 | ---- | M] () -- C:\Dokumente und Einstellungen\w\Eigene Dateien\Just for fun1.veg
[2012.09.22 05:18:58 | 000,475,344 | ---- | M] () -- C:\Dokumente und Einstellungen\w\Eigene Dateien\Just for fun1.veg.bak
[2012.09.20 06:15:25 | 000,001,068 | ---- | M] () -- C:\Dokumente und Einstellungen\w\Desktop\Free YouTube to MP3 Converter.lnk
[2012.09.20 02:53:41 | 006,087,832 | ---- | M] () -- C:\Dokumente und Einstellungen\w\Eigene Dateien\My Pro Part Finish.veg
[2012.09.20 02:53:26 | 006,087,832 | ---- | M] () -- C:\Dokumente und Einstellungen\w\Eigene Dateien\My Pro Part Finish.veg.bak
[2012.09.19 21:01:38 | 005,912,496 | ---- | M] () -- C:\Dokumente und Einstellungen\w\Eigene Dateien\My Pro Part 222.veg
[2012.09.19 20:51:17 | 005,911,848 | ---- | M] () -- C:\Dokumente und Einstellungen\w\Eigene Dateien\My Pro Part 222.veg.bak
[2012.09.19 04:15:47 | 000,000,972 | ---- | M] () -- C:\Dokumente und Einstellungen\w\Desktop\Free YouTube Download.lnk
[2012.09.15 14:53:14 | 004,852,736 | ---- | M] () -- C:\Dokumente und Einstellungen\w\Eigene Dateien\Ende.veg
[2012.09.15 14:53:10 | 004,852,736 | ---- | M] () -- C:\Dokumente und Einstellungen\w\Eigene Dateien\Ende.veg.bak
[2012.09.11 01:37:57 | 000,017,752 | ---- | M] () -- C:\Dokumente und Einstellungen\w\Eigene Dateien\3d cube.veg
[2012.09.11 01:28:38 | 000,017,752 | ---- | M] () -- C:\Dokumente und Einstellungen\w\Eigene Dateien\3d cube.veg.bak
[2012.09.08 03:19:27 | 000,001,456 | ---- | M] () -- C:\Dokumente und Einstellungen\w\Lokale Einstellungen\Anwendungsdaten\Adobe Für Web speichern 12.0 Prefs
[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.09.01 00:47:40 | 004,016,472 | ---- | M] () -- C:\Dokumente und Einstellungen\w\Eigene Dateien\My Pro Part 2.veg
[2012.09.01 00:47:39 | 004,016,472 | ---- | M] () -- C:\Dokumente und Einstellungen\w\Eigene Dateien\My Pro Part 2.veg.bak
[20 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.09.29 19:07:20 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\w\Desktop\zzhyu4kk.exe
[2012.09.29 18:38:16 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\w\defogger_reenable
[2012.09.29 18:36:58 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\w\Desktop\Defogger.exe
[2012.09.29 16:30:43 | 000,000,801 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.28 03:15:23 | 000,033,208 | ---- | C] () -- C:\Dokumente und Einstellungen\w\tastylbojozt.exe
[2012.09.20 09:44:51 | 000,477,032 | ---- | C] () -- C:\Dokumente und Einstellungen\w\Eigene Dateien\Just for fun1.veg
[2012.09.20 09:44:51 | 000,475,344 | ---- | C] () -- C:\Dokumente und Einstellungen\w\Eigene Dateien\Just for fun1.veg.bak
[2012.09.19 22:34:48 | 006,087,832 | ---- | C] () -- C:\Dokumente und Einstellungen\w\Eigene Dateien\My Pro Part Finish.veg.bak
[2012.09.19 22:34:48 | 006,087,832 | ---- | C] () -- C:\Dokumente und Einstellungen\w\Eigene Dateien\My Pro Part Finish.veg
[2012.09.15 13:50:29 | 004,852,736 | ---- | C] () -- C:\Dokumente und Einstellungen\w\Eigene Dateien\Ende.veg.bak
[2012.09.15 13:50:29 | 004,852,736 | ---- | C] () -- C:\Dokumente und Einstellungen\w\Eigene Dateien\Ende.veg
[2012.09.11 00:05:07 | 000,017,752 | ---- | C] () -- C:\Dokumente und Einstellungen\w\Eigene Dateien\3d cube.veg.bak
[2012.09.11 00:05:07 | 000,017,752 | ---- | C] () -- C:\Dokumente und Einstellungen\w\Eigene Dateien\3d cube.veg
[2012.09.03 14:15:16 | 005,912,496 | ---- | C] () -- C:\Dokumente und Einstellungen\w\Eigene Dateien\My Pro Part 222.veg
[2012.09.03 14:15:16 | 005,911,848 | ---- | C] () -- C:\Dokumente und Einstellungen\w\Eigene Dateien\My Pro Part 222.veg.bak
[2012.09.01 02:54:11 | 005,185,240 | ---- | C] () -- C:\Dokumente und Einstellungen\w\Eigene Dateien\My Pro Part 22.veg.bak
[2012.09.01 02:54:11 | 005,185,240 | ---- | C] () -- C:\Dokumente und Einstellungen\w\Eigene Dateien\My Pro Part 22.veg
[2012.06.06 21:28:55 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2012.05.21 05:26:48 | 002,298,824 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2012.03.20 08:31:29 | 000,000,132 | ---- | C] () -- C:\Dokumente und Einstellungen\w\Anwendungsdaten\Adobe BMP Format CS5 Prefs
