Drohung Veröffentlichung von Daten, Accounts und Passwörter auf einschlägigen Hackerseiten

Seppl21 · 02.07.2010, 16:56

Ich habe eben folgende Mail bekommen:

(auflistung privater Daten)

Name, Nachname
Geburtsdatum- ort
Straße
Wohnort
Handynummer
Emailaddresse

Interesse an Kunststoff- und Kautschuktechnik. Mehrere Bewerbungen, intime Nachrichten u.Ä. im Emailpostfach. Kann jederzeit wieder auf ihr Postfach zugreifen, auch wenn sie das Passwort ändern.
Habe vorsichtshalbar ein Backup der ganzen Emailnachrichten erstellt & diese lokal auf dem PC gespeichert.. ziemlich lustige Sachen darin

Steam Account (gebannt):ADDY Passwort: PASSWORT:XXXXX

Auszug einiger Passwörter damit du siehst das ich es ernst mein:
Seiten + PW

Gibt noch viel viel mehr davon.. werde ALLE (inkl. Adresse + Foto + intime Emails + Email einiger relevanten Personen) auf den einschlägigsten Hackerseiten veröffentlicht falls ich die 150PSC nicht zeitgerecht erhalten sollte.
Sie wissen garnicht wieviele Daten, Infos & Passwörter ich noch von ihnen habe.. Wahnsinn.

Foto: hxxp://www.imagebanana.com/img/xxxxx

Sonst werden die begabtesten Hacker alle Accounts auf Wert durchforsten & immensen Sachschaden anrichten. Bis hin zu Carding auf ihre/ihr Wohnung/Haus. (Versandhausbetrug etc.)
Passwörter ändern bringt ihnen jetzt auch nichts mehr, da ich diese immer wieder auf ihre Email zurücksetzten lassen kann.

Wie sie schon wissen ( sie hatten schonmal mit Paysafecards zu tun), kann man diese easy an jeder Tanke kaufen.

Die 150€ Paysafecard -Codes (1x 100€ & 1x 50€) an:
martin.dietrich11@web.de
(anonyme email / sitzte hinter Servern die die IP's nicht loggen. Bin nicht zurückverfolgbar. )
Ich gebe ihnen bis morgen Abend 21Uhr Zeit.
Wenn ich die Codes rechtzeitig bekomme werden alle relevanten Daten gelöscht & ihr Emailpostfach wieder von meiner Beschränkung aufgehoben. Ich gebe ihnen diese Chance.
- Falls nicht, wissen sie ja was passiert.

WEB.DE DSL ab 19,99 Euro/Monat. Bis zu 150,- Euro Startguthaben und
50,- Euro Geldprämie inklusive! https://freundschaftswerbung.web.de

----------------------------------------------------------------------

Jemand hat sich Zugang zu meinen PC verschafft und alle PW meines Browsers ausgelesen, in denen Zugang zu diversen Seiten habe. Desweiteren muss er Zugang zum PC bekommen, sonst wäre er nicht an Steam PW gelangt. Die Addressen hat er durch die Bewerbungen erhalten.

Derzeit lass ich Avira laufen, sowie online virenscanner und sykbot search und destroy.

Folgender hijacki-log wurde ausgewertet:

HiJackthis Logfile:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:25:31, on 02.07.2010
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
D:\Internet\Internet Programme\1&1 EasyLogin\EasyLogin.exe
C:\Windows\SysWOW64\Atray.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
D:\Internet\Internet Programme\firefox.exe
D:\Internet\Internet Programme\plugin-container.exe
C:\PROGRA~2\Java\jre6\bin\jp2launcher.exe
C:\Program Files (x86)\Java\jre6\bin\java.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
D:\Internet\Internet Programme\Spybot - Search & Destroy\SpybotSD.exe
C:\program files (x86)\avira\antivir desktop\avcenter.exe
C:\Users\Seppl\Downloads\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://googleal.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://googleal.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = hxxp://go.1und1.de/suchbox/1und1suche?su=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer bereitgestellt von 1&1 Internet AG
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: Messenger Plus Live Germany Toolbar - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files (x86)\Messenger_Plus_Live_Germany\tbMes1.dll
R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
R3 - URLSearchHook: (no name) -  - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Messenger Plus Live Germany Toolbar - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files (x86)\Messenger_Plus_Live_Germany\tbMes1.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
O2 - BHO: 1&&1 Internet AG Browser Configuration by mquadr.at - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\Windows\SysWow64\ieconfig_1und1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Messenger Plus Live Germany Toolbar - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files (x86)\Messenger_Plus_Live_Germany\tbMes1.dll
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [atray] atray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [mumservice] C:\Program Files\Motorola\Software Update\mumservice.exe
O4 - HKLM\..\Run: [RestartNeroSetup] "C:\Program Files (x86)\Common Files\Ahead\Nero Web\SetupX.exe"  MODE="update"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Internet Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [1&1 EasyLogin] D:\Internet Programme\1&1 EasyLogin\EasyLogin.exe
O4 - HKCU\..\Run: [EPSON Stylus DX5000 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBVE.EXE /FU "C:\Windows\TEMP\E_S3B50.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [\\GOLDBACH\EPSON Stylus DX5000 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBVE.EXE /FU "C:\Users\Seppl\AppData\Local\Temp\E_SD444.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Programme\Nützliche Tools\daemon tool\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Steam] "e:\steam\steam.exe" -silent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [ICQ] "D:\Internet\Internet Programme\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [Microsoft Updat] C:\Program Files\Internet Explorer\services.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Startup: 1&1 EasyLogin.lnk = D:\Internet\Internet Programme\1&1 EasyLogin\EasyLogin.exe
O4 - Startup: Microsoft.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ClickPotato - {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} - C:\Program Files (x86)\ClickPotatoLite\bin\10.0.511.0\ClickPotatoLiteSABHO.dll (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: IEConfig 1und1 Edition (serviceIEConfig) - Unknown owner - C:\Windows\SysWOW64\ieconfig_1und1_svc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14182 bytes

--- --- ---

-------------------------------------------------------------------------

Ich hoffe ihr könnt mir schleungist helfen -werde jetzt auf einen anderen Rechner PW - ändern.

Danke

Larusso · 02.07.2010, 17:12

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).
Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

Zu allererst, Ruhe bewaren. Anscheinend ne neue Masche damit du auf einen Link klickst. Hoffe nicht getan. Passwörter jedenfalls einmal ändern.

