Sicherheitscenter nicht aktivierbar / Google leitet um / AVIRA nicht updatebar / Rechner langsam

kira · 04.07.2011, 08:21

1.
Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript:

Code:

ATTFilter

:OTL
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/skins7/"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

:Commands
[purity]
[emptytemp]

und füge es hier ein:
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Deinen Thread.

2.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

3.
reinige dein System mit Ccleaner:

"Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
"Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
Starte dein System neu auf

4.

lade Dir SUPERAntiSpyware FREE Edition herunter.
installiere das Programm und update online.
starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

5.
- "Link:-> ESET Online Scanner
>>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

-> Führe dann einen Komplett-Systemcheck mit Eset/Nod32 durch

- folgendes bitte anhaken > "Remove found threads" und "Scan archives"
- die Scanergebnis als *.txt Dateien speichern)
- meistens "C:\Programme\Eset\EsetOnlineScanner\log.txt"

Vor dem Scan Einstellungen im Internet Explorer:
- "Extras→ Internetoptionen→ Sicherheit":
- alles auf Standardstufe stellen
- Active X erlauben
- um den Scan zu starten: wenn du danach gefragt wirst (den Text in der Informationsleiste ) - ActiveX-Steuerelement installieren lassen

► Wie ist den aktuellen Zustand des Rechners? Auffälligkeiten, Probleme?

Toni_75 · 04.07.2011, 18:46

Hallo Kira,

danke!! für das Durchhaltevermögen :-)) bin leider immer erst abends in der Lage am Rechner weiterzuarbeiten.

Schrittweise:

1. Logdatei aus OTL-Fix

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Prefs.js: "ICQ Search" removed from browser.search.selectedEngine
Prefs.js: "hxxp://start.icq.com/skins7/" removed from browser.startup.homepage
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: ap
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Standard
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 34979150 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 99899904 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 58011 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 64522665 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 190,00 mb
 
 
OTL by OldTimer - Version 3.2.24.1 log created on 07042011_193806

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Toni_75 · 04.07.2011, 18:53

2. OTL.TXT und EXTRAS.TXT nach OTL-Scan

OTL.TXT
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 04.07.2011 19:47:02 - Run 7
OTL by OldTimer - Version 3.2.24.1     Folder = C:\Users\Standard\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 59,93% Memory free
6,73 Gb Paging File | 5,38 Gb Available in Paging File | 79,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 121,47 Gb Free Space | 52,16% Space Free | Partition Type: NTFS
 
Computer Name: TOBIAS-PC | User Name: Standard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.07.03 18:18:42 | 000,222,720 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\ielowutil.exe
PRC - [2011.07.02 14:18:25 | 000,428,200 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2011.07.02 14:18:25 | 000,340,136 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe
PRC - [2011.07.02 14:18:25 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.26 18:57:16 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Standard\Desktop\OTL.exe
PRC - [2011.06.26 11:16:26 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.06.26 11:16:13 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.06.26 11:16:08 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.06.16 06:32:36 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.05.25 17:29:48 | 001,336,712 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe
PRC - [2011.01.05 10:18:50 | 000,133,432 | ---- | M] (ICQ, LLC.) -- C:\Programme\ICQ7.2\ICQ.exe
PRC - [2011.01.05 04:58:02 | 000,397,312 | ---- | M] (AMD) -- C:\WINDOWS\System32\atieclxx.exe
PRC - [2011.01.05 04:57:32 | 000,176,128 | ---- | M] (AMD) -- C:\WINDOWS\System32\atiesrxx.exe
PRC - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe
PRC - [2010.10.27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010.09.21 15:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.09.21 15:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2010.09.17 10:16:58 | 042,773,336 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
PRC - [2010.09.17 10:16:58 | 000,097,624 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2010.08.25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2009.09.28 10:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009.07.17 14:14:16 | 000,614,400 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.06.23 21:28:08 | 000,208,896 | ---- | M] (UASSOFT.COM) -- C:\Programme\Keyboard & Mouse Driver\KMWDSrv.exe
PRC - [2008.04.15 18:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008.04.15 18:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008.02.12 22:05:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_030ac640\AEstSrv.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2007.05.10 13:18:10 | 000,835,584 | ---- | M] () -- C:\WINDOWS\vsnp325.exe
PRC - [2007.04.21 09:36:50 | 000,270,336 | ---- | M] () -- C:\WINDOWS\tsnp325.exe
PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.06.26 18:57:16 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Standard\Desktop\OTL.exe
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (Recovery Service for Windows)
SRV - [2011.07.02 14:18:25 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011.07.02 14:18:25 | 000,340,136 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2011.07.02 14:18:25 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.26 11:16:26 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.06.10 18:55:48 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.05.25 17:29:48 | 001,336,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.01.05 04:57:32 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\WINDOWS\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009.09.28 10:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008.07.29 18:20:14 | 000,067,072 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Stopped] -- C:\WINDOWS\System32\ATKFUSService.exe -- (ATKFUSService)
SRV - [2008.06.23 21:28:08 | 000,208,896 | ---- | M] (UASSOFT.COM) [Auto | Running] -- C:\Programme\Keyboard & Mouse Driver\KMWDSrv.exe -- (KMWDSERVICE)
SRV - [2008.04.15 18:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008.02.12 22:05:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_030ac640\AEstSrv.exe -- (AESTFilters)
SRV - [2008.02.03 12:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\WINDOWS\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.07.02 14:18:26 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.02 14:18:26 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.01.05 05:36:10 | 006,789,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2011.01.05 05:36:10 | 006,789,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011.01.05 04:19:18 | 000,235,520 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011.01.02 01:04:00 | 000,722,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.11.17 14:04:12 | 000,097,296 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
DRV - [2010.06.10 14:32:14 | 000,035,840 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\npf_devolo.sys -- (NPF_devolo) NetGroup Packet Filter Driver (devolo)
DRV - [2009.07.17 18:02:02 | 000,335,872 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\rt61.sys -- (RT61)
DRV - [2009.07.17 02:41:49 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2009.05.14 09:48:04 | 000,762,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\UDXTTM6010.sys -- (UDXTTM6010)
DRV - [2009.05.11 11:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2009.03.18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.08.06 17:26:08 | 000,124,928 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.07.29 18:20:16 | 000,030,976 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\ATKDispLowFilter.sys -- (atkdisplf)
DRV - [2008.07.29 18:20:16 | 000,015,232 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\asusgsb.sys -- (asusgsb)
DRV - [2008.04.27 18:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2008.04.27 12:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\athr.sys -- (athr)
DRV - [2008.04.15 20:19:54 | 000,378,368 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008.04.01 13:14:10 | 000,081,296 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008.03.27 13:12:12 | 000,024,424 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2008.03.27 13:11:34 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008.03.22 11:31:58 | 000,017,024 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\KMWDFILTER.sys -- (KMWDFilter)
DRV - [2008.01.24 15:23:12 | 000,052,736 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\enecir.sys -- (enecir)
DRV - [2007.07.11 10:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007.06.18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007.05.30 19:14:58 | 000,016,640 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2007.05.07 17:58:44 | 010,343,168 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\snp325.sys -- (SNP325) USB PC Camera (SNPSTD325)
DRV - [2007.01.29 17:12:52 | 000,018,432 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AsusVRC.sys -- (ASUSVRC)
DRV - [2006.11.10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\afc.sys -- (Afc)
DRV - [2006.11.02 09:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2006.07.24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/skins7/"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
 
FF - user.js..browser.search.openintab: false
 
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.07.03 17:30:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.18 10:16:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.07.02 14:17:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.06.18 10:16:01 | 000,000,000 | ---D | M]
 
[2011.05.29 18:30:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Standard\AppData\Roaming\mozilla\Extensions
[2010.09.01 10:06:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Standard\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.07.04 08:59:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\944s7en5.default\extensions
[2011.07.04 08:59:10 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\944s7en5.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.08.30 11:37:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\944s7en5.default\extensions\personas@christopher.beard
[2011.06.13 23:05:44 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\944s7en5.default\extensions\plugin@yontoo.com
[2011.07.04 17:14:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\psvooo35.default\extensions
[2011.06.14 18:32:19 | 000,000,000 | ---D | M] (Maximum AdBlock) -- C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\psvooo35.default\extensions\ozymandias@securityheroes.com
[2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\944s7en5.default\searchplugins\icqplugin.xml
[2011.07.03 17:30:55 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.03.10 22:24:04 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.06.26 18:58:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.14 19:50:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.08 21:25:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.06.13 23:06:07 | 000,000,000 | ---D | M] (Babylon) -- C:\Programme\Mozilla Firefox\extensions\ffxtlbr@babylon.com
[2011.06.16 06:32:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll
[2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.06.13 23:05:52 | 000,002,226 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\babylon.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.06.26 18:39:42 | 000,000,098 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (GdfrDUEn Class) - {A3CF7606-E683-4375-A372-96B75DA0AEF7} - C:\Programme\Get Styles\enlbrdr.dll (TODO: <Company name>)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Programme\Yontoo Layers\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Programme\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe ()
O4 - HKLM..\Run: [snp325] C:\WINDOWS\vsnp325.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [tsnp325] C:\WINDOWS\tsnp325.exe ()
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [msnmsgr]  File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8 - Extra context menu item: Free YouTube Download - C:\Users\Standard\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Standard\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Programme\Get Styles\ct.htm ()
O9 - Extra 'Tools' menuitem : GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Programme\Get Styles\ct.htm ()
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} hxxp://support.euro.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/html {574940E0-1B7A-4881-8FA3-1E809714B156} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~1\windows searchqu toolbar\datamngr\datamngr.dll) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\ezShellStart.exe) - C:\WINDOWS\System32\ezShellStart.exe (EasyBits Software AS)
O24 - Desktop WallPaper: C:\Users\Standard\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Standard\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\WINDOWS\System32\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.07.04 08:59:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.5
[2011.07.04 08:58:43 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.5
[2011.07.04 08:16:29 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011.07.04 07:39:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011.07.04 07:37:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2011.07.04 07:37:50 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2011.07.04 07:37:50 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2011.07.04 07:37:50 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2011.07.04 07:37:50 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2011.07.04 07:37:50 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2011.07.04 07:37:48 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2011.07.04 07:37:48 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2011.07.04 07:37:48 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2011.07.04 07:37:48 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2011.07.04 07:37:48 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2011.07.04 07:37:43 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2011.07.04 07:37:43 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2011.07.04 07:37:43 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2011.07.04 07:37:43 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2011.07.04 07:37:43 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2011.07.03 21:56:07 | 000,072,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.2.4000.0.dll
[2011.07.03 18:23:21 | 000,089,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SQSRVRES.DLL
[2011.07.03 18:18:43 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011.07.03 18:18:43 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011.07.03 18:18:43 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011.07.03 18:18:43 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.07.03 18:18:42 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011.07.03 18:18:42 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.07.03 18:18:42 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.07.03 18:18:42 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.07.03 18:18:42 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011.07.03 18:18:42 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.07.03 18:18:42 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.07.03 18:18:42 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011.07.03 18:18:42 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.07.03 18:18:42 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.07.03 18:18:42 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011.07.03 18:18:42 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.07.03 18:18:42 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.07.03 18:18:42 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011.07.03 18:18:42 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.07.03 18:18:42 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.07.03 18:18:41 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.07.03 18:18:41 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.07.03 18:18:41 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.07.03 18:18:41 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.07.03 18:18:41 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.07.03 18:18:41 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.07.03 18:18:41 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011.07.03 18:18:41 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011.07.03 18:18:41 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011.07.03 18:18:41 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.07.03 18:18:41 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.07.03 18:18:41 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011.07.03 18:18:41 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011.07.03 18:18:41 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011.07.03 18:18:41 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.07.03 18:18:41 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011.07.03 18:18:40 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011.07.03 18:18:40 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011.07.03 18:18:40 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.07.03 17:47:40 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe AIR
[2011.07.02 20:07:42 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Roaming\HpUpdate
[2011.07.02 20:07:25 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
[2011.07.02 19:59:43 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\Secunia PSI
[2011.07.02 19:59:34 | 000,000,000 | ---D | C] -- C:\Programme\Secunia
[2011.07.02 15:32:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.07.02 15:32:02 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2011.06.26 18:58:31 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\Standard\Desktop\OTL.exe
[2011.06.26 18:39:42 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.06.25 23:27:07 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.06.25 20:58:50 | 000,000,000 | ---D | C] -- C:\Users\Standard\Desktop\Tools
[2011.06.25 19:07:16 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Roaming\Malwarebytes
[2011.06.25 19:06:09 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.06.25 19:06:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.06.25 19:06:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.06.25 19:06:04 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.06.25 19:06:04 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.06.17 19:49:54 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2011.06.17 14:43:20 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011.06.17 14:27:36 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Roaming\go
[2011.06.14 18:32:20 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Roaming\SecurityHeroes
[2011.06.14 12:32:17 | 000,026,176 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\System32\hamachi.sys
[2011.06.14 12:32:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2011.06.14 12:31:58 | 000,000,000 | ---D | C] -- C:\Programme\LogMeIn Hamachi
[2011.06.14 12:09:25 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011.06.13 23:25:07 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011.06.13 23:05:37 | 000,000,000 | ---D | C] -- C:\Programme\Yontoo Layers
[2011.06.13 23:05:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2011.06.13 23:04:44 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\MediaGet2
[2011.06.13 18:41:09 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\Activision
[2011.06.11 16:40:52 | 000,000,000 | ---D | C] -- C:\Programme\THQ
[2011.06.11 16:38:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.06.11 16:38:02 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\SKIDROW
[2011.06.11 16:37:26 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2011.06.11 16:37:22 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2011.06.11 10:18:46 | 000,000,000 | ---D | C] -- C:\Programme\DAMN NFO Viewer
[2011.06.11 10:13:01 | 000,000,000 | ---D | C] -- C:\Users\Standard\Documents\My Games
[2011.06.10 18:53:35 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Steam
[2011.06.10 18:53:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2011.06.10 18:53:31 | 000,000,000 | ---D | C] -- C:\Programme\Steam
[2009.04.15 13:48:43 | 000,147,456 | ---- | C] ( ) -- C:\Windows\System32\rsnp325.dll
[2009.04.15 13:48:43 | 000,057,344 | ---- | C] ( ) -- C:\Windows\System32\vsnp325.dll
[2009.04.15 13:48:43 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp325.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.07.04 19:39:58 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.07.04 19:39:50 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.07.04 19:39:50 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.07.04 19:39:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.07.04 19:39:39 | 3486,920,704 | -HS- | M] () -- C:\hiberfil.sys
[2011.07.04 19:19:05 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.07.04 08:56:37 | 000,000,274 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011.07.04 08:50:48 | 000,002,144 | ---- | M] () -- C:\Users\Standard\Documents\cc_20110704_085044.reg
[2011.07.04 07:55:02 | 000,000,466 | ---- | M] () -- C:\Users\Standard\Documents\cc_20110704_075459.reg
[2011.07.04 07:54:42 | 000,006,670 | ---- | M] () -- C:\Users\Standard\Documents\cc_20110704_075438.reg
[2011.07.03 23:17:41 | 000,048,812 | ---- | M] () -- C:\Users\Standard\Documents\cc_20110703_231734.reg
[2011.07.03 21:56:08 | 000,736,604 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.07.03 21:56:08 | 000,697,334 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.07.03 21:56:08 | 000,168,862 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.07.03 21:56:08 | 000,143,050 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.07.03 18:18:49 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011.07.03 18:18:49 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011.07.03 18:18:43 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011.07.03 18:18:43 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011.07.03 18:18:43 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011.07.03 18:18:43 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.07.03 18:18:42 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011.07.03 18:18:42 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.07.03 18:18:42 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.07.03 18:18:42 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.07.03 18:18:42 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011.07.03 18:18:42 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.07.03 18:18:42 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.07.03 18:18:42 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011.07.03 18:18:42 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.07.03 18:18:42 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.07.03 18:18:42 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011.07.03 18:18:42 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.07.03 18:18:42 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.07.03 18:18:42 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011.07.03 18:18:42 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011.07.03 18:18:42 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.07.03 18:18:42 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.07.03 18:18:41 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.07.03 18:18:41 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.07.03 18:18:41 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.07.03 18:18:41 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.07.03 18:18:41 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.07.03 18:18:41 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.07.03 18:18:41 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011.07.03 18:18:41 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011.07.03 18:18:41 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011.07.03 18:18:41 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.07.03 18:18:41 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.07.03 18:18:41 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011.07.03 18:18:41 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011.07.03 18:18:41 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011.07.03 18:18:41 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.07.03 18:18:41 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011.07.03 18:18:40 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011.07.03 18:18:40 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011.07.03 18:18:40 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.07.03 17:53:15 | 002,250,176 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.07.03 10:17:11 | 000,012,142 | ---- | M] () -- C:\Users\Standard\Documents\cc_20110703_101707.reg
[2011.07.02 23:51:15 | 000,089,088 | ---- | M] () -- C:\Windows\System32\mbr.exe
[2011.07.02 15:37:03 | 000,000,702 | ---- | M] () -- C:\Users\Standard\Documents\cc_20110702_153657.reg
[2011.07.02 15:36:31 | 000,092,782 | ---- | M] () -- C:\Users\Standard\Documents\cc_20110702_153623.reg
[2011.07.02 14:18:26 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.07.02 14:18:26 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.06.26 18:57:16 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Standard\Desktop\OTL.exe
[2011.06.26 18:39:42 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011.06.26 13:39:00 | 000,001,047 | ---- | M] () -- C:\Users\Public\Desktop\Camtasia Studio 7.lnk
[2011.06.26 13:20:54 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.06.26 11:14:23 | 000,003,450 | ---- | M] () -- C:\Users\Standard\Documents\cc_20110626_111419.reg
[2011.06.25 23:29:04 | 000,000,000 | ---- | M] () -- C:\Windows\System32\.1
[2011.06.18 16:27:04 | 000,010,580 | ---- | M] () -- C:\Users\Standard\Documents\cc_20110618_162654.reg
[2011.06.18 10:19:13 | 000,101,980 | ---- | M] () -- C:\Users\Standard\Documents\cc_20110618_101904.reg
[2011.06.17 20:11:42 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011.06.17 20:11:42 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011.06.16 11:03:38 | 000,270,776 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2011.06.16 11:01:19 | 000,111,928 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2011.06.13 10:54:37 | 000,022,328 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\PnkBstrK.sys
[2011.06.12 08:35:07 | 000,002,032 | ---- | M] () -- C:\Users\Standard\AppData\Local\d3d9caps.dat
[2011.06.11 16:38:59 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
 
