Home » Viren, Trojaner & Malware Forum » PC arbeitet sehr langsam/verzögert, Verdacht auf Trojaner » Themenansicht

PC arbeitet sehr langsam/verzögert, Verdacht auf Trojaner
#0
15.08.2010, 14:54
Netter
Member

Beiträge: 16
#1 Hallo,

ich habe schon seit einigen Wochen das Problem, dass mein PC sehr langsam und verzögert arbeitet. Das Abspielen von CDs/DVDs ist schier unmöglich geworden. Ich habe mit meinem Antiviruspogramm Kaspersky mehrmals das System gescannt, doch es wurde nichts gefunden.
Im folgenden poste ich die beiden Logfiles.

Vielen Dank für die Hilfe.

Gruß,
Netter
Seitenanfang Seitenende
15.08.2010, 14:58
Netter
Member

Themenstarter

Beiträge: 16
#2

Code


OTL logfile created on: 15.08.2010 13:36:34 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Dokumente und Einstellungen\Johannes\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 66,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 232,88 Gb Total Space | 64,89 Gb Free Space | 27,86% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 115,04 Gb Total Space | 3,87 Gb Free Space | 3,37% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: NETTER
Current User Name: Johannes
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Dokumente und Einstellungen\Johannes\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\MiserWare\Granola\granola.exe ()
PRC - C:\Programme\pdf24\pdf24.exe (Geek Software GmbH)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Google\Update\1.2.183.23\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Razer\Diamondback\razerhid.exe ()
PRC - C:\Programme\Razer\Diamondback\razerofa.exe (Razer Inc.)
PRC - C:\Programme\Razer\Diamondback\razertra.exe ()
PRC - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG)
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - C:\Dokumente und Einstellungen\Johannes\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\kloehk.dll (Kaspersky Lab)
MOD - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\adialhk.dll (Kaspersky Lab)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AVP) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (Kaspersky Lab)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MSSQL$SONY_MEDIAMGR) -- C:\Programme\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLAgent$SONY_MEDIAMGR) -- C:\Programme\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (Microsoft Corporation)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - (SetupNTGLM7X) -- D:\NTGLM7X.sys File not found
DRV - (NTACCESS) -- D:\NTACCESS.sys File not found
DRV - (Monfilt) -- C:\WINDOWS\System32\drivers\Monfilt.sys File not found
DRV - (GMSIPCI) -- D:\INSTALL\GMSIPCI.SYS File not found
DRV - (Ambfilt) -- C:\WINDOWS\System32\drivers\Ambfilt.sys File not found
DRV - (speccy) -- C:\Dokumente und Einstellungen\Johannes\Lokale Einstellungen\Temp\864a4d2f-cb3f-426c-967e-038f054c894b (Windows (R) Codename Longhorn DDK provider)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
DRV - (klbg) -- C:\WINDOWS\system32\drivers\klbg.sys (Kaspersky Lab)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (kl1) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab)
DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (KLFLTDEV) -- C:\WINDOWS\system32\drivers\klfltdev.sys (Kaspersky Lab)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (Razerlow) -- C:\WINDOWS\system32\drivers\Razerlow.sys (Razer (Asia-Pacific) Pte Ltd)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.startup.homepage: "http://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.60
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.0
FF - prefs.js..keyword.URL: "http://searchservice.myspace.com/index.cfm?fuseaction=sitesearch.results&type=Web&orig=IMC-FF&qry="
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: 4
 
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.02.26 20:10:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Programme\Google\Google Gears\Firefox\ [2010.03.06 14:13:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.07.28 01:51:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.07.28 01:51:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.04.02 11:53:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2010.07.04 22:45:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\THBExt [2009.05.06 16:29:55 | 000,000,000 | ---D | M]
 