Schritt 2

Brich alle Scans die gerade laufen ab, sollten erstens sowieso der Reihe nach und nicht auf einmal gemacht werden.

Bereinigung mit Malwarebytes' Anti-Malware (Quick-Scan)

Downloade Dir bitte Malwarebytes

Installiere das Programm in den vorgegebenen Pfad.
Denke daran, bei Vista das Programm als Admin zu starten, ansonsten per Doppelklick starten.
Lasse es online updaten (Reiter Updates), sofern sich das Programm bereits auf dem Rechner befand.
Aktiviere "Quick-Scan durchführen" => Scan.
Wenn der Scan beendet ist, klicke auf "Ergebnisse anzeigen".
Bei Funden in C:\System Volume Information den Haken entfernen.
Ansonsten wird dieser Systemwiederherstellungspunkt nicht mehr funktionieren.
Er könnte jedoch trotz Malware noch gebraucht werden.
Versichere Dich, dass ansonsten alle Funde markiert sind und drücke "Entferne Auswahl".
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Scan-Berichte" finden.
Berichte, wie der Rechner nun läuft.

Schritt 3

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Bitte poste in Deiner nächsten Antwort
MBAM Log
OTL.txt
Extras.txt

Kujao · 02.07.2010, 19:19

nebenbei als tip auch die polizei natürlich einschalten meiner meinung nach weil das is kein kleikrams mehr und selbst wenn er hinter 7 proxy sitz kann man sowas zurückverfolgen kann aber einige zeit dauern :S

und fals die polizei eingeschaltet wird gib ihm die psc und schau mal dann mit dem code wo er eingekauft hat was er damit vorhat etc diese sachen nämlich können IMMER zurück verfolgt werden

Seppl21 · 02.07.2010, 20:22

Ersteinmal herzlichsten Dank für die Hilfestellung und den angepriesenden Lösungsweg.

Nun ich habe jetzt 3h damit verbracht, allein nur meine sämmlichen Pässwörter auf dem Laptop meines Bruders zu ändern und habe mich dann an deine Schritte gehalten. Bei der Beurteilung meines PCs kann ich nicht viel sagen, mein PC ist mit guter Hardewar bestückt und ich habe ein DSL 6000 Zugang. Ein merkbarer Leistungsunterschied war so also nicht zu erkennen. Ich bin mir ziemlich sicher, dass ich bei beim Besuch einer Seite und der entsprechenden Datei spy.exe, mir diesen Trojaner und den Rest eingeholt habe. Bei dem ausführen der zwei Programme wurden etliche Störungen gemeldet, die offenbar gelöst wurden. Aber siehe selbst den Log:

Zitat:

Zitat von MBAM Log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4268

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

02.07.2010 20:55:17
mbam-log-2010-07-02 (20-55-17).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 133897
Laufzeit: 3 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 31
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 3
Infizierte Dateien: 14

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\clickpotatoliteax.info (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\clickpotatoliteax.info.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\clickpotatoliteax.userprofiles (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\clickpotatoliteax.userprofiles.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\menubuttonie.buttonie (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\menubuttonie.buttonie.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{419eda30-6dff-432c-b534-e15d899abee4} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{0d82acd6-a652-4496-a298-2bde705f4227} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{11c27351-716b-4052-9361-e3b0a3f8221c} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7025e484-d4b0-441a-9f0b-69063bd679ce} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{8258b35c-05b8-4c0e-9525-9bccc70f8f2d} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{a89256ad-ec17-4a83-bef5-4b8bc4f39306} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1602f07d-8bf3-4c08-bdd6-dddb1c48aedc} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7a3d6d17-9dd5-4c60-8076-d1784dabaf8c} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ac6d819e-aa8f-4418-a3bb-d165c1b18bb5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{814baa91-dc22-4350-87d6-0c86e93f7f08} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c55ca95c-324b-451c-b2d2-6e895aa75fec} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b58926d6-cfb0-45d2-9c28-4b5a0f0368ae} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{b58926d6-cfb0-45d2-9c28-4b5a0f0368ae} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a078f691-9c07-4af2-bf43-35e79eecf8b7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{b58926d6-cfb0-45d2-9c28-4b5a0f0368ae} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1602f07d-8bf3-4c08-bdd6-dddb1c48aedc} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{ac6d819e-aa8f-4418-a3bb-d165c1b18bb5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.reporter (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.reporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\microsoft updat (Trojan.Dialer.Gen) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Homepage (Hijack.Homepage) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\ClickPotatoLiteSA (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Users\Seppl\AppData\Roaming\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Program Files\Internet Explorer\services.exe (Trojan.Dialer.Gen) -> Quarantined and deleted successfully.
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.exe (Trojan.Dialer.Gen) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\About Us.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Customer Support.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Uninstall Instructions.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAAbout.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAau.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAEULA.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA_hpk.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA_kyf.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Users\Seppl\AppData\Roaming\chrtmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\Packet.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Windows\wpcap.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