[2011.12.14 04:17:11 | 000,000,021 | ---- | C] () -- C:\WINDOWS\ZENOTE_Blur.INI
[2011.10.01 02:09:53 | 001,651,282 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-3588590466-3322274812-248915221-1005-0.dat
[2011.10.01 02:09:52 | 000,259,914 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2011.07.31 03:19:49 | 000,001,456 | ---- | C] () -- C:\Dokumente und Einstellungen\w\Lokale Einstellungen\Anwendungsdaten\Adobe Für Web speichern 12.0 Prefs
[2011.05.01 05:58:32 | 000,001,456 | ---- | C] () -- C:\Dokumente und Einstellungen\w\Lokale Einstellungen\Anwendungsdaten\Adobe Für Web speichern 11.0 Prefs
[2011.01.10 00:27:40 | 000,732,248 | ---- | C] () -- C:\Dokumente und Einstellungen\w\Anwendungsdaten\8d51356f4bb435f1b6f84a242a76b34c-i686.cache-2
[2010.10.31 23:39:13 | 000,695,642 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2010.10.31 23:39:13 | 000,121,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lagarith.dll
[2010.10.31 23:39:13 | 000,001,784 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2010.10.22 21:52:22 | 000,179,200 | ---- | C] () -- C:\WINDOWS\System32\NBKey 2.exe
[2005.06.25 17:20:47 | 000,229,376 | ---- | C] () -- C:\Dokumente und Einstellungen\w\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== ZeroAccess Check ==========
[2008.05.14 16:49:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2008.04.14 04:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2009.11.30 11:04:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ESET
[2010.12.30 14:03:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Firefly Studios
[2011.09.30 00:30:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Freemake
[2011.01.26 21:21:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2009.11.23 21:23:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IEConfiguration1und1
[2012.08.27 13:19:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PMB Files
[2011.07.31 01:54:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\regid.1986-12.com.adobe
[2010.05.13 21:47:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony
[2011.02.24 04:07:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2009.11.23 21:12:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\w\Anwendungsdaten\1&1
[2010.02.09 21:58:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\w\Anwendungsdaten\AnvSoft
[2011.02.24 14:14:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\w\Anwendungsdaten\Auslogics
[2012.09.29 02:31:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\w\Anwendungsdaten\bsnes
[2011.07.30 23:58:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\w\Anwendungsdaten\com.adobe.downloadassistant.AdobeDownloadAssistant
[2009.08.06 20:23:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\w\Anwendungsdaten\Command & Conquer 3 Tiberium Wars
[2011.10.28 00:19:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\w\Anwendungsdaten\DesktopIconForAmazon
[2012.09.20 06:15:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\w\Anwendungsdaten\DVDVideoSoft
[2012.09.19 04:15:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\w\Anwendungsdaten\DVDVideoSoftIEHelpers
[2010.11.22 01:38:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\w\Anwendungsdaten\FreeFLVConverter
[2012.09.30 17:05:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\w\Anwendungsdaten\ICQ
[2010.04.07 20:39:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\w\Anwendungsdaten\Leadertech
[2009.03.15 17:35:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\w\Anwendungsdaten\monsterz
[2010.05.28 23:01:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\w\Anwendungsdaten\OCS
[2010.05.28 23:01:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\w\Anwendungsdaten\Opera
[2008.04.01 16:55:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\w\Anwendungsdaten\Petroglyph
[2010.02.06 13:23:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\w\Anwendungsdaten\Publish Providers
[2008.04.01 21:59:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\w\Anwendungsdaten\Sierra Entertainment
