| |
| |||||||
Log-Analyse und Auswertung: GVU Trojaner und jetzt?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
07.07.2012, 01:19
| #1 |
| |  GVU Trojaner und jetzt? Hallo zusammen, jetzt hat es mich auch erwischt. Die Webseite von der "GVU" mit der Zahlungsaufforderung habe ich erhalten. Der Taskmanager spricht nicht mehr an. Ich habe mit abgesicherten Modus gestartet und es geschafft, den McAfee-Scan zu starten. Der vollständig Scan hat folgende Meldung gebracht: Viren/Trojaner und Cokkies isoliert. Generic Exploit!pzm GE39c72b-39b899223 C:\Users\Home2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\6e39c72b-39b89923 wurd isoliert. Leider hat diese Maßmahme nicht den erhofften Erfolg gebracht. Anschließend habe ich mehrfach das Sytem mit und ohne F8 gestartet und auch tatsächlich geschafft, dasSystem aufrecht zu erhalten. So konnte ich OLT + Anti-Malware laufen lassen. Systen: Windows 7, 64 Bit, Anitivirs: McAfee Nachfolgend die Malwareergebnisse: Spyware.Zbot.DG File Spyware.Zbot.DG Memory Module Code:
ATTFilter OTL logfile created on: 06.07.2012 22:48:13 - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Home2\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,99 Gb Total Physical Memory | 4,11 Gb Available Physical Memory | 68,58% Memory free 11,98 Gb Paging File | 9,37 Gb Available in Paging File | 78,18% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1387,07 Gb Total Space | 1288,85 Gb Free Space | 92,92% Space Free | Partition Type: NTFS Drive D: | 200,60 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive J: | 465,76 Gb Total Space | 81,64 Gb Free Space | 17,53% Space Free | Partition Type: NTFS Computer Name: HOME2-PC | User Name: Home2 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Home2\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) PRC - C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) PRC - C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) PRC - C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis) PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) PRC - c:\xampp\mysql\bin\mysqld.exe () PRC - C:\xampp\apache\bin\httpd.exe (Apache Software Foundation) PRC - c:\xampp\apache\bin\httpd.exe (Apache Software Foundation) PRC - C:\Windows\SysWOW64\Ctxfihlp.exe (Creative Technology Ltd) PRC - C:\Windows\SysWOW64\CTxfispi.exe (Creative Technology Ltd) PRC - C:\Program Files (x86)\Duden\Duden Korrektor\DKTray.exe (Expert System S.p.A.) PRC - C:\Program Files (x86)\Duden\Duden-Bibliothek\dudenbib.exe (Bibliographisches Institut GmbH) PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) PRC - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe () PRC - C:\Program Files (x86)\klickTel\Telefon- und Branchenbuch Frühjahr 2010\kstart32.EXE (telegate MEDIA AG) PRC - C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe () PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe () PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks) PRC - C:\Program Files (x86)\Nuance\PDF Create! 6\PdfCreate6Hook.exe (Nuance Communications, Inc.) PRC - C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe () PRC - C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.) PRC - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) PRC - C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd) PRC - C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation) PRC - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE () PRC - C:\Program Files (x86)\Roxio\CinePlayer\DMXLauncher.exe () PRC - C:\Program Files (x86)\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe (Sonic Solutions) PRC - C:\Program Files (x86)\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe (Sonic Solutions) ========== Modules (No Company Name) ========== MOD - C:\Users\Home2\AppData\Local\Temp\glom0_og.exe () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\761fd1afc17f11bf6d49c3a7d16465ca\System.Web.Services.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Acronis\TrueImageHome\Common\ti_managers.dll () MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () MOD - C:\Program Files (x86)\Duden\Duden Korrektor\MBControls.dll () MOD - c:\Programme\McAfee\MSK\mskapbho.dll () MOD - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe () MOD - C:\Program Files (x86)\Dell DataSafe Online\de\DataSafeOnline.resources.dll () MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll () MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll () MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll () MOD - C:\Program Files (x86)\Dell DataSafe Online\de\SdbUI.resources.dll () MOD - C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll () MOD - C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STBRCCServCLR.dll () MOD - C:\program files (x86)\Dell DataSafe Local Backup\SftBRCCPiped.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCC.dll () MOD - C:\Windows\SysWOW64\CTXFIGER.DLL () MOD - C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe () MOD - C:\Windows\SysWOW64\APOMngr.DLL () MOD - C:\Windows\SysWOW64\CmdRtr.DLL () MOD - C:\Program Files (x86)\Roxio\CinePlayer\DMXLauncher.exe () MOD - C:\Windows\SysWOW64\HLINKPRX.DLL () ========== Win32 Services (SafeList) ========== SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe () SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe () SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (wltrysvc) -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE () SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SRV - (mfevtp) -- C:\Programme\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.) SRV - (StarMoney 8.0 OnlineUpdate) -- C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) SRV - (StarMoney 7.0 OnlineUpdate) -- C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) SRV - (SQLWriter) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (mysql) -- c:\xampp\mysql\bin\mysqld.exe () SRV - (Apache2.2) -- c:\xampp\apache\bin\httpd.exe (Apache Software Foundation) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs) SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs) SRV - (AdobeActiveFileMonitor8.0) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks) SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (RoxMediaDB10) -- c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) SRV - (DockLoginService) -- C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation) SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE () SRV - (RoxLiveShare) -- C:\Program Files (x86)\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe (Sonic Solutions) SRV - (RoxMediaDB) -- C:\Program Files (x86)\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe (Sonic Solutions) SRV - (RoxWatch) -- C:\Program Files (x86)\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe (Sonic Solutions) SRV - (RoxUPnPRenderer) -- C:\Program Files (x86)\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe (Sonic Solutions) SRV - (RoxUpnpServer) -- C:\Program Files (x86)\Roxio\Digital Home 8\RoxUpnpServer.exe (Sonic Solutions) ========== Driver Services (SafeList) ========== DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.) DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.) DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.) DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.) DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.) DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.) DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.) DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis) DRV:64bit: - (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273) -- C:\Windows\SysNative\drivers\tdrpm273.sys (Acronis) DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis) DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation) DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (ha20x22k) -- C:\Windows\SysNative\drivers\ha20x22k.sys (Creative Technology Ltd) DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys (Creative Technology Ltd) DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd) DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd) DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV:64bit: - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd) DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd) DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.) DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.) DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.) DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.) DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.) DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.) DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH) DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation) DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation) DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation) DRV:64bit: - (vpcuxd) -- C:\Windows\SysNative\drivers\vpcuxd.sys (Microsoft Corporation) DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation) DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\bcm42rly.sys (Broadcom Corporation) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (RxFilter) -- C:\Windows\SysNative\drivers\RxFilter.sys (Sonic Solutions) DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (DFUBTUSB) -- C:\Windows\SysNative\drivers\frmupgr.sys (Broadcom Corporation.) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (RxFilter) -- C:\Windows\SysWOW64\drivers\RxFilter.sys (Sonic Solutions) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0D373E36-5D79-49FA-A10D-145F98B0AE6C} IE:64bit: - HKLM\..\SearchScopes\{0D373E36-5D79-49FA-A10D-145F98B0AE6C}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {22e03916-85c5-44b0-8dc9-1830c11238d9} - C:\Program Files (x86)\Elf_1\prxtbElf_.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} IE - HKLM\..\SearchScopes\{51349ADB-FB3D-47C7-B6BA-C5307B322DC5}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2856415 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\URLSearchHook: {22e03916-85c5-44b0-8dc9-1830c11238d9} - C:\Program Files (x86)\Elf_1\prxtbElf_.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&babsrc=SP_def&AF=10588 IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2856415 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/home" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: ietab@ip.cn:1.95.20100933 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.7.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.2b FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.2.0 FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.20.00 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31 FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=adbartrp&mntrId=34908e13000000000000904ce5303a63&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\Home2\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( ) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Home2\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Home2\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012.07.02 10:42:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.30 19:25:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.30 19:25:25 | 000,000,000 | ---D | M] [2010.03.15 22:57:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home2\AppData\Roaming\mozilla\Extensions [2012.04.12 16:51:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home2\AppData\Roaming\mozilla\Firefox\Profiles\hsp7vlg4.default\extensions [2011.06.19 18:01:22 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\Home2\AppData\Roaming\mozilla\Firefox\Profiles\hsp7vlg4.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} [2012.02.10 13:44:27 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Home2\AppData\Roaming\mozilla\Firefox\Profiles\hsp7vlg4.default\extensions\ffxtlbr@babylon.com [2011.06.25 23:10:28 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\Home2\AppData\Roaming\mozilla\Firefox\Profiles\hsp7vlg4.default\extensions\firebug@software.joehewitt.com [2011.01.29 15:41:31 | 000,000,000 | ---D | M] (IE Tab Plus) -- C:\Users\Home2\AppData\Roaming\mozilla\Firefox\Profiles\hsp7vlg4.default\extensions\ietab@ip.cn [2012.02.10 13:32:34 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Home2\AppData\Roaming\mozilla\Firefox\Profiles\hsp7vlg4.default\extensions\plugin@yontoo.com [2012.06.30 19:25:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.06.15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.05.31 20:32:58 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll [2012.03.01 13:16:57 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.10 13:44:26 | 000,002,275 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Search the web (Babylon) (Enabled) CHR - default_search_provider: search_url = hxxp://search.babylon.com/?q={searchTerms}&babsrc=SP_def&mntrId=34908e13000000000000904ce5303a63 CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Home2\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\Home2\AppData\Local\Google\Chrome\Application\18.0.1025.168\gears.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Home2\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Google Update (Enabled) = C:\Users\Home2\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll CHR - plugin: Protect Disc License Acquisition Plugin (Enabled) = C:\Users\Home2\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\Home2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: YouTube = C:\Users\Home2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Google-Suche = C:\Users\Home2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: Google-Suche = C:\Users\Home2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Yontoo = C:\Users\Home2\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.1_0\ CHR - Extension: Yontoo = C:\Users\Home2\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.2_0\ CHR - Extension: Google Mail = C:\Users\Home2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ CHR - Extension: Google Mail = C:\Users\Home2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\McAfee\SystemCore\ScriptSn.20120626234901.dll (McAfee, Inc.) O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Elf 1 Toolbar) - {22e03916-85c5-44b0-8dc9-1830c11238d9} - C:\Program Files (x86)\Elf_1\prxtbElf_.dll (Conduit Ltd.) O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\McAfee\MSK\mskapbho.dll () O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120701162754.dll (McAfee, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation) O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Elf 1 Toolbar) - {22e03916-85c5-44b0-8dc9-1830c11238d9} - C:\Program Files (x86)\Elf_1\prxtbElf_.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Elf 1 Toolbar) - {22E03916-85C5-44B0-8DC9-1830C11238D9} - C:\Program Files (x86)\Elf_1\prxtbElf_.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4:64bit: - HKLM..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent File not found O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.) O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd) O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe () O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [DMXLauncher] C:\Program Files (x86)\Roxio\CinePlayer\DMXLauncher.exe () O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [Nuance PDF Create! 6-reminder] C:\Program Files (x86)\Nuance\PDF Create! 6\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDF6 Registry Controller] C:\Program Files (x86)\Nuance\PDF Create! 6\RegistryController.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Create! 6\pdfcreate6hook.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKLM..\Run: [SAOB Monitor] C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd) O4 - HKCU..\Run: [Duden Korrektor SysTray] C:\Program Files (x86)\Duden\Duden Korrektor\DKtray.exe (Expert System S.p.A.) O4 - HKCU..\Run: [PixelPlanet PdfPrinter-Monitor] "C:\Program Files (x86)\PixelPlanet\PdfPrinter 6\PdfPrinterMonitor.exe" File not found O4:64bit: - HKLM..\RunOnce: [DSUpdateLauncher] c:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\runhstart.bat () O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks) O4 - HKLM..\RunOnce: [STToasterLauncher] C:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe () O4 - HKLM..\RunOnceEx: [ContentMerger] c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe (Sonic Solutions) O4 - Startup: C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telefon- und Branchenbuch Frühjahr 2010 - Schnellstarter.lnk = C:\Program Files (x86)\klickTel\Telefon- und Branchenbuch Frühjahr 2010\kstart32.EXE (telegate MEDIA AG) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8:64bit: - Extra context menu item: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8:64bit: - Extra context menu item: Linkinhalt an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: PDF-Datei aus Linkinhalt erstellen - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8:64bit: - Extra context menu item: PDF-Datei erstellen - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8:64bit: - Extra context menu item: PDF-Dateien aus den ausgewählten Links erstellen - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: An vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: Linkinhalt an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: PDF-Datei aus Linkinhalt erstellen - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: PDF-Datei erstellen - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: PDF-Dateien aus den ausgewählten Links erstellen - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: dyndns.org ([sanktpetri] https in Trusted sites) O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Microsoft Data Collection Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553530000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4AFDC60-62B8-4548-82F2-72B1ED4E05B8}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DFFDD980-D70A-4713-A74F-9AB14F97CAA6}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{605960f1-f2c9-11de-9c04-002564e9a1b5}\Shell - "" = AutoRun O33 - MountPoints2\{605960f1-f2c9-11de-9c04-002564e9a1b5}\Shell\AutoRun\command - "" = I:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.06 22:45:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2012.06.30 19:25:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012.06.30 19:25:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.06.30 19:12:51 | 000,000,000 | ---D | C] -- C:\Users\Home2\AppData\Local\Macromedia [2012.06.25 18:41:04 | 000,000,000 | ---D | C] -- C:\TEMP [2012.06.24 17:44:03 | 000,000,000 | ---D | C] -- C:\Users\Home2\Documents\HMSP2013 [2012.06.23 12:17:51 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2012.06.23 12:17:51 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2012.06.23 12:17:51 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2012.06.23 12:16:30 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2012.06.23 12:16:30 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2012.06.23 12:16:30 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2012.06.23 12:16:03 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2012.06.23 12:16:03 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2012.06.14 00:29:28 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.06.14 00:29:28 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.06.14 00:29:28 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.06.14 00:29:27 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.06.14 00:29:26 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.06.14 00:29:26 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.06.14 00:29:25 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.06.14 00:29:25 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.06.14 00:29:23 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.06.14 00:29:23 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.06.14 00:29:23 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.06.14 00:29:23 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.06.14 00:29:22 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.06.13 18:17:17 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.06.13 18:17:08 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.06.13 18:17:06 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.06.13 18:17:04 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll [2012.06.13 18:17:04 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll [2012.06.13 18:17:03 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe [2012.06.13 18:16:45 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll [2012.06.13 18:16:36 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012.06.13 18:16:31 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012.06.12 15:41:55 | 000,000,000 | ---D | C] -- C:\Buch [2012.06.08 12:42:52 | 000,000,000 | ---D | C] -- C:\Users\Home2\Documents\Access2010_BHV [2010.01.05 18:12:58 | 008,656,832 | ---- | C] (Dell, Inc. ) -- C:\Users\Home2\AppData\Roaming\DataSafeDotNet.exe [3 C:\Users\Home2\Documents\*.tmp files -> C:\Users\Home2\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.06 22:56:46 | 004,503,728 | ---- | M] () -- C:\ProgramData\go_0molg.pad [2012.07.06 22:51:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2855445283-1414569937-4144548128-1003UA.job [2012.07.06 22:51:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.06 22:48:12 | 000,014,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.06 22:48:12 | 000,014,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.06 22:43:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.06 22:40:49 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.06 22:40:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.06 22:40:28 | 529,883,135 | -HS- | M] () -- C:\hiberfil.sys [2012.07.06 19:58:35 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000004-00000000-00000000-00001102-0000000B-00441102}.rfx [2012.07.06 19:58:35 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000004-00000000-00000000-00001102-0000000B-00441102}.rfx [2012.07.06 19:58:35 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000004-00000000-00000000-00001102-0000000B-00441102}.rfx [2012.07.06 16:22:54 | 000,001,887 | ---- | M] () -- C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.07.06 09:51:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2855445283-1414569937-4144548128-1003Core.job [2012.07.04 18:28:36 | 004,378,624 | ---- | M] () -- C:\Users\Home2\Documents\Nordwind3.accdb [2012.07.03 18:32:11 | 001,800,940 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.03 18:32:11 | 000,770,342 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.03 18:32:11 | 000,711,756 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.03 18:32:11 | 000,178,750 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.03 18:32:11 | 000,144,700 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.30 19:25:34 | 000,001,136 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.06.30 18:55:00 | 000,002,405 | ---- | M] () -- C:\Users\Home2\Desktop\Google Chrome.lnk [2012.06.30 15:57:35 | 004,304,896 | ---- | M] () -- C:\Users\Home2\Documents\Northwind 2007.accdb [2012.06.30 15:56:27 | 002,752,512 | ---- | M] () -- C:\Users\Home2\Documents\Marketingprojekte.accdb [2012.06.30 15:54:52 | 004,161,536 | ---- | M] () -- C:\Users\Home2\Documents\Gemeinnützige Spenden-Webdatenbank.accdb [2012.06.30 15:54:33 | 003,305,472 | ---- | M] () -- C:\Users\Home2\Documents\Gemeinnützige Spenden.accdb [2012.06.30 14:39:23 | 000,925,696 | ---- | M] () -- C:\Users\Home2\Documents\Institut.accdb [2012.06.30 14:37:18 | 002,564,096 | ---- | M] () -- C:\Users\Home2\Documents\Projekte.accdb [2012.06.30 14:36:39 | 001,642,496 | ---- | M] () -- C:\Users\Home2\Documents\Probleme2.accdb [2012.06.30 14:13:58 | 001,191,936 | ---- | M] () -- C:\Users\Home2\Documents\Aufgaben3.accdb [2012.06.30 14:10:29 | 004,403,200 | ---- | M] () -- C:\Users\Home2\Documents\Nordwind2.accdb [2012.06.25 19:09:08 | 000,001,804 | ---- | M] () -- C:\Users\Home2\Desktop\Adressdatenverwaltung2010.accdb - Verknüpfung.lnk [2012.06.23 21:51:13 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.06.23 21:51:13 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.06.23 15:20:44 | 000,770,048 | ---- | M] () -- C:\Users\Home2\Documents\CreaKombi.accdb [2012.06.21 17:45:27 | 001,581,056 | ---- | M] () -- C:\Users\Home2\Documents\Kontakte2.accdb [2012.06.18 17:55:52 | 000,897,024 | ---- | M] () -- C:\Users\Home2\Documents\Lieferantensuche97-2.accdb [2012.06.18 16:54:54 | 000,692,224 | ---- | M] () -- C:\Users\Home2\Documents\CreaKombi2.accdb [2012.06.16 21:31:53 | 000,442,368 | ---- | M] () -- C:\Users\Home2\Documents\Benutzerverwaltung97.accdb [2012.06.16 19:20:50 | 000,688,128 | ---- | M] () -- C:\Users\Home2\Documents\CreaKombi1.accdb [2012.06.16 18:48:26 | 000,212,992 | ---- | M] () -- C:\Users\Home2\Documents\OptTest.mdb [2012.06.14 14:22:30 | 000,482,160 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.13 14:48:22 | 000,000,406 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2012.06.08 11:27:42 | 002,760,704 | ---- | M] () -- C:\Users\Home2\Documents\Database2.accdb [2012.06.08 11:22:28 | 002,830,336 | ---- | M] () -- C:\Users\Home2\Documents\Gemeinnützige Spenden4.accdb [3 C:\Users\Home2\Documents\*.tmp files -> C:\Users\Home2\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.06 16:22:54 | 004,503,728 | ---- | C] () -- C:\ProgramData\go_0molg.pad [2012.07.06 16:22:54 | 000,001,887 | ---- | C] () -- C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.07.04 18:26:17 | 004,378,624 | ---- | C] () -- C:\Users\Home2\Documents\Nordwind3.accdb [2012.06.30 19:25:34 | 000,001,148 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.06.30 14:38:41 | 000,925,696 | ---- | C] () -- C:\Users\Home2\Documents\Institut.accdb [2012.06.30 14:36:52 | 002,564,096 | ---- | C] () -- C:\Users\Home2\Documents\Projekte.accdb [2012.06.30 14:31:15 | 001,642,496 | ---- | C] () -- C:\Users\Home2\Documents\Probleme2.accdb [2012.06.30 14:10:48 | 001,191,936 | ---- | C] () -- C:\Users\Home2\Documents\Aufgaben3.accdb [2012.06.30 14:00:49 | 004,403,200 | ---- | C] () -- C:\Users\Home2\Documents\Nordwind2.accdb [2012.06.25 19:06:31 | 000,001,804 | ---- | C] () -- C:\Users\Home2\Desktop\Adressdatenverwaltung2010.accdb - Verknüpfung.lnk [2012.06.21 17:44:12 | 001,581,056 | ---- | C] () -- C:\Users\Home2\Documents\Kontakte2.accdb [2012.06.18 17:50:32 | 000,897,024 | ---- | C] () -- C:\Users\Home2\Documents\Lieferantensuche97-2.accdb [2012.06.18 16:54:03 | 000,692,224 | ---- | C] () -- C:\Users\Home2\Documents\CreaKombi2.accdb [2012.06.16 19:20:10 | 000,688,128 | ---- | C] () -- C:\Users\Home2\Documents\CreaKombi1.accdb [2012.06.10 12:58:23 | 000,770,048 | ---- | C] () -- C:\Users\Home2\Documents\CreaKombi.accdb [2012.06.08 11:23:40 | 002,760,704 | ---- | C] () -- C:\Users\Home2\Documents\Database2.accdb [2012.06.08 11:22:47 | 002,752,512 | ---- | C] () -- C:\Users\Home2\Documents\Marketingprojekte.accdb [2012.06.08 11:21:29 | 002,830,336 | ---- | C] () -- C:\Users\Home2\Documents\Gemeinnützige Spenden4.accdb [2012.04.18 23:07:46 | 000,003,584 | ---- | C] () -- C:\Users\Home2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.11.19 14:21:58 | 000,008,192 | ---- | C] () -- C:\Users\Home2\AppData\Roaming\DMX.bmk [2011.11.19 14:20:03 | 000,000,093 | ---- | C] () -- C:\Users\Home2\AppData\Local\fusioncache.dat [2011.10.21 18:16:54 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\Wrkgadm.exe [2011.01.13 17:13:23 | 000,009,097 | ---- | C] () -- C:\Windows\DirPrintOK.ini [2010.10.20 11:44:08 | 000,446,464 | ---- | C] () -- C:\Windows\SysWow64\Tx32.dll [2010.10.20 11:44:08 | 000,000,151 | ---- | C] () -- C:\Windows\SysWow64\ic32.ini [2010.09.15 11:49:28 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2010.08.21 14:59:46 | 000,002,585 | ---- | C] () -- C:\Windows\Uileitz.INI [2010.08.21 13:35:33 | 000,000,302 | ---- | C] () -- C:\Windows\lpp32.ini [2010.08.21 13:25:13 | 000,000,051 | ---- | C] () -- C:\Windows\NetEasyPrint_Server_Demo.ini [2010.08.21 13:25:10 | 000,058,910 | ---- | C] () -- C:\Windows\uinst32etzsd.ini [2010.08.21 13:25:02 | 000,000,030 | ---- | C] () -- C:\Windows\m_s.ini [2010.08.12 22:14:11 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe [2010.04.06 00:06:06 | 000,007,666 | ---- | C] () -- C:\Users\Home2\AppData\Local\Resmon.ResmonCfg [2010.03.24 12:29:32 | 000,000,406 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010.01.15 23:06:41 | 000,000,760 | ---- | C] () -- C:\Users\Home2\AppData\Roaming\setup_ldm.iss ========== LOP Check ========== [2011.05.18 12:27:09 | 000,000,000 | ---D | M] -- C:\Users\Home2\AppData\Roaming\0126897F-D2F4-4FFA-BCDE-A9183300CB3D [2011.01.27 13:09:47 | 000,000,000 | ---D | M] -- C:\Users\Home2\AppData\Roaming\67ED2350-3659-4781-8F9E-EC74F2D6811F [2011.09.25 10:49:21 | 000,000,000 | ---D | M] -- C:\Users\Home2\AppData\Roaming\938AE64A-0A39-4E80-A227-70A147B42D15 [2010.09.18 17:42:05 | 000,000,000 | ---D | M] -- C:\Users\Home2\AppData\Roaming\AC9AC5A4-6092-4A4A-8831-837180105E05 [2011.09.25 11:00:16 | 000,000,000 | ---D | M] -- C:\Users\Home2\AppData\Roaming\Acronis [2011.11.10 19:58:28 | 000,000,000 | ---D | M] -- C:\Users\Home2\AppData\Roaming\AquaSoft [2010.06.03 10:58:11 | 000,000,000 | ---D | M] -- C:\Users\Home2\AppData\Roaming\Avery [2010.08.13 13:14:25 | 000,000,000 | ---D | M] -- C:\Users\Home2\AppData\Roaming\CAD-KAS [2012.01.28 17:40:26 | 000,000,000 | ---D | M] -- C:\Users\Home2\AppData\Roaming\Canon [2010.10.31 18:30:17 | 000,000,000 | ---D | M] -- C:\Users\Home2\AppData\Roaming\Duden [2012.02.10 13:35:36 | 000,000,000 | ---D | M] -- C:\Users\Home2\AppData\Roaming\IrfanView [2010.03.12 19:25:35 | 000,000,000 | ---D | M] -- C:\Users\Home2\AppData\Roaming\klickTel [2010.01.15 23:06:47 | 000,000,000 | ---D | M] -- C:\Users\Home2\AppData\Roaming\Leadertech [2012.02.24 13:27:45 | 000,000,000 | ---D | M] -- C:\Users\Home2\AppData\Roaming\LogoMaker [2010.06.29 08:19:10 | 000,000,000 | ---D | M] -- C:\Users\Home2\AppData\Roaming\Nuance [2011.01.31 16:07:40 | 000,000,000 | ---D | M] -- C:\Users\Home2\AppData\Roaming\Opera [2010.05.30 16:59:55 | 000,000,000 | ---D | M] -- C:\Users\Home2\AppData\Roaming\PixelPlanet [2010.10.20 12:07:58 | 000,000,000 | ---D | M] -- C:\Users\Home2\AppData\Roaming\ProtectDisc [2010.07.16 19:32:13 | 000,000,000 | ---D | M] -- C:\Users\Home2\AppData\Roaming\Sigel [2012.05.31 14:13:43 | 000,000,000 | ---D | M] -- C:\Users\Home2\AppData\Roaming\SmartTools [2010.03.25 19:47:45 | 000,000,000 | ---D | M] -- C:\Users\Home2\AppData\Roaming\Zeon [2012.06.26 21:16:31 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Word-Privat:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\WebProf:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Test-Datenbanken:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Spenderessen2011:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Seminare_2Halbjahr2011:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Seminare_20062011:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Privat:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Petri-Zuwendungsverwaltung:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\PdfGrabber:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\PDF-Favoriten:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\PDF_Dokumente:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Outlook-Dateien:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\OneNote-Notizbücher:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\ÖffentlichSeminare2010_Temporär:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\ÖffentlicheSeminare2012:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\ÖffentlicheSeminare2011:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\ÖffentlicheSeminare2010_alt:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\ÖffentlicheSeminare2010:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\My Albums:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Meine Websites:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\LogoMaker:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Klub Q:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\HmspZusammenstellungaus2010_2011:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\HMSP2013:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\HMSP2012_2HJ:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Hmsp2012_03112011:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\HMSP2012:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Hmsp2011:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Hmsp_Sept2010:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Hmsp_Herbst2011:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Helferdatei:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\HD-BSZ_21062011:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\HD-BSZ_12082011:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\HD-BSZ_11012011:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\HD-BSZ:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\FlyerSeminar2012:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Entwurf_Jahresbericht:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\EinstiegCSS:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Eigene Datenquellen:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\diashow1.mpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\diashow.mpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Desktopablegen:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\CSS_Website:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\css_pur:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\BSZ-WORD:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\BSZ-Statistik:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\BSZ-Logos:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\BSZ-Fahrtkosten:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\BSZ-Fachberatung:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\BSZ_Website_Bilder:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\BSZ_Veranstaltungen:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\BSZ_Umstellung2010:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\BSZ_EXCEL:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\BSZ:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Bildungsspender:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\belkin:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Ausstellung-Zuhoeren-St-Petri-e-mail.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\AccessBasics:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Access2010_VBA:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Access2010_Trainingsbuch:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Access2010_Programmierung:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Access2010_Kulpa:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Access2010_DB_entwickeln:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Access2010_BHV:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Access2010_Basis:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\2011:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\01022012:Roxio EMC Stream @Alternate Data Stream - 240 bytes -> C:\ProgramData\TEMP:07C8C7C8 < End of report > Code:
ATTFilter OTL Extras logfile created on: 07.07.2012 00:28:26 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Home2\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
5,99 Gb Total Physical Memory | 4,21 Gb Available Physical Memory | 70,24% Memory free
11,98 Gb Paging File | 9,10 Gb Available in Paging File | 75,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1387,07 Gb Total Space | 1288,83 Gb Free Space | 92,92% Space Free | Partition Type: NTFS
Drive J: | 465,76 Gb Total Space | 81,64 Gb Free Space | 17,53% Space Free | Partition Type: NTFS
Computer Name: HOME2-PC | User Name: Home2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02E7FFFF-727F-4BFA-8B15-4C26CC8F1F8C}" = lport=139 | protocol=6 | dir=in | app=system |
"{08496CAE-732A-4CAA-A691-866B52C293A0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0EA52B19-2726-4B75-B653-D436B5ED08ED}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{27500981-4395-4BF8-9E90-952F7324C059}" = lport=445 | protocol=6 | dir=in | app=system |
"{29A2ADF8-CD71-4FD7-8DE9-8F4C0A5E2ABF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3270D079-E467-4620-9D07-D43C7FB87299}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3E0830F9-AD53-4A6B-AF53-0AE41DE0C876}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5ACEC3C6-DAF4-4234-883F-C1C394FEC0C8}" = rport=445 | protocol=6 | dir=out | app=system |
"{7C953E1D-09B5-4704-8C3B-2FF4A75F85FD}" = rport=138 | protocol=17 | dir=out | app=system |
"{8491CF4E-8392-4125-BDFB-B480109BB374}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8B6021CB-FC82-40D8-889F-F2D0AC277750}" = lport=2869 | protocol=6 | dir=in | app=system |
"{95A918D2-537C-410E-9219-0DD90D2EDC75}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{9737F082-F2CE-4651-A84D-346D954FFF42}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9EEAD624-F5FB-46AF-BCD5-F3121A61713D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A5207D60-30E5-4EB6-84A0-C15947ACCBAF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{BB3C72DF-7CEA-4B5F-B911-8DBFBADCF21D}" = lport=138 | protocol=17 | dir=in | app=system |
"{BC914EA2-DE50-4C49-8C17-AA5CA3C2EE19}" = rport=139 | protocol=6 | dir=out | app=system |
"{C2944231-CCCB-4143-862C-745F0401E9D9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C2BCD2BF-D30B-4A39-8368-E4239CFB227D}" = rport=137 | protocol=17 | dir=out | app=system |
"{CA9F267E-20C7-4284-95CC-45121A57A6EB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D16A9DFC-F0A8-468E-9AF7-D0495ED2D9DE}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{DA3615C0-7A5A-4FA6-ABE6-F3E40A533748}" = lport=137 | protocol=17 | dir=in | app=system |
"{DACBA6BB-EFF8-4B7D-83F4-7EB5BD54CB57}" = lport=10243 | protocol=6 | dir=in | app=system |
"{EA91099A-555E-421D-B4CF-303BFF5DF77B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F1ADBA44-3595-4190-B683-324E5E61931A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F7989AED-6CA6-4110-9635-F112CCA300C8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FEC70EA4-F29B-4924-99B7-E57859E4BEC1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05A15342-742E-4B20-A1DB-D01241C815F2}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
"{0EC4EFFF-7AF7-4038-A9C2-F6D238E9437F}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{0FBAC44C-3F72-4913-85E6-9A39DB30DFCC}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\digital home 8\roxupnpserver.exe |
"{17C35E02-FF5F-4887-A435-364F4F8B56C2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1E9360B9-E6FB-4ABC-9924-7065409FB5D7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{21EBA9E1-52F2-4494-831A-02C24B560135}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{23F29A2D-79C9-40F8-BF41-6A2B8D853ADF}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{23F6AA5E-A0E6-46CB-8D6F-4E6911548A2C}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 8.0\app\starmoney.exe |
"{27FE0DC4-1E19-4D20-9EA9-D509F64509FD}" = protocol=6 | dir=out | app=system |
"{30DAB7CF-DC65-46EF-839F-B8D10BE1390E}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{31E2492F-A5F8-4258-9892-65314B113E34}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{331F90C1-9704-43BC-9177-0EA3C855F456}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{3749C3EE-F20D-4C9F-AE91-34530E9A45EB}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 7.0\app\starmoney.exe |
"{405A49D2-5603-4E8C-A5C7-B06F69B413A8}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 7.0\ouservice\starmoneyonlineupdate.exe |
"{41D8664A-8545-411A-A4E4-603C5C267F71}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{429BE60A-347F-45BA-B750-72FD8ABA6A4D}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\digital home 8\roxupnpserver.exe |
"{498E14AB-D9E0-43BD-B2A7-65F3A568B0DF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4A26878C-2DAE-49DC-A2BF-52A277F043E9}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 7.0\app\starmoney.exe |
"{4F401F38-A2AB-4345-B3DD-0B33214DD3C7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{517B0BAB-7371-4225-B58F-9242C990981E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{54165524-05E6-403E-BF40-C8CB59C86B32}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{54EE6E2E-032D-4EA8-AE38-67FF7D19B3CA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5599FDCD-C045-4B11-89EE-BD12ACBEE4CC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{595FC0BB-5F03-4CE5-A68E-36C6219084E9}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{671A2183-8029-4A48-9CAF-FF042FFFF11B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6AB7CC49-7480-42C4-BEFF-FAE7C6211B85}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{75A232A5-C4F9-45AB-832E-A8A84E63DE43}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{7F44DEF8-953C-466F-B24F-94DDE3C4B93A}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 7.0\ouservice\starmoneyonlineupdate.exe |
"{81F02F20-8F76-4B90-A490-F09F0B55922B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{90903269-1931-4CD9-B129-1AB6AA2D8EC6}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\powerdvd.exe |
"{945845C6-6FA3-4C95-99A7-6E472DBB6043}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{94C4570B-E6D7-4ADA-832C-720A217ACF5F}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{B5A7DD1C-ED4A-44A4-B738-FB17070BDD99}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 8.0\app\starmoney.exe |
"{B73E351A-4DB5-4FA9-A44C-5A77C9933E62}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B81A2694-EB74-4A7A-BF5C-A978E5D4EF73}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{C09D74ED-9DB4-4A76-AE98-54F3C5FD992E}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 8.0\ouservice\starmoneyonlineupdate.exe |
"{C25AB976-782A-4C88-81E6-C4AD172F8048}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{D5EC8AB9-8601-4F4B-8B09-DB9392D11643}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DF08BB4F-15A1-4557-87A8-775A6B6D9ABB}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 8.0\ouservice\starmoneyonlineupdate.exe |
"{F0A8A588-8999-43A9-ACFE-90CA46541B1F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FBB1FF65-359D-401B-8619-3AF193D8F8DC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{02AD9D20-03D2-4DE0-8793-E8253026AD86}" = EMCGadgets64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807" = CanoScan LiDE 200 Scanner Driver
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{1FBEA8BA-D40B-48BC-85BC-EE2D5575F27C}" = Microsoft SQL Server VSS Writer
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7C39E0D1-E138-42B1-B083-213EC2CF7692}" = Microsoft SQL Server Native Client
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9035EEAC-E957-467C-89F7-90C48AA26331}" = Nuance PDF Create! 6
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID-Anmelde-Assistent
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"NVIDIA Drivers" = NVIDIA Drivers
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00F0E3D5-D6C8-4997-BB42-7F5784C8586B}" = Roxio Creator 8.2 XE
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis True Image Home 2011
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Create
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{1FCBD504-AB7D-4757-9A14-850348384B08}" = StarMoney
"{20288888-A7AF-4B24-8AEB-398D20CD563C}" = Sound Blaster X-Fi
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2B10F0FA-2BCB-4B08-96FB-BD0788B16564}" = klickTel Telefon- und Branchenbuch Frühjahr 2010
"{2E8ECB58-EE3A-452C-B57E-1B982735F0F2}" = Duden Korrektor PLUS
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3FF8E8A7-5BA8-4D9E-B976-B05B2B00B0AE}" = Microsoft Expression Web 4
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D26B533-269B-4C01-B59E-80A6864824A5}" = Microsoft Expression Encoder 4
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy CD and DVD Burning
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5C81B189-5456-40C4-9313-7FE6FA6DD64C}" = Duden-Bibliothek
"{612B5D2E-8084-4102-91DE-24281E4EFB2C}" = Roxio Easy CD and DVD Burning
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{660B9447-5F6A-463E-B2D5-F2EEF9C3EE15}" = Microsoft Access 2010 Interactive Guide DEU
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{837E620D-B93E-4D84-A753-BE1DBEB716B1}" = StarMoney
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86F4B795-EA3D-48BD-ADFA-DA44B39059F9}" = StarMoney
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A4C0D1E-40F9-48DF-A8ED-AC7E60A5DDCA}" = StarMoney 7.0
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8FD0F94D-4594-48A0-BE99-5265367603D8}" = Microsoft Expression Design 4
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F0A32A5-4EBF-4B9D-A3CD-31579F2E1400}" = Multimedia Card Reader
"{9FFC4C2D-374D-482B-AA58-67282CE23695}" = AquaSoft DiaShow 7 Premium
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92A4DB0-CD37-42D1-BE1D-603D53C24328}" = Intel(R) Programm für die Prozessorerkennung
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2F2B987-F2BC-4969-95F2-92099486B811}" = StarMoney
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F21D2032-60FE-4729-9C87-46F1615FB965}" = Microsoft Expression Encoder 4 Screen Capture Codec
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5993FCC-DF5D-4879-B70D-AA1F379C5C6B}" = Microsoft Expression Web 4 Service Pack 2
"{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"{FD66E9A0-54C8-4F01-B5C7-9EF9716541AE}" = StarMoney 8.0
"{FDB46DE7-9045-47BB-970A-3E4ED5369E03}" = EMC 10 Content
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Advanced PDF-to-Word 1.0" = Advanced PDF-to-Word 1.0
"AquaSoft DiaShow 7 Premium" = AquaSoft DiaShow 7 Premium
"AudioCS" = Creative Audio-Systemsteuerung
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"BabylonToolbar" = Babylon toolbar on IE
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanonSolutionMenu" = Canon Utilities Solution Menu
"conduitEngine" = Conduit Engine
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Design_7.0.20516.0" = Microsoft Expression Design 4
"DirPrintOK" = DirPrintOK
"Dolby Digital Live Pack" = Dolby Digital Live Pack
"Elf_1 Toolbar" = Elf 1 Toolbar
"Encoder_4.0.1651.0" = Microsoft Expression Encoder 4
"GPL Ghostscript 9.05" = GPL Ghostscript
"InstallShield_{9F0A32A5-4EBF-4B9D-A3CD-31579F2E1400}" = Multimedia Card Reader
"InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"IrfanView" = IrfanView (remove only)
"LogoMaker_is1" = LogoMaker 4.0
"Microsoft Access 2002 VBA SFS-Übungsdateien" = Microsoft Access 2002 VBA SFS-Übungsdateien
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"MSC" = McAfee SecurityCenter
"Office14.SingleImage" = Microsoft Office Professional 2010
"OpenAL" = OpenAL
"Opera 11.51.1087" = Opera 11.51
"PDF Editor 3" = PDF Editor 3
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PSPad editor_is1" = PSPad editor
"SmartToolsBooklet-Assistentv3.00" = SmartTools Publishing • Word Booklet-Assistent
"SmartToolsClassic Menü 2010, 2007v1.50" = SmartTools Publishing • Word Classic Menü 2010, 2007
"SmartToolsGlobale Suchev1.50" = SmartTools Publishing • Access Globale Suche
"SmartToolsJahresplanv2.00" = SmartTools Publishing • Excel Jahresplan
"SmartToolsSecurity Managerv1.00" = SmartTools Publishing • Access Security Manager
"SmartToolsSerienmailerv2.02" = SmartTools Publishing • Word Serienmailer
"SmartToolsZahl in Wortenv2.50" = SmartTools Publishing • Access Zahl in Worten
"Techinfo Doppelte Datensätze" = Techinfo Doppelte Datensätze
"TSPCzwei" = TSPCzwei
"Web_4.0.1303.0" = Microsoft Expression Web 4
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"xampp" = XAMPP 1.7.4
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Access Berater Suchen-AddIn" = Access Berater Suchen-AddIn
"Access_aktuell · Beispieldatenbank 'Mehrfachauswahl' (FFC)" = Access_aktuell · Beispieldatenbank 'Mehrfachauswahl' (FFC)
"Access_aktuell · Beispieldatenbank 'Word Office Automation' (FCB)" = Access_aktuell · Beispieldatenbank 'Word Office Automation' (FCB)
"Google Chrome" = Google Chrome
"Protect Disc License Helper" = Protect Disc License Helper 1.0.125 (IE)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 03.07.2012 11:58:39 | Computer Name = Home2-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 9.0.8112.16446,
Zeitstempel: 0x4fb57c8f Name des fehlerhaften Moduls: YontooIEClient.dll, Version:
1.10.1.0, Zeitstempel: 0x4ee16049 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0001e37b
ID
des fehlerhaften Prozesses: 0x1b74 Startzeit der fehlerhaften Anwendung: 0x01cd5934b40cb8ca
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Yontoo\YontooIEClient.dll Berichtskennung:
f3c9b527-c527-11e1-994f-002564e9a1b5
Error - 03.07.2012 13:59:56 | Computer Name = Home2-PC | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Duden\Duden Korrektor\adxloader.dll.Manifest". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files (x86)\Duden\Duden Korrektor\adxloader.dll.Manifest" in Zeile
2. Das Stammelement der Manifestdatei muss assembliert sein.
Error - 03.07.2012 14:01:59 | Computer Name = Home2-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 04.07.2012 03:31:34 | Computer Name = Home2-PC | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Duden\Duden Korrektor\adxloader.dll.Manifest". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files (x86)\Duden\Duden Korrektor\adxloader.dll.Manifest" in Zeile
2. Das Stammelement der Manifestdatei muss assembliert sein.
Error - 04.07.2012 03:36:32 | Computer Name = Home2-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 05.07.2012 03:43:16 | Computer Name = Home2-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16446,
Zeitstempel: 0x4fb57c8f Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x77b31264 ID des fehlerhaften
Prozesses: 0x1ad0 Startzeit der fehlerhaften Anwendung: 0x01cd5a81d4f0c6b0 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 14694962-c675-11e1-9cc9-002564e9a1b5
Error - 05.07.2012 07:24:43 | Computer Name = Home2-PC | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Duden\Duden Korrektor\adxloader.dll.Manifest". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files (x86)\Duden\Duden Korrektor\adxloader.dll.Manifest" in Zeile
2. Das Stammelement der Manifestdatei muss assembliert sein.
Error - 05.07.2012 07:29:10 | Computer Name = Home2-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 06.07.2012 05:50:43 | Computer Name = Home2-PC | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Duden\Duden Korrektor\adxloader.dll.Manifest". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files (x86)\Duden\Duden Korrektor\adxloader.dll.Manifest" in Zeile
2. Das Stammelement der Manifestdatei muss assembliert sein.
Error - 06.07.2012 05:57:18 | Computer Name = Home2-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16446,
Zeitstempel: 0x4fb57c8f Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc00000fd Fehleroffset: 0x74ede2d4 ID des fehlerhaften
Prozesses: 0x4bc Startzeit der fehlerhaften Anwendung: 0x01cd5b5db93d03ba Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: f811df3e-c750-11e1-9129-002564e9a1b5
[ Broadcom Wireless LAN Events ]
Error - 28.04.2012 03:12:52 | Computer Name = Home2-PC | Source = WLAN-Tray | ID = 0
Description = 09:12:48, Sat, Apr 28, 12 Error - Unable to gain access to user store
Error - 30.04.2012 12:09:29 | Computer Name = Home2-PC | Source = WLAN-Tray | ID = 0
Description = 18:09:27, Mon, Apr 30, 12 Error - Unable to gain access to user store
Error - 01.05.2012 02:41:05 | Computer Name = Home2-PC | Source = WLAN-Tray | ID = 0
Description = 08:41:05, Tue, May 01, 12 Error - Unable to gain access to user store
Error - 09.06.2012 07:34:05 | Computer Name = Home2-PC | Source = WLAN-Tray | ID = 0
Description = 13:34:05, Sat, Jun 09, 12 Error - Unable to gain access to user store
Error - 12.06.2012 02:34:52 | Computer Name = Home2-PC | Source = WLAN-Tray | ID = 0
Description = 08:34:48, Tue, Jun 12, 12 Error - Unable to gain access to user store
[ Media Center Events ]
Error - 02.01.2012 08:11:45 | Computer Name = Home2-PC | Source = MCUpdate | ID = 0
Description = 13:11:44 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
konnte keine Vertrauensstellung hergestellt werden..)