sowie

[QUOTE=OTL TXT]OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 02.07.2010 21:03:05 - Run 1
OTL by OldTimer - Version 3.2.7.0     Folder = C:\Users\Seppl\Downloads
64bit- An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 7,00 Gb Available Physical Memory | 83,00% Memory free
16,00 Gb Paging File | 15,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 68,36 Gb Total Space | 6,17 Gb Free Space | 9,02% Space Free | Partition Type: NTFS
Drive D: | 195,21 Gb Total Space | 34,41 Gb Free Space | 17,62% Space Free | Partition Type: NTFS
Drive E: | 202,04 Gb Total Space | 78,20 Gb Free Space | 38,71% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SEPPL-PC
Current User Name: Seppl
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2010.07.02 21:00:29 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Seppl\Downloads\OTL.exe
PRC - [2009.09.27 17:48:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009.07.21 15:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.05.13 17:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2009.03.02 14:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2003.05.15 22:42:26 | 000,529,920 | ---- | M] (ASKEY) -- C:\Windows\SysWOW64\Atray.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.07.02 21:00:29 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Seppl\Downloads\OTL.exe
MOD - [2009.07.14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.11.15 17:30:19 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009.07.14 03:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009.07.14 03:41:54 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\StorSvc.dll -- (StorSvc)
SRV:64bit: - [2009.07.14 03:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009.07.14 03:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009.03.30 18:19:56 | 002,297,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.06.02 16:58:20 | 000,246,520 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.03.18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 11:26:08 | 000,172,328 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009.12.30 00:59:29 | 000,321,320 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009.11.15 17:30:17 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.11.09 11:02:42 | 001,053,848 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\ieconfig_1und1_svc.exe -- (serviceIEConfig)
SRV - [2009.10.20 20:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009.09.27 17:48:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009.07.21 15:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.07.20 13:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.07.14 05:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)
SRV - [2009.07.14 05:20:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2009.07.13 22:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009.05.13 17:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.10.25 12:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2007.05.31 18:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 18:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2010.03.11 11:17:14 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2010.01.27 20:09:04 | 000,007,808 | ---- | M] (SweetLow) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidusbf.sys -- (hidusbf)
DRV:64bit: - [2010.01.21 03:03:10 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2010.01.21 03:03:08 | 000,033,280 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2010.01.21 03:03:06 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2009.12.20 15:37:36 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.12.07 17:00:50 | 000,074,880 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2009.11.17 18:01:20 | 000,294,400 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.10.27 13:10:18 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem)
DRV:64bit: - [2009.10.20 20:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009.07.14 15:35:40 | 000,226,616 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009.07.14 03:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009.07.14 03:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009.07.14 01:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009.07.14 01:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009.07.08 01:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.06.19 18:07:44 | 000,020,992 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)
DRV:64bit: - [2009.06.17 10:54:46 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2009.06.17 10:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009.06.17 10:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.08 12:56:26 | 000,053,632 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motodrv.sys -- (MotDev)
DRV:64bit: - [2009.05.04 18:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009.01.29 18:18:12 | 000,009,216 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl)
DRV:64bit: - [2008.11.04 04:20:56 | 000,098,144 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2008.06.27 08:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2008.03.13 09:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
DRV:64bit: - [2008.02.09 21:16:52 | 000,005,152 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\wcafix.sys -- (wcafix)
DRV:64bit: - [2007.05.09 22:50:48 | 000,050,208 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2007.05.09 22:46:48 | 001,127,328 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV:64bit: - [2007.05.09 22:46:36 | 000,016,032 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)
DRV - [2009.11.07 20:13:32 | 000,000,000 | ---D | M] [Kernel | System | Running] -- C:\Windows\CSC -- (CSC)
DRV - [2009.06.10 23:28:14 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2009.06.10 23:15:18 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2008.08.14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\adfs.sys -- (adfs)
DRV - [2007.02.07 20:27:46 | 000,014,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://googleal.com
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files (x86)\Messenger_Plus_Live_Germany\tbMes1.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://googleal.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://googleal.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 32 24 01 D2 DF 5F CA 01  [binary data]
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files (x86)\Messenger_Plus_Live_Germany\tbMes1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/home"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: {df4e4df5-5cb7-46b0-9aef-6c784c3249f8}:1.0.8
FF - prefs.js..extensions.enabledItems: locationbar2@design-noir.de:1.0.5
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.97
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.6.0.15
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.6
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\ClickPotatoLite@ClickPotatoLite.com: C:\Program Files (x86)\ClickPotatoLite\bin\10.0.511.0\firefox\extensions
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.06.29 14:34:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: D:\Internet Programme\components
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: D:\Internet Programme\plugins
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: D:\Internet\Internet Programme\components [2010.06.29 14:33:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: D:\Internet\Internet Programme\plugins [2010.07.01 19:42:30 | 000,000,000 | ---D | M]
 
[2009.11.07 21:37:52 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\mozilla\Extensions
[2010.07.01 21:17:51 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions
[2010.06.26 10:30:37 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009.11.08 20:35:24 | 000,000,000 | ---D | M] (TorrentBar) -- C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{7b821b0e-b102-4f9b-b6e3-433ede1fe379}
[2010.06.17 13:48:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.05.15 09:13:14 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009.11.08 20:35:25 | 000,000,000 | ---D | M] () -- C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{a7101e54-830c-4d33-a3ed-bedc17ec44da}
[2010.06.29 14:36:02 | 000,000,000 | ---D | M] (myBabylon English Toolbar) -- C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
[2010.04.16 08:39:30 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.05.15 12:25:06 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010.01.08 17:03:45 | 000,000,000 | ---D | M] (Fox!Box) -- C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}
[2009.11.08 20:35:25 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.03.06 18:23:11 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\locationbar2@design-noir.de
[2010.06.27 09:17:04 | 000,000,950 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-1.xml
[2009.09.11 10:44:03 | 000,000,961 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-10.xml
[2009.10.13 12:02:28 | 000,000,961 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-11.xml
[2009.10.13 12:13:24 | 000,000,961 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-12.xml
[2009.10.13 12:13:48 | 000,000,961 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-13.xml
[2009.10.13 12:21:50 | 000,000,961 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-14.xml
[2009.10.21 21:39:22 | 000,000,961 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-15.xml
[2010.06.27 18:57:42 | 000,000,950 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-16.xml
[2009.03.30 17:01:06 | 000,000,950 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-2.xml
[2009.05.05 17:23:41 | 000,000,950 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-3.xml
[2009.06.01 14:08:56 | 000,000,950 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-4.xml
[2009.06.02 00:01:36 | 000,000,950 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-5.xml
[2009.06.08 18:59:31 | 000,000,950 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-6.xml
[2009.07.06 16:07:41 | 000,000,950 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-7.xml
[2009.07.23 22:43:52 | 000,000,950 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-8.xml
[2009.08.05 15:45:19 | 000,000,950 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-9.xml
[2010.06.17 13:48:39 | 000,000,168 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin.gif
[2010.06.17 13:48:39 | 000,000,618 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin.src
[2010.05.12 18:40:06 | 000,001,042 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin.xml
 