[2011.07.09 13:17:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\w\Anwendungsdaten\Sony
[2010.04.06 10:58:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\w\Anwendungsdaten\Sony Creative Software
[2010.09.30 15:25:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\w\Anwendungsdaten\Sony Setup
[2006.11.14 11:52:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\w\Anwendungsdaten\Sudeki
[2010.04.03 23:45:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\w\Anwendungsdaten\TeamViewer
[2011.10.28 00:20:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\w\Anwendungsdaten\uTorrent
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 117 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:07BF512B
< End of report > --- --- ---
--- --- ---
3 OTL EXTRAS Logfile: Code:
OTL Extras logfile created on: 29.09.2012 18:54:26 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\w\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,03 Gb Available Physical Memory | 51,39% Memory free
4,85 Gb Paging File | 4,10 Gb Available in Paging File | 84,49% Paging File free
Paging file location(s): C:\pagefile.sys 3070 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 149,05 Gb Total Space | 4,86 Gb Free Space | 3,26% Space Free | Partition Type: NTFS
Drive D: | 1,81 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive I: | 931,28 Gb Total Space | 644,59 Gb Free Space | 69,21% Space Free | Partition Type: FAT32
Computer Name: ***** | User Name: w | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Programme\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"58535:TCP" = 58535:TCP:*:Enabled:Pando Media Booster
"58535:UDP" = 58535:UDP:*:Enabled:Pando Media Booster
"56391:TCP" = 56391:TCP:*:Enabled:Pando Media Booster
"56391:UDP" = 56391:UDP:*:Enabled:Pando Media Booster
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"443:TCP" = 443:TCP:*:Enabled:Port
"58535:TCP" = 58535:TCP:*:Enabled:Pando Media Booster
"58535:UDP" = 58535:UDP:*:Enabled:Pando Media Booster
"56391:TCP" = 56391:TCP:*:Enabled:Pando Media Booster
"56391:UDP" = 56391:UDP:*:Enabled:Pando Media Booster
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\ICQ7.1\ICQ.exe" = C:\Programme\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1
"C:\Programme\ICQ7.1\aolload.exe" = C:\Programme\ICQ7.1\aolload.exe:*:Enabled:aolload.exe
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Programme\ICQ7.4\ICQ.exe" = C:\Programme\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4 -- (ICQ, LLC.)
"C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE" = C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE:*:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\WCESMGR.EXE" = C:\Programme\Microsoft ActiveSync\WCESMGR.EXE:*:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Programme\Firefly Studios\Stronghold 2\Stronghold2.exe" = C:\Programme\Firefly Studios\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2 -- (Firefly Studios)
"C:\Programme\EA GAMES\Die Schlacht um Mittelerde(tm)\game.dat" = C:\Programme\EA GAMES\Die Schlacht um Mittelerde(tm)\game.dat:*:Enabled:Die Schlacht um Mittelerde (tm)
"C:\Programme\EA GAMES\Battlefield Vietnam\bfvietnam.exe" = C:\Programme\EA GAMES\Battlefield Vietnam\bfvietnam.exe:*:Enabled:bfvietnam
"C:\Programme\Battlefield 1942\BF1942.exe" = C:\Programme\Battlefield 1942\BF1942.exe:*:Enabled:BF1942
"C:\Programme\Microsoft Games\Dungeon Siege\DungeonSiege.exe" = C:\Programme\Microsoft Games\Dungeon Siege\DungeonSiege.exe:*:Enabled:Dungeon Siege Game Executable
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Programme\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe" = C:\Programme\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe:*:Enabled:Stronghold Crusader -- ( )
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8-Server -- (Microsoft Corporation)
"C:\Programme\Microsoft Games\Dungeon Siege\DSLOA.exe" = C:\Programme\Microsoft Games\Dungeon Siege\DSLOA.exe:*:Enabled:Dungeon Siege: Legends of Aranna Game Executable
"C:\Programme\LucasArts\Star Wars Jedi Knight Jedi Academy\GameData\jamp.exe" = C:\Programme\LucasArts\Star Wars Jedi Knight Jedi Academy\GameData\jamp.exe:*:Enabled:Jedi Academy MultiPlayer