========== Files Created - No Company Name ==========
 
[2011.07.04 08:50:47 | 000,002,144 | ---- | C] () -- C:\Users\Standard\Documents\cc_20110704_085044.reg
[2011.07.04 07:55:01 | 000,000,466 | ---- | C] () -- C:\Users\Standard\Documents\cc_20110704_075459.reg
[2011.07.04 07:54:40 | 000,006,670 | ---- | C] () -- C:\Users\Standard\Documents\cc_20110704_075438.reg
[2011.07.04 07:37:44 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011.07.04 07:37:44 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011.07.04 07:37:44 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011.07.03 23:17:38 | 000,048,812 | ---- | C] () -- C:\Users\Standard\Documents\cc_20110703_231734.reg
[2011.07.03 18:18:42 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011.07.03 17:31:03 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.07.03 10:17:09 | 000,012,142 | ---- | C] () -- C:\Users\Standard\Documents\cc_20110703_101707.reg
[2011.07.02 23:52:36 | 000,089,088 | ---- | C] () -- C:\Windows\System32\mbr.exe
[2011.07.02 15:36:58 | 000,000,702 | ---- | C] () -- C:\Users\Standard\Documents\cc_20110702_153657.reg
[2011.07.02 15:36:27 | 000,092,782 | ---- | C] () -- C:\Users\Standard\Documents\cc_20110702_153623.reg
[2011.06.26 13:39:00 | 000,001,047 | ---- | C] () -- C:\Users\Public\Desktop\Camtasia Studio 7.lnk
[2011.06.26 11:14:21 | 000,003,450 | ---- | C] () -- C:\Users\Standard\Documents\cc_20110626_111419.reg
[2011.06.25 23:29:04 | 000,000,000 | ---- | C] () -- C:\Windows\System32\.1
[2011.06.25 20:55:07 | 3486,920,704 | -HS- | C] () -- C:\hiberfil.sys
[2011.06.18 16:27:00 | 000,010,580 | ---- | C] () -- C:\Users\Standard\Documents\cc_20110618_162654.reg
[2011.06.18 10:19:09 | 000,101,980 | ---- | C] () -- C:\Users\Standard\Documents\cc_20110618_101904.reg
[2011.06.18 10:16:01 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk
[2011.06.17 20:11:42 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011.06.17 20:11:42 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011.06.11 16:38:59 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.04.22 10:53:20 | 000,104,272 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011.02.22 17:21:53 | 000,022,328 | ---- | C] () -- C:\Users\Standard\AppData\Roaming\PnkBstrK.sys
[2011.01.05 04:17:40 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010.12.15 21:33:32 | 000,002,975 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010.12.08 19:35:34 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010.10.28 00:13:58 | 000,226,857 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010.07.02 17:49:56 | 000,762,232 | ---- | C] () -- C:\Windows\System32\drivers\UDXTTM6010.sys
[2010.02.27 17:35:01 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.02.11 09:58:56 | 000,004,096 | ---- | C] () -- C:\Windows\System32\detoured.dll
[2010.02.07 12:42:46 | 000,479,232 | ---- | C] () -- C:\Windows\ssndii.exe
[2010.02.07 12:42:20 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ssp4ml3.dll
[2009.12.12 19:12:18 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.09.26 16:23:46 | 000,065,536 | ---- | C] () -- C:\Windows\System32\AlfaBIG32.dll
[2009.09.24 15:26:17 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.24 15:26:17 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.08.31 14:03:42 | 000,262,144 | ---- | C] () -- C:\Windows\System32\EMRegSys.dll
[2009.05.24 11:58:18 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2009.05.24 11:50:24 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009.04.27 19:29:44 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2009.04.27 19:29:44 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2009.04.17 12:11:26 | 000,020,480 | ---- | C] () -- C:\Users\Standard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.15 13:48:44 | 000,835,584 | ---- | C] () -- C:\Windows\vsnp325.exe
[2009.04.15 13:48:44 | 000,270,336 | ---- | C] () -- C:\Windows\tsnp325.exe
[2009.04.15 13:48:44 | 000,020,480 | ---- | C] () -- C:\Windows\FixCamera.exe
[2009.04.15 13:48:44 | 000,015,498 | ---- | C] () -- C:\Windows\snp325.ini
[2009.04.15 13:38:56 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2009.04.14 21:28:16 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.04.14 20:31:54 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.02.20 12:21:43 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.01.28 10:08:03 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2009.01.28 09:51:29 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.01.27 17:39:37 | 000,002,032 | ---- | C] () -- C:\Users\Standard\AppData\Local\d3d9caps.dat
[2008.09.29 00:09:32 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008.07.02 18:10:15 | 000,736,604 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.07.02 18:10:15 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.07.02 18:10:15 | 000,168,862 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.07.02 18:10:15 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.07.02 09:51:54 | 000,008,308 | ---- | C] () -- C:\Windows\System32\ezdigsgn.dat
[2008.03.05 05:38:44 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2007.09.20 12:33:52 | 003,190,784 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2007.09.20 12:33:52 | 000,741,376 | ---- | C] () -- C:\Windows\System32\audxlib.dll
[2007.09.20 12:33:52 | 000,662,016 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007.09.20 12:33:52 | 000,511,488 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2007.09.20 12:33:52 | 000,405,504 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2007.09.20 12:33:52 | 000,245,760 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2007.09.20 12:33:52 | 000,221,184 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2007.09.20 12:33:52 | 000,200,704 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2007.09.20 12:33:52 | 000,155,648 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2007.09.20 12:33:52 | 000,143,360 | ---- | C] () -- C:\Windows\System32\ff_theora.dll
[2007.09.20 12:33:52 | 000,122,880 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2007.09.20 12:33:52 | 000,118,784 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2007.09.20 12:33:52 | 000,114,688 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2007.09.20 12:33:52 | 000,097,280 | ---- | C] () -- C:\Windows\System32\ff_realaac.dll
[2007.09.20 12:33:52 | 000,079,872 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2007.09.20 12:33:52 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2007.09.20 12:33:52 | 000,038,400 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2007.09.20 12:33:52 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2007.09.20 12:33:52 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 002,250,176 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,697,334 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,143,050 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.02.23 18:37:18 | 000,047,104 | ---- | C] () -- C:\Windows\System32\dsfFLACEncoder.dll
[2006.02.23 17:37:06 | 000,047,616 | ---- | C] () -- C:\Windows\System32\dsfVorbisDecoder.dll
[2006.02.23 17:36:22 | 000,102,400 | ---- | C] () -- C:\Windows\System32\dsfOggDemux2.dll
[2006.02.23 17:35:56 | 000,053,248 | ---- | C] () -- C:\Windows\System32\dsfOGMDecoder.dll
[2006.02.23 17:35:44 | 000,053,248 | ---- | C] () -- C:\Windows\System32\dsfNativeFLACSource.dll
[2006.02.23 17:35:40 | 000,049,664 | ---- | C] () -- C:\Windows\System32\dsfFLACDecoder.dll
[2006.02.23 17:34:58 | 000,083,456 | ---- | C] () -- C:\Windows\System32\libFLAC++.dll
[2006.02.23 17:34:56 | 000,106,496 | ---- | C] () -- C:\Windows\System32\libFishSound.dll
[2006.02.23 17:34:38 | 000,029,696 | ---- | C] () -- C:\Windows\System32\libOOOggSeek.dll
[2006.02.23 17:34:26 | 001,108,480 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2006.02.23 17:34:16 | 000,049,152 | ---- | C] () -- C:\Windows\System32\libOOogg.dll
[2006.02.23 17:33:54 | 000,140,288 | ---- | C] () -- C:\Windows\System32\libFLAC.dll
[2005.04.08 04:16:43 | 000,014,716 | -H-- | C] () -- C:\Users\Standard\AppData\Roaming\Standardlog.dat
[2004.10.11 11:19:00 | 000,092,672 | ---- | C] () -- C:\Windows\System32\ASUSASV2.DLL
[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
 
========== LOP Check ==========
 
[2010.12.31 22:30:50 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Cuttermaran
[2010.12.31 22:15:19 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\DVDVideoSoft
[2010.12.31 22:15:52 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.12.11 18:12:35 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Engelmann Media
[2010.11.14 22:48:52 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\flightgear.org
[2011.01.21 17:08:12 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\GetRightToGo
[2011.06.17 14:27:36 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\go
[2011.02.26 14:12:07 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\HLSW
[2011.07.04 19:43:41 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\ICQ
[2011.06.25 20:53:35 | 000,000,000 | RHSD | M] -- C:\Users\Standard\AppData\Roaming\install
[2010.10.20 06:46:54 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\InstantAction
[2009.07.23 16:37:52 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\IrfanView
[2010.11.08 22:16:39 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\JavaEditor
[2010.12.07 16:22:23 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Leadertech
[2009.06.06 17:57:37 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Miranda
[2011.07.03 17:32:32 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Opera
[2011.07.02 15:13:33 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Samsung
[2011.06.14 18:32:20 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\SecurityHeroes
[2009.12.15 19:10:24 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\SpeedProject
[2010.07.02 17:52:31 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\TerraTec
[2010.09.01 10:06:07 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Thunderbird
[2010.02.12 18:04:21 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Webweaver
[2011.02.07 19:14:05 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\WhiteSmoke
[2009.04.17 13:09:51 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\WildTangent
[2009.04.06 12:04:41 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\WinBatch
[2011.07.04 19:38:48 | 000,032,554 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

EXTRAS.TXT

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 04.07.2011 19:47:02 - Run 7
OTL by OldTimer - Version 3.2.24.1     Folder = C:\Users\Standard\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 59,93% Memory free
6,73 Gb Paging File | 5,38 Gb Available in Paging File | 79,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 121,47 Gb Free Space | 52,16% Space Free | Partition Type: NTFS
 