Error - 02.01.2012 08:11:49 | Computer Name = Home2-PC | Source = MCUpdate | ID = 0
Description = 13:11:45 - Broadband konnte nicht abgerufen werden (Fehler: Die zugrunde
liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
keine Vertrauensstellung hergestellt werden..)
Error - 02.01.2012 14:18:48 | Computer Name = Home2-PC | Source = MCUpdate | ID = 0
Description = 19:18:48 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde
liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
keine Vertrauensstellung hergestellt werden..)
Error - 02.01.2012 14:18:50 | Computer Name = Home2-PC | Source = MCUpdate | ID = 0
Description = 19:18:49 - MCESpotlight konnte nicht abgerufen werden (Fehler: Die
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
konnte keine Vertrauensstellung hergestellt werden..)
Error - 02.01.2012 14:18:51 | Computer Name = Home2-PC | Source = MCUpdate | ID = 0
Description = 19:18:51 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
konnte keine Vertrauensstellung hergestellt werden..)
Error - 02.01.2012 14:18:55 | Computer Name = Home2-PC | Source = MCUpdate | ID = 0
Description = 19:18:52 - Broadband konnte nicht abgerufen werden (Fehler: Die zugrunde
liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
keine Vertrauensstellung hergestellt werden..)
Error - 02.01.2012 15:22:10 | Computer Name = Home2-PC | Source = MCUpdate | ID = 0
Description = 20:22:10 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde
liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
keine Vertrauensstellung hergestellt werden..)
Error - 02.01.2012 15:22:11 | Computer Name = Home2-PC | Source = MCUpdate | ID = 0
Description = 20:22:11 - MCESpotlight konnte nicht abgerufen werden (Fehler: Die
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
konnte keine Vertrauensstellung hergestellt werden..)
Error - 02.01.2012 15:22:12 | Computer Name = Home2-PC | Source = MCUpdate | ID = 0
Description = 20:22:12 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
konnte keine Vertrauensstellung hergestellt werden..)
Error - 02.01.2012 15:22:14 | Computer Name = Home2-PC | Source = MCUpdate | ID = 0
Description = 20:22:13 - Broadband konnte nicht abgerufen werden (Fehler: Die zugrunde
liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
keine Vertrauensstellung hergestellt werden..)
[ System Events ]
Error - 06.07.2012 15:39:11 | Computer Name = Home2-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 06.07.2012 15:40:03 | Computer Name = Home2-PC | Source = DCOM | ID = 10005
Description =
Error - 06.07.2012 15:40:38 | Computer Name = Home2-PC | Source = DCOM | ID = 10005
Description =
Error - 06.07.2012 15:41:09 | Computer Name = Home2-PC | Source = DCOM | ID = 10005
Description =
Error - 06.07.2012 15:44:06 | Computer Name = Home2-PC | Source = DCOM | ID = 10005
Description =
Error - 06.07.2012 15:47:01 | Computer Name = Home2-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 06.07.2012 16:19:01 | Computer Name = Home2-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 06.07.2012 16:40:43 | Computer Name = Home2-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SessionLauncher" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
Error - 06.07.2012 16:41:08 | Computer Name = Home2-PC | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 06.07.2012 16:41:08 | Computer Name = Home2-PC | Source = VDS Basic Provider | ID = 33554433
Description =
< End of report >
Deshalb bin ich sehr dankbar, wenn ich hier Hilfe erfahren könnte. Vielen Dank und Grüße Harald |
|
09.07.2012, 09:12
| #2 | |||
| /// Helfer-Team    | GVU Trojaner und jetzt? Hallo und Herzlich Willkommen!
__________________ Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Für Vista und Win7: Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! 1. Lade Dir Malwarebytes Anti-Malware Lade Dir Malwarebytes Anti-Malware → von hier herunter
2. Hast Du OTL falsch installiert: OTL muss auf dem Desktop gespechert werden! Stell deine Browser so ein, dass er OTL auf dem Desktop speichern soll! also entfernen und erneut herunterladen: -> Lade OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Nach installation in der Log-Datei soll etwa so aussehen: Zitat:
Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
4. Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
Zitat:
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw grußkira
__________________ |
|
09.07.2012, 16:04
| #3 |
| | GVU Trojaner und jetzt? Hallo Kira,
__________________vielen Dank für Deine Unterstützung. Hier die gewünschten Reports: 1. Anti-Malware Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.07.09.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Home2 :: HOME2-PC [Administrator] Schutz: Aktiviert 09.07.2012 11:29:20 mbam-log-2012-07-09 (11-29-20).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 571601 Laufzeit: 2 Stunde(n), 47 Minute(n), 33 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 1 C:\Users\Home2\AppData\Local\Temp\glom0_og.exe (Spyware.Zbot.DG) -> Löschen bei Neustart. Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Home2\AppData\Local\Temp\glom0_og.exe (Spyware.Zbot.DG) -> Löschen bei Neustart. (Ende) OTL Logfile: Code:
ATTFilter OTL logfile created on: 09.07.2012 15:01:43 - Run 2 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Home2\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,99 Gb Total Physical Memory | 3,07 Gb Available Physical Memory | 51,17% Memory free 11,98 Gb Paging File | 7,88 Gb Available in Paging File | 65,76% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1387,07 Gb Total Space | 1288,48 Gb Free Space | 92,89% Space Free | Partition Type: NTFS Drive J: | 465,76 Gb Total Space | 81,65 Gb Free Space | 17,53% Space Free | Partition Type: NTFS Computer Name: HOME2-PC | User Name: Home2 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Home2\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) PRC - C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) PRC - C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis) PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) PRC - c:\xampp\mysql\bin\mysqld.exe () PRC - C:\xampp\apache\bin\httpd.exe (Apache Software Foundation) PRC - c:\xampp\apache\bin\httpd.exe (Apache Software Foundation) PRC - C:\xampp\apache\bin\httpd.exe (Apache Software Foundation) PRC - C:\Windows\SysWOW64\Ctxfihlp.exe (Creative Technology Ltd) PRC - C:\Windows\SysWOW64\CTxfispi.exe (Creative Technology Ltd) PRC - C:\Program Files (x86)\Duden\Duden Korrektor\DKTray.exe (Expert System S.p.A.) PRC - C:\Program Files (x86)\Duden\Duden-Bibliothek\dudenbib.exe (Bibliographisches Institut GmbH) PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) PRC - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe () PRC - C:\Program Files (x86)\klickTel\Telefon- und Branchenbuch Frühjahr 2010\kstart32.EXE (telegate MEDIA AG) PRC - C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe () PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe () PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks) PRC - C:\Program Files (x86)\Nuance\PDF Create! 6\PdfCreate6Hook.exe (Nuance Communications, Inc.) PRC - C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe () PRC - C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.) PRC - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) PRC - C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd) PRC - C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation) PRC - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE () PRC - C:\Program Files (x86)\Roxio\CinePlayer\DMXLauncher.exe () PRC - C:\Program Files (x86)\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe (Sonic Solutions) PRC - C:\Program Files (x86)\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe (Sonic Solutions) ========== Modules (No Company Name) ========== MOD - C:\Users\Home2\AppData\Local\Temp\glom0_og.exe () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\761fd1afc17f11bf6d49c3a7d16465ca\System.Web.Services.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Acronis\TrueImageHome\Common\ti_managers.dll () MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf () MOD - C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll () MOD - C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Interop.Word\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll () MOD - C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Interop.Outlook\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () MOD - C:\PROGRA~2\MICROS~1\Office14\OUTLCTL.DLL () MOD - C:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\Extensibility.dll () MOD - C:\Program Files (x86)\Duden\Duden Korrektor\adxloader.dll () MOD - C:\Program Files (x86)\Duden\Duden Korrektor\MBControls.dll () MOD - c:\Programme\McAfee\MSK\mskapbho.dll () MOD - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe () MOD - C:\Program Files (x86)\Dell DataSafe Online\de\DataSafeOnline.resources.dll () MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll () MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll () MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll () MOD - C:\Program Files (x86)\Dell DataSafe Online\de\SdbUI.resources.dll () MOD - C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll () MOD - C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STBRCCServCLR.dll () MOD - C:\program files (x86)\Dell DataSafe Local Backup\SftBRCCPiped.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCC.dll () MOD - C:\Windows\SysWOW64\CTXFIGER.DLL () MOD - C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe () MOD - C:\Windows\SysWOW64\APOMngr.DLL () MOD - C:\Windows\SysWOW64\CmdRtr.DLL () MOD - C:\Program Files (x86)\Duden\Duden Korrektor\Interop.Excel.dll () MOD - C:\Program Files (x86)\Duden\Duden Korrektor\Interop.Access.dll () MOD - C:\Program Files (x86)\Duden\Duden Korrektor\Interop.Word.dll () MOD - C:\Program Files (x86)\Duden\Duden Korrektor\Interop.Outlook.dll () MOD - C:\Program Files (x86)\Duden\Duden Korrektor\Interop.PowerPoint.dll () MOD - C:\Program Files (x86)\Duden\Duden Korrektor\Interop.FrontPage.dll () MOD - C:\Program Files (x86)\Roxio\CinePlayer\DMXLauncher.exe () ========== Win32 Services (SafeList) ========== SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe () SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe () SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (wltrysvc) -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE () SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (mfevtp) -- C:\Programme\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.) SRV - (StarMoney 8.0 OnlineUpdate) -- C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) SRV - (StarMoney 7.0 OnlineUpdate) -- C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) SRV - (SQLWriter) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (mysql) -- c:\xampp\mysql\bin\mysqld.exe () SRV - (Apache2.2) -- c:\xampp\apache\bin\httpd.exe (Apache Software Foundation) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs) SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs) SRV - (AdobeActiveFileMonitor8.0) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks) SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (RoxMediaDB10) -- c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) SRV - (DockLoginService) -- C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation) SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE () SRV - (RoxLiveShare) -- C:\Program Files (x86)\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe (Sonic Solutions) SRV - (RoxMediaDB) -- C:\Program Files (x86)\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe (Sonic Solutions) SRV - (RoxWatch) -- C:\Program Files (x86)\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe (Sonic Solutions) SRV - (RoxUPnPRenderer) -- C:\Program Files (x86)\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe (Sonic Solutions) SRV - (RoxUpnpServer) -- C:\Program Files (x86)\Roxio\Digital Home 8\RoxUpnpServer.exe (Sonic Solutions) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.) DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.) DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.) DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.) DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.) DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.) DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.) DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis) DRV:64bit: - (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273) -- C:\Windows\SysNative\drivers\tdrpm273.sys (Acronis) DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis) DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation) DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (ha20x22k) -- C:\Windows\SysNative\drivers\ha20x22k.sys (Creative Technology Ltd) DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys (Creative Technology Ltd) DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd) DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd) DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV:64bit: - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd) DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd) DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.) DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.) DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.) DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.) DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.) DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.) DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH) DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation) DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation) DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation) DRV:64bit: - (vpcuxd) -- C:\Windows\SysNative\drivers\vpcuxd.sys (Microsoft Corporation) DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation) DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\bcm42rly.sys (Broadcom Corporation) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (RxFilter) -- C:\Windows\SysNative\drivers\RxFilter.sys (Sonic Solutions) DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (DFUBTUSB) -- C:\Windows\SysNative\drivers\frmupgr.sys (Broadcom Corporation.) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (RxFilter) -- C:\Windows\SysWOW64\drivers\RxFilter.sys (Sonic Solutions) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0D373E36-5D79-49FA-A10D-145F98B0AE6C} IE:64bit: - HKLM\..\SearchScopes\{0D373E36-5D79-49FA-A10D-145F98B0AE6C}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {22e03916-85c5-44b0-8dc9-1830c11238d9} - C:\Program Files (x86)\Elf_1\prxtbElf_.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} IE - HKLM\..\SearchScopes\{51349ADB-FB3D-47C7-B6BA-C5307B322DC5}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2856415 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\URLSearchHook: {22e03916-85c5-44b0-8dc9-1830c11238d9} - C:\Program Files (x86)\Elf_1\prxtbElf_.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&babsrc=SP_def&AF=10588 IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2856415 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/home" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: ietab@ip.cn:1.95.20100933 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.7.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.2b FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.2.0 FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.20.00 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31 FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=adbartrp&mntrId=34908e13000000000000904ce5303a63&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\Home2\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( ) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Home2\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Home2\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012.07.02 10:42:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.30 19:25:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.30 19:25:25 | 000,000,000 | ---D | M] [2010.03.15 22:57:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home2\AppData\Roaming\mozilla\Extensions [2012.04.12 16:51:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home2\AppData\Roaming\mozilla\Firefox\Profiles\hsp7vlg4.default\extensions [2011.06.19 18:01:22 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\Home2\AppData\Roaming\mozilla\Firefox\Profiles\hsp7vlg4.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} [2012.02.10 13:44:27 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Home2\AppData\Roaming\mozilla\Firefox\Profiles\hsp7vlg4.default\extensions\ffxtlbr@babylon.com [2011.06.25 23:10:28 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\Home2\AppData\Roaming\mozilla\Firefox\Profiles\hsp7vlg4.default\extensions\firebug@software.joehewitt.com [2011.01.29 15:41:31 | 000,000,000 | ---D | M] (IE Tab Plus) -- C:\Users\Home2\AppData\Roaming\mozilla\Firefox\Profiles\hsp7vlg4.default\extensions\ietab@ip.cn [2012.02.10 13:32:34 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Home2\AppData\Roaming\mozilla\Firefox\Profiles\hsp7vlg4.default\extensions\plugin@yontoo.com [2012.06.30 19:25:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.06.15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.05.31 20:32:58 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll [2012.03.01 13:16:57 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.10 13:44:26 | 000,002,275 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Search the web (Babylon) (Enabled) CHR - default_search_provider: search_url = hxxp://search.babylon.com/?q={searchTerms}&babsrc=SP_def&mntrId=34908e13000000000000904ce5303a63 CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Home2\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\Home2\AppData\Local\Google\Chrome\Application\18.0.1025.168\gears.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Home2\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Google Update (Enabled) = C:\Users\Home2\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll CHR - plugin: Protect Disc License Acquisition Plugin (Enabled) = C:\Users\Home2\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\Home2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: YouTube = C:\Users\Home2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Google-Suche = C:\Users\Home2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: Google-Suche = C:\Users\Home2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Yontoo = C:\Users\Home2\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.1_0\ CHR - Extension: Yontoo = C:\Users\Home2\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.2_0\ CHR - Extension: Google Mail = C:\Users\Home2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ CHR - Extension: Google Mail = C:\Users\Home2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\McAfee\SystemCore\ScriptSn.20120626234901.dll (McAfee, Inc.) O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Elf 1 Toolbar) - {22e03916-85c5-44b0-8dc9-1830c11238d9} - C:\Program Files (x86)\Elf_1\prxtbElf_.dll (Conduit Ltd.) O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\McAfee\MSK\mskapbho.dll () O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120701162754.dll (McAfee, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation) O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Elf 1 Toolbar) - {22e03916-85c5-44b0-8dc9-1830c11238d9} - C:\Program Files (x86)\Elf_1\prxtbElf_.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Elf 1 Toolbar) - {22E03916-85C5-44B0-8DC9-1830C11238D9} - C:\Program Files (x86)\Elf_1\prxtbElf_.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4:64bit: - HKLM..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent File not found O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.) O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd) O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe () O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [DMXLauncher] C:\Program Files (x86)\Roxio\CinePlayer\DMXLauncher.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [Nuance PDF Create! 6-reminder] C:\Program Files (x86)\Nuance\PDF Create! 6\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDF6 Registry Controller] C:\Program Files (x86)\Nuance\PDF Create! 6\RegistryController.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Create! 6\pdfcreate6hook.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKLM..\Run: [SAOB Monitor] C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd) O4 - HKCU..\Run: [Duden Korrektor SysTray] C:\Program Files (x86)\Duden\Duden Korrektor\DKtray.exe (Expert System S.p.A.) O4 - HKCU..\Run: [PixelPlanet PdfPrinter-Monitor] "C:\Program Files (x86)\PixelPlanet\PdfPrinter 6\PdfPrinterMonitor.exe" File not found O4:64bit: - HKLM..\RunOnce: [DSUpdateLauncher] c:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\runhstart.bat () O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\Windows\is-3DNVB.exe () O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [STToasterLauncher] C:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe () O4 - HKLM..\RunOnceEx: [ContentMerger] c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe (Sonic Solutions) O4 - Startup: C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telefon- und Branchenbuch Frühjahr 2010 - Schnellstarter.lnk = C:\Program Files (x86)\klickTel\Telefon- und Branchenbuch Frühjahr 2010\kstart32.EXE (telegate MEDIA AG) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8:64bit: - Extra context menu item: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8:64bit: - Extra context menu item: Linkinhalt an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: PDF-Datei aus Linkinhalt erstellen - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8:64bit: - Extra context menu item: PDF-Datei erstellen - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8:64bit: - Extra context menu item: PDF-Dateien aus den ausgewählten Links erstellen - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: An vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: Linkinhalt an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: PDF-Datei aus Linkinhalt erstellen - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: PDF-Datei erstellen - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: PDF-Dateien aus den ausgewählten Links erstellen - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: dyndns.org ([sanktpetri] https in Trusted sites) O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Microsoft Data Collection Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553530000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4AFDC60-62B8-4548-82F2-72B1ED4E05B8}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DFFDD980-D70A-4713-A74F-9AB14F97CAA6}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{605960f1-f2c9-11de-9c04-002564e9a1b5}\Shell - "" = AutoRun O33 - MountPoints2\{605960f1-f2c9-11de-9c04-002564e9a1b5}\Shell\AutoRun\command - "" = I:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.09 14:51:01 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Home2\Desktop\OTL.exe [2012.07.09 14:19:50 | 000,000,000 | ---D | C] -- C:\Users\Home2\Documents\Scan [2012.07.09 11:19:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2012.07.07 01:27:06 | 000,000,000 | ---D | C] -- C:\Users\Home2\AppData\Roaming\Malwarebytes [2012.07.07 01:26:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.07 01:26:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.07 01:26:22 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.07 01:26:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.06.30 19:25:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012.06.30 19:25:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.06.30 19:12:51 | 000,000,000 | ---D | C] -- C:\Users\Home2\AppData\Local\Macromedia [2012.06.25 18:41:04 | 000,000,000 | ---D | C] -- C:\TEMP [2012.06.24 17:44:03 | 000,000,000 | ---D | C] -- C:\Users\Home2\Documents\HMSP2013 [2012.06.23 12:17:51 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2012.06.23 12:17:51 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2012.06.23 12:17:51 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2012.06.23 12:16:30 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2012.06.23 12:16:30 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2012.06.23 12:16:30 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2012.06.23 12:16:03 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2012.06.23 12:16:03 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2012.06.14 00:29:28 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.06.14 00:29:28 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.06.14 00:29:28 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.06.14 00:29:27 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.06.14 00:29:26 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.06.14 00:29:26 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.06.14 00:29:25 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.06.14 00:29:25 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.06.14 00:29:23 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.06.14 00:29:23 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.06.14 00:29:23 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.06.14 00:29:23 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.06.14 00:29:22 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.06.13 18:17:17 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.06.13 18:17:08 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.06.13 18:17:06 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.06.13 18:17:04 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll [2012.06.13 18:17:04 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll [2012.06.13 18:17:03 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe [2012.06.13 18:16:45 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll [2012.06.13 18:16:36 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012.06.13 18:16:31 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012.06.12 15:41:55 | 000,000,000 | ---D | C] -- C:\Buch [2010.01.05 18:12:58 | 008,656,832 | ---- | C] (Dell, Inc. ) -- C:\Users\Home2\AppData\Roaming\DataSafeDotNet.exe [3 C:\Users\Home2\Documents\*.tmp files -> C:\Users\Home2\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.09 15:52:48 | 004,503,728 | ---- | M] () -- C:\ProgramData\go_0molg.pad [2012.07.09 15:51:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2855445283-1414569937-4144548128-1003UA.job [2012.07.09 15:51:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.09 15:43:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.09 14:51:17 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Home2\Desktop\OTL.exe [2012.07.09 11:26:30 | 000,000,509 | ---- | M] () -- C:\Windows\is-3DNVB.lst [2012.07.09 11:26:29 | 000,711,240 | ---- | M] () -- C:\Windows\is-3DNVB.exe [2012.07.09 11:26:29 | 000,012,782 | ---- | M] () -- C:\Windows\is-3DNVB.msg [2012.07.09 11:26:29 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.09 11:24:03 | 000,014,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.09 11:24:03 | 000,014,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.09 11:14:39 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.09 11:14:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.09 11:14:22 | 529,883,135 | -HS- | M] () -- C:\hiberfil.sys [2012.07.07 11:54:02 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000004-00000000-00000000-00001102-0000000B-00441102}.rfx [2012.07.07 11:54:02 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000004-00000000-00000000-00001102-0000000B-00441102}.rfx [2012.07.07 11:54:02 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000004-00000000-00000000-00001102-0000000B-00441102}.rfx [2012.07.06 16:22:54 | 000,001,887 | ---- | M] () -- C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.07.06 09:51:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2855445283-1414569937-4144548128-1003Core.job [2012.07.04 18:28:36 | 004,378,624 | ---- | M] () -- C:\Users\Home2\Documents\Nordwind3.accdb [2012.07.03 18:32:11 | 001,800,940 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.03 18:32:11 | 000,770,342 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.03 18:32:11 | 000,711,756 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.03 18:32:11 | 000,178,750 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.03 18:32:11 | 000,144,700 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.30 19:25:34 | 000,001,136 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.06.30 18:55:00 | 000,002,405 | ---- | M] () -- C:\Users\Home2\Desktop\Google Chrome.lnk [2012.06.30 15:57:35 | 004,304,896 | ---- | M] () -- C:\Users\Home2\Documents\Northwind 2007.accdb [2012.06.30 15:56:27 | 002,752,512 | ---- | M] () -- C:\Users\Home2\Documents\Marketingprojekte.accdb [2012.06.30 15:54:52 | 004,161,536 | ---- | M] () -- C:\Users\Home2\Documents\Gemeinnützige Spenden-Webdatenbank.accdb [2012.06.30 15:54:33 | 003,305,472 | ---- | M] () -- C:\Users\Home2\Documents\Gemeinnützige Spenden.accdb [2012.06.30 14:39:23 | 000,925,696 | ---- | M] () -- C:\Users\Home2\Documents\Institut.accdb [2012.06.30 14:37:18 | 002,564,096 | ---- | M] () -- C:\Users\Home2\Documents\Projekte.accdb [2012.06.30 14:36:39 | 001,642,496 | ---- | M] () -- C:\Users\Home2\Documents\Probleme2.accdb [2012.06.30 14:13:58 | 001,191,936 | ---- | M] () -- C:\Users\Home2\Documents\Aufgaben3.accdb [2012.06.30 14:10:29 | 004,403,200 | ---- | M] () -- C:\Users\Home2\Documents\Nordwind2.accdb [2012.06.25 19:09:08 | 000,001,804 | ---- | M] () -- C:\Users\Home2\Desktop\Adressdatenverwaltung2010.accdb - Verknüpfung.lnk [2012.06.23 21:51:13 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.06.23 21:51:13 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.06.23 15:20:44 | 000,770,048 | ---- | M] () -- C:\Users\Home2\Documents\CreaKombi.accdb [2012.06.21 17:45:27 | 001,581,056 | ---- | M] () -- C:\Users\Home2\Documents\Kontakte2.accdb [2012.06.18 17:55:52 | 000,897,024 | ---- | M] () -- C:\Users\Home2\Documents\Lieferantensuche97-2.accdb [2012.06.18 16:54:54 | 000,692,224 | ---- | M] () -- C:\Users\Home2\Documents\CreaKombi2.accdb [2012.06.16 21:31:53 | 000,442,368 | ---- | M] () -- C:\Users\Home2\Documents\Benutzerverwaltung97.accdb [2012.06.16 19:20:50 | 000,688,128 | ---- | M] () -- C:\Users\Home2\Documents\CreaKombi1.accdb [2012.06.16 18:48:26 | 000,212,992 | ---- | M] () -- C:\Users\Home2\Documents\OptTest.mdb [2012.06.14 14:22:30 | 000,482,160 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.13 14:48:22 | 000,000,406 | RHS- | M] () -- C:\ProgramData\ntuser.pol [3 C:\Users\Home2\Documents\*.tmp files -> C:\Users\Home2\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.09 11:26:30 | 000,000,509 | ---- | C] () -- C:\Windows\is-3DNVB.lst [2012.07.09 11:26:29 | 000,711,240 | ---- | C] () -- C:\Windows\is-3DNVB.exe [2012.07.09 11:26:29 | 000,012,782 | ---- | C] () -- C:\Windows\is-3DNVB.msg [2012.07.07 01:26:49 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.06 16:22:54 | 004,503,728 | ---- | C] () -- C:\ProgramData\go_0molg.pad [2012.07.06 16:22:54 | 000,001,887 | ---- | C] () -- C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.07.04 18:26:17 | 004,378,624 | ---- | C] () -- C:\Users\Home2\Documents\Nordwind3.accdb [2012.06.30 19:25:34 | 000,001,148 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.06.30 14:38:41 | 000,925,696 | ---- | C] () -- C:\Users\Home2\Documents\Institut.accdb [2012.06.30 14:36:52 | 002,564,096 | ---- | C] () -- C:\Users\Home2\Documents\Projekte.accdb [2012.06.30 14:31:15 | 001,642,496 | ---- | C] () -- C:\Users\Home2\Documents\Probleme2.accdb [2012.06.30 14:10:48 | 001,191,936 | ---- | C] () -- C:\Users\Home2\Documents\Aufgaben3.accdb [2012.06.30 14:00:49 | 004,403,200 | ---- | C] () -- C:\Users\Home2\Documents\Nordwind2.accdb [2012.06.25 19:06:31 | 000,001,804 | ---- | C] () -- C:\Users\Home2\Desktop\Adressdatenverwaltung2010.accdb - Verknüpfung.lnk [2012.06.21 17:44:12 | 001,581,056 | ---- | C] () -- C:\Users\Home2\Documents\Kontakte2.accdb [2012.06.18 17:50:32 | 000,897,024 | ---- | C] () -- C:\Users\Home2\Documents\Lieferantensuche97-2.accdb [2012.06.18 16:54:03 | 000,692,224 | ---- | C] () -- C:\Users\Home2\Documents\CreaKombi2.accdb [2012.06.16 19:20:10 | 000,688,128 | ---- | C] () -- C:\Users\Home2\Documents\CreaKombi1.accdb [2012.06.10 12:58:23 | 000,770,048 | ---- | C] () -- C:\Users\Home2\Documents\CreaKombi.accdb [2012.04.18 23:07:46 | 000,003,584 | ---- | C] () -- C:\Users\Home2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.11.19 14:21:58 | 000,008,192 | ---- | C] () -- C:\Users\Home2\AppData\Roaming\DMX.bmk [2011.11.19 14:20:03 | 000,000,093 | ---- | C] () -- C:\Users\Home2\AppData\Local\fusioncache.dat [2011.10.21 18:16:54 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\Wrkgadm.exe [2011.01.13 17:13:23 | 000,009,097 | ---- | C] () -- C:\Windows\DirPrintOK.ini [2010.10.20 11:44:08 | 000,446,464 | ---- | C] () -- C:\Windows\SysWow64\Tx32.dll [2010.10.20 11:44:08 | 000,000,151 | ---- | C] () -- C:\Windows\SysWow64\ic32.ini [2010.09.15 11:49:28 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2010.08.21 14:59:46 | 000,002,585 | ---- | C] () -- C:\Windows\Uileitz.INI [2010.08.21 13:35:33 | 000,000,302 | ---- | C] () -- C:\Windows\lpp32.ini [2010.08.21 13:25:13 | 000,000,051 | ---- | C] () -- C:\Windows\NetEasyPrint_Server_Demo.ini [2010.08.21 13:25:10 | 000,058,910 | ---- | C] () -- C:\Windows\uinst32etzsd.ini [2010.08.21 13:25:02 | 000,000,030 | ---- | C] () -- C:\Windows\m_s.ini [2010.08.12 22:14:11 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe [2010.04.06 00:06:06 | 000,007,666 | ---- | C] () -- C:\Users\Home2\AppData\Local\Resmon.ResmonCfg [2010.03.24 12:29:32 | 000,000,406 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010.01.15 23:06:41 | 000,000,760 | ---- | C] () -- C:\Users\Home2\AppData\Roaming\setup_ldm.iss ========== Alternate Data Streams ========== @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Word-Privat:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\WebProf:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Test-Datenbanken:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Spenderessen2011:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Seminare_2Halbjahr2011:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Seminare_20062011:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Scan:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Privat:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Petri-Zuwendungsverwaltung:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\PdfGrabber:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\PDF-Favoriten:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\PDF_Dokumente:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Outlook-Dateien:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\OneNote-Notizbücher:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\ÖffentlichSeminare2010_Temporär:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\ÖffentlicheSeminare2012:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\ÖffentlicheSeminare2011:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\ÖffentlicheSeminare2010_alt:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\ÖffentlicheSeminare2010:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\My Albums:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Meine Websites:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\LogoMaker:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Klub Q:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\HmspZusammenstellungaus2010_2011:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\HMSP2013:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\HMSP2012_2HJ:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Hmsp2012_03112011:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\HMSP2012:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Hmsp2011:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Hmsp_Sept2010:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Hmsp_Herbst2011:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Helferdatei:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\HD-BSZ_21062011:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\HD-BSZ_12082011:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\HD-BSZ_11012011:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\HD-BSZ:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\FlyerSeminar2012:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Entwurf_Jahresbericht:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\EinstiegCSS:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Eigene Datenquellen:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\diashow1.mpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\diashow.mpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Desktopablegen:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\CSS_Website:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\css_pur:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\BSZ-WORD:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\BSZ-Statistik:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\BSZ-Logos:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\BSZ-Fahrtkosten:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\BSZ-Fachberatung:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\BSZ_Website_Bilder:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\BSZ_Veranstaltungen:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\BSZ_Umstellung2010:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\BSZ_EXCEL:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\BSZ:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Bildungsspender:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\belkin:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Ausstellung-Zuhoeren-St-Petri-e-mail.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\AccessBasics:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Access2010_VBA:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Access2010_Trainingsbuch:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Access2010_Programmierung:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Access2010_Kulpa:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Access2010_DB_entwickeln:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Access2010_BHV:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Access2010_Basis:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\2011:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\01022012:Roxio EMC Stream @Alternate Data Stream - 240 bytes -> C:\ProgramData\TEMP:07C8C7C8 < End of report > 3. Extras.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 09.07.2012 15:01:43 - Run 2
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Home2\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
5,99 Gb Total Physical Memory | 3,07 Gb Available Physical Memory | 51,17% Memory free
11,98 Gb Paging File | 7,88 Gb Available in Paging File | 65,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1387,07 Gb Total Space | 1288,48 Gb Free Space | 92,89% Space Free | Partition Type: NTFS
Drive J: | 465,76 Gb Total Space | 81,65 Gb Free Space | 17,53% Space Free | Partition Type: NTFS
Computer Name: HOME2-PC | User Name: Home2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02E7FFFF-727F-4BFA-8B15-4C26CC8F1F8C}" = lport=139 | protocol=6 | dir=in | app=system |
"{08496CAE-732A-4CAA-A691-866B52C293A0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0EA52B19-2726-4B75-B653-D436B5ED08ED}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{27500981-4395-4BF8-9E90-952F7324C059}" = lport=445 | protocol=6 | dir=in | app=system |
"{29A2ADF8-CD71-4FD7-8DE9-8F4C0A5E2ABF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3270D079-E467-4620-9D07-D43C7FB87299}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3E0830F9-AD53-4A6B-AF53-0AE41DE0C876}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5ACEC3C6-DAF4-4234-883F-C1C394FEC0C8}" = rport=445 | protocol=6 | dir=out | app=system |
"{7C953E1D-09B5-4704-8C3B-2FF4A75F85FD}" = rport=138 | protocol=17 | dir=out | app=system |
"{8491CF4E-8392-4125-BDFB-B480109BB374}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8B6021CB-FC82-40D8-889F-F2D0AC277750}" = lport=2869 | protocol=6 | dir=in | app=system |
"{95A918D2-537C-410E-9219-0DD90D2EDC75}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{9737F082-F2CE-4651-A84D-346D954FFF42}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9EEAD624-F5FB-46AF-BCD5-F3121A61713D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A5207D60-30E5-4EB6-84A0-C15947ACCBAF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{BB3C72DF-7CEA-4B5F-B911-8DBFBADCF21D}" = lport=138 | protocol=17 | dir=in | app=system |
"{BC914EA2-DE50-4C49-8C17-AA5CA3C2EE19}" = rport=139 | protocol=6 | dir=out | app=system |
"{C2944231-CCCB-4143-862C-745F0401E9D9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C2BCD2BF-D30B-4A39-8368-E4239CFB227D}" = rport=137 | protocol=17 | dir=out | app=system |
"{CA9F267E-20C7-4284-95CC-45121A57A6EB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D16A9DFC-F0A8-468E-9AF7-D0495ED2D9DE}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{DA3615C0-7A5A-4FA6-ABE6-F3E40A533748}" = lport=137 | protocol=17 | dir=in | app=system |
"{DACBA6BB-EFF8-4B7D-83F4-7EB5BD54CB57}" = lport=10243 | protocol=6 | dir=in | app=system |
"{EA91099A-555E-421D-B4CF-303BFF5DF77B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F1ADBA44-3595-4190-B683-324E5E61931A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F7989AED-6CA6-4110-9635-F112CCA300C8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FEC70EA4-F29B-4924-99B7-E57859E4BEC1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05A15342-742E-4B20-A1DB-D01241C815F2}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
"{0EC4EFFF-7AF7-4038-A9C2-F6D238E9437F}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{0FBAC44C-3F72-4913-85E6-9A39DB30DFCC}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\digital home 8\roxupnpserver.exe |
"{17C35E02-FF5F-4887-A435-364F4F8B56C2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1E9360B9-E6FB-4ABC-9924-7065409FB5D7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{21EBA9E1-52F2-4494-831A-02C24B560135}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{23F29A2D-79C9-40F8-BF41-6A2B8D853ADF}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{23F6AA5E-A0E6-46CB-8D6F-4E6911548A2C}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 8.0\app\starmoney.exe |
"{27FE0DC4-1E19-4D20-9EA9-D509F64509FD}" = protocol=6 | dir=out | app=system |
"{30DAB7CF-DC65-46EF-839F-B8D10BE1390E}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{31E2492F-A5F8-4258-9892-65314B113E34}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{331F90C1-9704-43BC-9177-0EA3C855F456}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{3749C3EE-F20D-4C9F-AE91-34530E9A45EB}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 7.0\app\starmoney.exe |
"{405A49D2-5603-4E8C-A5C7-B06F69B413A8}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 7.0\ouservice\starmoneyonlineupdate.exe |
"{41D8664A-8545-411A-A4E4-603C5C267F71}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{429BE60A-347F-45BA-B750-72FD8ABA6A4D}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\digital home 8\roxupnpserver.exe |
"{498E14AB-D9E0-43BD-B2A7-65F3A568B0DF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4A26878C-2DAE-49DC-A2BF-52A277F043E9}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 7.0\app\starmoney.exe |
"{4F401F38-A2AB-4345-B3DD-0B33214DD3C7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{517B0BAB-7371-4225-B58F-9242C990981E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{54165524-05E6-403E-BF40-C8CB59C86B32}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{54EE6E2E-032D-4EA8-AE38-67FF7D19B3CA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5599FDCD-C045-4B11-89EE-BD12ACBEE4CC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{595FC0BB-5F03-4CE5-A68E-36C6219084E9}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{671A2183-8029-4A48-9CAF-FF042FFFF11B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6AB7CC49-7480-42C4-BEFF-FAE7C6211B85}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{75A232A5-C4F9-45AB-832E-A8A84E63DE43}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{7F44DEF8-953C-466F-B24F-94DDE3C4B93A}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 7.0\ouservice\starmoneyonlineupdate.exe |
"{81F02F20-8F76-4B90-A490-F09F0B55922B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{90903269-1931-4CD9-B129-1AB6AA2D8EC6}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\powerdvd.exe |
"{945845C6-6FA3-4C95-99A7-6E472DBB6043}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{94C4570B-E6D7-4ADA-832C-720A217ACF5F}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{B5A7DD1C-ED4A-44A4-B738-FB17070BDD99}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 8.0\app\starmoney.exe |
"{B73E351A-4DB5-4FA9-A44C-5A77C9933E62}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B81A2694-EB74-4A7A-BF5C-A978E5D4EF73}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{C09D74ED-9DB4-4A76-AE98-54F3C5FD992E}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 8.0\ouservice\starmoneyonlineupdate.exe |
"{C25AB976-782A-4C88-81E6-C4AD172F8048}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{D5EC8AB9-8601-4F4B-8B09-DB9392D11643}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DF08BB4F-15A1-4557-87A8-775A6B6D9ABB}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 8.0\ouservice\starmoneyonlineupdate.exe |
"{F0A8A588-8999-43A9-ACFE-90CA46541B1F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FBB1FF65-359D-401B-8619-3AF193D8F8DC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{02AD9D20-03D2-4DE0-8793-E8253026AD86}" = EMCGadgets64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807" = CanoScan LiDE 200 Scanner Driver
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{1FBEA8BA-D40B-48BC-85BC-EE2D5575F27C}" = Microsoft SQL Server VSS Writer
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7C39E0D1-E138-42B1-B083-213EC2CF7692}" = Microsoft SQL Server Native Client
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9035EEAC-E957-467C-89F7-90C48AA26331}" = Nuance PDF Create! 6
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID-Anmelde-Assistent
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"NVIDIA Drivers" = NVIDIA Drivers
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00F0E3D5-D6C8-4997-BB42-7F5784C8586B}" = Roxio Creator 8.2 XE
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis True Image Home 2011
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Create
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{1FCBD504-AB7D-4757-9A14-850348384B08}" = StarMoney
"{20288888-A7AF-4B24-8AEB-398D20CD563C}" = Sound Blaster X-Fi
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2B10F0FA-2BCB-4B08-96FB-BD0788B16564}" = klickTel Telefon- und Branchenbuch Frühjahr 2010
"{2E8ECB58-EE3A-452C-B57E-1B982735F0F2}" = Duden Korrektor PLUS
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3FF8E8A7-5BA8-4D9E-B976-B05B2B00B0AE}" = Microsoft Expression Web 4
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D26B533-269B-4C01-B59E-80A6864824A5}" = Microsoft Expression Encoder 4
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy CD and DVD Burning
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5C81B189-5456-40C4-9313-7FE6FA6DD64C}" = Duden-Bibliothek
"{612B5D2E-8084-4102-91DE-24281E4EFB2C}" = Roxio Easy CD and DVD Burning
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{660B9447-5F6A-463E-B2D5-F2EEF9C3EE15}" = Microsoft Access 2010 Interactive Guide DEU
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{837E620D-B93E-4D84-A753-BE1DBEB716B1}" = StarMoney
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86F4B795-EA3D-48BD-ADFA-DA44B39059F9}" = StarMoney
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A4C0D1E-40F9-48DF-A8ED-AC7E60A5DDCA}" = StarMoney 7.0
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8FD0F94D-4594-48A0-BE99-5265367603D8}" = Microsoft Expression Design 4
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F0A32A5-4EBF-4B9D-A3CD-31579F2E1400}" = Multimedia Card Reader
"{9FFC4C2D-374D-482B-AA58-67282CE23695}" = AquaSoft DiaShow 7 Premium
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92A4DB0-CD37-42D1-BE1D-603D53C24328}" = Intel(R) Programm für die Prozessorerkennung
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2F2B987-F2BC-4969-95F2-92099486B811}" = StarMoney
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F21D2032-60FE-4729-9C87-46F1615FB965}" = Microsoft Expression Encoder 4 Screen Capture Codec
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5993FCC-DF5D-4879-B70D-AA1F379C5C6B}" = Microsoft Expression Web 4 Service Pack 2
"{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"{FD66E9A0-54C8-4F01-B5C7-9EF9716541AE}" = StarMoney 8.0
"{FDB46DE7-9045-47BB-970A-3E4ED5369E03}" = EMC 10 Content
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Advanced PDF-to-Word 1.0" = Advanced PDF-to-Word 1.0
"AquaSoft DiaShow 7 Premium" = AquaSoft DiaShow 7 Premium
"AudioCS" = Creative Audio-Systemsteuerung
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"BabylonToolbar" = Babylon toolbar on IE
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanonSolutionMenu" = Canon Utilities Solution Menu
"conduitEngine" = Conduit Engine
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Design_7.0.20516.0" = Microsoft Expression Design 4
"DirPrintOK" = DirPrintOK
"Dolby Digital Live Pack" = Dolby Digital Live Pack
"Elf_1 Toolbar" = Elf 1 Toolbar
"Encoder_4.0.1651.0" = Microsoft Expression Encoder 4
"GPL Ghostscript 9.05" = GPL Ghostscript
"InstallShield_{9F0A32A5-4EBF-4B9D-A3CD-31579F2E1400}" = Multimedia Card Reader
"InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"IrfanView" = IrfanView (remove only)
"LogoMaker_is1" = LogoMaker 4.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft Access 2002 VBA SFS-Übungsdateien" = Microsoft Access 2002 VBA SFS-Übungsdateien
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"MSC" = McAfee SecurityCenter
"Office14.SingleImage" = Microsoft Office Professional 2010
"OpenAL" = OpenAL
"Opera 11.51.1087" = Opera 11.51
"PDF Editor 3" = PDF Editor 3
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PSPad editor_is1" = PSPad editor
"SmartToolsBooklet-Assistentv3.00" = SmartTools Publishing • Word Booklet-Assistent
"SmartToolsClassic Menü 2010, 2007v1.50" = SmartTools Publishing • Word Classic Menü 2010, 2007
"SmartToolsGlobale Suchev1.50" = SmartTools Publishing • Access Globale Suche
"SmartToolsJahresplanv2.00" = SmartTools Publishing • Excel Jahresplan
"SmartToolsSecurity Managerv1.00" = SmartTools Publishing • Access Security Manager
"SmartToolsSerienmailerv2.02" = SmartTools Publishing • Word Serienmailer
"SmartToolsZahl in Wortenv2.50" = SmartTools Publishing • Access Zahl in Worten
"Techinfo Doppelte Datensätze" = Techinfo Doppelte Datensätze
"TSPCzwei" = TSPCzwei
"Web_4.0.1303.0" = Microsoft Expression Web 4
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"xampp" = XAMPP 1.7.4
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Access Berater Suchen-AddIn" = Access Berater Suchen-AddIn
"Access_aktuell · Beispieldatenbank 'Mehrfachauswahl' (FFC)" = Access_aktuell · Beispieldatenbank 'Mehrfachauswahl' (FFC)
"Access_aktuell · Beispieldatenbank 'Word Office Automation' (FCB)" = Access_aktuell · Beispieldatenbank 'Word Office Automation' (FCB)
"Google Chrome" = Google Chrome
"Protect Disc License Helper" = Protect Disc License Helper 1.0.125 (IE)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 07.07.2012 05:55:48 | Computer Name = Home2-PC | Source = Outlook | ID = 35
Description = Fehler beim Bestimmen, ob sich der Speicher im Durchforstungsbereich
befindet (Fehler=0x8007043c).