"C:\SIERRA\EE-ZDE\EE-AOC.exe" = C:\SIERRA\EE-ZDE\EE-AOC.exe:*:Enabled:EE-AOC
"C:\Programme\JoWooD\Die Gilde\gilde.exe" = C:\Programme\JoWooD\Die Gilde\gilde.exe:*:Enabled:gilde
"C:\Programme\JoWooD\SpellForce\SpellForce.exe" = C:\Programme\JoWooD\SpellForce\SpellForce.exe:*:Enabled:SpellForce - Platinum Edition spielen -- ()
"C:\Programme\DreamCatcher\Etherlords II\Etherlords2.exe" = C:\Programme\DreamCatcher\Etherlords II\Etherlords2.exe:*:Enabled:Etherlords 2 main executable file
"C:\Programme\Warcraft III\Warcraft III.exe" = C:\Programme\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III
"C:\NeverwinterNights\NWN\nwmain.exe" = C:\NeverwinterNights\NWN\nwmain.exe:*:Enabled:Neverwinter Nights
"C:\Programme\Firefly Studios\Stronghold Legends\StrongholdLegends.exe" = C:\Programme\Firefly Studios\Stronghold Legends\StrongholdLegends.exe:*:Enabled:Stronghold Legends -- (Firefly Studios)
"C:\Programme\EA GAMES\Command & Conquer Die ersten 10 Jahre\Command & Conquer Red Alert(tm) II\AR2\game.exe" = C:\Programme\EA GAMES\Command & Conquer Die ersten 10 Jahre\Command & Conquer Red Alert(tm) II\AR2\game.exe:*:Enabled:Main executable for Red Alert 2
"C:\Programme\Wolfenstein - Enemy Territory\ET.exe" = C:\Programme\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Electronic Arts\Die Schlacht um Mittelerde II\game.dat" = C:\Programme\Electronic Arts\Die Schlacht um Mittelerde II\game.dat:*:Enabled:Die Schlacht um Mittelerde™ II
"C:\Unreal Anthology\UT2004\System\UT2004.exe" = C:\Unreal Anthology\UT2004\System\UT2004.exe:*:Enabled:UT2004
"C:\Programme\Electronic Arts\Aufstieg des Hexenkönigs\game.dat" = C:\Programme\Electronic Arts\Aufstieg des Hexenkönigs\game.dat:*:Enabled:Der Herr der Ringe™, Aufstieg des Hexenkönigs™
"C:\Programme\Atari\Neverwinter Nights 2\nwn2main.exe" = C:\Programme\Atari\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main
"C:\Programme\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe" = C:\Programme\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD
"C:\Programme\Atari\Neverwinter Nights 2\nwupdate.exe" = C:\Programme\Atari\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater
"C:\Programme\Atari\Neverwinter Nights 2\nwn2server.exe" = C:\Programme\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server
"C:\Programme\EA GAMES\MOHAA\moh_Breakthrough.exe" = C:\Programme\EA GAMES\MOHAA\moh_Breakthrough.exe:*:Enabled:Medal of Honor Allied Assault(tm) Breakthrough
"C:\Programme\EA GAMES\MOHAA\MOHAA.exe" = C:\Programme\EA GAMES\MOHAA\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault(tm)
"C:\Programme\Electronic Arts\EADM\Core.exe" = C:\Programme\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager
"C:\Programme\Sony\Station\LaunchPad\LaunchPad.exe" = C:\Programme\Sony\Station\LaunchPad\LaunchPad.exe:*:Enabled:LaunchPad -- ()
"C:\Programme\JoWooD\SpellForce 2 Shadow Wars\spellforce2.exe" = C:\Programme\JoWooD\SpellForce 2 Shadow Wars\spellforce2.exe:*:Enabled:spellforce2
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6
"C:\Dokumente und Einstellungen\w\Eigene Dateien\Downloads\IM65223.JPG-www.myspace.com.exe" = C:\WINDOWS\infocard.exe:*:Enabled:Firewall Administrating
"C:\Dokumente und Einstellungen\w\temp\TeamViewer\Version5\TeamViewer.exe" = C:\Dokumente und Einstellungen\w\temp\TeamViewer\Version5\TeamViewer.exe:*:Enabled:TeamViewer -- (TeamViewer GmbH)
"C:\Programme\ICQ7.1\ICQ.exe" = C:\Programme\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1
"C:\Programme\ICQ7.1\aolload.exe" = C:\Programme\ICQ7.1\aolload.exe:*:Enabled:aolload.exe
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Disabled:Java(TM) Platform SE binary
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Dokumente und Einstellungen\w\Desktop\Gamecupe\Emulator\Win32\Dolphin.exe" = C:\Dokumente und Einstellungen\w\Desktop\Gamecupe\Emulator\Win32\Dolphin.exe:*:Disabled:Dolphin
"C:\Programme\ICQ7.4\ICQ.exe" = C:\Programme\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4 -- (ICQ, LLC.)