[2009.05.06 16:25:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Johannes\Anwendungsdaten\Mozilla\Extensions
[2010.08.10 11:07:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Johannes\Anwendungsdaten\Mozilla\Firefox\Profiles\eayw02s8.default\extensions
[2010.04.28 11:55:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Johannes\Anwendungsdaten\Mozilla\Firefox\Profiles\eayw02s8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.07.23 22:29:24 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Dokumente und Einstellungen\Johannes\Anwendungsdaten\Mozilla\Firefox\Profiles\eayw02s8.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010.07.12 19:56:28 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Johannes\Anwendungsdaten\Mozilla\Firefox\Profiles\eayw02s8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009.12.25 17:14:29 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Dokumente und Einstellungen\Johannes\Anwendungsdaten\Mozilla\Firefox\Profiles\eayw02s8.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.04.09 18:07:32 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Dokumente und Einstellungen\Johannes\Anwendungsdaten\Mozilla\Firefox\Profiles\eayw02s8.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009.05.14 15:36:43 | 000,002,399 | ---- | M] () -- C:\Dokumente und Einstellungen\Johannes\Anwendungsdaten\Mozilla\Firefox\Profiles\eayw02s8.default\searchplugins\daemon-search.xml
[2008.12.12 20:23:54 | 000,002,158 | ---- | M] () -- C:\Dokumente und Einstellungen\Johannes\Anwendungsdaten\Mozilla\Firefox\Profiles\eayw02s8.default\searchplugins\MySpace.xml
[2010.08.11 22:41:00 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.04.23 13:02:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.01.14 00:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll
[2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2002.08.29 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVP] C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [Diamondback] C:\Programme\Razer\Diamondback\razerhid.exe ()
O4 - HKLM..\Run: [KernelFaultCheck]  File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PDFPrint] C:\Programme\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [cleansweep.exe] C:\cleansweep.exe\cleansweep.exe File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Granola] C:\Programme\MiserWare\Granola\granola.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\Johannes\Startmenü\Programme\Autostart\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\Johannes\Startmenü\Programme\Autostart\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Statistik für den Schutz des Web-Datenverkehrs - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\adialhk.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Johannes\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Johannes\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.05.05 20:41:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010.08.15 13:01:58 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Johannes\Recent
[2010.08.15 12:35:10 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Johannes\Desktop\OTL.exe
[2010.08.14 13:24:14 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\BioWare
[2010.08.07 16:35:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Johannes\Anwendungsdaten\OpenOffice.org
[2010.08.07 16:32:39 | 000,000,000 | ---D | C] -- C:\Programme\JRE
[2010.08.07 16:32:33 | 000,000,000 | ---D | C] -- C:\Programme\OpenOffice.org 3
[2010.08.02 12:07:49 | 000,000,000 | ---D | C] -- C:\Programme\pdf24
[2010.07.20 18:25:20 | 000,000,000 | ---D | C] -- C:\Programme\Speccy
[2010.07.20 18:24:35 | 000,000,000 | ---D | C] -- C:\Programme\MiserWare
[2010.07.20 18:24:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Johannes\Anwendungsdaten\MiserWare
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2010.08.15 14:14:00 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.15 13:31:34 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.15 13:31:33 | 000,200,910 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010.08.15 13:31:30 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.08.15 13:30:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.08.15 13:29:30 | 009,175,040 | -H-- | M] () -- C:\Dokumente und Einstellungen\Johannes\NTUSER.DAT
[2010.08.15 13:29:30 | 004,799,008 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010.08.15 13:29:30 | 000,860,192 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2010.08.15 13:29:30 | 000,040,668 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010.08.15 13:29:30 | 000,006,116 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2010.08.15 12:35:11 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Johannes\Desktop\OTL.exe
[2010.08.14 22:29:01 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.08.14 11:44:34 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.08.13 00:40:44 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Johannes\ntuser.ini
[2010.08.12 12:06:29 | 000,298,848 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.08.11 22:42:15 | 001,057,392 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.08.11 22:42:15 | 000,469,810 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.08.11 22:42:15 | 000,453,090 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.08.11 22:42:15 | 000,088,798 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.08.11 22:42:15 | 000,075,840 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.08.08 10:40:41 | 000,078,176 | ---- | M] () -- C:\Dokumente und Einstellungen\Johannes\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
[2010.08.07 16:35:42 | 000,000,836 | ---- | M] () -- C:\Dokumente und Einstellungen\Johannes\Startmenü\Programme\Autostart\OpenOffice.org 3.2.lnk