Computer Name: TOBIAS-PC | User Name: Standard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1"
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 1
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{065DD2F7-9920-439F-BD04-0E3073B25533}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | 
"{0B4A45E2-5CFD-4367-A421-244382F6B85F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0C02E0C5-C730-45F9-8905-761654C45C4C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{19FE9E3E-85FF-4569-BDD9-2DDD3E02D8B9}" = rport=139 | protocol=6 | dir=out | app=system | 
"{1C27ED59-8710-4B0D-81D3-7BC5A81855C4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2390DA5F-FFA4-4E25-8164-F16A9C9E2864}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{244264B0-7A1F-4F91-AFFE-084BE4DCC019}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{32ABC149-73D7-4A82-8A77-4C990C7FBC1E}" = lport=138 | protocol=17 | dir=in | app=system | 
"{4C795BFC-BF53-49FE-B563-0C194924175A}" = lport=137 | protocol=17 | dir=in | app=system | 
"{4D7AC7AB-C92E-4D3C-9C8F-FCC13AC552EA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{50EE43AD-15DA-46D3-9D61-E8AC076E637D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{554EC450-094C-43C9-ABBC-FAA54658E75A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5CB26342-473C-436A-818A-D8DC91F8C91D}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{5F207028-1998-4794-BA7C-E1A9D1C3B6DD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{631D8B3A-529D-416D-97D7-8B813DF2E8ED}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{64E52F38-D611-43E3-A9A1-1B251E8D6A64}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{6E207099-C83C-458D-AED4-B2916C048D28}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{73526175-250A-4798-BAB6-6D82636F8BBE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{89EFE265-E1A6-4E88-9421-A3A669E63357}" = rport=445 | protocol=6 | dir=out | app=system | 
"{9DFA0E9D-39C3-4D22-B3E6-32EE73ED76A5}" = lport=10301 | protocol=17 | dir=in | app=c:\program files\devolo\informer\devinf.exe | 
"{A97E9E66-E36A-4A83-ACFB-2796A1A533F2}" = rport=137 | protocol=17 | dir=out | app=system | 
"{ADA6E7CA-0EBA-453C-BE48-BEB2714AD344}" = lport=139 | protocol=6 | dir=in | app=system | 
"{B21D5DA9-4407-4FFD-B791-72FB4E250912}" = lport=28960 | protocol=6 | dir=in | name=cod4 | 
"{B3137CA7-6526-44DF-ADBA-BD51F36991D7}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{B42E7AEE-6A2B-4343-9461-0AB0DC54BFDD}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{B71098B0-C5F3-4858-986A-0EBC051D6732}" = rport=138 | protocol=17 | dir=out | app=system | 
"{BE6126A6-6ADB-4259-AD06-908C8BC5D1DA}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | 
"{C71B8A78-D6B2-419A-89DB-50CE72190F8E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{C967780B-3F94-4760-B0B7-F63F6DDBA795}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CA7DCB4F-B4AE-433A-8754-0E19DB0FEE8E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{DB1D00AB-4B99-47D6-80EF-A28E3F19A1DA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DD559780-8A6B-4BC0-BC71-B2B04EABF550}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{E28EF668-EBF9-49D5-88ED-AE89CAAB5EA6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{F37075E6-DF8E-4CE3-8407-29548006EB07}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F390B772-40D8-4A76-A5FD-AB50DE6A1E24}" = lport=10300 | protocol=6 | dir=in | app=c:\program files\devolo\informer\devinf.exe | 
"{F87DB93A-8A65-40BC-B857-B65B4BA22872}" = lport=445 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0014C0BA-205B-4149-9B05-CB56F8A58915}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{0065883F-1A8C-4049-BB2C-655E4C7925EC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{05903F01-EA69-4353-9C67-9C94EEA1612C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0A58AD70-7982-402E-82FC-926E538B2EC2}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{0BB9F8C3-4F11-424E-BFB3-15F548B0125A}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-203 | 
"{101C2C69-BA7E-4E1B-B48E-F61A753E6F2D}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 
"{124E7BD5-10E7-4656-8052-A4F3AB8835C0}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe | 
"{15485653-9FE8-493B-970C-CA1D515C528B}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe | 
"{1634D160-D61A-47F2-BF8B-6452828493B0}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{18795C90-77AF-4158-8F40-40F42D078CC6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1C53FC2B-B566-4552-951D-A53628B51D17}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{2487EDAA-672E-4508-BE6A-4F5FBA14AEA5}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{25EE3E7C-763D-4185-B9EB-CEA780989E0B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{28473026-2D1B-4B77-BA84-A0E5A2704323}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{30E64870-44A9-4CB1-9B14-022684A60092}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 
"{32A61BFF-3438-4AE3-AE81-BC950957B6D1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3791B316-7D65-4CA0-B0A8-FAF740333710}" = protocol=6 | dir=out | app=system | 
"{3FCBC69B-B200-4D06-86F4-2585B4E2B40A}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | 
"{3FF7E4F4-1BD6-4F05-812B-CAD61DFE9F36}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe | 
"{4A65E5CC-988B-407B-B52D-86B9AA240978}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{552CFEF1-E7AC-4F88-B2BE-3D3923DB85E3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{5C08BDCB-4901-4D28-BEBC-74BF2D081CFB}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{5E119DE7-1CBA-4835-A38B-C73660D18C12}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{5E1DD7FB-1178-4F48-8CF7-FF7033109253}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5F777A5C-DAF8-4DC3-A382-69CE3D9608E7}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe | 
"{7389CCD4-CDF6-44CA-9CCE-BB46741CBEE1}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | 
"{78EC60A4-320B-496B-90ED-4AC3BF99A198}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{7F3A3F92-E3BA-4BBD-9768-DED8F2CD8A74}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{816512E6-EB29-4A08-A763-F3F8B821ACF3}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | 
"{914D7F33-6967-429F-81A6-3BCAE17F8E82}" = protocol=58 | dir=in | app=system | 
"{94268DF4-9A05-4B8C-9827-1B9DCBE40164}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{9ED55FC4-B4B7-4E8A-9CBA-EE8426BAA40C}" = protocol=6 | dir=in | app=c:\program files\electronic arts\need for speed(tm) hot pursuit\launcher.exe | 
"{A55090BD-3654-4CA8-B53A-2B245B5696BB}" = protocol=17 | dir=in | app=c:\program files\electronic arts\need for speed(tm) hot pursuit\launcher.exe | 
"{AA0080CB-4788-4EFD-90A3-671B3D63338C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{AA088164-E56B-41C3-83E2-2FF443077B8E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AF00C150-65A5-4FF6-8E54-9AC6EDD6D7ED}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{B0D26DA5-42DC-43F7-86D9-4EBE7028F6C4}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe | 
"{B2489612-AB6D-4B8B-B6E8-D3AA5838CD1B}" = dir=in | app=c:\program files\hp\quickplay\qp.exe | 
"{BD3DE542-BFC0-4706-8BF9-F01D4DFC19B4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C217537B-B728-4A63-AF21-D8BBEDD0A6D6}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | 
"{CD9B160B-8168-4AD0-B412-5CE56F9B14C9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D186763E-6348-4F41-9995-266F79B5B465}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe | 
"{D7B0126E-A388-42F1-9E3F-0AF030D5AAE0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{F5D562D9-BB0A-453C-8235-2EE11FA2CA05}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe | 
"{F70A60BC-FB90-488C-9A0A-9593A5C86E02}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{FD224169-2DDE-4920-98BA-87D4FCE00EE1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{1252B7A3-20B5-4984-9EEC-FC575FE3D48C}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{14CFB5A8-3160-455C-BBA4-8C5559078E69}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{2762A398-F718-46BF-B017-5D812D1F8D2C}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"TCP Query User{390503DC-5D29-4BD4-BD9E-F9B7E17D7E4B}C:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe | 
"TCP Query User{6144204B-BEE8-4BA1-988C-6C07E207584A}C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"TCP Query User{6458BF47-D5DB-4246-ACAA-E26C67DF6FDF}C:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe | 
"TCP Query User{74F68D95-45CC-49D9-8A64-3AC2082985A7}C:\program files\asus\gamerosd\sbs.exe" = protocol=6 | dir=in | app=c:\program files\asus\gamerosd\sbs.exe | 
"TCP Query User{786FF187-6C2F-4FC2-8C95-7930B451FD58}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{7F8CDB64-BF21-4BA3-91A2-CF9D633215D2}C:\program files\electronic arts\need for speed(tm) hot pursuit\nfs11.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\need for speed(tm) hot pursuit\nfs11.exe | 
"TCP Query User{872D96FE-0E56-470A-A1D8-F482D6048F2A}C:\program files\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"TCP Query User{A8EB65FC-DAA5-442B-AA29-18E0A7F97345}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"TCP Query User{AA420A76-7CCE-44D4-8259-EB9908F3712E}C:\program files\devolo\informer\devinf.exe" = protocol=6 | dir=in | app=c:\program files\devolo\informer\devinf.exe | 
"TCP Query User{C9B165C1-843F-41F3-B36D-97BA636FA56E}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{F138B2A5-F65F-4513-A1FF-FCCF7B3CDDBD}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{F377A149-BE65-4496-89CF-FEA21E562E38}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{F99B2A89-36B4-474C-BB93-C5DE3080D993}C:\program files\activision\call of duty 4 - modern warfare\iw3mp 1.7 patched.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp 1.7 patched.exe | 
"TCP Query User{F9C3A6F8-F4B2-4141-A706-616A6BD14FA7}C:\program files\hlsw\hlsw.exe" = protocol=6 | dir=in | app=c:\program files\hlsw\hlsw.exe | 
"UDP Query User{06EE2C64-6C67-49C8-B376-BB12EE07710B}C:\program files\electronic arts\need for speed(tm) hot pursuit\nfs11.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\need for speed(tm) hot pursuit\nfs11.exe | 
"UDP Query User{29CA7137-E326-49C6-9D69-F7747D5AD4E1}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{2A8D35C6-001F-4884-AE7D-CC32CB63E06D}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{361CA2A3-8DA2-49A4-9F06-B025BE31C50F}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"UDP Query User{39C842B5-4590-40BE-9A91-032612CBDF25}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"UDP Query User{3BC66CCF-CEB8-4FFF-BED7-64DDE74307F3}C:\program files\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"UDP Query User{564ADE94-4393-477D-82AE-87271E387483}C:\program files\hlsw\hlsw.exe" = protocol=17 | dir=in | app=c:\program files\hlsw\hlsw.exe | 
"UDP Query User{65503A8D-A917-4717-B542-6D5D242B1CBE}C:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe | 
"UDP Query User{65D4A092-3E9E-43A5-AF88-BA714B8FE44E}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{885BD7D7-8898-4199-9B60-93E0D4542C68}C:\program files\devolo\informer\devinf.exe" = protocol=17 | dir=in | app=c:\program files\devolo\informer\devinf.exe | 
"UDP Query User{8F5E2C06-987E-41AF-8105-BD5A9EA7614C}C:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe | 
"UDP Query User{BA548024-5A37-4861-BB9C-324BEB654C7C}C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"UDP Query User{BEA529BB-B7C7-4F6A-A3F3-9D02FADED7EC}C:\program files\asus\gamerosd\sbs.exe" = protocol=17 | dir=in | app=c:\program files\asus\gamerosd\sbs.exe | 
"UDP Query User{CDBB24A0-0C27-403D-9323-1580F5ACC006}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{D836FB33-9916-444D-95E2-F09E7097F5CD}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{E3A6A25B-22A3-4814-B0D8-AD7E07A5BDB8}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{E437B427-9A45-48F2-8160-3A63E287A3C0}C:\program files\activision\call of duty 4 - modern warfare\iw3mp 1.7 patched.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp 1.7 patched.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty(R) - World at War(TM) 1.6 Patch
"{06A940CD-4924-485E-8500-476C9E08A820}" = Samsung PC Studio 3
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0AAFCFAF-5544-EEAF-189B-C85B138112D1}" = ATI Catalyst Install Manager
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E592C31-09EF-3CA1-A7DE-05D13DFCF791}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{12453E04-9738-4D16-8408-D726532C2C69}" = ASUS VGA Driver
"{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty(R) - World at War(TM) 1.3 Patch
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1A0E9390-BFA1-40E9-BC22-AEE278ED7C4A}" = Microsoft SQL Server 2008 Native Client
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1D328E11-3B0C-388C-835D-C9C20E8C7734}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F0D5576-C383-4E5E-9906-0B47BECBB8B6}" = Hama Webcam Suite
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{283CF61A-FAB6-4690-0001-05B15D792AC7}" = freeTunes*2.0
"{28C3E5E6-5ACA-408D-9A46-089C5334EC97}" = HP Help and Support
"{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"{30A68EDA-53FA-43B5-8007-D18ED1F61659}" = Jollenbeck
"{30DAA715-5032-40F9-A0AE-95C9AEBB3E3F}" = HP QuickTouch 1.00 D2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{32BC62C5-32B9-F838-ADD4-CFEF544C6888}" = ccc-core-static
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.7
"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{51E5C397-0AA0-48DD-9CB6-7259AFFDFB0A}" = HP Easy Setup - Frontend
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{582287DA-0806-4AC0-BF19-C15E3A466034}" = LightScribe System Software  1.12.33.2
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5FD89EA1-99C2-40EE-BBF5-20F8991ED756}" = Catalyst Control Center - Branding
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{738B0934-6676-44F6-AB52-32F4E60DCA7F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools (Deutsch)
"{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty(R) - World at War(TM) 1.7 Patch
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{771ABEA0-23AF-8F8E-63FE-168779F294B6}" = CCC Help English
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{7A529246-912F-4C40-A82A-E608DB702FD7}" = ASUS VideoSecurity Online
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{7F88C9E5-12BD-404F-AC6A-108BAAC9B708}" = ASUS Gamer OSD
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86B247F9-1D5E-CCC6-3280-71486D9A4E70}" = ATI Stream SDK v2 Developer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers 1.10.01
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial 
"{8B128562-681D-4FFA-BEBF-A825985B2CB9}" = AirPlus G DWL-G510
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}" = Paint.NET v3.5.8
"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library
"{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"{9F238A60-C445-4B81-8EDE-07DC924E98F8}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{A1399B3E-93A8-E865-EC9B-6B452E3094E5}" = Catalyst Control Center InstallProxy
"{A5CE7175-080D-49AC-B5A3-E7E3502428F5}" = HP Wireless Assistant
"{A611B2C0-5B79-4E84-B456-02B0D357BE3E}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup 
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-A83000000003}" = Adobe Reader 8.3.0 - Deutsch
"{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B16DA0F8-26BC-4FFC-9363-1D9F3E6C3E21}" = HP Customer Experience Enhancements
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B910DD1A-49B1-4068-9C08-E3C3AEC0C30A}" = Keyboard & Mouse Driver
"{BE4D9AE7-48F8-3A24-5C68-E064153618D3}" = Catalyst Control Center InstallProxy
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C92C89BB-1D11-C8D5-1584-D5259818479A}" = ccc-utility
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB71A20E-B1B4-4562-81FA-33E1DBD0342F}" = ProtectSmart Hard Drive Protection
"{CCAC7E52-ECCE-3C4D-B1BE-BC2ACF1C1C0E}" = Microsoft Visual Basic 2010 Express - DEU
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D074DC76-F6C9-440E-A1D0-1DE958417FDB}" = Microsoft SQL Server VSS Writer
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{DB837331-6864-4B66-7248-4CB823DB4222}" = Catalyst Control Center InstallProxy
"{DE042823-C359-4B87-B66B-308057E8B6AF}" = Camtasia Studio 7
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E989D16F-0B39-4E74-8BD5-149BEE1477FE}" = Microsoft SQL Server 2008 RsFx Driver
"{EEF985E8-8B36-4230-B174-117A2381C17F}" = LogMeIn Hamachi
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F47C09DB-746B-2ABA-819B-8FC759034E74}" = Catalyst Control Center Graphics Previews Common
"{F48098CD-2D66-4861-85EC-DC1D4D09D5F9}" = HP User Guides 0102
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9466082-90E9-4BE4-92F0-CF0AF195B0CF}" = hama PC-Webcam AC-140
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v1.50
"AIM_6" = AIM
"Avira AntiVir Desktop" = Avira AntiVir Premium
"BiosAgentPlus" = BiosAgentPlus Plugin for Netscape by eSupport.com
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"dlanconf" = devolo dLAN-Konfigurationsassistent
"dslmon" = devolo Informer
"EasyBits Magic Desktop" = Magic Desktop
"FormatFactory" = FormatFactory 2.60
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Studio_is1" = Free Studio version 5.0.3
"Free Video Dub_is1" = Free Video Dub version 1.4
"Free YouTube Download_is1" = Free YouTube Download 2.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"FreePDF_XP" = FreePDF XP (Remove only)
"Get Styles" = Get Styles
"GPL Ghostscript 8.64" = GPL Ghostscript 8.64
"HLSW_is1" = HLSW v1.3.3.7b
"ICQToolbar" = ICQ Toolbar
"InstallShield_{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty(R) - World at War(TM) 1.6 Patch
"InstallShield_{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty(R) - World at War(TM) 1.3 Patch
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"InstallShield_{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty(R) - World at War(TM) 1.7 Patch
"InstallShield_{7A529246-912F-4C40-A82A-E608DB702FD7}" = ASUS VideoSecurity Online
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"InstallShield_{B910DD1A-49B1-4068-9C08-E3C3AEC0C30A}" = Keyboard & Mouse Driver
"InstallShield_{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"IrfanView" = IrfanView (remove only)
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.0.1200
"MegaTrainer XL_is1" = MegaTrainer XL V1.4.5.3-Beta
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual Basic 2010 Express - DEU" = Microsoft Visual Basic 2010 Express - DEU
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"Mozilla Thunderbird (3.1.11)" = Mozilla Thunderbird (3.1.11)
"NetworkActiv AUTAPF 1.1" = NetworkActiv AUTAPF 1.1
"Notepad++" = Notepad++
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"s4uVoctra" = s4uVoctra
"Samsung ML-191x 252x Series" = Wartung Samsung ML-191x 252x Series
"Uninstall_is1" = Uninstall 1.0.0.1
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"xvid" = XviD MPEG-4 Video Codec
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

--- --- ---

Das steht schon wieder wwas von korrrupten Event Logs :-(
[/CODE]

Toni_75 · 04.07.2011, 19:04

3. CC-Cleaner

Habe ich auch übers WE schon einige male laaufen lassen - benutze ich ohnehin regelmäßg; daher aktuell nur 6 korrigierte Reg-Einträge.