"C:\Programme\Steam\Steam.exe" = C:\Programme\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Programme\Adobe\Adobe After Effects CS4\Support Files\AfterFX.exe" = C:\Programme\Adobe\Adobe After Effects CS4\Support Files\AfterFX.exe:*:Disabled:Adobe After Effects CS4 -- (Adobe Systems Incorporated)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\WINDOWS\system32\rundll32.exe" = C:\WINDOWS\system32\rundll32.exe:*:Enabled:Eine DLL-Datei als Anwendung ausführen -- (Microsoft Corporation)
"C:\Dokumente und Einstellungen\w\Desktop\Hitachi übertragung\dolphin-3.0-win32\Dolphin.exe" = C:\Dokumente und Einstellungen\w\Desktop\Hitachi übertragung\dolphin-3.0-win32\Dolphin.exe:*:Disabled:Dolphin -- ()
"C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.4 Build #4629 Banner Remover 1.0
"{0C0AE701-05A6-4CFD-971D-CF5EF446108B}" = ESET NOD32 Antivirus
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D938959-9CBC-4856-B560-A23DF52266B7}" = Acer MP3 Flash Stick
"{0D994CC5-819F-4657-84DD-397B8FE1EA80}" = Star Wars Jedi Knight Jedi Academy
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1526D87C-A955-4FAB-BF18-697BA457E352}" = Norton WMI Update
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe
"{1A9C3B2E-360E-4353-8E17-312342E24194}" = Speed-Link SL-6535 USB Pad
"{1D108D70-E7D1-4089-9A0A-99629C4D0CB8}" = Morrowind
"{1D2CF076-A63F-41A5-00A1-5924FADFAD9D}" = Der Pate® Das Spiel
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2184D9EA-4E5B-43FD-914E-4563CF028C94}" = MetalGearSolid2 Substance
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56415658-366E-4E28-A6BD-68EC63E560E0}" = Vegas Pro 9.0
"{58D68DF0-4E8B-4E9E-B425-670F9E37C1A8}" = TES Construction Set
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{5D90E53A-BD7C-8F32-9B82-7733D0F0BC8E}" = Adobe Download Assistant
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{66A405D2-BA14-4594-BF36-B3B544F0754E}" = Stronghold Legends
"{66FF4C48-0083-4E60-8556-B883AB200091}" = Heroes of Might & Magic V: Hammers of Fate
"{66FF4C48-0083-4E60-8556-B883AB200092}" = Heroes of Might and Magic V - Tribes of the East
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{74A84478-70A5-4F7A-966C-FA2771FF91A5}_is1" = Patch v2.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E8242F8-BD2A-44D7-BCED-9B231A02B367}" = SpellForce 2 Patch
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86CC41E6-A4F5-448E-97DC-A9F254193EC7}" = Zenoté Blur for Vegas
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader
"{8C40E19E-176A-4B42-AD7B-C472AEC6704F}" = Zenoté Letterbox for Vegas
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{9E012857-0B5E-40A0-A36A-36751966A79B}_is1" = ICQ Status Checker 1.8
"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BBF10B37-4ED3-11D5-A818-00500435FC18}" = Gothic
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C0756682-E278-4A92-A327-9FEDEEDFE3C7}" = Zenoté Random for Vegas
"{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}" = SPORE™ Süß & Schrecklich Ergänzungs-Pack
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778}" = NTI CD & DVD-Maker
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D428F260-DF6E-4D5A-9C8D-5C45CC209FAD}" = Zenoté Grain for Vegas
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E9E09EAA-0FF8-42A1-ACAB-67F2A691E50F}" = Guild 2 Patch