Error - 07.07.2012 05:55:48 | Computer Name = Home2-PC | Source = Outlook | ID = 34
Description = Fehler beim Abrufen des Durchforstungsbereichs-Managers. Fehler=0x8007043c.
Error - 07.07.2012 05:55:48 | Computer Name = Home2-PC | Source = Outlook | ID = 35
Description = Fehler beim Bestimmen, ob sich der Speicher im Durchforstungsbereich
befindet (Fehler=0x8007043c).
Error - 07.07.2012 05:56:03 | Computer Name = Home2-PC | Source = System Restore | ID = 8193
Description =
Error - 07.07.2012 06:03:24 | Computer Name = Home2-PC | Source = System Restore | ID = 8193
Description =
Error - 07.07.2012 06:03:58 | Computer Name = Home2-PC | Source = Outlook | ID = 34
Description = Fehler beim Abrufen des Durchforstungsbereichs-Managers. Fehler=0x8007043c.
Error - 07.07.2012 06:03:58 | Computer Name = Home2-PC | Source = Outlook | ID = 35
Description = Fehler beim Bestimmen, ob sich der Speicher im Durchforstungsbereich
befindet (Fehler=0x8007043c).
Error - 07.07.2012 06:03:58 | Computer Name = Home2-PC | Source = Outlook | ID = 34
Description = Fehler beim Abrufen des Durchforstungsbereichs-Managers. Fehler=0x8007043c.
Error - 07.07.2012 06:03:58 | Computer Name = Home2-PC | Source = Outlook | ID = 35
Description = Fehler beim Bestimmen, ob sich der Speicher im Durchforstungsbereich
befindet (Fehler=0x8007043c).
Error - 07.07.2012 06:04:01 | Computer Name = Home2-PC | Source = System Restore | ID = 8193
Description =
[ Broadcom Wireless LAN Events ]
Error - 28.04.2012 03:12:52 | Computer Name = Home2-PC | Source = WLAN-Tray | ID = 0
Description = 09:12:48, Sat, Apr 28, 12 Error - Unable to gain access to user store
Error - 30.04.2012 12:09:29 | Computer Name = Home2-PC | Source = WLAN-Tray | ID = 0
Description = 18:09:27, Mon, Apr 30, 12 Error - Unable to gain access to user store
Error - 01.05.2012 02:41:05 | Computer Name = Home2-PC | Source = WLAN-Tray | ID = 0
Description = 08:41:05, Tue, May 01, 12 Error - Unable to gain access to user store
Error - 09.06.2012 07:34:05 | Computer Name = Home2-PC | Source = WLAN-Tray | ID = 0
Description = 13:34:05, Sat, Jun 09, 12 Error - Unable to gain access to user store
Error - 12.06.2012 02:34:52 | Computer Name = Home2-PC | Source = WLAN-Tray | ID = 0
Description = 08:34:48, Tue, Jun 12, 12 Error - Unable to gain access to user store
[ Media Center Events ]
Error - 02.01.2012 08:11:45 | Computer Name = Home2-PC | Source = MCUpdate | ID = 0
Description = 13:11:44 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
konnte keine Vertrauensstellung hergestellt werden..)
Error - 02.01.2012 08:11:49 | Computer Name = Home2-PC | Source = MCUpdate | ID = 0
Description = 13:11:45 - Broadband konnte nicht abgerufen werden (Fehler: Die zugrunde
liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
keine Vertrauensstellung hergestellt werden..)
Error - 02.01.2012 14:18:48 | Computer Name = Home2-PC | Source = MCUpdate | ID = 0
Description = 19:18:48 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde
liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
keine Vertrauensstellung hergestellt werden..)
Error - 02.01.2012 14:18:50 | Computer Name = Home2-PC | Source = MCUpdate | ID = 0
Description = 19:18:49 - MCESpotlight konnte nicht abgerufen werden (Fehler: Die
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
konnte keine Vertrauensstellung hergestellt werden..)
Error - 02.01.2012 14:18:51 | Computer Name = Home2-PC | Source = MCUpdate | ID = 0
Description = 19:18:51 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
konnte keine Vertrauensstellung hergestellt werden..)
Error - 02.01.2012 14:18:55 | Computer Name = Home2-PC | Source = MCUpdate | ID = 0
Description = 19:18:52 - Broadband konnte nicht abgerufen werden (Fehler: Die zugrunde
liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
keine Vertrauensstellung hergestellt werden..)
Error - 02.01.2012 15:22:10 | Computer Name = Home2-PC | Source = MCUpdate | ID = 0
Description = 20:22:10 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde
liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
keine Vertrauensstellung hergestellt werden..)
Error - 02.01.2012 15:22:11 | Computer Name = Home2-PC | Source = MCUpdate | ID = 0
Description = 20:22:11 - MCESpotlight konnte nicht abgerufen werden (Fehler: Die
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
konnte keine Vertrauensstellung hergestellt werden..)
Error - 02.01.2012 15:22:12 | Computer Name = Home2-PC | Source = MCUpdate | ID = 0
Description = 20:22:12 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
konnte keine Vertrauensstellung hergestellt werden..)
Error - 02.01.2012 15:22:14 | Computer Name = Home2-PC | Source = MCUpdate | ID = 0
Description = 20:22:13 - Broadband konnte nicht abgerufen werden (Fehler: Die zugrunde
liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
keine Vertrauensstellung hergestellt werden..)
[ System Events ]
Error - 07.07.2012 05:55:30 | Computer Name = Home2-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 07.07.2012 05:55:30 | Computer Name = Home2-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 07.07.2012 05:55:30 | Computer Name = Home2-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 07.07.2012 05:55:30 | Computer Name = Home2-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 07.07.2012 05:55:56 | Computer Name = Home2-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 07.07.2012 05:56:03 | Computer Name = Home2-PC | Source = DCOM | ID = 10005
Description =
Error - 07.07.2012 05:59:14 | Computer Name = Home2-PC | Source = DCOM | ID = 10005
Description =
Error - 07.07.2012 06:02:05 | Computer Name = Home2-PC | Source = DCOM | ID = 10005
Description =
Error - 09.07.2012 05:14:39 | Computer Name = Home2-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SessionLauncher" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
Error - 09.07.2012 05:14:54 | Computer Name = Home2-PC | Source = VDS Basic Provider | ID = 33554433
Description =
< End of report >
4. CCleaner Bericht Code:
ATTFilter Access Berater Suchen-AddIn SmartTools Publishing 14.04.2010 Access_aktuell · Beispieldatenbank 'Mehrfachauswahl' (FFC) SmartTools Publishing 08.08.2010 Access_aktuell · Beispieldatenbank 'Word Office Automation' (FCB) SmartTools Publishing 03.05.2012 Acronis True Image Home 2011 Acronis 25.09.2011 284MB 14.0.6868 Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 13.06.2012 6,00MB 11.3.300.257 Adobe Flash Player 11 Plugin Adobe Systems Incorporated 23.06.2012 6,00MB 11.3.300.262 Adobe Photoshop Elements 8.0 Adobe Systems Incorporated 18.09.2010 1,54GB 8.0 Adobe Reader 9.5.1 - Deutsch Adobe Systems Incorporated 14.04.2012 118MB 9.5.1 Advanced PDF-to-Word 1.0 16.08.2010 Apple Application Support Apple Inc. 27.05.2012 60,9MB 2.1.7 Apple Software Update Apple Inc. 08.07.2011 2,38MB 2.1.3.127 AquaSoft DiaShow 7 Premium AquaSoft 10.11.2011 7.6.11 ArcSoft PhotoStudio 5.5 ArcSoft 10.01.2010 AVM FRITZ!Box Dokumentation AVM Berlin 27.12.2009 AVM FRITZ!Box Druckeranschluss AVM Berlin 27.12.2009 Babylon toolbar on IE 10.02.2012 Bing Bar Microsoft Corporation 29.12.2011 26,8MB 7.0.850.0 Canon MP Navigator EX 2.0 10.01.2010 Canon Utilities Solution Menu 10.01.2010 CanoScan LiDE 200 Scanner Driver 10.01.2010 CCleaner Piriform 22.06.2012 3.20 Cisco EAP-FAST Module Cisco Systems, Inc. 14.12.2009 1,55MB 2.2.14 Cisco LEAP Module Cisco Systems, Inc. 14.12.2009 644KB 1.0.19 Cisco PEAP Module Cisco Systems, Inc. 14.12.2009 1,23MB 1.1.6 Conduit Engine Conduit Ltd. 13.01.2011 Creative Audio-Systemsteuerung Creative Technology Limited 29.12.2011 3.00 Creative Software AutoUpdate Creative Technology Limited 29.12.2011 1.40 Creative Sound Blaster Properties x64 Edition Creative Technology Limited 29.12.2011 1.02 Dell DataSafe Local Backup Dell 14.12.2009 9.3.36 Dell DataSafe Local Backup - Support Software Dell 14.12.2009 2.25 Dell DataSafe Online Dell, Inc. 28.04.2010 8,33MB 1.2.0011 Dell Dock Dell 14.12.2009 2.0.0 Dell Getting Started Guide Dell Inc. 14.12.2009 1.00.0000 Dell Support Center (Support Software) Dell 14.12.2009 2.5.09100 Dell Wireless WLAN Card Utility Dell Inc. 14.12.2009 5.30.21.0 DesignPro 5 Avery Dennison 03.06.2010 18,1MB 5.5.708 DirPrintOK 13.01.2011 Dolby Digital Live Pack Creative Technology Limited 14.12.2009 3.00 Duden Korrektor PLUS Bibliographisches Institut GmbH 31.01.2011 821MB 7.00.0000 Duden-Bibliothek Bibliographisches Institut GmbH 07.07.2011 68,0MB 5.1.0 Elf 1 Toolbar Elf 1 13.01.2011 6.3.0.26 Google Chrome Google Inc. 31.01.2011 20.0.1132.47 Google Toolbar for Internet Explorer Google Inc. 18.03.2012 7.3.2710.138 GPL Ghostscript Artifex Software Inc. 10.02.2012 9.05 Inkjet Printer/Scanner Extended Survey Program 10.01.2010 Intel(R) Programm für die Prozessorerkennung Intel Corporation 24.11.2011 4,64MB 4.40.0000 IrfanView (remove only) Irfan Skiljan 10.02.2012 1,50MB 4.32 Java(TM) 6 Update 14 (64-bit) Sun Microsystems, Inc. 14.12.2009 90,6MB 6.0.140 Java(TM) 6 Update 31 Oracle 01.03.2012 95,1MB 6.0.310 klickTel Telefon- und Branchenbuch Frühjahr 2010 telegate MEDIA AG 27.02.2010 1.00.0000 Logitech SetPoint Logitech 30.03.2010 17,0KB 4.80 LogoMaker 4.0 Avanquest 24.02.2012 Malwarebytes Anti-Malware Version 1.61.0.1400 Malwarebytes Corporation 09.07.2012 18,0MB 1.61.0.1400 McAfee SecurityCenter McAfee, Inc. 27.06.2012 11.0.678 Microsoft .NET Framework 1.1 Microsoft 24.03.2010 34,8MB 1.1.4322 Microsoft .NET Framework 4 Client Profile Microsoft Corporation 13.09.2010 38,8MB 4.0.30319 Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 13.09.2010 2,93MB 4.0.30319 Microsoft .NET Framework 4 Extended Microsoft Corporation 13.09.2010 51,9MB 4.0.30319 Microsoft .NET Framework 4 Extended DEU Language Pack Microsoft Corporation 13.09.2010 10,6MB 4.0.30319 Microsoft Access 2002 VBA SFS-Übungsdateien 02.05.2012 Microsoft Access 2010 Interactive Guide DEU Microsoft 30.06.2011 5,85MB 1.2.1 Microsoft Expression Design 4 Microsoft Corporation 13.03.2012 7.0.20516.0 Microsoft Expression Encoder 4 Microsoft Corporation 13.09.2010 4.0.1651.0 Microsoft Expression Encoder 4 Screen Capture Codec Microsoft Corporation 13.09.2010 1,80MB 4.0.1651.0 Microsoft Expression Web 4 Microsoft Corporation 29.07.2011 4.0.1303.0 Microsoft IntelliPoint 8.2 Microsoft Corporation 05.02.2012 8.20.468.0 Microsoft Office 2003 Web Components Microsoft Corporation 12.04.2012 28,0MB 11.0.8003.0 Microsoft Office Live Add-in 1.5 Microsoft Corporation 26.05.2010 508KB 2.0.4024.1 Microsoft Office Professional 2010 Microsoft Corporation 07.01.2012 14.0.6029.1000 Microsoft Office Small Business Connectivity Components Microsoft Corporation 14.12.2009 2.0.7024.0 Microsoft Silverlight Microsoft Corporation 11.05.2012 242MB 4.1.10329.0 Microsoft SQL Server 2005 Microsoft Corporation 14.12.2009 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 14.12.2009 1,72MB 3.1.0000 Microsoft SQL Server Native Client Microsoft Corporation 17.03.2011 5,89MB 9.00.5000.00 Microsoft SQL Server VSS Writer Microsoft Corporation 17.03.2011 1,12MB 9.00.5000.00 Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Corporation 11.09.2011 625KB 1.0.1215.0 Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Corporation 11.09.2011 1,44MB 1.0.1215.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Corporation 27.12.2009 260KB 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 27.12.2009 252KB 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 15.06.2011 300KB 8.0.61001 Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 15.01.2010 3,84MB 8.0.61000 Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Corporation 11.05.2011 580KB 8.0.51011 Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Corporation 27.12.2009 212KB 9.0.30729.4148 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 24.03.2010 200KB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Corporation 07.05.2011 790KB 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 07.05.2011 598KB 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 14.12.2009 788KB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 15.06.2011 788KB 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 24.03.2010 596KB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 15.06.2011 600KB 9.0.30729.6161 Mozilla Firefox 13.0.1 (x86 de) Mozilla 30.06.2012 37,4MB 13.0.1 Mozilla Maintenance Service Mozilla 30.06.2012 199KB 13.0.1 MSXML 4.0 SP2 (KB954430) Microsoft Corporation 27.12.2009 1,27MB 4.20.9870.0 MSXML 4.0 SP2 (KB973688) Microsoft Corporation 27.12.2009 1,33MB 4.20.9876.0 Multimedia Card Reader Fitipower 14.12.2009 633KB 1.4.915.1 Nuance PDF Create! 6 Nuance Communications, Inc 24.03.2010 122MB 6.00.6401 NVIDIA Drivers NVIDIA Corporation 14.12.2009 1.4 NVIDIA PhysX NVIDIA Corporation 14.12.2009 119MB 9.09.0203 OpenAL 29.12.2011 Opera 11.51 Opera Software ASA 12.04.2012 11.51.1087 PDF Editor 3 12.08.2010 PowerDVD DX CyberLink Corp. 14.12.2009 8.3.5424 Protect Disc License Helper 1.0.125 (IE) Protect Disc 20.10.2010 1.0.125 ProtectDisc Driver, Version 11 ProtectDisc Software GmbH 20.10.2010 11.0.0.14 PSPad editor Jan Fiala 17.06.2010 QuickTime Apple Inc. 27.05.2012 73,2MB 7.72.80.56 Roxio Creator 8.2 XE Roxio, Inc. 24.03.2010 410MB 8.2.298 Roxio Easy CD and DVD Burning Roxio 14.12.2009 1,40GB 10.3 SmartTools Publishing • Access Globale Suche SmartTools Publishing 31.05.2012 v1.50 SmartTools Publishing • Access Security Manager SmartTools Publishing 26.11.2010 v1.00 SmartTools Publishing • Access Zahl in Worten SmartTools Publishing 06.04.2012 v2.50 SmartTools Publishing • Excel Jahresplan SmartTools Publishing 25.03.2010 v2.00 SmartTools Publishing • Word Booklet-Assistent SmartTools Publishing 20.03.2011 v3.00 SmartTools Publishing • Word Classic Menü 2010, 2007 SmartTools Publishing 24.11.2011 v1.50 SmartTools Publishing • Word Serienmailer SmartTools Publishing 05.06.2010 v2.02 Sound Blaster X-Fi 10.02.2010 1.0 Spelling Dictionaries Support For Adobe Reader 9 Adobe Systems Incorporated 18.09.2010 29,6MB 9.0.0 StarMoney 7.0 Star Finanz GmbH 05.04.2010 7.0 StarMoney 8.0 Star Finanz GmbH 02.02.2012 8.0 Techinfo Doppelte Datensätze 18.04.2010 TSPCzwei 25.11.2011 Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) Microsoft Corporation 17.03.2011 30,5MB 9.00.5000.00 Windows Live Essentials Microsoft Corporation 11.09.2011 14.0.8117.0416 Windows Live ID-Anmelde-Assistent Microsoft Corporation 26.05.2010 10,0MB 6.500.3165.0 Windows Live Sync Microsoft Corporation 11.09.2011 2,79MB 14.0.8117.416 Windows Live-Uploadtool Microsoft Corporation 14.12.2009 224KB 14.0.8014.1029 Windows XP Mode Microsoft Corporation 24.11.2011 1,13GB 1.3.7600.16422 WinRAR 06.07.2010 XAMPP 1.7.4 21.02.2011 Yontoo 1.10.02 Yontoo LLC 10.02.2012 857KB 1.10.02 Viele Grüße Harald |
|
10.07.2012, 14:46
| #4 | ||||
| /// Helfer-Team | GVU Trojaner und jetzt? Systemreinigung und Prüfung: 1. Deinstalliere unter Systemsteuerung-> Software/Programme : Code:
ATTFilter Babylon toolbar
Bing Bar
Conduit Engine
Elf 1 Toolbar
Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte. Während des Installationsvorgangs die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen bzw gesetzten Haken belassen, weil damit stimmt man nämlich zu, dass andere "Fremdprogramm", oder sogar Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert. In diese Kategorie gehören noch einige, wie z.B: -> Unerwünschte Toolbars Zitat:
Hast Du zur Zone Vertrauenswürdige Sites absichtlich hinzugefügt?: Zitat:
kann ich nicht zuordnen, um was handelt es sich dabei ?: Code:
ATTFilter [2012.06.23 15:20:44 | 000,770,048 | ---- | M] () -- C:\Users\Home2\Documents\CreaKombi.accdb
[2012.06.21 17:45:27 | 001,581,056 | ---- | M] () -- C:\Users\Home2\Documents\Kontakte2.accdb
[2012.06.18 17:55:52 | 000,897,024 | ---- | M] () -- C:\Users\Home2\Documents\Lieferantensuche97-2.accdb
[2012.06.18 16:54:54 | 000,692,224 | ---- | M] () -- C:\Users\Home2\Documents\CreaKombi2.accdb
[2012.06.16 21:31:53 | 000,442,368 | ---- | M] () -- C:\Users\Home2\Documents\Benutzerverwaltung97.accdb
[2012.06.16 19:20:50 | 000,688,128 | ---- | M] () -- C:\Users\Home2\Documents\CreaKombi1.accdb
[2012.06.30 14:38:41 | 000,925,696 | ---- | C] () -- C:\Users\Home2\Documents\Institut.accdb
[2012.06.30 14:36:52 | 002,564,096 | ---- | C] () -- C:\Users\Home2\Documents\Projekte.accdb
[2012.06.30 14:31:15 | 001,642,496 | ---- | C] () -- C:\Users\Home2\Documents\Probleme2.accdb
[2012.06.30 14:10:48 | 001,191,936 | ---- | C] () -- C:\Users\Home2\Documents\Aufgaben3.accdb
[2012.06.30 14:00:49 | 004,403,200 | ---- | C] () -- C:\Users\Home2\Documents\Nordwind2.accdb
[2012.06.25 19:06:31 | 000,001,804 | ---- | C] () -- C:\Users\Home2\Desktop\Adressdatenverwaltung2010.accdb - Verknüpfung.lnk
[2012.06.21 17:44:12 | 001,581,056 | ---- | C] () -- C:\Users\Home2\Documents\Kontakte2.accdb
[2012.06.18 17:50:32 | 000,897,024 | ---- | C] () -- C:\Users\Home2\Documents\Lieferantensuche97-2.accdb
[2012.06.18 16:54:03 | 000,692,224 | ---- | C] () -- C:\Users\Home2\Documents\CreaKombi2.accdb
[2012.06.16 19:20:10 | 000,688,128 | ---- | C] () -- C:\Users\Home2\Documents\CreaKombi1.accdb
[2012.06.10 12:58:23 | 000,770,048 | ---- | C] () -- C:\Users\Home2\Documents\CreaKombi.accdb
Zitat:
Code:
ATTFilter :OTL
MOD - C:\Users\Home2\AppData\Local\Temp\glom0_og.exe ()
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0D373E36-5D79-49FA-A10D-145F98B0AE6C}
IE:64bit: - HKLM\..\SearchScopes\{0D373E36-5D79-49FA-A10D-145F98B0AE6C}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\..\URLSearchHook: {22e03916-85c5-44b0-8dc9-1830c11238d9} - C:\Program Files (x86)\Elf_1\prxtbElf_.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{51349ADB-FB3D-47C7-B6BA-C5307B322DC5}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2856415
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
IE - HKCU\..\URLSearchHook: {22e03916-85c5-44b0-8dc9-1830c11238d9} - C:\Program Files (x86)\Elf_1\prxtbElf_.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&babsrc=SP_def&AF=10588
IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2856415
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/home"
FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=adbartrp&mntrId=34908e13000000000000904ce5303a63&q="
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Home2\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Home2\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.10 13:44:26 | 000,002,275 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = http://search.babylon.com/?q={searchTerms}&babsrc=SP_def&mntrId=34908e13000000000000904ce5303a63
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{605960f1-f2c9-11de-9c04-002564e9a1b5}\Shell - "" = AutoRun
O33 - MountPoints2\{605960f1-f2c9-11de-9c04-002564e9a1b5}\Shell\AutoRun\command - "" = I:\pushinst.exe
[2012.07.09 15:52:48 | 004,503,728 | ---- | M] () -- C:\ProgramData\go_0molg.pad
[2012.07.09 15:51:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2855445283-1414569937-4144548128-1003UA.job
[2012.07.09 15:43:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.09 11:14:39 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.06 16:22:54 | 000,001,887 | ---- | M] () -- C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.06 09:51:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2855445283-1414569937-4144548128-1003Core.job
[2012.07.06 16:22:54 | 000,001,887 | ---- | C] () -- C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Word-Privat:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\WebProf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Test-Datenbanken:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Spenderessen2011:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Seminare_2Halbjahr2011:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Seminare_20062011:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Scan:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Privat:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Petri-Zuwendungsverwaltung:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\PdfGrabber:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\PDF-Favoriten:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\PDF_Dokumente:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Outlook-Dateien:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\OneNote-Notizbücher:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\ÖffentlichSeminare2010_Temporär:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\ÖffentlicheSeminare2012:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\ÖffentlicheSeminare2011:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\ÖffentlicheSeminare2010_alt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\ÖffentlicheSeminare2010:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\My Albums:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Meine Websites:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\LogoMaker:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Klub Q:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\HmspZusammenstellungaus2010_2011:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\HMSP2013:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\HMSP2012_2HJ:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Hmsp2012_03112011:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\HMSP2012:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Hmsp2011:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Hmsp_Sept2010:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Hmsp_Herbst2011:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Helferdatei:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\HD-BSZ_21062011:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\HD-BSZ_12082011:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\HD-BSZ_11012011:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\HD-BSZ:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\FlyerSeminar2012:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Entwurf_Jahresbericht:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\EinstiegCSS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Eigene Datenquellen:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\diashow1.mpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\diashow.mpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Desktopablegen:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\CSS_Website:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\css_pur:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\BSZ-WORD:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\BSZ-Statistik:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\BSZ-Logos:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\BSZ-Fahrtkosten:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\BSZ-Fachberatung:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\BSZ_Website_Bilder:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\BSZ_Veranstaltungen:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\BSZ_Umstellung2010:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\BSZ_EXCEL:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\BSZ:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Bildungsspender:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\belkin:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Ausstellung-Zuhoeren-St-Petri-e-mail.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\AccessBasics:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Access2010_VBA:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Access2010_Trainingsbuch:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Access2010_Programmierung:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Access2010_Kulpa:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Access2010_DB_entwickeln:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Access2010_BHV:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Access2010_Basis:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\2011:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\01022012:Roxio EMC Stream
@Alternate Data Stream - 240 bytes -> C:\ProgramData\TEMP:07C8C7C8
:Files
C:\Users\Home2\AppData\Local\Temp\glom0_og.exe
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
5. Java aktualisieren- über Systemsteuerung-> Nach Update suchen... oder: Downloade nun die Offline-Version von Java "Empfohlen Version Java(TM) 7 Update 4 " von Oracle und installiere sie. Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar entfernen. 6. Adobe Reader aktualisieren : - Während der Installation aufpassen/mitlesen!: Wenn irgendeine Software, Toolbar etc angeboten wird, bitte abwählen! - (z.B "McAfee Security Scan Plus") Adobe Reader Oder: Adobe starten-> gehe auf "Hilfe"-> "Nach Update suchen..." 7. Tipps (unabhängig davon ob man den Internet Explorer benutzt oder nicht!): -> Tipps zu Internet Explorer -> Standard Suchmaschine des Explorers ändern -> Ändern oder Auswählen eines Suchanbieters in Internet Explorer 7/8 -> Wie kann ich den Cache im Internet Explorer leeren? 8. reinige dein System mit CCleaner:
9.
10. Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen. Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung 11. -> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<< 12. erneut einen Scan mit OTL:
damit ich weiß, welche Änderungen Du vorgenommen hast: Zitat:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
11.07.2012, 09:01
| #5 |
| | GVU Trojaner und jetzt? Hallo Kira, de Punkte habe ich jetzt abgearbeitet. Das resiltat: zu 1. die vier Programme habe ich deinstalliert zu 2. den ersten Eintrag (dyndns.org) benötige ich für Outlook Web Access und ist vertrauenswürdig. Der 2. Eintrag (Range 1) sagt mir nichts. zu 3. dabei handelt es ausschließlich um Access 2010 Datenbanken. zu 4. Fixen mit OTL Das Textdokument: Code:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0D373E36-5D79-49FA-A10D-145F98B0AE6C}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D373E36-5D79-49FA-A10D-145F98B0AE6C}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{22e03916-85c5-44b0-8dc9-1830c11238d9} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22e03916-85c5-44b0-8dc9-1830c11238d9}\ not found.
File C:\Program Files (x86)\Elf_1\prxtbElf_.dll not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{51349ADB-FB3D-47C7-B6BA-C5307B322DC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51349ADB-FB3D-47C7-B6BA-C5307B322DC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{22e03916-85c5-44b0-8dc9-1830c11238d9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22e03916-85c5-44b0-8dc9-1830c11238d9}\ not found.
File C:\Program Files (x86)\Elf_1\prxtbElf_.dll not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found.
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: "hxxp://search.babylon.com/home" removed from browser.startup.homepage
Prefs.js: "hxxp://search.babylon.com/?babsrc=adbartrp&mntrId=34908e13000000000000904ce5303a63&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Users\Home2\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Users\Home2\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml moved successfully.
Unable to fix default_search_provider items.
Unable to fix default_search_provider items.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{605960f1-f2c9-11de-9c04-002564e9a1b5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{605960f1-f2c9-11de-9c04-002564e9a1b5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{605960f1-f2c9-11de-9c04-002564e9a1b5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{605960f1-f2c9-11de-9c04-002564e9a1b5}\ not found.
File I:\pushinst.exe not found.
C:\ProgramData\go_0molg.pad moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2855445283-1414569937-4144548128-1003UA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2855445283-1414569937-4144548128-1003Core.job moved successfully.
File C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
ADS C:\Users\Home2\Documents\Word-Privat:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\WebProf:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\Test-Datenbanken:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\Spenderessen2011:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\Seminare_2Halbjahr2011:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\Seminare_20062011:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\Scan:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\Privat:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\Petri-Zuwendungsverwaltung:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\PdfGrabber:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\PDF-Favoriten:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\PDF_Dokumente:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\Outlook-Dateien:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\OneNote-Notizbücher:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\ÖffentlichSeminare2010_Temporär:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\ÖffentlicheSeminare2012:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\ÖffentlicheSeminare2011:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\ÖffentlicheSeminare2010_alt:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\ÖffentlicheSeminare2010:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\My Albums:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\Meine Websites:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\LogoMaker:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\Klub Q:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\HmspZusammenstellungaus2010_2011:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\HMSP2013:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\HMSP2012_2HJ:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\Hmsp2012_03112011:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\HMSP2012:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\Hmsp2011:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\Hmsp_Sept2010:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\Hmsp_Herbst2011:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\Helferdatei:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\HD-BSZ_21062011:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\HD-BSZ_12082011:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\HD-BSZ_11012011:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\HD-BSZ:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\FlyerSeminar2012:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\Entwurf_Jahresbericht:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\EinstiegCSS:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\Eigene Datenquellen:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\diashow1.mpg:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\diashow.mpg:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\Desktopablegen:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\CSS_Website:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\css_pur:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\BSZ-WORD:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\BSZ-Statistik:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\BSZ-Logos:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\BSZ-Fahrtkosten:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\BSZ-Fachberatung:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\BSZ_Website_Bilder:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\BSZ_Veranstaltungen:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\BSZ_Umstellung2010:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\BSZ_EXCEL:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\BSZ:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\Bildungsspender:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\belkin:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\Ausstellung-Zuhoeren-St-Petri-e-mail.jpg:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\AccessBasics:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\Access2010_VBA:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\Access2010_Trainingsbuch:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\Access2010_Programmierung:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\Access2010_Kulpa:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\Access2010_DB_entwickeln:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\Access2010_BHV:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\Access2010_Basis:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\2011:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\01022012:Roxio EMC Stream deleted successfully.
ADS C:\ProgramData\TEMP:07C8C7C8 deleted successfully.
========== FILES ==========
File\Folder C:\Users\Home2\AppData\Local\Temp\glom0_og.exe not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Home2\Desktop\cmd.bat deleted successfully.
C:\Users\Home2\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: FCB
User: Home2
->Temp folder emptied: 2606382124 bytes
->Temporary Internet Files folder emptied: 2980719936 bytes
->Java cache emptied: 12579140 bytes
->FireFox cache emptied: 52225959 bytes
->Google Chrome cache emptied: 18234468 bytes
->Opera cache emptied: 12361869 bytes
->Flash cache emptied: 213858 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 319501025 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 100719 bytes
RecycleBin emptied: 16826854230 bytes
Total Files Cleaned = 21.772,00 mb
OTL by OldTimer - Version 3.2.53.1 log created on 07102012_191953
Files\Folders moved on Reboot...
C:\Users\Home2\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\JET891E.tmp moved successfully.
C:\Windows\temp\~ROMFN_000009DC moved successfully.
PendingFileRenameOperations files...
File C:\Users\Home2\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Windows\temp\JET891E.tmp not found!
File C:\Windows\temp\~ROMFN_000009DC not found!
Registry entries deleted on Reboot...
6. Adobe Reader ist auf dem neusten Stand 7. habe ich z.K. genommen 8. CCleaner habe ich ausgeführt. 10. SUPER ANTI SPYWARE Code:
ATTFilter UPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 07/10/2012 at 10:08 PM
Application Version : 5.5.1006
Core Rules Database Version : 8875
Trace Rules Database Version: 6687
Scan type : Complete Scan
Total Scan Time : 01:03:08
Operating System Information
Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User
Memory items scanned : 716
Memory threats detected : 0
Registry items scanned : 74079
Registry threats detected : 0
File items scanned : 82479
File threats detected : 616
Adware.Tracking Cookie
C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\home2@acronis.122.2o7[1].txt [ /acronis.122.2o7 ]
C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\home2@ads.medienhaus[1].txt [ /ads.medienhaus ]
C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\home2@ads.sun[1].txt [ /ads.sun ]
C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\home2@adserver.handball-welt[2].txt [ /adserver.handball-welt ]
C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\home2@adultfriendfinder[1].txt [ /adultfriendfinder ]
C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\home2@advertising[1].txt [ /advertising ]
C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\home2@imrworldwide[2].txt [ /imrworldwide ]
C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\home2@lxtraffic[2].txt [ /lxtraffic ]
C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\home2@statse.webtrendslive[1].txt [ /statse.webtrendslive ]
C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\home2@tracking.mindshare[1].txt [ /tracking.mindshare ]
C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\home2@www.etracker[1].txt [ /www.etracker ]
C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\5VQ5SM3M.txt [ /smartadserver.com ]
C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\K1I2GVAM.txt [ /doubleclick.net ]
C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\3JG4TO50.txt [ /c.atdmt.com ]
C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\O94OVK0U.txt [ /revsci.net ]
C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\home2@de.sitestat[2].txt [ /de.sitestat.com ]
C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\ZAPBYP92.txt [ /ad4.adfarm1.adition.com ]
C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\EL0RVHKX.txt [ /ad.adnet.de ]
C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\home2@de.sitestat[3].txt [ /de.sitestat.com ]
C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\HEM6URWT.txt [ /adform.net ]
C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\8DJ7IIL2.txt [ /microsoftwllivemkt.112.2o7.net ]
C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\XBCVC701.txt [ /ad2.adfarm1.adition.com ]
C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\home2@de.sitestat[1].txt [ /de.sitestat.com ]
C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\01A0PKNE.txt [ /specificclick.net ]
C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\A29QPZ03.txt [ /webmasterplan.com ]
C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\X3Q1YXBO.txt [ /ad.ad-srv.net ]
C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\XBQPL934.txt [ /ad.zanox.com ]
C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\FP383K2R.txt [ /eas.apm.emediate.eu ]
C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\A43WX29G.txt [ /atdmt.com ]
C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\QF8N2N6V.txt [ /www.zanox-affiliate.de ]
C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\SGEHC50S.txt [ /traffictrack.de ]
C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\M75CC8KA.txt [ /im.banner.t-online.de ]
C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\4U638UJJ.txt [ /adfarm1.adition.com ]
C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\D3RK9JL4.txt [ /perf.overture.com ]
C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\E2QCV5C3.txt [ /track.adform.net ]
C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\SUUN43TT.txt [ /de.sitestat.com ]
C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\9PUCYC1X.txt [ /xiti.com ]
C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\B1ZH271B.txt [ /tradedoubler.com ]
C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\IDI5T9D6.txt [ /de.sitestat.com ]
C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\68N8B7U7.txt [ /apmebf.com ]
C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\MS3USIWE.txt [ /ads.creative-serving.com ]
C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\L3TSK0VG.txt [ /zanox-affiliate.de ]
C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\NDC03ODR.txt [ /invitemedia.com ]
C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\BTG765J7.txt [ /adviva.net ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Y0SM0BZF.txt [ Cookie:home2@ich.adscale.de/adserver-ich/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZH52JN99.txt [ Cookie:home2@smartadserver.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@rocketpenis[2].txt [ Cookie:home2@rocketpenis.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@counter.hitslink[1].txt [ Cookie:home2@counter.hitslink.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y6F4NGQN.txt [ Cookie:home2@adbrite.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\XQG63FDU.txt [ Cookie:home2@zanox.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\4D2WP8C6.txt [ Cookie:home2@questionmarket.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@frontlinegmbh.122.2o7[1].txt [ Cookie:home2@frontlinegmbh.122.2o7.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@mediafire[1].txt [ Cookie:home2@mediafire.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\2ZW18KCS.txt [ Cookie:home2@menofporn.typepad.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZZ0DBPFS.txt [ Cookie:home2@track.effiliation.com/servlet/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@wikiporno[1].txt [ Cookie:home2@wikiporno.org/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\H88M2ANO.txt [ Cookie:home2@a.clickclicknetwork.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\9A5B7SQF.txt [ Cookie:home2@adultdvdtalk.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\78WQ0MHW.txt [ Cookie:home2@partypoker.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@de.sitestat[1].txt [ Cookie:home2@de.sitestat.com/sport1/sport1-de/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@bluestreak[1].txt [ Cookie:home2@bluestreak.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\INCUY9AL.txt [ Cookie:home2@www.machfucker.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\N97I6CJE.txt [ Cookie:home2@bareback-porn-blog.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\48VND876.txt [ Cookie:home2@euros4click.de/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZDNJJ7NU.txt [ Cookie:home2@pro-market.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\12E66MKI.txt [ Cookie:home2@teufel-media.de/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\E0TTHV9Y.txt [ Cookie:home2@specificclick.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@de.sitestat[4].txt [ Cookie:home2@de.sitestat.com/idgcom-de/pcwelt/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\D5F0G9ZP.txt [ Cookie:home2@ad.yieldmanager.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\1ZM53RX2.txt [ Cookie:home2@counter.sexsuche.tv/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@youporngay.videoboxmen[2].txt [ Cookie:home2@youporngay.videoboxmen.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@warezfactor[1].txt [ Cookie:home2@warezfactor.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@microsoftinternetexplorer.112.2o7[1].txt [ Cookie:home2@microsoftinternetexplorer.112.2o7.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\F9PSVTNE.txt [ Cookie:home2@eas.apm.emediate.eu/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\AA1N65H7.txt [ Cookie:home2@hornygreek.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@in.getclicky[1].txt [ Cookie:home2@in.getclicky.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\RIIKW6CF.txt [ Cookie:home2@clickandbuy.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\QCVBX0Y5.txt [ Cookie:home2@www.access-paradies.de/counter/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@de.sitestat[3].txt [ Cookie:home2@de.sitestat.com/sport1/dsf-de/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\1PHGO3HA.txt [ Cookie:home2@www.buttfuckingbunch.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\8ES7DMLI.txt [ Cookie:home2@track.effiliation.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@www.8teenboysex[1].txt [ Cookie:home2@www.8teenboysex.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\3UILNF13.txt [ Cookie:home2@ww251.smartadserver.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\J12D7QPP.txt [ Cookie:home2@atdmt.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\WIKHV93O.txt [ Cookie:home2@www.zanox-affiliate.de/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\YZIIB338.txt [ Cookie:home2@track.yellostrom.de/792742425687471,219869629063635/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@xxx.falconstudios[3].txt [ Cookie:home2@xxx.falconstudios.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\R8GWD127.txt [ Cookie:home2@im.banner.t-online.de/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\MYO4OQFY.txt [ Cookie:home2@traffictrack.de/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\T4TX5UR7.txt [ Cookie:home2@manfuckman.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\UZNZS85W.txt [ Cookie:home2@de.partypoker.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\14L9P0SO.txt [ Cookie:home2@www7.addfreestats.com/cgi-bin ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\A5R85WCN.txt [ Cookie:home2@ads.neudesicmediagroup.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@adsrv.admediate[2].txt [ Cookie:home2@adsrv.admediate.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\9SJIS8MA.txt [ Cookie:home2@tracking.hermesworld.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\2TDA8Z5C.txt [ Cookie:home2@rts.pgmediaserve.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\DQS5WQC3.txt [ Cookie:home2@gotgayporn.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\NL81YMBA.txt [ Cookie:home2@tracking.mindshare.de/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\BCX9LQOH.txt [ Cookie:home2@advertising.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\GM81646M.txt [ Cookie:home2@zedo.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@xiti[1].txt [ Cookie:home2@xiti.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZVLEJ069.txt [ Cookie:home2@tradedoubler.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@gayvod.pornotube[1].txt [ Cookie:home2@gayvod.pornotube.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\J7FDWD1A.txt [ Cookie:home2@ad.adserver01.de/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\85DJQ14P.txt [ Cookie:home2@apmebf.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\IWOND4J6.txt [ Cookie:home2@www.queerclick.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\TAK34PJF.txt [ Cookie:home2@machfucker.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\5IYAUVVS.txt [ Cookie:home2@youporngay.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\X6GRCHAE.txt [ Cookie:home2@treasureislandmedia.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\D31K5H4S.txt [ Cookie:home2@www.gaymoviedome.com/gaysex/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\WQ3WKBQP.txt [ Cookie:home2@www.etracker.de/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\K9UPBLCA.txt [ Cookie:home2@c1.atdmt.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@xxx.falconstudios[1].txt [ Cookie:home2@xxx.falconstudios.com/index.cfm/fuseaction/product.detail/_/Marco-Bill/productID/e6648f58-a975-45c1-a44a-8ee22eac964c/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\RBZF0I59.txt [ Cookie:home2@zanox-affiliate.de/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZCKW7BYE.txt [ Cookie:home2@tracking.quisma.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\6YSEDWHU.txt [ Cookie:home2@statse.webtrendslive.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\RREWNEXO.txt [ Cookie:home2@doubleclick.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\APQ92UAF.txt [ Cookie:home2@server.lon.liveperson.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\LBD6TPXW.txt [ Cookie:home2@www.pornstaremart.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\40MDPSZQ.txt [ Cookie:home2@maniamediallc.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\SEUOFF1S.txt [ Cookie:home2@ads.crakmedia.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\8OM0IPJE.txt [ Cookie:home2@www.burstnet.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\7WP7DJPP.txt [ Cookie:home2@revsci.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\D3568NY8.txt [ Cookie:home2@dirtyfuckers.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\4Z9LW5V0.txt [ Cookie:home2@ad.adnet.de/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@my.brandwire[1].txt [ Cookie:home2@my.brandwire.tv/Brandwire/deliverAd/flashBannerXml/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\7UU9MQMI.txt [ Cookie:home2@adsys.airbus.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\CBY5IWFK.txt [ Cookie:home2@deutschepostag.112.2o7.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\IGHFV9ZJ.txt [ Cookie:home2@porn.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@msexchangefaq[1].txt [ Cookie:home2@msexchangefaq.de/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\VCOGU60Z.txt [ Cookie:home2@counter2.sexmoney.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\WY79FYHS.txt [ Cookie:home2@ero-advertising.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\60QTD8WC.txt [ Cookie:home2@gayfuckporn.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\XT2FC1JF.txt [ Cookie:home2@kontera.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\ASLXPEMP.txt [ Cookie:home2@google.com/adsense/support/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@wkdporn[2].txt [ Cookie:home2@wkdporn.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q90PYFQ6.txt [ Cookie:home2@insightexpressai.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@pornforpatric[1].txt [ Cookie:home2@pornforpatric.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@de.sitestat[6].txt [ Cookie:home2@de.sitestat.com/sport1/tvdsf-de/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\FJ3GGWLJ.txt [ Cookie:home2@microsoftsto.112.2o7.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\PTUWMRGO.txt [ Cookie:home2@uk.at.atwola.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\YAOVXKYB.txt [ Cookie:home2@hotbarebacking.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\2PVP78MS.txt [ Cookie:home2@sexsohbet.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\O5IPLW48.txt [ Cookie:home2@casalemedia.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\AE8WC8Y9.txt [ Cookie:home2@ar.atwola.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\TTVIT0FY.txt [ Cookie:home2@www.active-tracking.de/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@fr.youporngay[2].txt [ Cookie:home2@fr.youporngay.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\R8EHC0YK.txt [ Cookie:home2@stats.crsend.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@e-2dj6wjk4wpczclo.stats.esomniture[2].txt [ Cookie:home2@e-2dj6wjk4wpczclo.stats.esomniture.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\NWA057BH.txt [ Cookie:home2@collective-media.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@gaypornblog[1].txt [ Cookie:home2@gaypornblog.