Was auffällt: Rechner fährt relativ schnell hoch und friert nach dem Hochlaufen für ca. 30 sec vollständig ein - funktioniert anschließend aber augenscheinlich einwandfrei.

Toni_75 · 04.07.2011, 20:28

4. SUPERAntiSpyware-Log

und ich dachte schon wir nähern uns dem Ende!! und dann findet das Programm mal eben 790 Bedrohungen ????

Code:

ATTFilter

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 07/04/2011 at 09:15 PM

Application Version : 4.55.1000

Core Rules Database Version : 7370
Trace Rules Database Version: 5182

Scan type       : Complete Scan
Total Scan Time : 01:03:36

Memory items scanned      : 708
Memory threats detected   : 0
Registry items scanned    : 12696
Registry threats detected : 2
File items scanned        : 44961
File threats detected     : 788

Adware.Tracking Cookie
	C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@tradedoubler[1].txt
	C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@doubleclick[1].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@ad.ad-srv[2].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@ad.adc-serv[2].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@ad.adserver01[2].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@ad.dyntracker[1].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@ad.yieldmanager[1].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@ad.zanox[2].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@ad2.adfarm1.adition[2].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@ad4.adfarm1.adition[2].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@adfarm1.adition[1].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@adtech[1].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@adx.chip[2].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@apmebf[2].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@atdmt[1].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@bs.serving-sys[1].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@content.yieldmanager[1].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@dk-adserver[2].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@doubleclick[2].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@fastclick[1].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@imrworldwide[2].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@invitemedia[2].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@mediaplex[2].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@overture[2].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@statcounter[1].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@revsci[1].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@serving-sys[1].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@tracking.quisma[2].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@tradedoubler[1].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@traffictrack[1].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@webmasterplan[2].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@www.etracker[1].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@www.googleadservices[2].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@www.zanox-affiliate[1].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@xiti[1].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@zanox-affiliate[2].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@zanox[2].txt
	i.adultswim.com [ C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2NJGGZHG ]
	msnbcmedia.msn.com [ C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2NJGGZHG ]
	vht.tradedoubler.com [ C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2NJGGZHG ]
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.creative-serving[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@112.2o7[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.adnet[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.ad-srv[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.ad-srv[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.ad-srv[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.ad-srv[4].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.ad-srv[5].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.adbull[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.adition[10].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.adition[11].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.adition[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.adition[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.adition[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.adition[4].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.adition[5].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.adition[6].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.adition[7].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.adition[8].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.adition[9].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[7].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.adnet[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.adnet[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.adnet[4].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.adnet[5].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.adserver01[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.adserver01[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.adserver01[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.adserver01[5].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.dyntracker[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.dyntracker[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.dyntracker[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.dyntracker[4].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.jdtracker[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.jmg[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.jmg[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.wsod[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.wsod[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.wsod[4].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.wsod[5].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.wsod[6].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[10].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[11].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[4].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[5].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[6].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad2.adfarm1.adition[5].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[8].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[9].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.zanox[10].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.zanox[11].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.zanox[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.zanox[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.zanox[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.zanox[4].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.zanox[5].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.zanox[6].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.zanox[7].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.zanox[8].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.zanox[9].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad1.adfarm1.adition[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad1.adfarm1.adition[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad1.adfarm1.adition[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad1.adfarm1.adition[4].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad1.adfarm1.adition[5].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad1.adfarm1.adition[6].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad1.adfarm1.adition[7].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad1.adfarm1.adition[8].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad2.adfarm1.adition[10].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad2.adfarm1.adition[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad2.adfarm1.adition[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad2.adfarm1.adition[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad2.adfarm1.adition[4].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad3.adfarm1.adition[8].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad2.adfarm1.adition[6].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad2.adfarm1.adition[7].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad2.adfarm1.adition[8].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad2.adfarm1.adition[9].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad3.adfarm1.adition[10].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad3.adfarm1.adition[11].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad3.adfarm1.adition[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad3.adfarm1.adition[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad3.adfarm1.adition[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad3.adfarm1.adition[4].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad3.adfarm1.adition[5].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad3.adfarm1.adition[6].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad3.adfarm1.adition[7].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad4.adfarm1.adition[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad4.adfarm1.adition[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad4.adfarm1.adition[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad4.adfarm1.adition[5].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adbrite[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adbrite[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adbrite[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adbrite[4].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adbrite[5].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adbrite[6].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adbrite[8].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adfarm1.adition[7].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adfarm1.adition[10].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adfarm1.adition[11].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adfarm1.adition[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adfarm1.adition[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adfarm1.adition[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adfarm1.adition[4].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adfarm1.adition[5].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adfarm1.adition[6].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@admarketplace[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adfarm1.adition[8].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adfarm1.adition[9].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adform[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@admarketplace[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@admarketplace[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.247activemedia[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.247activemedia[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.247activemedia[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.adxvalue[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.brandwire[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.cpxadroit[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.cpxadroit[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.cpxadroit[4].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.cpxcenter[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.cpxcenter[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.cpxcenter[4].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.creative-serving[10].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.creative-serving[11].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bs.serving-sys[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.undertone[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.creative-serving[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.creative-serving[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.creative-serving[4].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.creative-serving[5].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.creative-serving[6].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.creative-serving[7].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.creative-serving[8].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.creative-serving[9].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.glispa[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.glispa[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.glispa[4].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.glispa[5].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.glispa[6].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.glispa[7].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.glispa[8].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.networldmedia[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.undertone[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adserver[5].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adserver.adtechus[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adserver.adtechus[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adserver.adtechus[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adserver.valwa[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adserver.valwa[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adserver[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adserver[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adserver[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adsrv1.admediate[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adsrv1.admediate[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adsrv1.admediate[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adtech[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adtech[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adtech[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adtech[4].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adtech[5].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adtech[6].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adtech[7].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adtech[9].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adultfriendfinder[6].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adultfriendfinder[10].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adultfriendfinder[11].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adultfriendfinder[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adultfriendfinder[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adultfriendfinder[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adultfriendfinder[4].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adultfriendfinder[5].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adviva[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adultfriendfinder[7].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adultfriendfinder[8].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adultfriendfinder[9].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adultswim[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@advertise[10].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@advertise[11].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@advertise[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@advertise[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@advertise[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@advertise[4].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@advertise[5].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@advertise[6].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@advertise[7].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@advertise[8].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@advertise[9].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@advertising[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@advertising[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adviva[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adxpose[6].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adxpose[10].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adxpose[11].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adxpose[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adxpose[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adxpose[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adxpose[4].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adxpose[5].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adxpose[7].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adxpose[8].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adxpose[9].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@apmebf[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@apmebf[10].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@apmebf[11].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@apmebf[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@apmebf[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@apmebf[4].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@apmebf[5].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@apmebf[6].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@apmebf[7].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@apmebf[8].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@apmebf[9].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@apodiscounter[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ar.atwola[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@at.atwola[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@at.atwola[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@atdmt[10].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@atdmt[11].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@atdmt[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@atdmt[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@atdmt[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@atdmt[4].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@atdmt[5].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@atdmt[6].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@atdmt[7].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@atdmt[8].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@atdmt[9].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@atwola[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@baresexymoms[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bettenrid.traffective-tracking[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bizzclick[10].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bizzclick[11].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bizzclick[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bizzclick[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bizzclick[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bizzclick[4].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bizzclick[5].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bizzclick[6].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bizzclick[7].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bizzclick[8].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bizzclick[9].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bridge2.admarketplace[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bridge2.admarketplace[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bridge2.admarketplace[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bs.serving-sys[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bs.serving-sys[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bs.serving-sys[4].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bs.serving-sys[5].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bs.serving-sys[6].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bs.serving-sys[7].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@burstnet[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@burstnet[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@casalemedia[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@casalemedia[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@casalemedia[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@cdn.jemamedia[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@cdn.jemamedia[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@cdn.jemamedia[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clicks.bestfastget[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@chitika[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@chitika[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@chitika[4].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@click.fastpartner[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@click.fastpartner[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@click.fastpartner[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@click.fastpartner[4].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@click.fastpartner[5].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@click.fastpartner[7].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@click.xmlmonetize[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@click.xmlmonetize[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@click.xmlmonetize[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clickbank[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clickbank[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clickbank[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clickbank[5].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clicks.bestcoolsearch[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@content.yieldmanager[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clicks.bestfastget[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clicksor[10].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clicksor[11].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clicksor[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clicksor[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clicksor[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clicksor[4].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clicksor[5].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clicksor[6].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clicksor[7].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clicksor[8].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clicksor[9].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@collective-media[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@collective-media[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@collective-media[4].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@commission-junction[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@content.yieldmanager[10].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@content.yieldmanager[11].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@content.yieldmanager[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@content.yieldmanager[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@content.yieldmanager[4].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@content.yieldmanager[5].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@content.yieldmanager[6].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@content.yieldmanager[7].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@content.yieldmanager[8].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@content.yieldmanager[9].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@cunda.122.2o7[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@da-tracking[5].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@da-tracking[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@da-tracking[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@da-tracking[4].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@da-tracking[6].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@da-tracking[7].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@dc.tremormedia[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@dc.tremormedia[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@doubleclick[7].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@doubleclick[10].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@doubleclick[11].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@doubleclick[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@doubleclick[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@doubleclick[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@doubleclick[4].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@doubleclick[5].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@doubleclick[6].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@doubleclick[8].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@doubleclick[9].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@eas.apm.emediate[10].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@eas.apm.emediate[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@eas.apm.emediate[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@eas.apm.emediate[4].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@eas.apm.emediate[5].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@eas.apm.emediate[6].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@eas.apm.emediate[7].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@eas.apm.emediate[8].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@eas.apm.emediate[9].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@eas8.emediate[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@eclickz[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@eclickz[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@eclickz[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@eclickz[4].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@eclickz[5].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@eclickz[6].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@eclickz[7].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@eclickz[8].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@eclickz[9].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@eu.gomeotrack[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@eu.gomeotrack[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@eu.gomeotrack[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@eu.gomeotrack[4].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@eu.gomeotrack[5].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@eusdstatsexo[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@eusdstatsexo[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@eusdstatsexo[4].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@fastclick[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@eyewonder[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@fastclick[10].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@fastclick[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@fastclick[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@fastclick[4].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@fastclick[5].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@fastclick[6].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@fastclick[7].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@fastclick[8].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@fastclick[9].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@fl01.ct2.comclick[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@foodstatsservices[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@foodstatsservices[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@foodstatsservices[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@habitat.solution.weborama[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@habitat.solution.weborama[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@imrworldwide[5].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@im.banner.t-online[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@imrworldwide[10].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@imrworldwide[11].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@imrworldwide[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@imrworldwide[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@imrworldwide[4].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@invitemedia[10].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@imrworldwide[6].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@imrworldwide[7].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@imrworldwide[8].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@imrworldwide[9].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@interclick[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@interclick[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@internetgeldelite[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@invitemedia[11].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@invitemedia[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@invitemedia[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@invitemedia[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@invitemedia[4].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@invitemedia[5].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@invitemedia[6].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@invitemedia[7].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@invitemedia[8].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@invitemedia[9].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@liveperson[5].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@liveperson[10].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@liveperson[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@liveperson[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@liveperson[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@liveperson[4].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@liveperson[6].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@liveperson[7].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@liveperson[8].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediabrandsww[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@media6degrees[10].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@media6degrees[11].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@media6degrees[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@media6degrees[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@media6degrees[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@media6degrees[4].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@media6degrees[5].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@media6degrees[6].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@media6degrees[7].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@media6degrees[8].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@media6degrees[9].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediabrandsww[10].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediatraffic[4].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediabrandsww[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediabrandsww[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediabrandsww[4].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediabrandsww[5].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediabrandsww[6].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediabrandsww[7].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediabrandsww[8].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediaplex[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediaplex[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediaplex[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediaplex[4].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediaplex[5].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediaplex[6].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediaplex[7].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediaplex[8].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediatraffic[10].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediatraffic[11].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediatraffic[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediatraffic[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediatraffic[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediatraffic[5].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediatraffic[6].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediatraffic[7].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediatraffic[8].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediatraffic[9].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mm.chitika[10].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mm.chitika[11].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mm.chitika[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mm.chitika[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mm.chitika[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mm.chitika[4].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mm.chitika[5].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mm.chitika[6].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mm.chitika[7].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mm.chitika[8].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mm.chitika[9].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@msnportal.112.2o7[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@msnportal.112.2o7[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@myroitracking[10].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@myroitracking[11].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@myroitracking[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@myroitracking[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@myroitracking[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@myroitracking[4].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@myroitracking[5].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@myroitracking[6].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@myroitracking[7].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@myroitracking[8].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@myroitracking[9].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@networldmedia[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@overture[5].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@overture[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@overture[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@overture[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@overture[4].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@p220t1s4937009.kronos.bravenetmedia[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@overture[6].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@overture[8].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@p220t1s4937009.kronos.bravenetmedia[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@p222t1s1706467.kronos.bravenetmedia[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@p222t1s1706467.kronos.bravenetmedia[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@p222t1s4048684.kronos.bravenetmedia[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@p222t1s4366716.kronos.bravenetmedia[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@p353t1s4018734.kronos.bravenetmedia[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@p353t1s4047163.kronos.bravenetmedia[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@p411t1s4687110.kronos.bravenetmedia[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@p443t1s5451187.kronos.bravenetmedia[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@p456t1s5204623.kronos.bravenetmedia[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@p456t1s5204925.kronos.bravenetmedia[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@p456t1s5204925.kronos.bravenetmedia[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@p456t1s5204925.kronos.bravenetmedia[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@p456t1s5371402.kronos.bravenetmedia[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@p456t1s5371402.kronos.bravenetmedia[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@p456t1s5411240.kronos.bravenetmedia[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@questionmarket[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@realmedia[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@revsci[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@revenue[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@revenue[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@revenue[4].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@revenue[5].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@revsci[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@revsci[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ru4[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@revsci[4].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@revsci[5].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@revsci[6].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@revsci[7].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@revsci[8].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ru4[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ru4[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ru4[4].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ru4[5].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ru4[6].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ru4[7].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@sales.liveperson[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@search.321findit[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@search.clicksare[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@search.clickwhale[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@search.findsmy[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@search.seekfinds[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@search.seekfinds[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@search.toseeking[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@search.toseeking[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@server.iad.liveperson[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@servedby.adxpower[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@servedby.adxpower[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@servedby.adxpower[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@servedby.adxpower[4].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@servedby.adxpower[5].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@server.cpmstar[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@server.cpmstar[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@server.iad.liveperson[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@server.iad.liveperson[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@server.iad.liveperson[5].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@serving-sys[10].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@serving-sys[11].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@serving-sys[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@serving-sys[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@serving-sys[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@serving-sys[4].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@serving-sys[5].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@serving-sys[6].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@serving-sys[7].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@serving-sys[8].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@serving-sys[9].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@smartadserver[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@smartadserver[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@smartadserver[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@smartadserver[4].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@smartadserver[5].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@smartadserver[6].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@smartadserver[8].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@snapfish.112.2o7[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@specificclick[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@specificclick[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@specificclick[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@specificclick[4].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ssl.clickbank[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@statcounter[10].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@statcounter[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@statcounter[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@statcounter[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@statcounter[4].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@statcounter[5].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@statcounter[6].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@statcounter[7].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@statcounter[8].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@stats.bmw[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@statse.webtrendslive[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@studivz.adfarm1.adition[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tacoda.at.atwola[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tacoda.at.atwola[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tracking.quisma[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@track.adform[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@track.effiliation[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@track.effiliation[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@track.webtrekk[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tracking.mindshare[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tracking.mlsat02[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tracking.mlsat02[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tracking.mlsat02[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tradedoubler[9].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tracking.quisma[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tracking.quisma[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tracking.quisma[5].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tracking1.aleadpay[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tradedoubler[10].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tradedoubler[11].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tradedoubler[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tradedoubler[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tradedoubler[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tradedoubler[4].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tradedoubler[5].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tradedoubler[6].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tradedoubler[7].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tradedoubler[8].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@trafficmp[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@trafficmp[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@traffictrack[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@traffictrack[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@traffictrack[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@traffictrack[4].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@traffictrack[5].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@traffictrack[7].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tribalfusion[10].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tribalfusion[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tribalfusion[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tribalfusion[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tribalfusion[4].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tribalfusion[5].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tribalfusion[6].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tribalfusion[7].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tribalfusion[8].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tribalfusion[9].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@upvalue1.easymedia-adserver[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@udueu1teststats[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@udueu1teststats[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@udueu1teststats[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@unitymedia[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@unitymedia[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@upvalue1.easymedia-adserver[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@upvalue1.easymedia-adserver[4].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@vitamine.networldmedia[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@webmasterplan[4].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@webmasterplan[10].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@webmasterplan[11].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@webmasterplan[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@webmasterplan[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@webmasterplan[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@webmasterplan[5].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@webmasterplan[6].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@webmasterplan[7].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@webmasterplan[8].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@webmasterplan[9].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@weborama[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@weborama[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ww251.smartadserver[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ww251.smartadserver[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.adtrak[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.answered-questions[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.answered-questions[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.bestdatafind[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.bestdatafind[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.burstnet[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.burstnet[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.burstnet[4].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.commission-junction[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.copernic-media[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.cpcadnet[10].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.cpcadnet[11].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.cpcadnet[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.cpcadnet[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.cpcadnet[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.cpcadnet[4].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.cpcadnet[5].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.cpcadnet[6].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.cpcadnet[7].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.cpcadnet[8].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.cpcadnet[9].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.etracker[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.etracker[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.etracker[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.etracker[4].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.etracker[5].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.find-quick-results[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.findallofittoday[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.findallofittoday[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.googleadservices[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.googleadservices[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.mediatraffic[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.mediatraffic[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.mediatraffic[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.mediatraffic[4].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.mediatraffic[5].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.mediatraffic[7].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.pixeltrack66[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.pixeltrack66[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.pixeltrack66[4].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.pixeltrack66[5].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.popuptraffic[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.webcamsex[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.webcamsex[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.webcamsex[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.webcamsex[4].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.webcamsex[5].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.webcamsex[6].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.webcamsex[8].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.zanox-affiliate[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.zanox-affiliate[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.zanox-affiliate[4].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.zanox-affiliate[5].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www1.12finder[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@xml.happytofind[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@xiti[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@xiti[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@xiti[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@xiti[4].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@xiti[5].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@xiti[6].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@xiti[7].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@xiti[9].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@xml.trafficengine[5].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@xml.happytofind[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@xml.happytofind[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@xml.happytofind[4].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@xml.happytofind[5].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@xml.happytofind[6].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@xml.happytofind[7].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@xml.happytofind[8].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@xml.happytofind[9].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@xml.trafficengine[11].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@xml.trafficengine[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@xml.trafficengine[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@xml.trafficengine[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@xml.trafficengine[4].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@xml.trafficengine[6].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@xml.trafficengine[7].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@xml.trafficengine[8].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@xml.trafficengine[9].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@yadro[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zanox-affiliate[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zanox-affiliate[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zanox-affiliate[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zanox-affiliate[4].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zanox-affiliate[5].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zanox-affiliate[7].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zanox-affiliate[8].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zanox-affiliate[9].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zanox[10].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zanox[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zanox[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zanox[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zanox[4].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zanox[5].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zanox[6].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zanox[7].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zanox[8].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zanox[9].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zedo[1].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zedo[2].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zedo[3].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zedo[4].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zedo[5].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zedo[6].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zedo[7].txt
	C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zedo[8].txt