[2010.08.01 16:57:44 | 000,000,229 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.07.29 18:27:31 | 000,113,933 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010.07.29 18:27:31 | 000,097,549 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010.07.29 01:05:59 | 001,577,068 | -H-- | M] () -- C:\Dokumente und Einstellungen\Johannes\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2010.07.27 08:29:42 | 008,503,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010.08.07 16:35:42 | 000,000,836 | ---- | C] () -- C:\Dokumente und Einstellungen\Johannes\Startmenü\Programme\Autostart\OpenOffice.org 3.2.lnk
[2010.06.07 15:06:41 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2010.06.07 14:57:44 | 000,000,038 | ---- | C] () -- C:\WINDOWS\osAviSplitter.INI
[2010.02.21 01:21:25 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2010.02.12 17:30:01 | 000,000,025 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2010.01.31 18:15:46 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2009.10.03 17:27:11 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009.10.03 17:27:11 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009.10.03 17:27:10 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009.10.01 18:05:29 | 000,035,328 | ---- | C] () -- C:\WINDOWS\System32\SYNSOACC.dll
[2009.09.23 18:54:45 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009.09.23 18:54:43 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009.09.23 17:36:48 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009.08.09 21:19:16 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009.08.09 21:19:15 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009.07.29 08:35:54 | 002,378,752 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2009.06.25 07:08:00 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.06.25 07:07:58 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.06.25 07:07:34 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009.06.25 07:07:34 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009.06.09 08:50:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2009.05.13 00:21:26 | 000,000,229 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.05.11 23:49:49 | 000,000,336 | ---- | C] () -- C:\WINDOWS\ImgTool.INI
[2009.05.06 22:21:47 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008.10.07 13:33:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008.10.07 13:33:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008.10.07 13:33:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008.10.07 13:33:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008.10.07 13:33:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008.06.05 08:58:26 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[1997.06.14 10:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2009.11.07 15:57:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
[2010.03.28 13:55:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Degener
[2009.05.31 20:27:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Electronic Arts
[2009.05.25 21:13:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony
[2009.08.09 21:21:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tages
[2010.06.28 19:42:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\vsosdk
[2009.05.31 13:45:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip
[2010.05.26 19:38:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zoom Player
[2010.04.02 11:57:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009.09.11 16:56:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009.05.06 18:27:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009.05.14 19:59:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Johannes\Anwendungsdaten\DAEMON Tools
[2009.05.14 19:59:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Johannes\Anwendungsdaten\DAEMON Tools Lite
[2009.05.14 19:11:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Johannes\Anwendungsdaten\DAEMON Tools Pro
[2010.03.28 13:54:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Johannes\Anwendungsdaten\Degener
[2010.03.28 13:54:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Johannes\Anwendungsdaten\Ebner
[2010.05.26 19:39:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Johannes\Anwendungsdaten\Hide IP NG
[2010.05.13 09:35:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Johannes\Anwendungsdaten\ICQ
[2010.07.20 18:24:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Johannes\Anwendungsdaten\MiserWare
[2010.08.07 16:35:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Johannes\Anwendungsdaten\OpenOffice.org
[2009.05.25 21:19:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Johannes\Anwendungsdaten\Publish Providers
[2009.05.06 16:48:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Johannes\Anwendungsdaten\RouterControl
[2010.02.15 18:28:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Johannes\Anwendungsdaten\Sierra Entertainment
[2009.05.27 12:38:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Johannes\Anwendungsdaten\Sony
[2009.10.01 18:06:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Johannes\Anwendungsdaten\Steinberg
[2009.05.06 16:54:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Johannes\Anwendungsdaten\Thunderbird
[2009.08.09 21:22:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Johannes\Anwendungsdaten\Ubisoft
[2009.05.24 18:34:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Johannes\Anwendungsdaten\uTorrent
[2010.06.28 19:11:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Johannes\Anwendungsdaten\Vso
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
< End of report >
Seitenanfang Seitenende
15.08.2010, 14:59
Netter
Member