"{EDDDC607-91D9-4758-9F57-265FDCD8A772}" = Microsoft Works 7.0
"{EFC1B35C-FFF2-41D8-A70A-CE6037F8040B}" = AGEIA PhysX v7.07.24
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3A15FE0-A67B-4E05-853A-46851EAEFBF0}" = Zenoté Glow for Vegas
"{F59AC46C-10C3-4023-882C-4212A92283B3}_is1" = Lagarith Lossless Codec (1.3.20)
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1&1 EasyLogin" = 1&1 EasyLogin
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"Audacity_is1" = Audacity 1.2.6
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Control center" = Control center
"CycoreFX HD 1.6.1 for After Effects" = CycoreFX HD 1.6.1 for After Effects
"Die Gilde 2 - Gold Edition" = Die Gilde 2 - Gold Edition
"DivX Setup" = DivX-Setup
"FLV to AVI MPEG WMV 3GP MP4 iPod Converter_is1" = FLV to AVI MPEG WMV 3GP MP4 iPod Converter 5.0.0526
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube Download 3_is1" = Free YouTube Download 3 version 3.0.11.727
"Free YouTube Download_is1" = Free YouTube Download version 3.1.37.918
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918
"Freemake Video Converter_is1" = Freemake Video Converter Version 2.3.4
"G3QP231012008_is1" = Questpaket 4 Update 1 Deinstallation
"Gothic II" = Gothic II
"Gothic II - Die Nacht des Raben" = Gothic II - Die Nacht des Raben
"ICQToolbar" = ICQ Toolbar
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778}" = NTI CD & DVD-Maker Gold
"Magic Bullet Editors 2.0 Vegas" = Magic Bullet Editors 2.0 Vegas
"Magic Bullet Looks Vegas" = Magic Bullet Looks Vegas
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NewBlue 3D Explosions for Vegas" = NewBlue 3D Explosions for Vegas
"NewBlue 3D Transformations for Vegas" = NewBlue 3D Transformations for Vegas
"NewBlue Art Blends 2.0 for Vegas" = NewBlue Art Blends 2.0 for Vegas
"NewBlue Art Effects 2.0 for Vegas" = NewBlue Art Effects 2.0 for Vegas
"NewBlue Film Effects for Vegas" = NewBlue Film Effects for Vegas
"NewBlue Light Effects for Windows" = NewBlue Light Effects for Windows
"NewBlue Motion Blends" = NewBlue Motion Blends
"NewBlue Motion Effects 2.0 for Vegas" = NewBlue Motion Effects 2.0 for Vegas
"NewBlue Video Essentials 1.0 for Windows" = NewBlue Video Essentials 1.0 for Windows
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PluginPac" = DebugMode PluginPac (remove only)
"SearchAnonymizer" = SearchAnonymizer
"SpellForce" = SpellForce
"SpiceMASTER 2.5 PRO for Vegas" = SpiceMASTER 2.5 PRO for Vegas
"ThielHater's Texturepatch_is1" = ThielHater's Texturepatch
"Total Video Converter 3.10_is1" = Total Video Converter 3.10
"Trapcode 3DStroke" = Trapcode 3DStroke
"Trapcode Particular v2" = Trapcode Particular v2
"Trapcode Starglow" = Trapcode Starglow
"Trapcode Starglow AVX" = Trapcode Starglow AVX
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.11
"WIC" = Windows Imaging Component
"Winamp" = Winamp (remove only)
"Windows CE Services" = Microsoft ActiveSync 3.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Xvid_is1" = Xvid 1.1.2 final uninstall
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 09.09.2012 08:59:47 | Computer Name = ***** | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung morrowind.exe, Version 1.6.0.1820, fehlgeschlagenes
Modul morrowind.exe, Version 1.6.0.1820, Fehleradresse 0x0018bf63.