Malware.Trace
	HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON#SHELL
	HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON#SHELL

Rogue.MSE-Fraud
	C:\Users\Standard\AppData\Roaming\install

Toni_75 · 05.07.2011, 04:36

5. ESAT.TXT

Code:

ATTFilter

C:\Program Files\Yontoo Layers\YontooIEClient.dll	Win32/Adware.Yontoo.A Anwendung	Gesäubert durch Löschen (nach dem nächsten Neustart) - in Quarantäne kopiert
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll	Variante von Win32/Adware.Yontoo.B Anwendung	Gesäubert durch Löschen - in Quarantäne kopiert
C:\Users\Standard\AppData\Local\Temp\NOD5B5A.tmp	Win32/Adware.Yontoo.A Anwendung	Gesäubert durch Löschen (nach dem nächsten Neustart) - in Quarantäne kopiert
C:\WINDOWS\FixCamera.exe	Variante von Win32/KillProc.A Anwendung	Gesäubert durch Löschen - in Quarantäne kopiert
C:\WINDOWS\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3P2BD0M9\forum[1].htm	JS/Kryptik.AW.Gen Trojaner	Gesäubert durch Löschen - in Quarantäne kopiert
C:\WINDOWS\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3P2BD0M9\forum[2].htm	JS/Kryptik.AW.Gen Trojaner	Gesäubert durch Löschen - in Quarantäne kopiert
C:\WINDOWS\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3P2BD0M9\forum[3].htm	JS/Kryptik.AW.Gen Trojaner	Gesäubert durch Löschen - in Quarantäne kopiert
C:\WINDOWS\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3P2BD0M9\imgsource[1].htm	JS/Kryptik.AW.Gen Trojaner	Gesäubert durch Löschen - in Quarantäne kopiert
C:\WINDOWS\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3P2BD0M9\index[1].htm	JS/Kryptik.AX Trojaner	Gesäubert durch Löschen - in Quarantäne kopiert
C:\WINDOWS\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9TQOY31Z\imgsource[1].htm	JS/Kryptik.AX Trojaner	Gesäubert durch Löschen - in Quarantäne kopiert
C:\_OTL\MovedFiles\07032011_002003\C_Programme\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll	Win32/Adware.Bandoo Anwendung	Gesäubert durch Löschen - in Quarantäne kopiert

Kann heute abend weitermachen - LG T

Toni_75 · 05.07.2011, 04:47

Erste Anmerkungen - vielleicht noch etwas 'früh' (nicht nur uhrzeittechnisch) für Optimismus aber dennoch:

> Rechner läuft spürbar schneller
> die zuletzt angezeiget Sicherheitscentermeldung 'Überprüfen Sie Ihr Antivirusprogramm, AVIRA ist abgeschaltet!' wird nicht mehr angezeigt.

Könnt's das jetzt vielleiccht tatssächlich gewesen sein?

kira · 05.07.2011, 07:55

Bitte nochmal machen, dabei beachte folgendes:
► Rechtsklick auf OTL.exe-> "Als administrator ausführen" wählen...
Alle Anwendungen/Befehle IMMER als Administrator ausführen!

1.
Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript:

Code:

ATTFilter

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/skins7/"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
O3 - HKLM\..\Toolbar: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O4 - HKCU..\Run: [msnmsgr]  File not found

:Commands
[purity]
[emptytemp]

und füge es hier ein:
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Deinen Thread.

2.
reinige dein System mit Ccleaner:

"Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
"Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
Starte dein System neu auf

3.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

Toni_75 · 05.07.2011, 17:08

Hallo Kira,

gerne hier die aktuellen Scan-Ergebnissse:

1. Fix-Ergebnis

Code:

ATTFilter

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Prefs.js: "ICQ Search" removed from browser.search.selectedEngine
Prefs.js: "hxxp://start.icq.com/skins7/" removed from browser.startup.homepage
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\msnmsgr not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: ap
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Standard
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 26673580 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 66317853 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 1876 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3126 bytes
RecycleBin emptied: 153370287 bytes
 
Total Files Cleaned = 235,00 mb
 
 
OTL by OldTimer - Version 3.2.24.1 log created on 07052011_174013

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Toni_75 · 05.07.2011, 17:10

2. OTL.TXT

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 05.07.2011 17:58:50 - Run 8
OTL by OldTimer - Version 3.2.24.1     Folder = C:\Users\Standard\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 60,52% Memory free
6,69 Gb Paging File | 5,50 Gb Available in Paging File | 82,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 121,85 Gb Free Space | 52,32% Space Free | Partition Type: NTFS
 
Computer Name: TOBIAS-PC | User Name: Standard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.07.03 18:18:42 | 000,222,720 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\ielowutil.exe
PRC - [2011.07.02 14:18:25 | 000,428,200 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2011.07.02 14:18:25 | 000,340,136 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe
PRC - [2011.07.02 14:18:25 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.30 15:50:31 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011.06.26 18:57:16 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Standard\Desktop\OTL.exe
PRC - [2011.06.26 11:16:26 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.06.26 11:16:13 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.06.26 11:16:08 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.06.16 06:32:36 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.05.25 17:29:48 | 001,336,712 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe
PRC - [2011.01.05 04:58:02 | 000,397,312 | ---- | M] (AMD) -- C:\WINDOWS\System32\atieclxx.exe
PRC - [2011.01.05 04:57:32 | 000,176,128 | ---- | M] (AMD) -- C:\WINDOWS\System32\atiesrxx.exe
PRC - [2010.09.21 15:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.09.21 15:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2010.09.17 10:16:58 | 042,773,336 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
PRC - [2010.09.17 10:16:58 | 000,097,624 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2009.09.28 10:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009.07.17 14:14:16 | 000,614,400 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.06.23 21:28:08 | 000,208,896 | ---- | M] (UASSOFT.COM) -- C:\Programme\Keyboard & Mouse Driver\KMWDSrv.exe
PRC - [2008.04.15 18:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008.04.15 18:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008.02.12 22:05:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_030ac640\AEstSrv.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2007.05.10 13:18:10 | 000,835,584 | ---- | M] () -- C:\WINDOWS\vsnp325.exe
PRC - [2007.04.21 09:36:50 | 000,270,336 | ---- | M] () -- C:\WINDOWS\tsnp325.exe
PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.06.26 18:57:16 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Standard\Desktop\OTL.exe
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (Recovery Service for Windows)
SRV - [2011.07.02 14:18:25 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011.07.02 14:18:25 | 000,340,136 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2011.07.02 14:18:25 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.26 11:16:26 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.05.25 17:29:48 | 001,336,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.01.05 04:57:32 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\WINDOWS\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.09.28 10:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008.07.29 18:20:14 | 000,067,072 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Stopped] -- C:\WINDOWS\System32\ATKFUSService.exe -- (ATKFUSService)
SRV - [2008.06.23 21:28:08 | 000,208,896 | ---- | M] (UASSOFT.COM) [Auto | Running] -- C:\Programme\Keyboard & Mouse Driver\KMWDSrv.exe -- (KMWDSERVICE)
SRV - [2008.04.15 18:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008.02.12 22:05:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_030ac640\AEstSrv.exe -- (AESTFilters)
SRV - [2008.02.03 12:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\WINDOWS\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.07.02 14:18:26 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.02 14:18:26 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.01.05 05:36:10 | 006,789,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2011.01.05 05:36:10 | 006,789,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011.01.05 04:19:18 | 000,235,520 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011.01.02 01:04:00 | 000,722,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.11.17 14:04:12 | 000,097,296 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
DRV - [2010.06.10 14:32:14 | 000,035,840 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\npf_devolo.sys -- (NPF_devolo) NetGroup Packet Filter Driver (devolo)
DRV - [2010.05.10 20:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.02.17 20:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009.07.17 18:02:02 | 000,335,872 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\rt61.sys -- (RT61)
DRV - [2009.07.17 02:41:49 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2009.05.14 09:48:04 | 000,762,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\UDXTTM6010.sys -- (UDXTTM6010)
DRV - [2009.05.11 11:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2009.03.18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.08.06 17:26:08 | 000,124,928 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.07.29 18:20:16 | 000,030,976 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\ATKDispLowFilter.sys -- (atkdisplf)
DRV - [2008.07.29 18:20:16 | 000,015,232 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\asusgsb.sys -- (asusgsb)
DRV - [2008.04.27 18:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2008.04.27 12:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\athr.sys -- (athr)
DRV - [2008.04.15 20:19:54 | 000,378,368 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008.04.01 13:14:10 | 000,081,296 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008.03.27 13:12:12 | 000,024,424 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2008.03.27 13:11:34 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008.03.22 11:31:58 | 000,017,024 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\KMWDFILTER.sys -- (KMWDFilter)
DRV - [2008.01.24 15:23:12 | 000,052,736 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\enecir.sys -- (enecir)
DRV - [2007.07.11 10:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007.06.18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007.05.30 19:14:58 | 000,016,640 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2007.05.07 17:58:44 | 010,343,168 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\snp325.sys -- (SNP325) USB PC Camera (SNPSTD325)
DRV - [2007.01.29 17:12:52 | 000,018,432 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AsusVRC.sys -- (ASUSVRC)
DRV - [2006.11.10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\afc.sys -- (Afc)
DRV - [2006.11.02 09:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2006.07.24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/skins7/"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
 
FF - user.js..browser.search.openintab: false
 
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.07.03 17:30:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.18 10:16:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.07.02 14:17:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.06.18 10:16:01 | 000,000,000 | ---D | M]
 