Themenstarter

Beiträge: 16
#3

Code


OTL Extras logfile created on: 15.08.2010 13:36:43 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Dokumente und Einstellungen\Johannes\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 66,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 232,88 Gb Total Space | 64,89 Gb Free Space | 27,86% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 115,04 Gb Total Space | 3,87 Gb Free Space | 3,37% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: NETTER
Current User Name: Johannes
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Burn With ImgTool...] -- C:\Programme\ImgTool Burn\ImgTool.exe -c -d "%l" (CouJo)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" = 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposfx08.exe" = C:\Programme\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposid01.exe" = C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpoews01.exe" = C:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Programme\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Programme\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (TODO: <Company name>)
"C:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Programme\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Programme\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\HP Software Update\hpwucli.exe" = C:\Programme\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Programme\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\German\setup.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\German\setup.exe:*:Enabled:Installationsprogramm für Kaspersky Internet Security 2009 -- (Kaspersky Lab)
"C:\Programme\ICQ6\ICQ.exe" = C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- File not found
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\GROOVE.EXE" = C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Programme\Ubisoft\Related Designs\ANNO 1404\Anno4.exe" = C:\Programme\Ubisoft\Related Designs\ANNO 1404\Anno4.exe:*:Enabled:ANNO 1404 -- ()
"C:\Programme\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe" = C:\Programme\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe:*:Enabled:Anno 1404 Web -- ()
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Programme\Steam\Steam.exe" = C:\Programme\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Dokumente und Einstellungen\Johannes\Eigene Dateien\ICQ\325472877\ReceivedFiles\191373853 M. Werner\Age of Mythology\Age of Mythology\AoM.eXe" = C:\Dokumente und Einstellungen\Johannes\Eigene Dateien\ICQ\325472877\ReceivedFiles\191373853 M. Werner\Age of Mythology\Age of Mythology\AoM.eXe:*:Enabled:Age of Mythology -- File not found
"C:\Programme\Microsoft Games\Age of Empires II\EMPIRES2.ICD" = C:\Programme\Microsoft Games\Age of Empires II\EMPIRES2.ICD:*:Enabled:Age of Empires II -- File not found
"C:\Programme\Nero\Nero 7\Nero Home\NeroHome.exe" = C:\Programme\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home -- (Nero AG)
"C:\Programme\MySpace\IM\MySpaceIM.exe" = C:\Programme\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM -- ()
"C:\Sierra\Empire Earth\Empire Earth.exe" = C:\Sierra\Empire Earth\Empire Earth.exe:*:Enabled:Empire Earth -- File not found
"C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposfx08.exe" = C:\Programme\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposid01.exe" = C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpoews01.exe" = C:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Programme\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Programme\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (TODO: <Company name>)
"C:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Programme\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Programme\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\HP Software Update\hpwucli.exe" = C:\Programme\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Programme\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\Steam\steamapps\steam_whatthehell\counter-strike\hl.exe" = C:\Programme\Steam\steamapps\steam_whatthehell\counter-strike\hl.exe:*:Enabled:Counter-Strike -- (Valve)
"C:\Programme\CryptLoad\RouterClient.exe" = C:\Programme\CryptLoad\RouterClient.exe:*:Enabled:RouterClient -- (http://cryptload.info)
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{0E549A13-2B3D-4633-BA41-DC88C2D6F9A3}" = ProductContext
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{1147FF9A-D576-4cb5-B5E7-FCA21D1E7D26}" = J4680
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1FF12BFD-84AC-4E81-9A8F-496E5C2DDA79}_is1" = Didi V3
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3825B383-7880-48C8-AADD-49B0D764B151}" = 4660_4680_Help
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{50802F8E-03B4-479D-A643-16DE5A3586CB}" = BPDSoftware_Ini
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67335AB1-6341-4f87-A5B4-7FA92CEB77A4}" = HP Officejet All-In-One Series
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79F71DBA-38D0-D6C4-DF6C-335C37091031}" = Nero 7 Demo
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B47287E-335F-4C02-BDCC-D4F237002673}" = Granola
"{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}" = Kaspersky Internet Security 2009
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{96965E6C-41DB-4E0A-BC65-D92381D51D2A}" = Sony Vegas 7.0d
"{97368464-B643-422D-A496-29B409988488}_is1" = TFM Audio Tool 1.0.9.1 Beta
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5FB086B-B602-4452-8FE9-DF6BFBCE3D09}" = Steinberg Cubase Studio 4
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = DieSims™3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C9E129BC-27D3-436E-BAAC-4CE81E0962F1}" = Sony Media Manager 2.2
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D3737952-FF6E-4E72-BDEE-B0DC1C69F80B}" = BPD_HPSU
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DE4CF159-4AD2-4754-BDA0-5FB088C8B58B}" = Razer Diamondback
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4EAEBEA-3E46-43b8-A63C-AD180AE86918}" = BPDSoftware
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"3B18191663CDFABAA2A93D4267E54D683153FF60" = Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor  (05/27/2006 1.3.2.0)
"AC3File_is1" = AC3File 0.7b
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ANNO 1602 Königs-Edition" = ANNO 1602 Königs-Edition
"ASIO4ALL" = ASIO4ALL
"AviSynth" = AviSynth 2.5
"CCleaner" = CCleaner
"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)
"CloneDVD2" = CloneDVD2
"DCoder Image Source" = DCoder Image Source (remove only)
"Diablo II" = Diablo II
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"DVDFab 7_is1" = DVDFab 7.0.7.0 (08/06/2010)
"ENTERPRISER" = Microsoft Office Enterprise 2007
"ffdshow_is1" = ffdshow [rev 3124] [2009-11-03]
"FFMPEG Core Files" = FFMPEG Core Files (remove only)
"Free DVD Decrypter_is1" = Free DVD Decrypter version 1.4
"Free Studio_is1" = Free Studio version 4.2
"Google Chrome" = Google Chrome
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HaaliMkx" = Haali Media Splitter
"HP Document Manager" = HP Document Manager 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallWIX_{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}" = Kaspersky Internet Security 2009
"iTunesKeys_is1" = iTunesKeys v1.55
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.1.0
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MySpaceIM" = MySpaceIM
"Native Instruments Guitar Rig 3" = Native Instruments Guitar Rig 3
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OpenSource AVI Splitter" = OpenSource AVI Splitter (remove only)
"OpenSource DTS/AC3/DD+ Source Filter" = OpenSource DTS/AC3/DD+ Source Filter (remove only)
"ratDVD" = ratDVD 0.78.1444
"RealAlt_is1" = Real Alternative 1.7.5
"RealPlayer 6.0" = RealPlayer
"RM Converter_is1" = RM Converter 4.28
"RouterControl" = RouterControl 1.91
"Shop for HP Supplies" = Shop for HP Supplies
"SHOUTcast Source" = SHOUTcast Source (remove only)
"Speccy" = Speccy
"Steam App 10" = Counter-Strike
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"The FilmMachine_is1" = The FilmMachine 1.6.1
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.1
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"X Codec Pack" = X Codec Pack
"x264vfw" = x264vfw - H.264/MPEG-4 AVC codec (remove only)
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Xvid_is1" = Xvid 1.2.2 final uninstall
"ZoomPlayer" = Zoom Player (remove only)
 