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@de.sitestat[5].txt [ Cookie:home2@de.sitestat.com/bitburger/bitburger/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\QMCYA6LG.txt [ Cookie:home2@track.adform.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@microsoftmachinetranslation.112.2o7[1].txt [ Cookie:home2@microsoftmachinetranslation.112.2o7.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@gay.adultrental[1].txt [ Cookie:home2@gay.adultrental.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\7OH536RV.txt [ Cookie:home2@yieldmanager.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\MSLP0B94.txt [ Cookie:home2@pornstaremart.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\JQQFH3C8.txt [ Cookie:home2@livefucking.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\L70WY3SP.txt [ Cookie:home2@liveperson.net/hc/599832 ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@pumphousemedia[2].txt [ Cookie:home2@pumphousemedia.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@2.bfugmedia[2].txt [ Cookie:home2@2.bfugmedia.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@ad.adnet[3].txt [ Cookie:home2@ad.adnet.biz/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\YHCLNGAO.txt [ Cookie:home2@nakedsword.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@subscriber.netmediaeurope[1].txt [ Cookie:home2@subscriber.netmediaeurope.de/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@topteenboys[2].txt [ Cookie:home2@topteenboys.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@haporn[1].txt [ Cookie:home2@haporn.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@freegaypassfinder[1].txt [ Cookie:home2@freegaypassfinder.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@qnsr[1].txt [ Cookie:home2@qnsr.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@movies.smartssex[2].txt [ Cookie:home2@movies.smartssex.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@eas8.emediate[2].txt [ Cookie:home2@eas8.emediate.eu/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\7XNLL635.txt [ Cookie:home2@counter15.sextracker.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@www.gayteenboylinks[2].txt [ Cookie:home2@www.gayteenboylinks.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@de.sitestat[7].txt [ Cookie:home2@de.sitestat.com/idgcom-de/tecchannel/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\56TOKOWV.txt [ Cookie:home2@trafficholder.com/cgi-bin/traffic/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@gay.pornbb[2].txt [ Cookie:home2@gay.pornbb.org/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@jmedia16.justusboys[2].txt [ Cookie:home2@jmedia16.justusboys.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\2LROX7XI.txt [ Cookie:home2@adserver.sevenload.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@tracking.klicktel[1].txt [ Cookie:home2@tracking.klicktel.de/dcss6p7z710000st9t9gc2lxn_3c5g ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\SFMHRS51.txt [ Cookie:home2@stat.dealtime.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\XXV8T8QO.txt [ Cookie:home2@www.treasureislandmedia.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\P99B2UHG.txt [ Cookie:home2@tradetracker.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@www.sexkey[2].txt [ Cookie:home2@www.sexkey.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\3UCEJULR.txt [ Cookie:home2@photosex.biz/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\V3GJSDTC.txt [ Cookie:home2@ad2.adfarm1.adition.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\5S7WE2K2.txt [ Cookie:home2@gay.pornstarfuck.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@xxxamaturxxx[1].txt [ Cookie:home2@xxxamaturxxx.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\MA5ZNEA9.txt [ Cookie:home2@www.hotbarebacking.com/tour/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@gaysextv[2].txt [ Cookie:home2@gaysextv.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\9O8H1UHB.txt [ Cookie:home2@adition.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\T3J1ZKPI.txt [ Cookie:home2@adx.chip.de/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@de.sitestat[11].txt [ Cookie:home2@de.sitestat.com/karstadt-de/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@pornofilm-suche[1].txt [ Cookie:home2@pornofilm-suche.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@aboutgaypornblog[2].txt [ Cookie:home2@aboutgaypornblog.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\IINFO9SK.txt [ Cookie:home2@unitymedia.de/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\VMV6FICV.txt [ Cookie:home2@ad.dyntracker.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@averydennison.112.2o7[1].txt [ Cookie:home2@averydennison.112.2o7.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@nymmedia[1].txt [ Cookie:home2@nymmedia.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@vodafonegroup.122.2o7[1].txt [ Cookie:home2@vodafonegroup.122.2o7.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\U7XD40EE.txt [ Cookie:home2@liveperson.net/hc/9954793 ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@servedby.adxpower[1].txt [ Cookie:home2@servedby.adxpower.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\CNNGHERJ.txt [ Cookie:home2@makinggayporn.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@mofosex[2].txt [ Cookie:home2@mofosex.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@www.pornoxo[2].txt [ Cookie:home2@www.pornoxo.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@track.webtrekk[1].txt [ Cookie:home2@track.webtrekk.de/471497967328727/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@liveperson[4].txt [ Cookie:home2@liveperson.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@hunkporntube[1].txt [ Cookie:home2@hunkporntube.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\D88SRIM9.txt [ Cookie:home2@advertising.justusboys.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\F8SWCIJ0.txt [ Cookie:home2@pornoxo.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\UKKJURWH.txt [ Cookie:home2@chatsex.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z322PJV0.txt [ Cookie:home2@vod.pornstardatabase.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\YOPOGTAL.txt [ Cookie:home2@eyewonder.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\SQVH76UL.txt [ Cookie:home2@maleflixxx.tv/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@acronis.122.2o7[1].txt [ Cookie:home2@acronis.122.2o7.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\9CUM6BL0.txt [ Cookie:home2@adxpansion.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@allporntube[2].txt [ Cookie:home2@allporntube.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@efeducationfirst.112.2o7[1].txt [ Cookie:home2@efeducationfirst.112.2o7.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\MVP3KPHY.txt [ Cookie:home2@livestat.derstandard.at/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@friendfinder[2].txt [ Cookie:home2@friendfinder.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@xxx-xxx-xxx[2].txt [ Cookie:home2@xxx-xxx-xxx.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\W9QYP7NR.txt [ Cookie:home2@sexad.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\AQ04IMU7.txt [ Cookie:home2@maleflixxx.tv/pc/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\6LN1CO10.txt [ Cookie:home2@queerpornnation.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@sexymalecelebrities[1].txt [ Cookie:home2@sexymalecelebrities.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\UVUCK79K.txt [ Cookie:home2@banners.xxxgaymatch.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@join.dirtyfuckers[1].txt [ Cookie:home2@join.dirtyfuckers.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\VNF71HN3.txt [ Cookie:home2@payment.dhdmedia.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\HQR20XOZ.txt [ Cookie:home2@beiersdorf.122.2o7.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@estat[2].txt [ Cookie:home2@estat.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@track.webtrekk[2].txt [ Cookie:home2@track.webtrekk.de/907304619607711/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@microsoftconsumermarketing.112.2o7[1].txt [ Cookie:home2@microsoftconsumermarketing.112.2o7.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@youporn[1].txt [ Cookie:home2@youporn.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\HZD8PGWF.txt [ Cookie:home2@clicksor.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@www.xxx-xxx-xxx[2].txt [ Cookie:home2@www.xxx-xxx-xxx.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\JOK2EXQF.txt [ Cookie:home2@www.intporn.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\O9QKISIA.txt [ Cookie:home2@intporn.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@www.aboutgaypornblog[1].txt [ Cookie:home2@www.aboutgaypornblog.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\P2YDGETG.txt [ Cookie:home2@count.asnetworks.de/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\NJP3JNNG.txt [ Cookie:home2@go.dynamic-tracking.de/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\256W9EPO.txt [ Cookie:home2@advertstream.com/a ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@www.freegaysex[2].txt [ Cookie:home2@www.freegaysex.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@sexkey[2].txt [ Cookie:home2@sexkey.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\OF4TO7QL.txt [ Cookie:home2@interclick.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\3FRMB9BA.txt [ Cookie:home2@de.sitestat.com/idgcom-de/macwelt/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@ads.zeusclicks[2].txt [ Cookie:home2@ads.zeusclicks.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\76VWCIL7.txt [ Cookie:home2@triptosex.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@gaysexyboy[1].txt [ Cookie:home2@gaysexyboy.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@stepstone.112.2o7[1].txt [ Cookie:home2@stepstone.112.2o7.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@CAH2YOAG.txt [ Cookie:home2@de.sitestat.com/sueddeutscher/it-fachportal-de/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@server.cpmstar[2].txt [ Cookie:home2@server.cpmstar.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\YZEYCRRG.txt [ Cookie:home2@eu.clickandbuy.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@usenext.122.2o7[1].txt [ Cookie:home2@usenext.122.2o7.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@adserver.traffictrack[1].txt [ Cookie:home2@adserver.traffictrack.de/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@trafficmp[1].txt [ Cookie:home2@trafficmp.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\BYNFO20J.txt [ Cookie:home2@www.chatsex.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\0V89661I.txt [ Cookie:home2@buttfuckingbunch.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\C916GM8Z.txt [ Cookie:home2@snapfish.112.2o7.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@track.webtrekk[4].txt [ Cookie:home2@track.webtrekk.de/152153056700370/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\WHZ2XZWH.txt [ Cookie:home2@gay.porn.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\NJ2LIZ61.txt [ Cookie:home2@join.makinggayporn.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@casual-sex-ads[1].txt [ Cookie:home2@casual-sex-ads.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\2FIHV3OF.txt [ Cookie:home2@ad1.adfarm1.adition.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZWEY60W1.txt [ Cookie:home2@homosexualtube.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@anakedguy[2].txt [ Cookie:home2@anakedguy.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@teenboyreview[2].txt [ Cookie:home2@teenboyreview.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\GVJBCO2W.txt [ Cookie:home2@www.redtube.com/gay/pornstar/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\93XQUMOU.txt [ Cookie:home2@stat.vattenfall.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@85.25.120[1].txt [ Cookie:home2@85.25.120.181/stats/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\FBBNXZK8.txt [ Cookie:home2@urban-fuckers.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@de.sitestat[9].txt [ Cookie:home2@de.sitestat.com/berlitz/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\LJHA69RD.txt [ Cookie:home2@gaysexblog.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\H2YLTWHR.txt [ Cookie:home2@ad4.adfarm1.adition.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\7OIJSF36.txt [ Cookie:home2@de.sitestat.com/idgcom-de/projekt3/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\CU55EZ2Y.txt [ Cookie:home2@eas4.emediate.eu/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\03Q0XUA4.txt [ Cookie:home2@pt.trafficjunky.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@gaypornengine[2].txt [ Cookie:home2@gaypornengine.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\RL4467T6.txt [ Cookie:home2@overture.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@bareassnaked[1].txt [ Cookie:home2@bareassnaked.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@gay-porn-here[1].txt [ Cookie:home2@gay-porn-here.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\BDIWQR65.txt [ Cookie:home2@epochstats.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\HJ0N6ZST.txt [ Cookie:home2@terrashop.traffective-tracking.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\KMUQ3WED.txt [ Cookie:home2@vod.nakedsword.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@freegaysex[3].txt [ Cookie:home2@freegaysex.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@mikespornreview[1].txt [ Cookie:home2@mikespornreview.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\37SC53Z1.txt [ Cookie:home2@gaypornzone.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@CABUDVY2.txt [ Cookie:home2@de.sitestat.com/otto-de/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@track.funpic[2].txt [ Cookie:home2@track.funpic.de/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@samsungfunclub.122.2o7[1].txt [ Cookie:home2@samsungfunclub.122.2o7.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\QSK75459.txt [ Cookie:home2@ru4.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\RAC7IE2Q.txt [ Cookie:home2@legolas-media.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@terra.112.2o7[1].txt [ Cookie:home2@terra.112.2o7.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@clickshift[1].txt [ Cookie:home2@clickshift.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\R8ZZN7PT.txt [ Cookie:home2@gayfriendfinder.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@twinksexpics[1].txt [ Cookie:home2@twinksexpics.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\08H9OXUX.txt [ Cookie:home2@tracking.klicktel.de/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\RPDVCSXI.txt [ Cookie:home2@www.redtube.com/pornstar/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@sexkontakt[2].txt [ Cookie:home2@sexkontakt.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@usenext[1].txt [ Cookie:home2@usenext.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\89TE0W32.txt [ Cookie:home2@www.4sex4.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y8G705VY.txt [ Cookie:home2@view.advert-layer.de/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\1VG6B6UH.txt [ Cookie:home2@point2click.de/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\NZFKK994.txt [ Cookie:home2@gaypornshare.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\379OD0VK.txt [ Cookie:home2@www.statsq.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@cmpmedica.112.2o7[1].txt [ Cookie:home2@cmpmedica.112.2o7.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@de.at.atwola[1].txt [ Cookie:home2@de.at.atwola.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\29GUMXW4.txt [ Cookie:home2@naiadsystems.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@findgaytube[2].txt [ Cookie:home2@findgaytube.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@ice.112.2o7[1].txt [ Cookie:home2@ice.112.2o7.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\QS7EYV4H.txt [ Cookie:home2@www.pornhub.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\127SVLJC.txt [ Cookie:home2@www.rawfuckclub.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\R8VNQ9EO.txt [ Cookie:home2@partners.webmasterplan.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@www.totaltrafficsystem[1].txt [ Cookie:home2@www.totaltrafficsystem.com/feeder/gay/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\BVQIB9XI.txt [ Cookie:home2@test.coremetrics.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\6GJ9SUO9.txt [ Cookie:home2@21sextury.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@hansenet.122.2o7[1].txt [ Cookie:home2@hansenet.122.2o7.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\OSDZZ05A.txt [ Cookie:home2@realmedia.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@join.adultdigitalservices[1].txt [ Cookie:home2@join.adultdigitalservices.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@dealtime[1].txt [ Cookie:home2@dealtime.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@fuckcams[2].txt [ Cookie:home2@fuckcams.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@gaypornomaniak[2].txt [ Cookie:home2@gaypornomaniak.biz/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\9FB2ODBA.txt [ Cookie:home2@www.loadxxx.co.uk/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@sexvideos[1].txt [ Cookie:home2@sexvideos.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@gayfuckbookdatinglive[2].txt [ Cookie:home2@gayfuckbookdatinglive.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@freegaymobile[3].txt [ Cookie:home2@freegaymobile.com/free-gay-mobile-porn/150981/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\1VW4BTUT.txt [ Cookie:home2@pornoeye.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\1I79EKJX.txt [ Cookie:home2@yahoogroups.112.2o7.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@gayforever.sexbiro[1].txt [ Cookie:home2@gayforever.sexbiro.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\JBD802E4.txt [ Cookie:home2@ads2.zeusclicks.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@stat.vattenfall[1].txt [ Cookie:home2@stat.vattenfall.com/dcsgc06jk00000sxgh4j27570_7l3s/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@adserver.adtechus[1].txt [ Cookie:home2@adserver.adtechus.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@pornxplorer[2].txt [ Cookie:home2@pornxplorer.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\UZ10IUSH.txt [ Cookie:home2@pornerbros.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\EBEBYBST.txt [ Cookie:home2@naked.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@auslieferung.commindo-media-ressourcen[1].txt [ Cookie:home2@auslieferung.commindo-media-ressourcen.de/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\21GZFIDG.txt [ Cookie:home2@pornhub.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@www.abmahnung-pornofilm[2].txt [ Cookie:home2@www.abmahnung-pornofilm.de/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\D5P31UOK.txt [ Cookie:home2@indigio.122.2o7.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\KD38D8UQ.txt [ Cookie:home2@www.livefucking.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@www.gaypissporn[1].txt [ Cookie:home2@www.gaypissporn.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@freesexnet[1].txt [ Cookie:home2@freesexnet.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@gaypornovod[1].txt [ Cookie:home2@gaypornovod.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\X5CZ8W7X.txt [ Cookie:home2@adnetxchange.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@ppv.hornyboy[2].txt [ Cookie:home2@ppv.hornyboy.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@dstraffic[1].txt [ Cookie:home2@dstraffic.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\4IMMT4FL.txt [ Cookie:home2@markussexblog.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@stats.ilsemedia[2].txt [ Cookie:home2@stats.ilsemedia.nl/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\A0MFS4DC.txt [ Cookie:home2@www.89teen.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@adsrv1.admediate[1].txt [ Cookie:home2@adsrv1.admediate.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@adservercentral[1].txt [ Cookie:home2@adservercentral.info/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@stats.n3po[2].txt [ Cookie:home2@stats.n3po.com/p/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\JKGYQG1Y.txt [ Cookie:home2@ads.pornerbros.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\JYRL02K4.txt [ Cookie:home2@butlers.traffective-tracking.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@bestexclusiveporn[1].txt [ Cookie:home2@bestexclusiveporn.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@www.barong-traffic[2].txt [ Cookie:home2@www.barong-traffic.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\69OTLF4U.txt [ Cookie:home2@generaltracking.de/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\J8XQBBQ6.txt [ Cookie:home2@www.porntube.info/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@liveperson[6].txt [ Cookie:home2@liveperson.net/hc/25891714 ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\RGVLLJZ7.txt [ Cookie:home2@de.sitestat.com/pm/muenchen-de/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\L17ZNNK1.txt [ Cookie:home2@adserv.chirurgie-portal.de/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@uk.sitestat[1].txt [ Cookie:home2@uk.sitestat.com/newcastle/ncl/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\D8RZG1P2.txt [ Cookie:home2@autoscout24.112.2o7.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\O87K2GOZ.txt [ Cookie:home2@gaypornofilme.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\DYN05PX1.txt [ Cookie:home2@de.sitestat.com/ndr/tagesschau/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\JGC268Z7.txt [ Cookie:home2@counter13.sextracker.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@pornmonster[1].txt [ Cookie:home2@pornmonster.info/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@static.freewebs.getclicky[1].txt [ Cookie:home2@static.freewebs.getclicky.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@CA27TC3F.txt [ Cookie:home2@de.sitestat.com/ndr/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@CAXS0SSW.txt [ Cookie:home2@de.sitestat.com/laola1/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\YN52S67A.txt [ Cookie:home2@filmscanner.info/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\TJ95OBB9.txt [ Cookie:home2@www.adultdvdtalk.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@wissende.122.2o7[1].txt [ Cookie:home2@wissende.122.2o7.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\633FHUF7.txt [ Cookie:home2@oporn.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\XH36C2OJ.txt [ Cookie:home2@mediabrandsww.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@sexlist.gays-im[1].txt [ Cookie:home2@sexlist.gays-im.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@www.tommydxxx[2].txt [ Cookie:home2@www.tommydxxx.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@adserver.exgfnetwork[1].txt [ Cookie:home2@adserver.exgfnetwork.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@counter.surfcounters[1].txt [ Cookie:home2@counter.surfcounters.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@counter.live4members[1].txt [ Cookie:home2@counter.live4members.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@shop.gay-sexshop[1].txt [ Cookie:home2@shop.gay-sexshop.eu/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@adultdvdmarketplace[1].txt [ Cookie:home2@adultdvdmarketplace.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@gayfuck[2].txt [ Cookie:home2@gayfuck.tv/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\VLKXPE28.txt [ Cookie:home2@germanwings.112.2o7.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\3DID8KP3.txt [ Cookie:home2@wmedia.rotator.hadj7.adjuggler.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\D01FX7JP.txt [ Cookie:home2@ads2.247activemedia.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\T01AE0X5.txt [ Cookie:home2@www.googleadservices.com/pagead/conversion/1060927923/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\DY22TWP7.txt [ Cookie:home2@pornme.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\4HYB3O97.txt [ Cookie:home2@www.alsgaypornstars.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@ua-teens[3].txt [ Cookie:home2@ua-teens.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@edge.ru4[1].txt [ Cookie:home2@edge.ru4.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@tracking.ejoni[2].txt [ Cookie:home2@tracking.ejoni.