[2011.05.29 18:30:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Standard\AppData\Roaming\mozilla\Extensions
[2010.09.01 10:06:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Standard\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.07.04 08:59:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\944s7en5.default\extensions
[2011.07.04 08:59:10 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\944s7en5.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.08.30 11:37:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\944s7en5.default\extensions\personas@christopher.beard
[2011.06.13 23:05:44 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\944s7en5.default\extensions\plugin@yontoo.com
[2011.07.04 17:14:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\psvooo35.default\extensions
[2011.06.14 18:32:19 | 000,000,000 | ---D | M] (Maximum AdBlock) -- C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\psvooo35.default\extensions\ozymandias@securityheroes.com
[2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\944s7en5.default\searchplugins\icqplugin.xml
[2011.07.03 17:30:55 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.03.10 22:24:04 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.06.26 18:58:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.14 19:50:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.08 21:25:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.06.13 23:06:07 | 000,000,000 | ---D | M] (Babylon) -- C:\Programme\Mozilla Firefox\extensions\ffxtlbr@babylon.com
[2011.06.16 06:32:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll
[2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.06.13 23:05:52 | 000,002,226 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\babylon.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.06.26 18:39:42 | 000,000,098 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Programme\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe ()
O4 - HKLM..\Run: [snp325] C:\WINDOWS\vsnp325.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [tsnp325] C:\WINDOWS\tsnp325.exe ()
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8 - Extra context menu item: Free YouTube Download - C:\Users\Standard\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Standard\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} -  File not found
O9 - Extra 'Tools' menuitem : GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} -  File not found
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} hxxp://support.euro.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/html {574940E0-1B7A-4881-8FA3-1E809714B156} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~1\windows searchqu toolbar\datamngr\datamngr.dll) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Standard\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Standard\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.07.05 06:53:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.5
[2011.07.05 06:52:54 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.5
[2011.07.04 21:34:57 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2011.07.04 20:07:29 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Roaming\SUPERAntiSpyware.com
[2011.07.04 20:07:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011.07.04 20:07:23 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware
[2011.07.04 08:16:29 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011.07.04 07:39:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011.07.04 07:37:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2011.07.04 07:37:50 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2011.07.04 07:37:50 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2011.07.04 07:37:50 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2011.07.04 07:37:50 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2011.07.04 07:37:50 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2011.07.04 07:37:48 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2011.07.04 07:37:48 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2011.07.04 07:37:48 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2011.07.04 07:37:48 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2011.07.04 07:37:48 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2011.07.04 07:37:43 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2011.07.04 07:37:43 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2011.07.04 07:37:43 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2011.07.04 07:37:43 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2011.07.04 07:37:43 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2011.07.03 21:56:07 | 000,072,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.2.4000.0.dll
[2011.07.03 18:23:21 | 000,089,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SQSRVRES.DLL
[2011.07.03 18:18:43 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011.07.03 18:18:43 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011.07.03 18:18:43 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011.07.03 18:18:43 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.07.03 18:18:42 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011.07.03 18:18:42 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.07.03 18:18:42 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.07.03 18:18:42 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.07.03 18:18:42 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011.07.03 18:18:42 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.07.03 18:18:42 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.07.03 18:18:42 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011.07.03 18:18:42 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.07.03 18:18:42 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.07.03 18:18:42 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011.07.03 18:18:42 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.07.03 18:18:42 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.07.03 18:18:42 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011.07.03 18:18:42 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.07.03 18:18:42 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.07.03 18:18:41 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.07.03 18:18:41 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.07.03 18:18:41 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.07.03 18:18:41 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.07.03 18:18:41 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.07.03 18:18:41 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.07.03 18:18:41 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011.07.03 18:18:41 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011.07.03 18:18:41 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011.07.03 18:18:41 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.07.03 18:18:41 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.07.03 18:18:41 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011.07.03 18:18:41 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011.07.03 18:18:41 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011.07.03 18:18:41 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.07.03 18:18:41 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011.07.03 18:18:40 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011.07.03 18:18:40 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011.07.03 18:18:40 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.07.03 17:47:40 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe AIR
[2011.07.02 20:07:42 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Roaming\HpUpdate
[2011.07.02 20:07:25 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
[2011.07.02 19:59:43 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\Secunia PSI
[2011.07.02 19:59:34 | 000,000,000 | ---D | C] -- C:\Programme\Secunia
[2011.07.02 15:32:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.07.02 15:32:02 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2011.06.26 18:58:31 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\Standard\Desktop\OTL.exe
[2011.06.26 18:39:42 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.06.25 23:27:07 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.06.25 20:58:50 | 000,000,000 | ---D | C] -- C:\Users\Standard\Desktop\Tools
[2011.06.25 19:07:16 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Roaming\Malwarebytes
[2011.06.25 19:06:09 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.06.25 19:06:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.06.25 19:06:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.06.25 19:06:04 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.06.25 19:06:04 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.06.17 19:49:54 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2011.06.17 14:43:20 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011.06.17 14:27:36 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Roaming\go
[2011.06.14 18:32:20 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Roaming\SecurityHeroes
[2011.06.14 12:32:17 | 000,026,176 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\System32\hamachi.sys
[2011.06.14 12:32:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2011.06.14 12:31:58 | 000,000,000 | ---D | C] -- C:\Programme\LogMeIn Hamachi
[2011.06.14 12:09:25 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011.06.13 23:25:07 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011.06.13 23:05:37 | 000,000,000 | ---D | C] -- C:\Programme\Yontoo Layers
[2011.06.13 23:05:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2011.06.13 23:04:44 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\MediaGet2
[2011.06.13 18:41:09 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\Activision
[2011.06.11 16:40:52 | 000,000,000 | ---D | C] -- C:\Programme\THQ
[2011.06.11 16:38:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.06.11 16:38:02 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\SKIDROW
[2011.06.11 16:37:26 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2011.06.11 16:37:22 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2011.06.11 10:18:46 | 000,000,000 | ---D | C] -- C:\Programme\DAMN NFO Viewer
[2011.06.11 10:13:01 | 000,000,000 | ---D | C] -- C:\Users\Standard\Documents\My Games
[2011.06.10 18:53:35 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Steam
[2009.04.15 13:48:43 | 000,147,456 | ---- | C] ( ) -- C:\Windows\System32\rsnp325.dll
[2009.04.15 13:48:43 | 000,057,344 | ---- | C] ( ) -- C:\Windows\System32\vsnp325.dll
[2009.04.15 13:48:43 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp325.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.07.05 17:55:48 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.07.05 17:55:42 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.07.05 17:55:42 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.07.05 17:55:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.07.05 17:55:31 | 3488,997,376 | -HS- | M] () -- C:\hiberfil.sys
[2011.07.05 17:51:25 | 000,000,466 | ---- | M] () -- C:\Users\Standard\Documents\cc_20110705_175123.reg
[2011.07.05 17:51:07 | 000,014,986 | ---- | M] () -- C:\Users\Standard\Documents\cc_20110705_175103.reg
[2011.07.05 17:19:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.07.05 07:03:48 | 000,020,480 | ---- | M] () -- C:\Users\Standard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.05 06:53:22 | 000,001,609 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7.5.lnk
[2011.07.04 19:56:30 | 000,001,766 | ---- | M] () -- C:\Users\Standard\Documents\cc_20110704_195627.reg
[2011.07.04 08:56:37 | 000,000,274 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011.07.04 08:50:48 | 000,002,144 | ---- | M] () -- C:\Users\Standard\Documents\cc_20110704_085044.reg
[2011.07.04 07:55:02 | 000,000,466 | ---- | M] () -- C:\Users\Standard\Documents\cc_20110704_075459.reg
[2011.07.04 07:54:42 | 000,006,670 | ---- | M] () -- C:\Users\Standard\Documents\cc_20110704_075438.reg
[2011.07.03 23:17:41 | 000,048,812 | ---- | M] () -- C:\Users\Standard\Documents\cc_20110703_231734.reg
[2011.07.03 21:56:08 | 000,736,604 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.07.03 21:56:08 | 000,697,334 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.07.03 21:56:08 | 000,168,862 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.07.03 21:56:08 | 000,143,050 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.07.03 18:18:49 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011.07.03 18:18:49 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011.07.03 18:18:43 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011.07.03 18:18:43 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011.07.03 18:18:43 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011.07.03 18:18:43 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.07.03 18:18:42 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011.07.03 18:18:42 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.07.03 18:18:42 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.07.03 18:18:42 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.07.03 18:18:42 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011.07.03 18:18:42 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.07.03 18:18:42 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.07.03 18:18:42 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011.07.03 18:18:42 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.07.03 18:18:42 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.07.03 18:18:42 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011.07.03 18:18:42 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.07.03 18:18:42 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.07.03 18:18:42 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011.07.03 18:18:42 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011.07.03 18:18:42 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.07.03 18:18:42 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.07.03 18:18:41 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.07.03 18:18:41 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.07.03 18:18:41 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.07.03 18:18:41 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.07.03 18:18:41 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.07.03 18:18:41 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.07.03 18:18:41 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011.07.03 18:18:41 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011.07.03 18:18:41 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011.07.03 18:18:41 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.07.03 18:18:41 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.07.03 18:18:41 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011.07.03 18:18:41 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011.07.03 18:18:41 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011.07.03 18:18:41 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.07.03 18:18:41 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011.07.03 18:18:40 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011.07.03 18:18:40 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011.07.03 18:18:40 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.07.03 17:53:15 | 002,250,176 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.07.03 10:17:11 | 000,012,142 | ---- | M] () -- C:\Users\Standard\Documents\cc_20110703_101707.reg
[2011.07.02 23:51:15 | 000,089,088 | ---- | M] () -- C:\Windows\System32\mbr.exe
[2011.07.02 15:37:03 | 000,000,702 | ---- | M] () -- C:\Users\Standard\Documents\cc_20110702_153657.reg
[2011.07.02 15:36:31 | 000,092,782 | ---- | M] () -- C:\Users\Standard\Documents\cc_20110702_153623.reg
[2011.07.02 14:18:26 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.07.02 14:18:26 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.06.26 18:57:16 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Standard\Desktop\OTL.exe
[2011.06.26 18:39:42 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011.06.26 13:39:00 | 000,001,047 | ---- | M] () -- C:\Users\Public\Desktop\Camtasia Studio 7.lnk
[2011.06.26 13:20:54 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.06.26 11:14:23 | 000,003,450 | ---- | M] () -- C:\Users\Standard\Documents\cc_20110626_111419.reg
[2011.06.25 23:29:04 | 000,000,000 | ---- | M] () -- C:\Windows\System32\.1
[2011.06.18 16:27:04 | 000,010,580 | ---- | M] () -- C:\Users\Standard\Documents\cc_20110618_162654.reg
[2011.06.18 10:19:13 | 000,101,980 | ---- | M] () -- C:\Users\Standard\Documents\cc_20110618_101904.reg
[2011.06.17 20:11:42 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011.06.17 20:11:42 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011.06.16 11:03:38 | 000,270,776 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2011.06.16 11:01:19 | 000,111,928 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2011.06.13 10:54:37 | 000,022,328 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\PnkBstrK.sys
[2011.06.12 08:35:07 | 000,002,032 | ---- | M] () -- C:\Users\Standard\AppData\Local\d3d9caps.dat
[2011.06.11 16:38:59 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
 
========== Files Created - No Company Name ==========
 
[2011.07.05 17:51:24 | 000,000,466 | ---- | C] () -- C:\Users\Standard\Documents\cc_20110705_175123.reg
[2011.07.05 17:51:05 | 000,014,986 | ---- | C] () -- C:\Users\Standard\Documents\cc_20110705_175103.reg
[2011.07.05 06:53:22 | 000,001,609 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7.5.lnk
[2011.07.04 19:56:28 | 000,001,766 | ---- | C] () -- C:\Users\Standard\Documents\cc_20110704_195627.reg
[2011.07.04 08:50:47 | 000,002,144 | ---- | C] () -- C:\Users\Standard\Documents\cc_20110704_085044.reg
[2011.07.04 07:55:01 | 000,000,466 | ---- | C] () -- C:\Users\Standard\Documents\cc_20110704_075459.reg
[2011.07.04 07:54:40 | 000,006,670 | ---- | C] () -- C:\Users\Standard\Documents\cc_20110704_075438.reg
[2011.07.04 07:37:44 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011.07.04 07:37:44 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011.07.04 07:37:44 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011.07.03 23:17:38 | 000,048,812 | ---- | C] () -- C:\Users\Standard\Documents\cc_20110703_231734.reg
[2011.07.03 18:18:42 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011.07.03 17:31:03 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.07.03 10:17:09 | 000,012,142 | ---- | C] () -- C:\Users\Standard\Documents\cc_20110703_101707.reg
[2011.07.02 23:52:36 | 000,089,088 | ---- | C] () -- C:\Windows\System32\mbr.exe
[2011.07.02 15:36:58 | 000,000,702 | ---- | C] () -- C:\Users\Standard\Documents\cc_20110702_153657.reg
[2011.07.02 15:36:27 | 000,092,782 | ---- | C] () -- C:\Users\Standard\Documents\cc_20110702_153623.reg
[2011.06.26 13:39:00 | 000,001,047 | ---- | C] () -- C:\Users\Public\Desktop\Camtasia Studio 7.lnk
[2011.06.26 11:14:21 | 000,003,450 | ---- | C] () -- C:\Users\Standard\Documents\cc_20110626_111419.reg
[2011.06.25 23:29:04 | 000,000,000 | ---- | C] () -- C:\Windows\System32\.1
[2011.06.25 20:55:07 | 3488,997,376 | -HS- | C] () -- C:\hiberfil.sys
[2011.06.18 16:27:00 | 000,010,580 | ---- | C] () -- C:\Users\Standard\Documents\cc_20110618_162654.reg
[2011.06.18 10:19:09 | 000,101,980 | ---- | C] () -- C:\Users\Standard\Documents\cc_20110618_101904.reg
[2011.06.18 10:16:01 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk
[2011.06.17 20:11:42 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011.06.17 20:11:42 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011.06.11 16:38:59 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.04.22 10:53:20 | 000,104,272 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011.02.22 17:21:53 | 000,022,328 | ---- | C] () -- C:\Users\Standard\AppData\Roaming\PnkBstrK.sys
[2011.01.05 04:17:40 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010.12.15 21:33:32 | 000,002,975 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010.12.08 19:35:34 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010.10.28 00:13:58 | 000,226,857 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010.07.02 17:49:56 | 000,762,232 | ---- | C] () -- C:\Windows\System32\drivers\UDXTTM6010.sys
[2010.02.27 17:35:01 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.02.11 09:58:56 | 000,004,096 | ---- | C] () -- C:\Windows\System32\detoured.dll
[2010.02.07 12:42:46 | 000,479,232 | ---- | C] () -- C:\Windows\ssndii.exe
[2010.02.07 12:42:20 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ssp4ml3.dll
[2009.12.12 19:12:18 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.09.24 15:26:17 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.24 15:26:17 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.08.31 14:03:42 | 000,262,144 | ---- | C] () -- C:\Windows\System32\EMRegSys.dll
[2009.05.24 11:58:18 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2009.05.24 11:50:24 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009.04.27 19:29:44 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2009.04.27 19:29:44 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2009.04.17 12:11:26 | 000,020,480 | ---- | C] () -- C:\Users\Standard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.15 13:48:44 | 000,835,584 | ---- | C] () -- C:\Windows\vsnp325.exe
[2009.04.15 13:48:44 | 000,270,336 | ---- | C] () -- C:\Windows\tsnp325.exe
[2009.04.15 13:48:44 | 000,015,498 | ---- | C] () -- C:\Windows\snp325.ini
[2009.04.15 13:38:56 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2009.04.14 21:28:16 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.04.14 20:31:54 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.02.20 12:21:43 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.01.28 10:08:03 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2009.01.28 09:51:29 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.01.27 17:39:37 | 000,002,032 | ---- | C] () -- C:\Users\Standard\AppData\Local\d3d9caps.dat
[2008.09.29 00:09:32 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008.07.02 18:10:15 | 000,736,604 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.07.02 18:10:15 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.07.02 18:10:15 | 000,168,862 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.07.02 18:10:15 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.07.02 09:51:54 | 000,008,308 | ---- | C] () -- C:\Windows\System32\ezdigsgn.dat
[2008.03.05 05:38:44 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2007.09.20 12:33:52 | 003,190,784 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2007.09.20 12:33:52 | 000,741,376 | ---- | C] () -- C:\Windows\System32\audxlib.dll
[2007.09.20 12:33:52 | 000,662,016 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007.09.20 12:33:52 | 000,511,488 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2007.09.20 12:33:52 | 000,405,504 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2007.09.20 12:33:52 | 000,245,760 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2007.09.20 12:33:52 | 000,221,184 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2007.09.20 12:33:52 | 000,200,704 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2007.09.20 12:33:52 | 000,155,648 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2007.09.20 12:33:52 | 000,143,360 | ---- | C] () -- C:\Windows\System32\ff_theora.dll
[2007.09.20 12:33:52 | 000,122,880 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2007.09.20 12:33:52 | 000,118,784 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2007.09.20 12:33:52 | 000,114,688 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2007.09.20 12:33:52 | 000,097,280 | ---- | C] () -- C:\Windows\System32\ff_realaac.dll
[2007.09.20 12:33:52 | 000,079,872 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2007.09.20 12:33:52 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2007.09.20 12:33:52 | 000,038,400 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2007.09.20 12:33:52 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2007.09.20 12:33:52 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 002,250,176 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,697,334 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,143,050 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.02.23 18:37:18 | 000,047,104 | ---- | C] () -- C:\Windows\System32\dsfFLACEncoder.dll
[2006.02.23 17:37:06 | 000,047,616 | ---- | C] () -- C:\Windows\System32\dsfVorbisDecoder.dll
[2006.02.23 17:36:22 | 000,102,400 | ---- | C] () -- C:\Windows\System32\dsfOggDemux2.dll
[2006.02.23 17:35:56 | 000,053,248 | ---- | C] () -- C:\Windows\System32\dsfOGMDecoder.dll
[2006.02.23 17:35:44 | 000,053,248 | ---- | C] () -- C:\Windows\System32\dsfNativeFLACSource.dll
[2006.02.23 17:35:40 | 000,049,664 | ---- | C] () -- C:\Windows\System32\dsfFLACDecoder.dll
[2006.02.23 17:34:58 | 000,083,456 | ---- | C] () -- C:\Windows\System32\libFLAC++.dll
[2006.02.23 17:34:56 | 000,106,496 | ---- | C] () -- C:\Windows\System32\libFishSound.dll
[2006.02.23 17:34:38 | 000,029,696 | ---- | C] () -- C:\Windows\System32\libOOOggSeek.dll
[2006.02.23 17:34:26 | 001,108,480 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2006.02.23 17:34:16 | 000,049,152 | ---- | C] () -- C:\Windows\System32\libOOogg.dll
[2006.02.23 17:33:54 | 000,140,288 | ---- | C] () -- C:\Windows\System32\libFLAC.dll
[2005.04.08 04:16:43 | 000,014,716 | -H-- | C] () -- C:\Users\Standard\AppData\Roaming\Standardlog.dat
[2004.10.11 11:19:00 | 000,092,672 | ---- | C] () -- C:\Windows\System32\ASUSASV2.DLL
[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
 