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 15.07.2010 10:09:22 | Computer Name = NETTER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung services.exe, Version 5.1.2600.5755, fehlgeschlagenes
 Modul services.exe, Version 5.1.2600.5755, Fehleradresse 0x000097b0.
 
Error - 15.07.2010 10:21:27 | Computer Name = NETTER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung services.exe, Version 5.1.2600.5755, fehlgeschlagenes
 Modul services.exe, Version 5.1.2600.5755, Fehleradresse 0x000097b0.
 
Error - 15.07.2010 10:36:53 | Computer Name = NETTER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung services.exe, Version 5.1.2600.5755, fehlgeschlagenes
 Modul services.exe, Version 5.1.2600.5755, Fehleradresse 0x000097b0.
 
Error - 15.07.2010 10:52:07 | Computer Name = NETTER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung services.exe, Version 5.1.2600.5755, fehlgeschlagenes
 Modul services.exe, Version 5.1.2600.5755, Fehleradresse 0x000097b0.
 
Error - 15.07.2010 10:58:00 | Computer Name = NETTER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x0f4a10cf.
 
Error - 15.07.2010 10:59:25 | Computer Name = NETTER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung services.exe, Version 5.1.2600.5755, fehlgeschlagenes
 Modul services.exe, Version 5.1.2600.5755, Fehleradresse 0x000097b0.
 
Error - 17.07.2010 10:34:29 | Computer Name = NETTER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung hpqtra08.exe, Version 110.0.180.0, fehlgeschlagenes
 Modul hpqusg.dll, Version 100.0.170.0, Fehleradresse 0x00026418.
 
Error - 15.08.2010 06:39:39 | Computer Name = NETTER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.9.1, Stillstandmodul 
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 15.08.2010 07:01:39 | Computer Name = NETTER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.9.1, Stillstandmodul 
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 15.08.2010 07:29:16 | Computer Name = NETTER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.9.1, Stillstandmodul 
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
[ Application Events ]
Error - 15.07.2010 10:09:22 | Computer Name = NETTER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung services.exe, Version 5.1.2600.5755, fehlgeschlagenes
 Modul services.exe, Version 5.1.2600.5755, Fehleradresse 0x000097b0.
 
Error - 15.07.2010 10:21:27 | Computer Name = NETTER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung services.exe, Version 5.1.2600.5755, fehlgeschlagenes
 Modul services.exe, Version 5.1.2600.5755, Fehleradresse 0x000097b0.
 
Error - 15.07.2010 10:36:53 | Computer Name = NETTER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung services.exe, Version 5.1.2600.5755, fehlgeschlagenes
 Modul services.exe, Version 5.1.2600.5755, Fehleradresse 0x000097b0.
 
Error - 15.07.2010 10:52:07 | Computer Name = NETTER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung services.exe, Version 5.1.2600.5755, fehlgeschlagenes
 Modul services.exe, Version 5.1.2600.5755, Fehleradresse 0x000097b0.
 
Error - 15.07.2010 10:58:00 | Computer Name = NETTER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x0f4a10cf.
 
Error - 15.07.2010 10:59:25 | Computer Name = NETTER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung services.exe, Version 5.1.2600.5755, fehlgeschlagenes
 Modul services.exe, Version 5.1.2600.5755, Fehleradresse 0x000097b0.
 
Error - 17.07.2010 10:34:29 | Computer Name = NETTER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung hpqtra08.exe, Version 110.0.180.0, fehlgeschlagenes
 Modul hpqusg.dll, Version 100.0.170.0, Fehleradresse 0x00026418.
 