O1 HOSTS File: ([2010.07.02 17:31:03 | 000,411,522 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	123haustiereundmehr.com
O1 - Hosts: 14217 more lines...
O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Messenger Plus Live Germany Toolbar) - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files (x86)\Messenger_Plus_Live_Germany\tbMes1.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (1&&1 Internet AG Browser Configuration by mquadr.at) - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\Windows\SysWOW64\ieconfig_1und1.dll (mquadr.at software engineering und consulting GmbH)
O3 - HKLM\..\Toolbar: (Messenger Plus Live Germany Toolbar) - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files (x86)\Messenger_Plus_Live_Germany\tbMes1.dll⤀ File not found
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Messenger Plus Live Germany Toolbar) - {542E4D79-1970-4E95-9862-FDB96F61B280} - C:\Program Files (x86)\Messenger_Plus_Live_Germany\tbMes1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Microsoft Updat] C:\Program Files\Internet Explorer\services.exe File not found
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [atray] C:\Windows\SysWow64\Atray.exe (ASKEY)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [mumservice] C:\Program Files\Motorola\Software Update\mumservice.exe File not found
O4 - HKLM..\Run: [RestartNeroSetup] C:\Program Files (x86)\Common Files\Ahead\Nero Web\SetupX.exe File not found
O4 - HKCU..\Run: [\\GOLDBACH\EPSON Stylus DX5000 Series] C:\Windows\SysWow64\spool\DRIVERS\x64\3\E_FATIBVE.EXE File not found
O4 - HKCU..\Run: [1&1 EasyLogin] D:\Internet Programme\1&1 EasyLogin\EasyLogin.exe File not found
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] D:\Programme\Nützliche Tools\daemon tool\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EPSON Stylus DX5000 Series] C:\Windows\SysWow64\spool\DRIVERS\x64\3\E_FATIBVE.EXE File not found
O4 - HKCU..\Run: [ICQ] D:\Internet\Internet Programme\ICQ6.5\ICQ.exe File not found
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] D:\Internet Programme\Spybot - Search & Destroy\TeaTimer.exe File not found
O4 - HKCU..\Run: [Steam] e:\steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1&1 EasyLogin.lnk = D:\Internet\Internet Programme\1&1 EasyLogin\EasyLogin.exe (1&1 Internet AG)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.2
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Programme\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5ed02bec-ee0d-11de-bc33-4061862e2a89}\Shell - "" = AutoRun
O33 - MountPoints2\{5ed02bec-ee0d-11de-bc33-4061862e2a89}\Shell\AutoRun\command - "" = G:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.07.02 20:45:00 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Roaming\Malwarebytes
[2010.07.02 20:44:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.07.02 20:44:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.07.02 20:44:30 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.07.02 20:44:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.07.02 17:36:53 | 000,000,000 | ---D | C] -- C:\Windows\BDOSCAN8
[2010.06.29 15:38:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2010.06.29 14:37:07 | 000,000,000 | ---D | C] -- C:\Users\Seppl\Documents\Downloads
[2010.06.29 14:36:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BabelFish
[2010.06.29 14:34:09 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Local\Real
[2010.06.29 14:33:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2010.06.29 14:33:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2010.06.29 14:33:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2010.06.29 14:33:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Real
[2010.06.29 14:33:44 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Roaming\Real
[2010.06.29 14:33:18 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Local\Google
[2010.06.29 14:33:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2010.06.29 14:27:36 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Roaming\jfTXLiHyP2tAcoxprl
[2010.06.29 14:08:18 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Local\Apps
[2010.06.29 14:08:17 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Local\Deployment
[2010.06.29 14:08:10 | 000,000,000 | ---D | C] -- C:\Users\Seppl\Desktop\Personalausweis
[2010.06.23 11:57:30 | 000,000,000 | ---D | C] -- C:\Users\Seppl\Desktop\Fakecam
[2010.06.17 13:48:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ6Toolbar
[2010.06.17 13:48:39 | 000,000,000 | ---D | C] -- C:\ProgramData\ICQ
[2010.06.17 13:45:56 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Local\AOL
[2010.06.17 13:45:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.2
[2010.06.14 17:21:33 | 000,000,000 | ---D | C] -- C:\Users\Seppl\Desktop\Screens
[2010.06.13 01:21:22 | 000,000,000 | ---D | C] -- C:\Users\Seppl\Documents\FIFA 10
[2010.05.21 01:34:59 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Roaming\1st Free Solitaire
[2010.05.15 12:25:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vuze_Remote
[2010.05.15 12:25:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2010.05.09 23:14:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Messenger_Plus_Live_Germany
[2010.05.06 17:38:15 | 000,000,000 | ---D | C] -- C:\Users\Seppl\Desktop\GTA 4
[2010.05.06 16:23:03 | 000,000,000 | ---D | C] -- C:\Users\Seppl\Documents\Games for Windows - LIVE Demos
[2010.05.06 16:04:35 | 000,000,000 | ---D | C] -- C:\Users\Seppl\Documents\Rockstar Games
[2010.05.06 16:00:37 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Local\Rockstar Games
[2010.05.06 16:00:28 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2010.05.06 13:35:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2010.05.06 13:35:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2010.05.06 13:27:28 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[2010.04.29 00:13:31 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Roaming\DivX
[2010.04.26 09:45:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010.04.23 22:27:40 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Roaming\ManyCam
[2010.04.23 22:22:09 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Local\TechSmith
[2010.04.23 22:20:02 | 000,000,000 | ---D | C] -- C:\Users\Seppl\Documents\Camtasia Studio
[2010.04.23 22:19:59 | 000,411,480 | ---- | C] (TechSmith Corporation) -- C:\Windows\SysWow64\tsccvid.dll
[2010.04.23 22:19:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\QuickTime
[2010.04.23 22:19:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TechSmith Shared
[2010.04.23 22:19:46 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith
[2010.04.17 18:54:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010.04.17 18:54:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010.04.17 18:53:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2010.04.17 18:53:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010.04.17 18:53:34 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Local\Apple
[2010.04.17 18:53:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010.04.13 22:41:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2010.04.13 15:53:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\custom matrices
[2010.04.13 15:53:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\C2MP
[2010.04.13 15:40:23 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Roaming\vlc
[2010.04.13 14:33:17 | 000,000,000 | ---D | C] -- C:\Users\Seppl\Desktop\capale
 