========== LOP Check ==========
 
[2010.12.31 22:30:50 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Cuttermaran
[2010.12.31 22:15:19 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\DVDVideoSoft
[2010.12.31 22:15:52 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.12.11 18:12:35 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Engelmann Media
[2010.11.14 22:48:52 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\flightgear.org
[2011.01.21 17:08:12 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\GetRightToGo
[2011.06.17 14:27:36 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\go
[2011.02.26 14:12:07 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\HLSW
[2011.07.05 17:58:15 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\ICQ
[2010.10.20 06:46:54 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\InstantAction
[2009.07.23 16:37:52 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\IrfanView
[2010.11.08 22:16:39 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\JavaEditor
[2010.12.07 16:22:23 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Leadertech
[2009.06.06 17:57:37 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Miranda
[2011.07.03 17:32:32 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Opera
[2011.07.02 15:13:33 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Samsung
[2011.06.14 18:32:20 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\SecurityHeroes
[2009.12.15 19:10:24 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\SpeedProject
[2010.07.02 17:52:31 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\TerraTec
[2010.09.01 10:06:07 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Thunderbird
[2010.02.12 18:04:21 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Webweaver
[2011.02.07 19:14:05 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\WhiteSmoke
[2009.04.17 13:09:51 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\WildTangent
[2009.04.06 12:04:41 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\WinBatch
[2011.07.05 17:54:17 | 000,032,554 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

[/CODE]

3. EXTRAS.TXT

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 05.07.2011 17:58:50 - Run 8
OTL by OldTimer - Version 3.2.24.1     Folder = C:\Users\Standard\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 60,52% Memory free
6,69 Gb Paging File | 5,50 Gb Available in Paging File | 82,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 121,85 Gb Free Space | 52,32% Space Free | Partition Type: NTFS
 
Computer Name: TOBIAS-PC | User Name: Standard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1"
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 1
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{065DD2F7-9920-439F-BD04-0E3073B25533}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | 
"{0B4A45E2-5CFD-4367-A421-244382F6B85F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0C02E0C5-C730-45F9-8905-761654C45C4C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{19FE9E3E-85FF-4569-BDD9-2DDD3E02D8B9}" = rport=139 | protocol=6 | dir=out | app=system | 
"{1C27ED59-8710-4B0D-81D3-7BC5A81855C4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2390DA5F-FFA4-4E25-8164-F16A9C9E2864}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{244264B0-7A1F-4F91-AFFE-084BE4DCC019}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{32ABC149-73D7-4A82-8A77-4C990C7FBC1E}" = lport=138 | protocol=17 | dir=in | app=system | 
"{4C795BFC-BF53-49FE-B563-0C194924175A}" = lport=137 | protocol=17 | dir=in | app=system | 
"{4D7AC7AB-C92E-4D3C-9C8F-FCC13AC552EA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{50EE43AD-15DA-46D3-9D61-E8AC076E637D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{554EC450-094C-43C9-ABBC-FAA54658E75A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5CB26342-473C-436A-818A-D8DC91F8C91D}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{5F207028-1998-4794-BA7C-E1A9D1C3B6DD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{631D8B3A-529D-416D-97D7-8B813DF2E8ED}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{64E52F38-D611-43E3-A9A1-1B251E8D6A64}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{6E207099-C83C-458D-AED4-B2916C048D28}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{73526175-250A-4798-BAB6-6D82636F8BBE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{89EFE265-E1A6-4E88-9421-A3A669E63357}" = rport=445 | protocol=6 | dir=out | app=system | 
"{9DFA0E9D-39C3-4D22-B3E6-32EE73ED76A5}" = lport=10301 | protocol=17 | dir=in | app=c:\program files\devolo\informer\devinf.exe | 
"{A97E9E66-E36A-4A83-ACFB-2796A1A533F2}" = rport=137 | protocol=17 | dir=out | app=system | 
"{ADA6E7CA-0EBA-453C-BE48-BEB2714AD344}" = lport=139 | protocol=6 | dir=in | app=system | 
"{B21D5DA9-4407-4FFD-B791-72FB4E250912}" = lport=28960 | protocol=6 | dir=in | name=cod4 | 
"{B3137CA7-6526-44DF-ADBA-BD51F36991D7}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{B42E7AEE-6A2B-4343-9461-0AB0DC54BFDD}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{B71098B0-C5F3-4858-986A-0EBC051D6732}" = rport=138 | protocol=17 | dir=out | app=system | 
"{BE6126A6-6ADB-4259-AD06-908C8BC5D1DA}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | 
"{C71B8A78-D6B2-419A-89DB-50CE72190F8E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{C967780B-3F94-4760-B0B7-F63F6DDBA795}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CA7DCB4F-B4AE-433A-8754-0E19DB0FEE8E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{DB1D00AB-4B99-47D6-80EF-A28E3F19A1DA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DD559780-8A6B-4BC0-BC71-B2B04EABF550}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{E28EF668-EBF9-49D5-88ED-AE89CAAB5EA6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{F37075E6-DF8E-4CE3-8407-29548006EB07}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F390B772-40D8-4A76-A5FD-AB50DE6A1E24}" = lport=10300 | protocol=6 | dir=in | app=c:\program files\devolo\informer\devinf.exe | 
"{F87DB93A-8A65-40BC-B857-B65B4BA22872}" = lport=445 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0014C0BA-205B-4149-9B05-CB56F8A58915}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{0065883F-1A8C-4049-BB2C-655E4C7925EC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{03C7F0EC-B50D-4FA2-9000-B8F2984698FA}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{05903F01-EA69-4353-9C67-9C94EEA1612C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0BB9F8C3-4F11-424E-BFB3-15F548B0125A}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-203 | 
"{101C2C69-BA7E-4E1B-B48E-F61A753E6F2D}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 
"{124E7BD5-10E7-4656-8052-A4F3AB8835C0}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe | 
"{15485653-9FE8-493B-970C-CA1D515C528B}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe | 
"{18795C90-77AF-4158-8F40-40F42D078CC6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1C53FC2B-B566-4552-951D-A53628B51D17}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{25EE3E7C-763D-4185-B9EB-CEA780989E0B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{28473026-2D1B-4B77-BA84-A0E5A2704323}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{30E64870-44A9-4CB1-9B14-022684A60092}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 
"{31D3C847-8189-400A-AE08-9910EC65C5A1}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{32A61BFF-3438-4AE3-AE81-BC950957B6D1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3791B316-7D65-4CA0-B0A8-FAF740333710}" = protocol=6 | dir=out | app=system | 
"{3FCBC69B-B200-4D06-86F4-2585B4E2B40A}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | 
"{3FF7E4F4-1BD6-4F05-812B-CAD61DFE9F36}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe | 
"{461F9B77-6F90-41D1-A464-880316AC593C}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{4A65E5CC-988B-407B-B52D-86B9AA240978}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{552CFEF1-E7AC-4F88-B2BE-3D3923DB85E3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{5E119DE7-1CBA-4835-A38B-C73660D18C12}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{5E1DD7FB-1178-4F48-8CF7-FF7033109253}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5F777A5C-DAF8-4DC3-A382-69CE3D9608E7}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe | 
"{7389CCD4-CDF6-44CA-9CCE-BB46741CBEE1}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | 
"{78EC60A4-320B-496B-90ED-4AC3BF99A198}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{816512E6-EB29-4A08-A763-F3F8B821ACF3}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | 
"{914D7F33-6967-429F-81A6-3BCAE17F8E82}" = protocol=58 | dir=in | app=system | 
"{9ED55FC4-B4B7-4E8A-9CBA-EE8426BAA40C}" = protocol=6 | dir=in | app=c:\program files\electronic arts\need for speed(tm) hot pursuit\launcher.exe | 
"{A55090BD-3654-4CA8-B53A-2B245B5696BB}" = protocol=17 | dir=in | app=c:\program files\electronic arts\need for speed(tm) hot pursuit\launcher.exe | 
"{AA0080CB-4788-4EFD-90A3-671B3D63338C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{AA088164-E56B-41C3-83E2-2FF443077B8E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AF00C150-65A5-4FF6-8E54-9AC6EDD6D7ED}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{B0D26DA5-42DC-43F7-86D9-4EBE7028F6C4}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe | 
"{B2489612-AB6D-4B8B-B6E8-D3AA5838CD1B}" = dir=in | app=c:\program files\hp\quickplay\qp.exe | 
"{BD3DE542-BFC0-4706-8BF9-F01D4DFC19B4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C217537B-B728-4A63-AF21-D8BBEDD0A6D6}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | 
"{CD9B160B-8168-4AD0-B412-5CE56F9B14C9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D186763E-6348-4F41-9995-266F79B5B465}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe | 
"{D7B0126E-A388-42F1-9E3F-0AF030D5AAE0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{E62CE6C7-F97A-4FE4-8A03-853C2B6D28A9}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{F5D562D9-BB0A-453C-8235-2EE11FA2CA05}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe | 
"{F70A60BC-FB90-488C-9A0A-9593A5C86E02}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{FD224169-2DDE-4920-98BA-87D4FCE00EE1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{1252B7A3-20B5-4984-9EEC-FC575FE3D48C}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{14CFB5A8-3160-455C-BBA4-8C5559078E69}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{2762A398-F718-46BF-B017-5D812D1F8D2C}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"TCP Query User{390503DC-5D29-4BD4-BD9E-F9B7E17D7E4B}C:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe | 
"TCP Query User{6144204B-BEE8-4BA1-988C-6C07E207584A}C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"TCP Query User{6458BF47-D5DB-4246-ACAA-E26C67DF6FDF}C:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe | 
"TCP Query User{74F68D95-45CC-49D9-8A64-3AC2082985A7}C:\program files\asus\gamerosd\sbs.exe" = protocol=6 | dir=in | app=c:\program files\asus\gamerosd\sbs.exe | 
"TCP Query User{786FF187-6C2F-4FC2-8C95-7930B451FD58}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{7F8CDB64-BF21-4BA3-91A2-CF9D633215D2}C:\program files\electronic arts\need for speed(tm) hot pursuit\nfs11.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\need for speed(tm) hot pursuit\nfs11.exe | 
"TCP Query User{872D96FE-0E56-470A-A1D8-F482D6048F2A}C:\program files\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"TCP Query User{A8EB65FC-DAA5-442B-AA29-18E0A7F97345}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"TCP Query User{AA420A76-7CCE-44D4-8259-EB9908F3712E}C:\program files\devolo\informer\devinf.exe" = protocol=6 | dir=in | app=c:\program files\devolo\informer\devinf.exe | 
"TCP Query User{C9B165C1-843F-41F3-B36D-97BA636FA56E}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{F138B2A5-F65F-4513-A1FF-FCCF7B3CDDBD}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{F377A149-BE65-4496-89CF-FEA21E562E38}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{F99B2A89-36B4-474C-BB93-C5DE3080D993}C:\program files\activision\call of duty 4 - modern warfare\iw3mp 1.7 patched.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp 1.7 patched.exe | 
"TCP Query User{F9C3A6F8-F4B2-4141-A706-616A6BD14FA7}C:\program files\hlsw\hlsw.exe" = protocol=6 | dir=in | app=c:\program files\hlsw\hlsw.exe | 
"UDP Query User{06EE2C64-6C67-49C8-B376-BB12EE07710B}C:\program files\electronic arts\need for speed(tm) hot pursuit\nfs11.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\need for speed(tm) hot pursuit\nfs11.exe | 
"UDP Query User{29CA7137-E326-49C6-9D69-F7747D5AD4E1}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{2A8D35C6-001F-4884-AE7D-CC32CB63E06D}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{361CA2A3-8DA2-49A4-9F06-B025BE31C50F}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"UDP Query User{39C842B5-4590-40BE-9A91-032612CBDF25}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"UDP Query User{3BC66CCF-CEB8-4FFF-BED7-64DDE74307F3}C:\program files\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"UDP Query User{564ADE94-4393-477D-82AE-87271E387483}C:\program files\hlsw\hlsw.exe" = protocol=17 | dir=in | app=c:\program files\hlsw\hlsw.exe | 
"UDP Query User{65503A8D-A917-4717-B542-6D5D242B1CBE}C:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe | 
"UDP Query User{65D4A092-3E9E-43A5-AF88-BA714B8FE44E}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{885BD7D7-8898-4199-9B60-93E0D4542C68}C:\program files\devolo\informer\devinf.exe" = protocol=17 | dir=in | app=c:\program files\devolo\informer\devinf.exe | 
"UDP Query User{8F5E2C06-987E-41AF-8105-BD5A9EA7614C}C:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe | 
"UDP Query User{BA548024-5A37-4861-BB9C-324BEB654C7C}C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"UDP Query User{BEA529BB-B7C7-4F6A-A3F3-9D02FADED7EC}C:\program files\asus\gamerosd\sbs.exe" = protocol=17 | dir=in | app=c:\program files\asus\gamerosd\sbs.exe | 
"UDP Query User{CDBB24A0-0C27-403D-9323-1580F5ACC006}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{D836FB33-9916-444D-95E2-F09E7097F5CD}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{E3A6A25B-22A3-4814-B0D8-AD7E07A5BDB8}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{E437B427-9A45-48F2-8160-3A63E287A3C0}C:\program files\activision\call of duty 4 - modern warfare\iw3mp 1.7 patched.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp 1.7 patched.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty(R) - World at War(TM) 1.6 Patch
"{06A940CD-4924-485E-8500-476C9E08A820}" = Samsung PC Studio 3
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0AAFCFAF-5544-EEAF-189B-C85B138112D1}" = ATI Catalyst Install Manager
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E592C31-09EF-3CA1-A7DE-05D13DFCF791}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{12453E04-9738-4D16-8408-D726532C2C69}" = ASUS VGA Driver
"{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty(R) - World at War(TM) 1.3 Patch
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1A0E9390-BFA1-40E9-BC22-AEE278ED7C4A}" = Microsoft SQL Server 2008 Native Client
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1D328E11-3B0C-388C-835D-C9C20E8C7734}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F0D5576-C383-4E5E-9906-0B47BECBB8B6}" = Hama Webcam Suite
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{283CF61A-FAB6-4690-0001-05B15D792AC7}" = freeTunes 2.0
"{28C3E5E6-5ACA-408D-9A46-089C5334EC97}" = HP Help and Support
"{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"{30DAA715-5032-40F9-A0AE-95C9AEBB3E3F}" = HP QuickTouch 1.00 D2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{32BC62C5-32B9-F838-ADD4-CFEF544C6888}" = ccc-core-static
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.7
"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{51E5C397-0AA0-48DD-9CB6-7259AFFDFB0A}" = HP Easy Setup - Frontend
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{582287DA-0806-4AC0-BF19-C15E3A466034}" = LightScribe System Software  1.12.33.2
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5FD89EA1-99C2-40EE-BBF5-20F8991ED756}" = Catalyst Control Center - Branding
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{738B0934-6676-44F6-AB52-32F4E60DCA7F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools (Deutsch)
"{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty(R) - World at War(TM) 1.7 Patch
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{771ABEA0-23AF-8F8E-63FE-168779F294B6}" = CCC Help English
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{7A529246-912F-4C40-A82A-E608DB702FD7}" = ASUS VideoSecurity Online
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{7F88C9E5-12BD-404F-AC6A-108BAAC9B708}" = ASUS Gamer OSD
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86B247F9-1D5E-CCC6-3280-71486D9A4E70}" = ATI Stream SDK v2 Developer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers 1.10.01
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial 
"{8B128562-681D-4FFA-BEBF-A825985B2CB9}" = AirPlus G DWL-G510
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}" = Paint.NET v3.5.8
"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library
"{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"{9F238A60-C445-4B81-8EDE-07DC924E98F8}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{A1399B3E-93A8-E865-EC9B-6B452E3094E5}" = Catalyst Control Center InstallProxy
"{A5CE7175-080D-49AC-B5A3-E7E3502428F5}" = HP Wireless Assistant
"{A611B2C0-5B79-4E84-B456-02B0D357BE3E}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup 
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-A83000000003}" = Adobe Reader 8.3.0 - Deutsch
"{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B16DA0F8-26BC-4FFC-9363-1D9F3E6C3E21}" = HP Customer Experience Enhancements
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B910DD1A-49B1-4068-9C08-E3C3AEC0C30A}" = Keyboard & Mouse Driver
"{BE4D9AE7-48F8-3A24-5C68-E064153618D3}" = Catalyst Control Center InstallProxy
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C92C89BB-1D11-C8D5-1584-D5259818479A}" = ccc-utility
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB71A20E-B1B4-4562-81FA-33E1DBD0342F}" = ProtectSmart Hard Drive Protection
"{CCAC7E52-ECCE-3C4D-B1BE-BC2ACF1C1C0E}" = Microsoft Visual Basic 2010 Express - DEU
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D074DC76-F6C9-440E-A1D0-1DE958417FDB}" = Microsoft SQL Server VSS Writer
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{DB837331-6864-4B66-7248-4CB823DB4222}" = Catalyst Control Center InstallProxy
"{DE042823-C359-4B87-B66B-308057E8B6AF}" = Camtasia Studio 7
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E989D16F-0B39-4E74-8BD5-149BEE1477FE}" = Microsoft SQL Server 2008 RsFx Driver
"{EEF985E8-8B36-4230-B174-117A2381C17F}" = LogMeIn Hamachi
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F47C09DB-746B-2ABA-819B-8FC759034E74}" = Catalyst Control Center Graphics Previews Common
"{F48098CD-2D66-4861-85EC-DC1D4D09D5F9}" = HP User Guides 0102
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9466082-90E9-4BE4-92F0-CF0AF195B0CF}" = hama PC-Webcam AC-140
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v1.50
"AIM_6" = AIM
"Avira AntiVir Desktop" = Avira AntiVir Premium
"BiosAgentPlus" = BiosAgentPlus Plugin for Netscape by eSupport.com
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"dlanconf" = devolo dLAN-Konfigurationsassistent
"dslmon" = devolo Informer
"ESET Online Scanner" = ESET Online Scanner v3
"FormatFactory" = FormatFactory 2.60
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Studio_is1" = Free Studio version 5.0.3
"Free Video Dub_is1" = Free Video Dub version 1.4
"Free YouTube Download_is1" = Free YouTube Download 2.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"FreePDF_XP" = FreePDF XP (Remove only)
"GPL Ghostscript 8.64" = GPL Ghostscript 8.64
"HLSW_is1" = HLSW v1.3.3.7b
"InstallShield_{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty(R) - World at War(TM) 1.6 Patch
"InstallShield_{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty(R) - World at War(TM) 1.3 Patch
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"InstallShield_{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty(R) - World at War(TM) 1.7 Patch
"InstallShield_{7A529246-912F-4C40-A82A-E608DB702FD7}" = ASUS VideoSecurity Online
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"InstallShield_{B910DD1A-49B1-4068-9C08-E3C3AEC0C30A}" = Keyboard & Mouse Driver
"InstallShield_{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"IrfanView" = IrfanView (remove only)
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.0.1200
"MegaTrainer XL_is1" = MegaTrainer XL V1.4.5.3-Beta
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual Basic 2010 Express - DEU" = Microsoft Visual Basic 2010 Express - DEU
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"Mozilla Thunderbird (3.1.11)" = Mozilla Thunderbird (3.1.11)
"NetworkActiv AUTAPF 1.1" = NetworkActiv AUTAPF 1.1
"Notepad++" = Notepad++
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"s4uVoctra" = s4uVoctra
"Samsung ML-191x 252x Series" = Wartung Samsung ML-191x 252x Series
"Uninstall_is1" = Uninstall 1.0.0.1
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"xvid" = XviD MPEG-4 Video Codec
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