Error - 15.08.2010 06:39:39 | Computer Name = NETTER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.9.1, Stillstandmodul 
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 15.08.2010 07:01:39 | Computer Name = NETTER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.9.1, Stillstandmodul 
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 15.08.2010 07:29:16 | Computer Name = NETTER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.9.1, Stillstandmodul 
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
[ System Events ]
Error - 15.08.2010 07:36:57 | Computer Name = NETTER | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort2 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 15.08.2010 07:37:07 | Computer Name = NETTER | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort2 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 15.08.2010 07:37:18 | Computer Name = NETTER | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort2 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 15.08.2010 07:37:29 | Computer Name = NETTER | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort2 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 15.08.2010 07:37:39 | Computer Name = NETTER | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort2 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 15.08.2010 07:37:49 | Computer Name = NETTER | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort2 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 15.08.2010 07:37:59 | Computer Name = NETTER | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort2 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 15.08.2010 07:38:09 | Computer Name = NETTER | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort2 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 15.08.2010 07:38:19 | Computer Name = NETTER | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort2 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 15.08.2010 07:38:29 | Computer Name = NETTER | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort2 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
 
< End of report >
Seitenanfang Seitenende
15.08.2010, 16:10
virenfinder
Member

Beiträge: 3716
#4 bitte erstelle und poste ein combofix log.
http://www.bleepingcomputer.com/combofix/de/wie-combofix-benutzt-wird
Seitenanfang Seitenende
16.08.2010, 00:33
Netter
Member

Themenstarter

Beiträge: 16
#5

Code


ComboFix 10-08-14.06 - Johannes 15.08.2010  20:59:12.4.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.2047.1448 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Johannes\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

(((((((((((((((((((((((   Dateien erstellt von 2010-07-15 bis 2010-08-15  ))))))))))))))))))))))))))))))
.

2010-08-14 11:24 . 2010-08-14 11:24    --------    d-----w-    c:\programme\Gemeinsame Dateien\BioWare
2010-08-09 08:12 . 2010-08-09 08:12    503808    ----a-w-    c:\dokumente und einstellungen\Johannes\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-43e0b8ab-n\msvcp71.dll
2010-08-09 08:12 . 2010-08-09 08:12    499712    ----a-w-    c:\dokumente und einstellungen\Johannes\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-43e0b8ab-n\jmc.dll
2010-08-09 08:11 . 2010-08-09 08:12    348160    ----a-w-    c:\dokumente und einstellungen\Johannes\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-43e0b8ab-n\msvcr71.dll
2010-08-09 08:11 . 2010-08-09 08:11    61440    ----a-w-    c:\dokumente und einstellungen\Johannes\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5b340aa3-n\decora-sse.dll
2010-08-09 08:11 . 2010-08-09 08:11    12800    ----a-w-    c:\dokumente und einstellungen\Johannes\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5b340aa3-n\decora-d3d.dll
2010-08-07 14:35 . 2010-08-07 14:35    1    ----a-w-    c:\dokumente und einstellungen\Johannes\Anwendungsdaten\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-07 14:35 . 2010-08-07 14:35    --------    d-----w-    c:\dokumente und einstellungen\Johannes\Anwendungsdaten\OpenOffice.org
2010-08-07 14:32 . 2010-08-07 14:32    --------    d-----w-    c:\programme\JRE
2010-08-07 14:32 . 2010-08-07 14:32    --------    d-----w-    c:\programme\OpenOffice.org 3
2010-08-02 10:07 . 2010-08-02 10:08    --------    d-----w-    c:\programme\pdf24
2010-07-20 16:25 . 2010-07-20 16:25    --------    d-----w-    c:\programme\Speccy
2010-07-20 16:24 . 2010-07-20 16:24    --------    d-----w-    c:\programme\MiserWare
2010-07-20 16:24 . 2010-07-20 16:24    --------    d-----w-    c:\dokumente und einstellungen\Johannes\Anwendungsdaten\MiserWare