========== Files - Modified Within 90 Days ==========
 
[2010.07.02 21:04:43 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.07.02 21:04:43 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.07.02 20:58:12 | 010,485,760 | -HS- | M] () -- C:\Users\Seppl\NTUSER.DAT
[2010.07.02 20:57:32 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.07.02 20:57:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.07.02 20:57:16 | 2146,099,199 | -HS- | M] () -- C:\hiberfil.sys
[2010.07.02 20:56:32 | 003,009,921 | -H-- | M] () -- C:\Users\Seppl\AppData\Local\IconCache.db
[2010.07.02 20:44:34 | 000,001,016 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.02 17:31:03 | 000,411,522 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010.07.01 19:42:30 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.06.29 14:56:29 | 000,408,679 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100702-173103.backup
[2010.06.29 14:41:42 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.06.29 14:34:00 | 000,001,955 | ---- | M] () -- C:\Users\Public\Desktop\Free Games & Music.lnk
[2010.06.29 14:34:00 | 000,001,271 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2010.06.29 14:33:47 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll
[2010.06.27 19:08:38 | 000,016,384 | ---- | M] () -- C:\Users\Seppl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.26 02:15:58 | 001,522,302 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.06.26 02:15:58 | 000,657,438 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.06.26 02:15:58 | 000,618,714 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.06.26 02:15:58 | 000,130,810 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.06.26 02:15:58 | 000,107,034 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.06.20 17:17:17 | 001,245,744 | ---- | M] () -- C:\Users\Seppl\Desktop\IMG_0020.JPG
[2010.06.19 20:30:58 | 001,341,830 | ---- | M] () -- C:\Users\Seppl\Desktop\Sample Pictures2.jpg
[2010.06.19 20:30:42 | 001,618,145 | ---- | M] () -- C:\Users\Seppl\Desktop\Sample Pictures6.jpg
[2010.06.19 20:30:23 | 000,050,348 | ---- | M] () -- C:\Users\Seppl\Desktop\kiss.jpg
[2010.06.17 13:48:52 | 000,001,831 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7.2.lnk
[2010.06.15 14:13:38 | 000,007,603 | ---- | M] () -- C:\Users\Seppl\AppData\Local\Resmon.ResmonCfg
[2010.06.09 22:18:50 | 003,017,928 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.06.03 14:26:29 | 000,353,245 | ---- | M] () -- C:\Users\Seppl\Desktop\Pic4846.jpg
[2010.06.03 00:47:13 | 003,188,218 | ---- | M] () -- C:\Users\Seppl\Desktop\DSC02475.jpg
[2010.06.02 19:03:44 | 001,109,863 | ---- | M] () -- C:\Users\Seppl\Desktop\fertig.jpg
[2010.06.02 12:32:22 | 000,942,989 | ---- | M] () -- C:\Users\Seppl\Desktop\Anlagen.pdf
[2010.05.28 09:50:22 | 000,698,518 | ---- | M] () -- C:\Users\Seppl\Desktop\Thats Me (4).jpg
[2010.05.23 22:22:31 | 000,278,297 | ---- | M] () -- C:\Users\Seppl\Desktop\du.jpg
[2010.05.23 22:22:15 | 032,468,309 | ---- | M] () -- C:\Users\Seppl\Desktop\IMG_1367.psd
[2010.05.23 19:59:10 | 001,337,677 | ---- | M] () -- C:\Users\Seppl\Desktop\DSCI0094.JPG
[2010.05.23 19:58:16 | 001,307,057 | ---- | M] () -- C:\Users\Seppl\Desktop\DSCI0093.JPG
[2010.05.23 19:46:16 | 000,635,682 | ---- | M] () -- C:\Users\Seppl\Desktop\IMG_1367.JPG
[2010.05.23 19:43:28 | 002,216,463 | ---- | M] () -- C:\Users\Seppl\Desktop\_MG_4124.JPG
[2010.05.23 19:42:51 | 002,140,608 | ---- | M] () -- C:\Users\Seppl\Desktop\_MG_4123.JPG
[2010.05.23 19:41:29 | 001,921,356 | ---- | M] () -- C:\Users\Seppl\Desktop\_MG_4120.JPG
[2010.05.21 14:09:05 | 000,042,611 | ---- | M] () -- C:\Users\Seppl\Desktop\l_88cd20875b4e470d83e92bbfdfa6a0f2.jpg
[2010.05.20 02:12:40 | 000,790,899 | ---- | M] () -- C:\Users\Seppl\Desktop\IMAG0911.JPG
[2010.05.18 15:40:11 | 000,405,657 | ---- | M] () -- C:\Users\Seppl\Desktop\Bild007.jpg
[2010.05.18 15:40:08 | 000,447,308 | ---- | M] () -- C:\Users\Seppl\Desktop\Bild010.jpg
[2010.05.18 15:39:21 | 000,044,534 | ---- | M] () -- C:\Users\Seppl\Desktop\23-10-09.jpg
[2010.05.18 15:38:30 | 000,044,895 | ---- | M] () -- C:\Users\Seppl\Desktop\Webcam6.jpg
[2010.05.18 15:37:58 | 000,045,654 | ---- | M] () -- C:\Users\Seppl\Desktop\Sonnenbrand!.jpg
[2010.05.18 15:37:45 | 000,172,521 | ---- | M] () -- C:\Users\Seppl\Desktop\Pic4771.jpg
[2010.05.18 15:37:39 | 000,155,677 | ---- | M] () -- C:\Users\Seppl\Desktop\Pic4783.jpg
[2010.05.18 15:36:56 | 000,163,132 | ---- | M] () -- C:\Users\Seppl\Desktop\Pic3771.jpg
[2010.05.18 15:36:48 | 000,156,016 | ---- | M] () -- C:\Users\Seppl\Desktop\Pic4082.jpg
[2010.05.18 15:36:45 | 000,152,619 | ---- | M] () -- C:\Users\Seppl\Desktop\Pic4081.jpg
[2010.05.18 15:36:25 | 000,863,020 | ---- | M] () -- C:\Users\Seppl\Desktop\Pic4393.jpg
[2010.05.18 15:36:22 | 000,919,248 | ---- | M] () -- C:\Users\Seppl\Desktop\Pic4410.jpg
[2010.05.18 15:35:36 | 000,245,600 | ---- | M] () -- C:\Users\Seppl\Desktop\Pic4114.jpg
[2010.05.18 15:35:18 | 000,301,357 | ---- | M] () -- C:\Users\Seppl\Desktop\Pic3565.jpg
[2010.05.15 12:25:24 | 000,000,799 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2010.05.14 15:52:17 | 000,183,732 | ---- | M] () -- C:\Users\Seppl\Desktop\na wer ist das.jpg
[2010.05.10 17:15:03 | 035,708,948 | ---- | M] () -- C:\Users\Seppl\Desktop\clip0003.avi
[2010.05.08 21:55:01 | 003,261,586 | ---- | M] () -- C:\Users\Seppl\Desktop\hintergrund.psd
[2010.05.06 15:59:33 | 000,000,878 | ---- | M] () -- C:\Users\Seppl\Desktop\Grand Theft Auto IV - Episodes From Liberty City.lnk
[2010.05.05 14:03:53 | 000,139,432 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2010.05.03 14:47:05 | 005,378,683 | ---- | M] () -- C:\Users\Seppl\Desktop\And Then I Kiss Him.mp3
[2010.05.03 14:46:47 | 003,909,556 | ---- | M] () -- C:\Users\Seppl\Desktop\Brothers.mp3
[2010.05.03 14:46:38 | 003,512,495 | ---- | M] () -- C:\Users\Seppl\Desktop\Tennessee.mp3
[2010.05.02 10:49:23 | 003,358,566 | ---- | M] () -- C:\Users\Seppl\Desktop\die suche.mp3
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.04.29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.04.23 22:23:47 | 013,652,197 | ---- | M] () -- C:\Users\Seppl\Desktop\Katerine_-_Ayo_Technology.mp4
[2010.04.23 22:19:52 | 000,000,923 | ---- | M] () -- C:\Users\Public\Desktop\Camtasia Studio 7.lnk
[2010.04.17 18:54:13 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.04.14 13:04:17 | 000,000,613 | ---- | M] () -- C:\Windows\win.ini
[2010.04.13 22:39:35 | 000,000,036 | -H-- | M] () -- C:\Users\Seppl\AppData\Roaming\swk.ini
[2010.04.13 15:40:00 | 000,000,851 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010.04.13 15:38:10 | 018,499,623 | ---- | M] () -- C:\Users\Seppl\Desktop\vlc-1.0.5-win32.exe
[2010.04.04 11:12:27 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
 