--- --- ---

[/CODE]

Die korrupten event logs werden immer noch aufgeführt - what's next?

LG T

kira · 06.07.2011, 07:33

► berichte in welchem Zustand dein System sich befindet? Ob noch Probleme auftreten? - wenn ja, welche genau?

Toni_75 · 06.07.2011, 21:24

Hallo Kira,
habe meinem Sohn den Rechner heute wieder freigegeben - er berichtet alles verhielte sich normal, findet nichts auffälliges. Die Geschwindigkeit des Rechners hat sich offensichtlich ebenfalls deutlich gesteigert, die Umleitungen aus Google sind weg und die Sicherheitscenter-Fehlermeldung erscheint ebenfalls nicht mehr.
Könnte also durchaus sein, dass das System wieder in Ordnung ist - oder?

LG T

kira · 07.07.2011, 06:28

** Lass dein System in der nächste Zeit noch unter Beobachtung!

1.
Programme deinstallieren/entfernen, die wir verwendet haben und nicht brauchst, bis auf:

Code:

ATTFilter

CCleaner <-  Zeitweise laufen lassen:-> Anleitung

2.
Tool-Bereinigung mit OTL

Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.

Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
Speichere es auf Deinem Desktop.
Doppelklick auf OTL.exe um das Programm auszuführen.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Klicke auf den Button "Bereinigung"
OTL fragt eventuell nach einem Neustart.
Sollte es dies tun, so lasse dies bitte zu.

Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.

3.
reinige dein System mit Ccleaner:

"Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
"Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
Starte dein System neu auf

4.
wenn alles gut verlaufen ist und dein System läuft stabil, mache folgendes:
Erstelle manuell einen Wiederherstellungspunkt: Aktivieren und Deaktivieren der Systemwiederherstellung

5.
Ändere deine Passworte und Zugangsdaten! - von einem sauberen System aus
- Alle Passwörter, die auf dem kompromittierten System verwendet wurden (also z.B. Login-, Mail- oder Website-Passwörter, aber auch die PIN für das Online-Banking) sofort ändern (► am besten von einem anderen, nicht-infizierten Rechner aus! )
Tipps:
Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
auch noch hier unter: Sicheres Kennwort (Password)

Lesestoff Nr.1:

Wie erstelle ich ein eingeschränktes Benutzerkonto?
Software immer auf dem neuesten Stand halten!:
ALLE auf dem System installierten Programme und Treiber, sollten regelmäßig upgedatet werden um Sicherheitslücken zu vermeiden und um das reibungslose Arbeitsabläufe zu erreichen!
Ein sicherer Browser als IE z.B. *Ein Wechsel des Standardbrowsers zu...von SETI@home* - Firefox - FirefoxWiki/Einstellungen - Erweiterungen für Firefox - Standardbrowser
Sichere eMail Clients z.B. Thunderbird-->Erweiterungen für Mozilla Thunderbird
Sichere Paswort - Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
auch noch hier unter: Sicheres Kennwort (Password)
Die fünf häufigsten Passwort-Fehler[/b[

"Never accept software from strangers" - Installiere grundsätzlich immer nur Programme, die Du auch wirklich benötigst und von denen Du überzeugt bist, dass sie seriös sind.
Du hast die Wahl!, welche zusätzlichen Komponenten noch installiert werden sollen? -> Bei der Installation immer mitlesen, Sponsoren und Partnerprogramme, Toolbars oder eventuell noch andere extra angebotene Programme möglichst abwählen!

NICHT irgendwelche Programme aus dem Netz laden, wenn nicht zu 100% fest steht, dass es sich dabei um saubere Software handelt. Nette Versprechen der Hersteller garantieren noch lange keine einwandfreie Funktionsweise, also vorher blättere die Seiten bei GOOGLE, da kannst Du Dir wertvolle Informationen holen!!!

Vorsicht bei der Nutzung fremder Computer und anschliessbare Externe Speichermedien wie Festplatte, USB Sticks, Speicherkarten usw![/color] - IT-Betrüger machen keinen Urlaub!/bsi-fuer-buerger.de - auch zeitweise anschließen und scannen lassen (sehe unter `kostenlose Online-Viren-Scanner`)
Webseiten ohne Gültiges Impressum nicht besuchen
Lizenzkosten sparen? - Vorsicht bei Dateien/Programmen aus nicht vertrauenswürdigen Quellen! - "full Keygen, Crack, Serial, Warez, keygenerators" etc.
Sind immer verseucht mit diverse Malware/Schadprogramme/Code, es gibt keine seite wo Viren frei ist. (Man sollte nicht absitlich der Teufel holen) Eine weitere höchst unsichere Quelle ist das File-Sharing der sog. (Musik-)Tauschbörsen.
► Ausserdem machst Du dich damit strafbar!
Nur eine Firewall sowie ein Antiviren Programm verwenden, welche sich immer auf dem aktuellsten Stand befinden sollten!
Das Installieren von `zuviel` Software beeinträchtigt die Systemleistung und Sicherheit, verlangsamt den Start-Vorgang enorm und belastet den Arbeitsspeicher (weil laufen ja die Programme nebeneinander gleichzeitig, die viel Performance fressen, aber wenig Qualität bringen). Im Laufe der Zeit wird der rechner durch zu viel unnötigen Ballast immer langsamer, und unsicherer. Um so mehr Programme installiert sind, um so häufiger treten Probleme auf, die dann unter Umständen nur schwer lösen können. Dazu kommt noch, das einige Programme große Sicherheitsrisiken mit sich bringen
Virenscanner
BSI für Bürger
SETI@home - [Sicherheit] Sicherheitskonzept
Entwicklung schädlicher Websites/viruslist.com
Brennpunkt: Bilder und Töne
Gefährliche Bilder, schräge Töne/BSI

** Der gesunde Menschenverstand, Windows und Internet-Software sicher konfigurieren ist der beste Weg zur Sicherheit im Webverkehr ist !!

Zitat:

Da der Bestand der Datenbank wird täglich ergänzt und erweitert bzw werden mit der aktuellen Virendefinition die Informationen über den betroffenen Virus aufgenommen, empfehle ich dir mindestens einmal pro Woche (später genügt es sicherlich einmal im Monat) dein System Online Scannen lassen (immer mit einen anderen Scanner), um eine zweite Meinung einzuholen - Die auf dem Speichermedium gesicherten Daten sollten auch mit einbezogen werden!
(benutzen meist ActiveX und/oder Java): Kostenlose Online Scanner -

Lesestoff Nr.2:
► Kann sich auf Dauer eine Menge Datenmüll ansammeln, sich Fehlermeldungen häufen, der PC ist wahrscheinlich nicht mehr so schnell, wie früher:

Löschen der temporären Dateien in Windows
Verlauf, Cache und Cookies: Spuren beseitigen nach dem Surfen
hier nachlesen und hier microsoft.com
Wenn dein System reibungslos läuft, kannst zeitweise die alte Wiederherstellungspunkte entfernen: -> Alle Systemwiederherstellungspunkte bis auf den Letzten löschen
Oft den PC zu optimieren nütz wenig, der braucht jetzt eine Radikalkur (nach ca. 3-4 jahren, aber hängt von der Häufigkeit der Nutzung bzw Belastung ab): Anleitung: Neuaufsetzen des Systems + Absicherung
Staub, Fingerabdrücke, Handschweiß – PC und Peripherie sehen mit der Zeit ganz schön eklig aus, ausserdem laut, reagiert langsam und wird schnell heiß:
-> verschmutzte PCs sauber machen
-> Frühjahrsputz für den PC: Tipps zur Reinigung und Entrümpelung

wünsch Dir alles Gute

Toni_75 · 19.07.2011, 20:00

Hallo Kira,

bis jetzt alles bestens. Nochmals herzlichen Dank

LG T

Sicherheitscenter nicht aktivierbar / Google leitet um / AVIRA nicht updatebar / Rechner langsam

Log-Analyse und Auswertung: Sicherheitscenter nicht aktivierbar / Google leitet um / AVIRA nicht updatebar / Rechner langsam