Error - 14.09.2012 22:13:31 | Computer Name = ***** | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung vegas90.exe, Version 9.0.0.896, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 19.09.2012 01:37:07 | Computer Name = ***** | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 15.0.1.4631, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 19.09.2012 01:37:09 | Computer Name = ***** | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 15.0.1.4631, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 22.09.2012 05:20:21 | Computer Name = ***** | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 15.0.1.4631, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 22.09.2012 05:20:23 | Computer Name = ***** | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 15.0.1.4631, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 22.09.2012 05:20:25 | Computer Name = ***** | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 15.0.1.4631, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 27.09.2012 21:15:25 | Computer Name = ***** | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 27.09.2012 21:15:25 | Computer Name = ***** | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 28.09.2012 20:34:15 | Computer Name = ***** | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung snes9x.exe, Version 1.5.3.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
[ System Events ]
Error - 29.09.2012 02:13:11 | Computer Name = ***** | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 29.09.2012 02:13:11 | Computer Name = ***** | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 29.09.2012 02:13:12 | Computer Name = ***** | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 29.09.2012 02:13:12 | Computer Name = ***** | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 29.09.2012 02:13:12 | Computer Name = ***** | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 29.09.2012 02:13:12 | Computer Name = ***** | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 29.09.2012 02:13:12 | Computer Name = ***** | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 29.09.2012 02:13:12 | Computer Name = ***** | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 29.09.2012 02:13:12 | Computer Name = ***** | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 29.09.2012 02:13:12 | Computer Name = ***** | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
< End of report > --- --- ---
4 GMER Log
GMER Logfile: Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-30 20:49:49
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-e WDC_WD1600JD-22HBB0 rev.08.02D08
Running: zzhyu4kk.exe; Driver: C:\DOKUME~1\w\LOKALE~1\Temp\fgtdqpod.sys
---- System - GMER 1.0.15 ----
SSDT 89CF6C90 ZwAssignProcessToJobObject
SSDT 89CF7200 ZwDebugActiveProcess
SSDT 89CF72F0 ZwDuplicateObject
SSDT 89CF6590 ZwOpenProcess
SSDT 89CF6800 ZwOpenThread
SSDT 89CF6FD0 ZwProtectVirtualMemory
SSDT 89CF70E0 ZwQueueApcThread
SSDT 89CF6EC0 ZwSetContextThread
SSDT 89CF6D90 ZwSetInformationThread
SSDT 89CF3DA0 ZwSetSecurityObject
SSDT 89CF6B90 ZwSuspendProcess
SSDT 89CF6A80 ZwSuspendThread
SSDT 89CF66E0 ZwTerminateProcess
SSDT 89CF6A50 ZwTerminateThread
SSDT 89CF76D0 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
.sfrelocÿÿÿÿsfsync04unknown last section [0xF74F5000, 0xBC6, 0x40000040] C:\WINDOWS\system32\drivers\sfsync04.sys unknown last section [0xF74F5000, 0xBC6, 0x40000040]
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8EC0380, 0x346307, 0xE8000020]
.text C:\WINDOWS\system32\drivers\SSHDRV86.sys section is writeable [0xB6076000, 0x26354, 0xE8000020]
.pklstb C:\WINDOWS\system32\drivers\SSHDRV86.sys entry point in ".pklstb" section [0xB60AB000]
.relo2 C:\WINDOWS\system32\drivers\SSHDRV86.sys unknown last section [0xB60C2000, 0x8E, 0x42000040]
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xB450B300, 0x3AF78, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xB501A300, 0x1BCE, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe[1072] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]
? C:\WINDOWS\system32\svchost.exe[2712] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; unknown module: DNSAPI.dllunknown module: gdiplus.dll
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)
Device \Driver\atapi \Device\Ide\IdePort0 sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))
Device \Driver\atapi \Device\Ide\IdePort1 sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))
Device \Driver\atapi \Device\Ide\IdePort2 sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))
Device \Driver\usbstor \Device\00000075 sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))
Device \Driver\usbstor \Device\0000007a sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))
Device \Driver\usbstor \Device\0000007b sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))
Device \Driver\usbstor \Device\0000007c sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))
Device \Driver\usbstor \Device\0000007d sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))
---- EOF - GMER 1.0.15 ---- --- --- ---
Das sollte alles sein...
Vielen dank für die Geduld und Hilfe,weiß ich zu schätzen:daumenhoc |