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@komtrack[3].txt [ Cookie:home2@komtrack.com/tr ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\CPCLJQZU.txt [ Cookie:home2@adform.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\XLDWOT7G.txt [ Cookie:home2@www.porno-boys.com.au.ms/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@revenue[2].txt [ Cookie:home2@revenue.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@freegaymobile[2].txt [ Cookie:home2@freegaymobile.com/free-gay-mobile-porn/152530/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@ua-teens[1].txt [ Cookie:home2@ua-teens.com/forum/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\IF4BV4CL.txt [ Cookie:home2@a.trackfox2.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\1BWP2KA7.txt [ Cookie:home2@aidsfinder.org/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\NQDK2RQ4.txt [ Cookie:home2@studivz.adfarm1.adition.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\56FJ52KB.txt [ Cookie:home2@www.sexpartnerclub.de/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@thums.hornysilver[2].txt [ Cookie:home2@thums.hornysilver.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@CAMKGJ4F.txt [ Cookie:home2@de.sitestat.com/idgcom-de/computerwoche/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@www.adultdvdmarketplace[2].txt [ Cookie:home2@www.adultdvdmarketplace.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\1GT1ULFG.txt [ Cookie:home2@olympiaverlag.122.2o7.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@juicyadult[2].txt [ Cookie:home2@juicyadult.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\RPBP2PVH.txt [ Cookie:home2@xxx-boys.com.au.ms/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@nakedmen69[1].txt [ Cookie:home2@nakedmen69.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@gaylordfucker[2].txt [ Cookie:home2@gaylordfucker.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\BZ117YFO.txt [ Cookie:home2@ww.ukadultproducers.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q6N8MUM9.txt [ Cookie:home2@cheaptickets.122.2o7.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\SIOYLMI2.txt [ Cookie:home2@pornodvdtube.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@stats.freak-search[1].txt [ Cookie:home2@stats.freak-search.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@adserver2.clipkit[2].txt [ Cookie:home2@adserver2.clipkit.de/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@www.gay-watch-pornostars.com.au[3].txt [ Cookie:home2@www.gay-watch-pornostars.com.au.ms/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\DWXCDUGF.txt [ Cookie:home2@www.pornteam.com/catalog ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@gay-watch-pornostrs.com.au[1].txt [ Cookie:home2@gay-watch-pornostrs.com.au.ms/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\A2JLDPE3.txt [ Cookie:home2@www.counter-gratis.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\IQQODGFD.txt [ Cookie:home2@banner.webtar.hu/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@bt.ilsemedia[2].txt [ Cookie:home2@bt.ilsemedia.nl/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\7LKIRX2N.txt [ Cookie:home2@uncut.adulttextstories.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\JV690V3J.txt [ Cookie:home2@pornotube.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\DFTBBH45.txt [ Cookie:home2@gayfinder.tv/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@www.google[2].txt [ Cookie:home2@www.google.com/accounts ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\OGQZJV4W.txt [ Cookie:home2@de.sitestat.com/sueddeutsche/sueddeutsche/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\3WPDVDTZ.txt [ Cookie:home2@lfstmedia.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@countomat[1].txt [ Cookie:home2@countomat.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@www.sexynaked[2].txt [ Cookie:home2@www.sexynaked.org/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\D31KIL66.txt [ Cookie:home2@www.iggymedia.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\U6D5T1UB.txt [ Cookie:home2@ads.ventivmedia.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZRMNPCMD.txt [ Cookie:home2@www.gayfinder.tv/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@komtrack[1].txt [ Cookie:home2@komtrack.com/tr/104440 ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@pornpup.blogspot[2].txt [ Cookie:home2@pornpup.blogspot.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@naked-gay-men-stripping.pornlivenews[1].txt [ Cookie:home2@naked-gay-men-stripping.pornlivenews.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\CFTN32X1.txt [ Cookie:home2@adsonar.com/adserving ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\MKKN9TG5.txt [ Cookie:home2@de.sitestat.com/laola1/hsv-tv/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@pornleaks[1].txt [ Cookie:home2@pornleaks.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\LGTDKA9Y.txt [ Cookie:home2@gayadultblog.com/blog/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\4XOC1612.txt [ Cookie:home2@gay.schwulen-sex.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\WP1FP904.txt [ Cookie:home2@xxx.gaynet.tv/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@clicks.pangora[1].txt [ Cookie:home2@clicks.pangora.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\RBLU0JD5.txt [ Cookie:home2@pornotubecams.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\6GHI5GIE.txt [ Cookie:home2@de.sitestat.com/sueddeutscher/stuttgarter-zeitung/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@gayporn[1].txt [ Cookie:home2@gayporn.tv/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\E83XZEMH.txt [ Cookie:home2@pornografish.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@www.begaysex[1].txt [ Cookie:home2@www.begaysex.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@CAXC0X3M.txt [ Cookie:home2@de.sitestat.com/ndr/ts/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\E1US9SSN.txt [ Cookie:home2@alsgaypornstars.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@baresexymoms[1].txt [ Cookie:home2@baresexymoms.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@bshg.122.2o7[1].txt [ Cookie:home2@bshg.122.2o7.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y2HBID51.txt [ Cookie:home2@banners.bookofsex.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\YSOMU1KE.txt [ Cookie:home2@hotdawgsgaysex.bestmalediaries.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\ELEQNLHR.txt [ Cookie:home2@track.gridlockparadise.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\8KIU39W0.txt [ Cookie:home2@urbia.wwe-media.de/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\U2MTDD79.txt [ Cookie:home2@aok.122.2o7.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\9HTHOXRT.txt [ Cookie:home2@findfreegaymovies.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\WL09M0ZY.txt [ Cookie:home2@server.adform.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\A3KR7PI2.txt [ Cookie:home2@sexpartnerclub.de/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\6YCZWNLI.txt [ Cookie:home2@sexhoundlinks.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\MV1V9VWA.txt [ Cookie:home2@lpa.trackfox2.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\D5ARJJO3.txt [ Cookie:home2@usatoday1.112.2o7.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\APYHHOTE.txt [ Cookie:home2@adserver2.exgfnetwork.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@www.sexinyourcity[1].txt [ Cookie:home2@www.sexinyourcity.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\LP3RVMFO.txt [ Cookie:home2@phoenixxx.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\OB5653SK.txt [ Cookie:home2@sextubespot.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\PLR3H0PH.txt [ Cookie:home2@cofidis2.solution.weborama.fr/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\YW1USGHL.txt [ Cookie:home2@track.senzapudore.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\L330TK2I.txt [ Cookie:home2@histats.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@dmtracker[1].txt [ Cookie:home2@dmtracker.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\FT909SEQ.txt [ Cookie:home2@content.yieldmanager.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\5HML2V5J.txt [ Cookie:home2@www.googleadservices.com/pagead/conversion/1072716437/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\LA3N9JWL.txt [ Cookie:home2@anrtx.tacoda.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\3G0DCKNO.txt [ Cookie:home2@h.atdmt.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\4GN34DZ5.txt [ Cookie:home2@amazon-adsystem.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\MET80BS5.txt [ Cookie:home2@quartermedia.de/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@liveperson[2].txt [ Cookie:home2@liveperson.net/hc/84267026 ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\BE4D65J4.txt [ Cookie:home2@openx.jeetyetmedia.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\EV2OOU2D.txt [ Cookie:home2@gaysexsite.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\ATGOL1T8.txt [ Cookie:home2@dkk.traffective-tracking.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\1FVAI5L2.txt [ Cookie:home2@ads.audience2media.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\XY0SNLO6.txt [ Cookie:home2@mediaplex.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@sexinyourcity[2].txt [ Cookie:home2@sexinyourcity.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\XEFJNIG5.txt [ Cookie:home2@www.porn.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@dafuckbook[1].txt [ Cookie:home2@dafuckbook.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@CASZ46JR.txt [ Cookie:home2@de.sitestat.com/sport1/softclick/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\UY32CSGC.txt [ Cookie:home2@de.sitestat.com/ing-diba/de/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\6OXVPNFH.txt [ Cookie:home2@www.plehn-media.de/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@tracking.publicidees[2].txt [ Cookie:home2@tracking.publicidees.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\3T8PM60O.txt [ Cookie:home2@liveperson.net/hc/85950269 ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\XOZ7QX9R.txt [ Cookie:home2@w3counter.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\VLPR21JJ.txt [ Cookie:home2@go.evolutionmedia.bbelements.com/please/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\MFI7CO2S.txt [ Cookie:home2@musicmakersexpo.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\1VJ4BMRI.txt [ Cookie:home2@xxxprivates.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\LE7JOZRY.txt [ Cookie:home2@nextag.de/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\4TLDX97O.txt [ Cookie:home2@www.trafficrank.de/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\07D3O7I1.txt [ Cookie:home2@jeetyetmedia.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\DKYTO6LW.txt [ Cookie:home2@trackalyzer.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\FEO3A497.txt [ Cookie:home2@freesex.com-q.me/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\DN12UBDU.txt [ Cookie:home2@superpornorama.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@adserv.kwick[2].txt [ Cookie:home2@adserv.kwick.de/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\MQK2VR0K.txt [ Cookie:home2@sexyell.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\5Z2IM00X.txt [ Cookie:home2@skydeutschland.122.2o7.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\VD60VZ9R.txt [ Cookie:home2@clicks.thespecialsearch.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\8CP0YN92.txt [ Cookie:home2@stat.fu-berlin.de/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\7EFLL2FD.txt [ Cookie:home2@epicporntube.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\PDTEL22Y.txt [ Cookie:home2@de.sitestat.com/is24-community/is24-community/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\3VN90QUN.txt [ Cookie:home2@4sex4.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\SI3F0OGG.txt [ Cookie:home2@www.twifansadnet.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\0PQAL71F.txt [ Cookie:home2@moviepilot.de/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\W5EW1T5J.txt [ Cookie:home2@adserver.doccheck.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\QR7Y6JWM.txt [ Cookie:home2@tribalfusion.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\PTFVE28L.txt [ Cookie:home2@kundenbereich.plehn-media.de/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\2VYK7S06.txt [ Cookie:home2@ads.gamersmedia.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\R4PWZU0R.txt [ Cookie:home2@partners.webmasterplan.com/art/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\N72S9M7R.txt [ Cookie:home2@www.gaypornofilme.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\046QR1XX.txt [ Cookie:home2@rawfuckclub.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\5W8WZ51A.txt [ Cookie:home2@adulttextstories.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\JHWQ1BXZ.txt [ Cookie:home2@adinterax.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\FW4R9C6D.txt [ Cookie:home2@menofporn.dreamhosters.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\00KR3DKH.txt [ Cookie:home2@de.sitestat.com/otto-de/ottode-testcl/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\1VZ6FGH3.txt [ Cookie:home2@www.news4adults.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\JZI9JRI3.txt [ Cookie:home2@theblogofsex.blogspot.de/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\CH13T27F.txt [ Cookie:home2@gayporngossip.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\OOVSK6IC.txt [ Cookie:home2@fidelity.rotator.hadj7.adjuggler.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\OULL7ZKS.txt [ Cookie:home2@machofucker.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\IU6T0D9X.txt [ Cookie:home2@geobanner.sexfinder.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\82FLFT8A.txt [ Cookie:home2@plehn-media.de/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\0KJ0K7IL.txt [ Cookie:home2@e2.emediate.se/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\4U4KY0IT.txt [ Cookie:home2@banners.mennation.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\4OKLGUIA.txt [ Cookie:home2@gaypornotubexxx.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\5VVSVR2X.txt [ Cookie:home2@a.banner.t-online.de/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\SKL23ZNF.txt [ Cookie:home2@www.pornme.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\2PAZA41Y.txt [ Cookie:home2@www.traffective-tracking.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\BMRYSN3K.txt [ Cookie:home2@adserver.wolterskluwer.de/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\53VK6T22.txt [ Cookie:home2@berlinpornblog.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\TSPI7S2I.txt [ Cookie:home2@adformdsp.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\ELNTQ3PS.txt [ Cookie:home2@pornyep.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\4C8YITXI.txt [ Cookie:home2@adnetwork.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y0B73C5X.txt [ Cookie:home2@publishers.domainadvertising.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\QWL41JLQ.txt [ Cookie:home2@trafficjunky.xtube.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\PTX4CB6O.txt [ Cookie:home2@bwr-media.de/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\2EKSHW3D.txt [ Cookie:home2@libri.112.2o7.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\QTRT8E2C.txt [ Cookie:home2@www.googleadservices.com/pagead/conversion/1056095806/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\JHJBA2RL.txt [ Cookie:home2@tracking.dc-storm.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\E7EJYBXE.txt [ Cookie:home2@accessbuch.tripod.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\YR7T4I0R.txt [ Cookie:home2@gaypornpolice.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\IE5E6FRZ.txt [ Cookie:home2@lucidmedia.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\XPI7W285.txt [ Cookie:home2@adtech.de/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\XCX42D87.txt [ Cookie:home2@fr.sitestat.com/jpg/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\NAB5HLJK.txt [ Cookie:home2@accounts.google.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\E3YJ1F1C.txt [ Cookie:home2@fastclick.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\25J8338B.txt [ Cookie:home2@static.unister-adservices.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\L3XP7HZM.txt [ Cookie:home2@unister-adservices.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\LSF1G1K1.txt [ Cookie:home2@www.tnaflix.com/hardcore-porn/Gay-Men-Fucking/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\O344H9Y5.txt [ Cookie:home2@tracking.hostgator.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\V3NRFJ5Z.txt [ Cookie:home2@geobanner.xxxgaymatch.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\9YSO1RUC.txt [ Cookie:home2@stats.messe-fn.de/piwik/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\F08DDISU.txt [ Cookie:home2@hotgaysextube.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\GKJPTCDZ.txt [ Cookie:home2@torstardigital.122.2o7.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\EGENNTO8.txt [ Cookie:home2@adserver.adreactor.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\18ZXC61N.txt [ Cookie:home2@www.sexkiste.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\57QW116T.txt [ Cookie:home2@homemadesextube.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\7QM8VHCR.txt [ Cookie:home2@2mdn.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\GSIDM0NV.txt [ Cookie:home2@server.adformdsp.net/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\008U46CF.txt [ Cookie:home2@panzertraffic.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z55AR1KX.txt [ Cookie:home2@de.sitestat.com/ndr/ardsport/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\XG08O5WU.txt [ Cookie:home2@filmpornohard.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\EV1FAOBE.txt [ Cookie:home2@violent.musicmakersexpo.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\SN53X3SQ.txt [ Cookie:home2@ad6media.fr/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\2N0Q9QQ7.txt [ Cookie:home2@www.gayrealityporn.com/xcart ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\GA5XKR6B.txt [ Cookie:home2@tripod.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\0QWK7R02.txt [ Cookie:home2@webstats.online-spendensysteme.de/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y9MAYDB0.txt [ Cookie:home2@horyzon-media.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\TQGFMFMU.txt [ Cookie:home2@banners.sexfinder.com/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\JLHOJ7O8.txt [ Cookie:home2@medianac.nacamar.de/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y3YZ1Y00.txt [ Cookie:home2@loadxxx.co.uk/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\SF729U1V.txt [ Cookie:home2@www.gaybarebackpornmovies.com/dispatcher/ajax/ ]
C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\66HTLUL1.txt [ Cookie:home2@2o7.net/ ]
C:\USERS\HOME2\Cookies\5VQ5SM3M.txt [ Cookie:home2@smartadserver.com/ ]
C:\USERS\HOME2\Cookies\home2@acronis.122.2o7[1].txt [ Cookie:home2@acronis.122.2o7.net/ ]
C:\USERS\HOME2\Cookies\K1I2GVAM.txt [ Cookie:home2@doubleclick.net/ ]
C:\USERS\HOME2\Cookies\Y0SM0BZF.txt [ Cookie:home2@ich.adscale.de/adserver-ich/ ]
C:\USERS\HOME2\Cookies\home2@lxtraffic[2].txt [ Cookie:home2@lxtraffic.com/ ]
C:\USERS\HOME2\Cookies\O94OVK0U.txt [ Cookie:home2@revsci.net/ ]
C:\USERS\HOME2\Cookies\home2@de.sitestat[2].txt [ Cookie:home2@de.sitestat.com/sport1/sport1-de/ ]
C:\USERS\HOME2\Cookies\ZAPBYP92.txt [ Cookie:home2@ad4.adfarm1.adition.com/ ]
C:\USERS\HOME2\Cookies\EL0RVHKX.txt [ Cookie:home2@ad.adnet.de/ ]
C:\USERS\HOME2\Cookies\HEM6URWT.txt [ Cookie:home2@adform.net/ ]
C:\USERS\HOME2\Cookies\8DJ7IIL2.txt [ Cookie:home2@microsoftwllivemkt.112.2o7.net/ ]
C:\USERS\HOME2\Cookies\XBCVC701.txt [ Cookie:home2@ad2.adfarm1.adition.com/ ]
C:\USERS\HOME2\Cookies\home2@de.sitestat[1].txt [ Cookie:home2@de.sitestat.com/idgcom-de/pcwelt/ ]
C:\USERS\HOME2\Cookies\01A0PKNE.txt [ Cookie:home2@specificclick.net/ ]
C:\USERS\HOME2\Cookies\FP383K2R.txt [ Cookie:home2@eas.apm.emediate.eu/ ]
C:\USERS\HOME2\Cookies\A43WX29G.txt [ Cookie:home2@atdmt.com/ ]
C:\USERS\HOME2\Cookies\QF8N2N6V.txt [ Cookie:home2@www.zanox-affiliate.de/ ]
C:\USERS\HOME2\Cookies\SGEHC50S.txt [ Cookie:home2@traffictrack.de/ ]
C:\USERS\HOME2\Cookies\M75CC8KA.txt [ Cookie:home2@im.banner.t-online.de/ ]
C:\USERS\HOME2\Cookies\D3RK9JL4.txt [ Cookie:home2@perf.overture.com/ ]
C:\USERS\HOME2\Cookies\E2QCV5C3.txt [ Cookie:home2@track.adform.net/ ]
C:\USERS\HOME2\Cookies\home2@tracking.mindshare[1].txt [ Cookie:home2@tracking.mindshare.de/ ]
C:\USERS\HOME2\Cookies\SUUN43TT.txt [ Cookie:home2@de.sitestat.com/ndr/tagesschau/ ]
C:\USERS\HOME2\Cookies\home2@advertising[1].txt [ Cookie:home2@advertising.com/ ]
C:\USERS\HOME2\Cookies\9PUCYC1X.txt [ Cookie:home2@xiti.com/ ]
C:\USERS\HOME2\Cookies\B1ZH271B.txt [ Cookie:home2@tradedoubler.com/ ]
C:\USERS\HOME2\Cookies\IDI5T9D6.txt [ Cookie:home2@de.sitestat.com/ndr/ ]
C:\USERS\HOME2\Cookies\68N8B7U7.txt [ Cookie:home2@apmebf.com/ ]
C:\USERS\HOME2\Cookies\home2@www.etracker[1].txt [ Cookie:home2@www.etracker.de/ ]
C:\USERS\HOME2\Cookies\L3TSK0VG.txt [ Cookie:home2@zanox-affiliate.de/ ]
C:\USERS\HOME2\Cookies\home2@statse.webtrendslive[1].txt [ Cookie:home2@statse.webtrendslive.com/ ]
.microsoftinternetexplorer.112.2o7.net [ C:\USERS\HOME2\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ww251.smartadserver.com [ C:\USERS\HOME2\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\HOME2\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\HOME2\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\HOME2\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\HOME2\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\HOME2\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\HOME2\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
Trojan.Agent/Gen-Patchload
C:\WINDOWS\INSTALLER\{90A40407-6000-11D3-8CFE-0150048383C9}\MISC.EXE
11. Online Scanner Code:
ATTFilter ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=fd2b81a8d07a3b489c4d44d41c1af3ca
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-10 10:28:33
# local_time=2012-07-11 12:28:33 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5121 16777213 100 75 364096 7178002 0 0
# compatibility_mode=5893 16776574 66 85 37183132 93582356 0 0
# compatibility_mode=8192 67108863 100 0 109 109 0 0
# scanned=345275
# found=5
# cleaned=5
# scan_time=6806
C:\Program Files (x86)\Yontoo\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Home2\AppData\Local\Temp\NOD5D81.tmp a variant of Win32/Adware.Yontoo.A application (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C
C:\Users\Home2\Desktop\ezLookerSilent_DDD_FTT_BG_BD_BVD.exe Win32/Adware.Yontoo application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
OTL.txt und Extras.txt al gezipte datei im Anhanh. Der Platz hier im Thread reicht nicht mehr aus. Ich konnte wegen Zeitmangels das Sytem noch nicht ausreichend testen. Ich hole es in Kürze nach und melde mich dann. Nochmals herzlichen Dank und viele Grüße Harald |
|
11.07.2012, 09:29
| #6 |
| /// Helfer-Team | GVU Trojaner und jetzt? ** Lass dein System ein paar Tage noch unter Beobachtung, dann melde dich wieder und berichte
__________________ --> GVU Trojaner und jetzt? |
|
19.07.2012, 16:47
| #7 |
| |  GVU Trojaner und jetzt? Hallo Kira, zwischenzeitlich sind 8 Tage vergangen und es sind keine Probleme mehr aufgetreten. Ich nehme an, dass das System wieder "sauber" ist. Ich habe McAfee schon seit einigen Jahren als Antivirenprogramm im Einsatz und werde auch regelmäßig mit Updates versorgt. Das gleiche gilt für die Microsoft-Produkte (Windows, Office..). Die Meldung "Ihr System ist sicher" scheint wohl nicht (mehr) zu stimmen. Was ist aus Deiner Sicht - außer den schon genannten Tipps - noch erforderlich, um das System sicherer zu machen? Vielen herzlichen Dank für Deine Bemühungen!!!  Viele Grüße Harald |
|
| Themen zu GVU Trojaner und jetzt? |
| adobe, alternate, autorun, babylon toolbar, babylontoolbar, bingbar, canon, conduit, document, error, firefox, flash player, format, glom0, glom0_og.exe, gvu trojaner windows7, home, hängen, iexplore.exe, install.exe, intranet, logfile, microsoft office 2003, microsoft office word, phishing, plug-in, richtlinie, rundll, search the web, searchscopes, security, senden, server, software, starmoney, svchost.exe, taskmanager, temp, temporär, trojaner, usb, wickel, windows, windows xp, wlan |
.
Linear-Darstellung