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-15 18:56 . 2009-05-06 14:29    --------    d-----w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab
2010-08-15 18:52 . 2009-05-06 14:29    860192    --sha-w-    c:\windows\system32\drivers\fidbox2.dat
2010-08-15 18:52 . 2009-05-06 14:29    6116    --sha-w-    c:\windows\system32\drivers\fidbox2.idx
2010-08-15 18:52 . 2009-05-06 14:29    4799008    --sha-w-    c:\windows\system32\drivers\fidbox.dat
2010-08-15 18:52 . 2009-05-06 14:29    40668    --sha-w-    c:\windows\system32\drivers\fidbox.idx
2010-08-15 14:22 . 2009-05-06 14:35    --------    d-----w-    c:\dokumente und einstellungen\Johannes\Anwendungsdaten\ICQ
2010-08-15 13:50 . 2009-05-06 14:54    --------    d-----w-    c:\programme\Mozilla Thunderbird
2010-08-15 13:37 . 2009-08-31 15:49    --------    d-----w-    c:\programme\Diablo II
2010-08-14 10:13 . 2009-08-28 22:17    --------    d-----w-    c:\dokumente und einstellungen\Johannes\Anwendungsdaten\vlc
2010-08-11 20:43 . 2009-05-14 09:52    --------    d-----w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft Help
2010-08-11 20:42 . 2002-08-29 12:00    88798    ----a-w-    c:\windows\system32\perfc007.dat
2010-08-11 20:42 . 2002-08-29 12:00    469810    ----a-w-    c:\windows\system32\perfh007.dat
2010-08-08 08:40 . 2009-05-06 14:45    78176    ----a-w-    c:\dokumente und einstellungen\Johannes\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2010-08-02 17:08 . 2009-07-31 14:53    --------    d-----w-    c:\dokumente und einstellungen\Johannes\Anwendungsdaten\teamspeak2
2010-07-30 15:59 . 2009-05-05 20:28    98304    ----a-w-    c:\windows\DUMP360f.tmp
2010-07-29 16:27 . 2009-05-06 14:30    97549    ----a-w-    c:\windows\system32\drivers\klick.dat
2010-07-29 16:27 . 2009-05-06 14:30    113933    ----a-w-    c:\windows\system32\drivers\klin.dat
2010-07-23 20:23 . 2009-05-06 15:06    --------    d-----w-    c:\programme\CryptLoad
2010-06-30 12:28 . 2008-04-14 05:52    149504    ----a-w-    c:\windows\system32\schannel.dll
2010-06-28 17:42 . 2010-06-28 17:42    --------    d-----w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\vsosdk
2010-06-28 17:11 . 2010-06-28 17:11    --------    d-----w-    c:\dokumente und einstellungen\Johannes\Anwendungsdaten\Vso
2010-06-28 17:11 . 2010-06-28 17:11    47360    ----a-w-    c:\windows\system32\drivers\pcouffin.sys
2010-06-28 17:11 . 2010-06-28 17:11    47360    ----a-w-    c:\dokumente und einstellungen\Johannes\Anwendungsdaten\pcouffin.sys
2010-06-28 17:11 . 2010-06-28 17:11    47360    ----a-w-    c:\dokumente und einstellungen\Johannes\Anwendungsdaten\pcouffin.sys
2010-06-28 17:11 . 2010-06-28 17:11    --------    d-----w-    c:\programme\DVDFab 7
2010-06-28 16:43 . 2010-06-28 16:43    --------    d-----w-    c:\programme\Elaborate Bytes
2010-06-28 16:38 . 2010-06-28 16:38    --------    d-----w-    c:\programme\ratDVD
2010-06-24 12:15 . 2008-04-14 05:52    832512    ----a-w-    c:\windows\system32\wininet.dll
2010-06-24 12:15 . 2008-04-14 05:52    78336    ----a-w-    c:\windows\system32\ieencode.dll
2010-06-24 12:15 . 2008-04-14 05:52    17408    ----a-w-    c:\windows\system32\corpol.dll
2010-06-24 09:02 . 2008-04-14 05:23    1852032    ----a-w-    c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2008-04-13 22:45    354304    ----a-w-    c:\windows\system32\drivers\srv.sys
2010-06-19 15:42 . 2009-06-10 15:51    --------    d-----w-    c:\programme\ICQ6.5
2010-06-17 14:03 . 2008-04-14 05:52    80384    ----a-w-    c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2009-05-05 18:39    744448    ----a-w-    c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2008-04-14 05:52    1172480    ----a-w-    c:\windows\system32\msxml3.dll
2010-05-24 08:32 . 2010-05-24 08:32    503808    ----a-w-    c:\dokumente und einstellungen\Johannes\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-45e4aa69-n\msvcp71.dll
2010-05-24 08:32 . 2010-05-24 08:32    499712    ----a-w-    c:\dokumente und einstellungen\Johannes\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-45e4aa69-n\jmc.dll
2010-05-24 08:32 . 2010-05-24 08:32    348160    ----a-w-    c:\dokumente und einstellungen\Johannes\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-45e4aa69-n\msvcr71.dll
2010-05-24 08:32 . 2010-05-24 08:32    61440    ----a-w-    c:\dokumente und einstellungen\Johannes\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1451d564-n\decora-sse.dll
2010-05-24 08:32 . 2010-05-24 08:32    12800    ----a-w-    c:\dokumente und einstellungen\Johannes\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1451d564-n\decora-d3d.dll
.