========== Files Created - No Company Name ==========
 
[2010.07.02 20:44:34 | 000,001,016 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.29 14:41:42 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.06.29 14:34:00 | 000,001,955 | ---- | C] () -- C:\Users\Public\Desktop\Free Games & Music.lnk
[2010.06.29 14:34:00 | 000,001,271 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2010.06.20 17:16:53 | 001,245,744 | ---- | C] () -- C:\Users\Seppl\Desktop\IMG_0020.JPG
[2010.06.19 20:30:30 | 001,341,830 | ---- | C] () -- C:\Users\Seppl\Desktop\Sample Pictures2.jpg
[2010.06.19 20:30:21 | 000,050,348 | ---- | C] () -- C:\Users\Seppl\Desktop\kiss.jpg
[2010.06.19 20:30:09 | 001,618,145 | ---- | C] () -- C:\Users\Seppl\Desktop\Sample Pictures6.jpg
[2010.06.17 13:48:52 | 000,001,831 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7.2.lnk
[2010.06.13 00:05:11 | 000,149,254 | ---- | C] () -- C:\Users\Seppl\Desktop\Melly453.jpg
[2010.06.13 00:05:07 | 000,169,356 | ---- | C] () -- C:\Users\Seppl\Desktop\mel270100000.jpg
[2010.06.03 14:26:21 | 000,353,245 | ---- | C] () -- C:\Users\Seppl\Desktop\Pic4846.jpg
[2010.06.03 00:45:46 | 003,188,218 | ---- | C] () -- C:\Users\Seppl\Desktop\DSC02475.jpg
[2010.06.02 19:01:20 | 001,109,863 | ---- | C] () -- C:\Users\Seppl\Desktop\fertig.jpg
[2010.06.02 12:25:58 | 000,942,989 | ---- | C] () -- C:\Users\Seppl\Desktop\Anlagen.pdf
[2010.05.28 09:47:54 | 000,698,518 | ---- | C] () -- C:\Users\Seppl\Desktop\Thats Me (4).jpg
[2010.05.25 00:17:07 | 000,030,953 | ---- | C] () -- C:\Users\Seppl\Desktop\James CMC xD.JPG
[2010.05.23 22:22:28 | 000,278,297 | ---- | C] () -- C:\Users\Seppl\Desktop\du.jpg
[2010.05.23 21:43:25 | 032,468,309 | ---- | C] () -- C:\Users\Seppl\Desktop\IMG_1367.psd
[2010.05.23 19:56:29 | 001,337,677 | ---- | C] () -- C:\Users\Seppl\Desktop\DSCI0094.JPG
[2010.05.23 19:56:15 | 001,307,057 | ---- | C] () -- C:\Users\Seppl\Desktop\DSCI0093.JPG
[2010.05.23 19:45:39 | 000,635,682 | ---- | C] () -- C:\Users\Seppl\Desktop\IMG_1367.JPG
[2010.05.23 19:40:30 | 002,216,463 | ---- | C] () -- C:\Users\Seppl\Desktop\_MG_4124.JPG
[2010.05.23 19:39:21 | 002,140,608 | ---- | C] () -- C:\Users\Seppl\Desktop\_MG_4123.JPG
[2010.05.23 19:38:48 | 001,921,356 | ---- | C] () -- C:\Users\Seppl\Desktop\_MG_4120.JPG
[2010.05.21 17:41:33 | 000,042,611 | ---- | C] () -- C:\Users\Seppl\Desktop\l_88cd20875b4e470d83e92bbfdfa6a0f2.jpg
[2010.05.20 02:12:34 | 000,790,899 | ---- | C] () -- C:\Users\Seppl\Desktop\IMAG0911.JPG
[2010.05.18 15:40:03 | 000,405,657 | ---- | C] () -- C:\Users\Seppl\Desktop\Bild007.jpg
[2010.05.18 15:39:57 | 000,447,308 | ---- | C] () -- C:\Users\Seppl\Desktop\Bild010.jpg
[2010.05.18 15:39:19 | 000,044,534 | ---- | C] () -- C:\Users\Seppl\Desktop\23-10-09.jpg
[2010.05.18 15:38:29 | 000,044,895 | ---- | C] () -- C:\Users\Seppl\Desktop\Webcam6.jpg
[2010.05.18 15:37:56 | 000,045,654 | ---- | C] () -- C:\Users\Seppl\Desktop\Sonnenbrand!.jpg
[2010.05.18 15:37:42 | 000,172,521 | ---- | C] () -- C:\Users\Seppl\Desktop\Pic4771.jpg
[2010.05.18 15:37:36 | 000,155,677 | ---- | C] () -- C:\Users\Seppl\Desktop\Pic4783.jpg
[2010.05.18 15:36:54 | 000,163,132 | ---- | C] () -- C:\Users\Seppl\Desktop\Pic3771.jpg
[2010.05.18 15:36:45 | 000,156,016 | ---- | C] () -- C:\Users\Seppl\Desktop\Pic4082.jpg
[2010.05.18 15:36:42 | 000,152,619 | ---- | C] () -- C:\Users\Seppl\Desktop\Pic4081.jpg
[2010.05.18 15:36:02 | 000,863,020 | ---- | C] () -- C:\Users\Seppl\Desktop\Pic4393.jpg
[2010.05.18 15:35:58 | 000,919,248 | ---- | C] () -- C:\Users\Seppl\Desktop\Pic4410.jpg
[2010.05.18 15:35:31 | 000,245,600 | ---- | C] () -- C:\Users\Seppl\Desktop\Pic4114.jpg
[2010.05.18 15:35:11 | 000,301,357 | ---- | C] () -- C:\Users\Seppl\Desktop\Pic3565.jpg
[2010.05.15 12:25:24 | 000,000,799 | ---- | C] () -- C:\Users\Public\Desktop\Vuze.lnk
[2010.05.14 15:52:17 | 000,183,732 | ---- | C] () -- C:\Users\Seppl\Desktop\na wer ist das.jpg
[2010.05.10 16:54:33 | 035,708,948 | ---- | C] () -- C:\Users\Seppl\Desktop\clip0003.avi
[2010.05.08 21:28:34 | 003,261,586 | ---- | C] () -- C:\Users\Seppl\Desktop\hintergrund.psd
[2010.05.06 15:59:33 | 000,000,878 | ---- | C] () -- C:\Users\Seppl\Desktop\Grand Theft Auto IV - Episodes From Liberty City.lnk
[2010.05.05 14:03:53 | 000,139,432 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010.05.03 14:44:17 | 005,378,683 | ---- | C] () -- C:\Users\Seppl\Desktop\And Then I Kiss Him.mp3
[2010.05.03 14:44:17 | 003,909,556 | ---- | C] () -- C:\Users\Seppl\Desktop\Brothers.mp3
[2010.05.03 14:44:17 | 003,512,495 | ---- | C] () -- C:\Users\Seppl\Desktop\Tennessee.mp3
[2010.05.02 10:47:15 | 003,358,566 | ---- | C] () -- C:\Users\Seppl\Desktop\die suche.mp3
[2010.04.23 22:21:33 | 013,652,197 | ---- | C] () -- C:\Users\Seppl\Desktop\Katerine_-_Ayo_Technology.mp4
[2010.04.23 22:19:52 | 000,000,923 | ---- | C] () -- C:\Users\Public\Desktop\Camtasia Studio 7.lnk
[2010.04.17 18:54:13 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.04.13 22:41:37 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2010.04.13 22:39:35 | 000,000,036 | -H-- | C] () -- C:\Users\Seppl\AppData\Roaming\swk.ini
[2010.04.13 15:40:00 | 000,000,851 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010.04.13 15:36:21 | 018,499,623 | ---- | C] () -- C:\Users\Seppl\Desktop\vlc-1.0.5-win32.exe