(((((((((((((((((((((((((((((   SnapShot@2010-08-15_15.47.12   )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-15 18:53 . 2010-08-15 18:53    16384              c:\windows\Temp\Perflib_Perfdata_678.dat
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe" [2006-03-01 90112]
"DAEMON Tools Lite"="c:\programme\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Granola"="c:\programme\MiserWare\Granola\granola.exe" [2010-07-08 631808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"nwiz"="nwiz.exe" [2008-10-07 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"Diamondback"="c:\programme\Razer\Diamondback\razerhid.exe" [2007-02-14 147456]
"HP Software Update"="c:\programme\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"GrooveMonitor"="c:\programme\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-10 16342528]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"NeroFilterCheck"="c:\programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"PDFPrint"="c:\programme\pdf24\pdf24.exe" [2010-06-21 199488]
"AVP"="c:\programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-07-21 208616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"MySpaceIM"="c:\programme\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
HP Digital Imaging Monitor.lnk - c:\programme\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\German\\setup.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programme\\ICQ6.5\\ICQ.exe"=
"c:\\Programme\\Ubisoft\\Related Designs\\ANNO 1404\\Anno4.exe"=
"c:\\Programme\\Ubisoft\\Related Designs\\ANNO 1404\\tools\\Anno4Web.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programme\\Steam\\Steam.exe"=
"c:\\Programme\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Programme\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Programme\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Programme\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\Steam\\steamapps\\steam_whatthehell\\counter-strike\\hl.exe"=
"c:\\Programme\\CryptLoad\\RouterClient.exe"=

R2 gupdate1c9ded07801578c;Google Update Service (gupdate1c9ded07801578c);c:\programme\Google\Update\GoogleUpdate.exe [2009-05-27 133104]
R3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [x]
R3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys [x]
R3 speccy;speccy;c:\dokume~1\Johannes\LOKALE~1\Temp\864a4d2f-cb3f-426c-967e-038f054c894b [x]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-11-07 691696]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-05-06 33808]
S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592]
S3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\Drivers\Razerlow.sys [2005-04-24 13225]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners

2010-08-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-05-27 13:38]

2010-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-05-27 13:38]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
uInternet Connection Wizard,ShellNext = hxxp://www.daemon-search.com/startpage
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Save YouTube Video
IE: Save YouTube Video as MP3
FF - ProfilePath - c:\dokumente und einstellungen\Johannes\Anwendungsdaten\Mozilla\Firefox\Profiles\eayw02s8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://searchservice.myspace.com/index.cfm?fuseaction=sitesearch.results&type=Web&orig=IMC-FF&qry=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\programme\Google\Google Gears\Firefox\lib\ff36\gears.dll
FF - plugin: c:\dokumente und einstellungen\Johannes\Anwendungsdaten\Mozilla\Firefox\Profiles\eayw02s8.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\programme\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\programme\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programme\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programme\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\programme\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npwachk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size",  4096);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

AddRemove-RealJukebox 1.0 - c:\programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe
AddRemove-RealPlayer 6.0 - c:\programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-15 21:05
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\speccy]
"ImagePath"="\??\c:\dokume~1\Johannes\LOKALE~1\Temp\864a4d2f-cb3f-426c-967e-038f054c894b"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'explorer.exe'(2992)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Zeit der Fertigstellung: 2010-08-16  00:09:20
ComboFix-quarantined-files.txt  2010-08-15 22:09

Vor Suchlauf: 14 Verzeichnis(se), 69.625.012.224 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 69.612.871.680 Bytes frei

- - End Of File - - C81F7BB2B1FF23B85A00505BA9C6FADE
Seitenanfang Seitenende
16.08.2010, 12:36
virenfinder
Member

Beiträge: 3716
#6 download malwarebytes
www.malwarebytes.org
instaliere es, klicke auf die registerkarte aktualisierung, update das programm.
klicke registerkarte scanner, komplett scan, funde löschen, log posten.
Seitenanfang Seitenende
16.08.2010, 13:44
Netter
Member

Themenstarter

Beiträge: 16
#7

Code


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4435

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

16.08.2010 13:44:30
mbam-log-2010-08-16 (13-44-30).txt

Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|D:\|)
Durchsuchte Objekte: 220370
Laufzeit: 43 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP8\Report\05\0000000B_objdt.dat (Trojan.Agent) -> Delete on reboot.
C:\Dokumente und Einstellungen\Johannes\Eigene Dateien\Downloads\x264vfw_20_1195bm_19501.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Programme\CryptLoad\ocr\netload.in\asmCaptcha\test.exe (Malware.Packer) -> Quarantined and deleted successfully.
C:\Programme\CryptLoad\router\FRITZ!Box\nc.exe (PUP.KeyLogger) -> Quarantined and deleted successfully.
Seitenanfang Seitenende
16.08.2010, 13:57
virenfinder
Member

Beiträge: 3716
#8 ist er denn immernoch lahm?
Seitenanfang Seitenende
16.08.2010, 15:41
Netter
Member

Themenstarter

Beiträge: 16
#9 Läuft wieder flüssig.
Vielen Dank dafür.
Nur die Cds/DVDs hängen sich immer noch auf und werden nicht abgespielt.
Liegt aber am Laufwerk denke ich.

Gruß
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 1