[2010.04.08 06:51:14 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.04.04 11:12:27 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo
[2010.03.03 02:00:00 | 004,555,278 | ---- | C] () -- C:\Windows\SysWow64\libavcodec.dll
[2010.03.03 02:00:00 | 001,449,935 | ---- | C] () -- C:\Windows\SysWow64\ffmpegmt.dll
[2010.03.03 02:00:00 | 000,882,688 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010.03.03 02:00:00 | 000,877,385 | ---- | C] () -- C:\Windows\SysWow64\ff_x264.dll
[2010.03.03 02:00:00 | 000,556,491 | ---- | C] () -- C:\Windows\SysWow64\libmplayer.dll
[2010.03.03 02:00:00 | 000,336,384 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
[2010.03.03 02:00:00 | 000,324,096 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2010.03.03 02:00:00 | 000,248,320 | ---- | C] () -- C:\Windows\SysWow64\ff_kernelDeint.dll
[2010.03.03 02:00:00 | 000,216,576 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2010.03.03 02:00:00 | 000,169,984 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2010.03.03 02:00:00 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2010.03.03 02:00:00 | 000,145,408 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2010.03.03 02:00:00 | 000,121,856 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2010.03.03 02:00:00 | 000,116,736 | ---- | C] () -- C:\Windows\SysWow64\ff_tremor.dll
[2010.03.03 02:00:00 | 000,100,864 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2010.03.03 02:00:00 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2010.03.03 02:00:00 | 000,010,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.02.06 12:51:15 | 001,499,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.12.30 15:35:33 | 000,000,082 | ---- | C] () -- C:\Windows\VSWizard.ini
[2009.11.14 20:37:08 | 000,154,112 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
[2009.11.14 20:33:38 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
[2009.11.14 20:11:50 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\avss.dll
[2009.11.14 20:11:42 | 000,150,016 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
[2009.11.14 20:11:42 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
[2009.11.14 20:11:40 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
[2009.11.14 20:11:40 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\avi.dll
[2009.11.14 20:11:38 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\avs.dll
[2009.11.14 20:11:32 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
[2009.11.14 20:11:32 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
[2009.11.07 20:28:34 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009.11.07 20:28:34 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009.11.06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009.10.20 20:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009.08.16 12:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009.08.03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.07 18:24:04 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009.01.11 00:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\mmfinfo.dll
[2009.01.05 14:44:10 | 000,000,483 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2007.10.13 11:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\SysWow64\Registration.ini
[2007.02.05 21:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
 
========== LOP Check ==========
 
[2009.11.07 21:29:30 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\1&1
[2010.05.21 01:37:54 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\1st Free Solitaire
[2010.06.13 11:08:13 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\Azureus
[2010.01.17 19:14:59 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\CPUControl
[2009.12.21 10:49:00 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\DAEMON Tools Lite
[2010.03.04 11:41:36 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\DeepBurner
[2010.03.27 15:03:09 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\FreeFLVConverter
[2010.04.13 12:50:18 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\FrostWire
[2010.07.02 20:56:27 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\ICQ
[2010.06.29 14:27:36 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\jfTXLiHyP2tAcoxprl
[2009.11.24 18:51:58 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\Leadertech
[2010.03.18 22:08:17 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\LG Electronics
[2010.04.23 22:27:46 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\ManyCam
[2010.03.28 15:18:53 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\TeamViewer
[2009.11.08 18:11:38 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\Uniblue
[2009.11.09 12:40:35 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\Win7codecs
[2010.06.27 08:56:16 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %systemroot%\system32\user32.dll /md5 >
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
 
< %systemroot%\system32\ws2help.dll /md5 >
[2009.07.14 03:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 -- C:\Windows\SysWOW64\ws2help.dll
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >

--- --- ---

Seppl21 · 02.07.2010, 20:24

sowie Extras.txt. Sorry für den Doppelpost

[QUOTE=Extras.txt]
OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 02.07.2010 21:03:05 - Run 1
OTL by OldTimer - Version 3.2.7.0     Folder = C:\Users\Seppl\Downloads
64bit- An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 7,00 Gb Available Physical Memory | 83,00% Memory free
16,00 Gb Paging File | 15,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 68,36 Gb Total Space | 6,17 Gb Free Space | 9,02% Space Free | Partition Type: NTFS
Drive D: | 195,21 Gb Total Space | 34,41 Gb Free Space | 17,62% Space Free | Partition Type: NTFS
Drive E: | 202,04 Gb Total Space | 78,20 Gb Free Space | 38,71% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SEPPL-PC
Current User Name: Seppl
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- D:\Internet\Internet Programme\firefox.exe (Mozilla Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- D:\Internet\Internet Programme\firefox.exe (Mozilla Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Internet\Internet Programme\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "D:\Internet\Internet Programme\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "D:\Internet\Internet Programme\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "D:\Programme\Ausführende Programme - Player\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "D:\Programme\Ausführende Programme - Player\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "D:\Internet\Internet Programme\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "D:\Internet\Internet Programme\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\Ausführende Programme - Player\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "D:\Programme\Ausführende Programme - Player\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D11240-5C27-4FEF-855E-57AF99C1A538}" = Motorola Driver Installation 4.2.0
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{B0EFB716-085B-4564-8060-212E41F5CE50}" = Windows Live ID-Anmelde-Assistent
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"Win7x64 Components_is1" = Win7x64 Components v1.2.3
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2EF095CE-24AF-4AAA-BB82-85F988EC51C0}" = 1und1 Internet Explorer Add-On
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53FA9A9F-3C19-4D43-AD6B-DEF365D469BA}" = Camtasia Studio 7
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A67911E-8EB5-4F9A-8D8E-1C4CC590B914}" = Motorola Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{75C9CA43-7677-4F89-A971-1104A94DF0F2}" = CSE Demoplayer
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A06714C-F24B-4144-9BA2-788B5DD4F270}_is1" = ICQ Ignore Checker 1.3
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8ED35B48-AFBD-4F32-8271-2257AD8B907E}_is1" = Grand Theft Auto IV - Episodes From Liberty City
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_PROR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{993960EE-CA4D-443F-8F88-E24260DD5FD2}" = LG PC Suite
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4FEA924-630D-11D4-B78E-005004566E4D}" = ViewSonic Monitor Drivers
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CFFCE4FD-0066-4FF4-ACDE-607ED6683841}" = WLAN Card
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"1&1 EasyLogin" = 1&1 EasyLogin
"1STFREE_is1" = 1st Free Solitaire 1.7.1
"1und1 Internet Explorer Add-On" = 1und1 Internet Explorer Add-On
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CPU-Control_is1" = CPU-Control
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free FLV Converter_is1" = Free FLV Converter V 6.7.5
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"FrostWire" = FrostWire 4.20.3
"ICQToolbar" = ICQ Toolbar
"InstallShield_{CFFCE4FD-0066-4FF4-ACDE-607ED6683841}" = WLAN Card
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.2.5 Standard
"Magic ISO Maker v5.5 (build 0265)" = Magic ISO Maker v5.5 (build 0265)
"Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"ManyCam" = ManyCam 2.4 (remove only)
"Messenger Plus! Live" = Messenger Plus! Live
"Messenger_Plus_Live_Germany Toolbar" = Messenger_Plus_Live_Germany Toolbar
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PROR" = Microsoft Office Professional 2007-Testversion
"RealPlayer 12.0" = RealPlayer
"SpeedFan" = SpeedFan (remove only)
"Steam App 10" = Counter-Strike
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 410" = Portal: The First Slice
"TeamViewer 5" = TeamViewer 5
"VLC media player" = VLC media player 1.0.5
"Vuze_Remote Toolbar" = Vuze_Remote Toolbar
"Windows 7 - Codec Pack" = Windows 7 Codec Pack 2.5.0
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 22.06.2010 09:54:06 | Computer Name = Seppl-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "d:\Internet\internet
 programme\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "d:\Internet\internet programme\spybot - search & destroy\DelZip179.dll" in Zeile
 8.  Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 23.06.2010 05:21:27 | Computer Name = Seppl-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 23.06.2010 05:21:59 | Computer Name = Seppl-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "d:\Internet\internet
 programme\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "d:\Internet\internet programme\spybot - search & destroy\DelZip179.dll" in Zeile
 8.  Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 26.06.2010 08:52:26 | Computer Name = Seppl-PC | Source = Application Hang | ID = 1002
Description = Programm xBBrowser.exe, Version 2.0.0.20 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 914    Startzeit: 
01cb152e542fedc7    Endzeit: 0    Anwendungspfad: D:\Programme\Nützliche Tools\XB Browser\XeroBank\xBBrowser.exe

Berichts-ID:
   
 
Error - 27.06.2010 18:26:12 | Computer Name = Seppl-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: msnmsgr.exe, Version: 14.0.8089.726,
 Zeitstempel: 0x4a6ce533  Name des fehlerhaften Moduls: PresenceIM.dll, Version: 14.0.8089.726,
 Zeitstempel: 0x4a6ce51e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000104a9  ID des fehlerhaften
 Prozesses: 0x1770  Startzeit der fehlerhaften Anwendung: 0x01cb1647bf925025  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Windows Live\Messenger\PresenceIM.dll
Berichtskennung:
 fd9b15c8-823a-11df-a068-4061862e2a88
 
Error - 29.06.2010 08:33:23 | Computer Name = Seppl-PC | Source = MsiInstaller | ID = 11704
Description = 
 
Error - 29.06.2010 08:36:18 | Computer Name = Seppl-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 1.9.2.3828,
 Zeitstempel: 0x4c25a474  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16559,
 Zeitstempel: 0x4ba9b29c  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00022262  ID des fehlerhaften
 Prozesses: 0x1818  Startzeit der fehlerhaften Anwendung: 0x01cb17874a8f2411  Pfad der
 fehlerhaften Anwendung: D:\Internet\Internet Programme\plugin-container.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: e9aa52c9-837a-11df-8969-4061862e2a88
 
Error - 29.06.2010 10:14:28 | Computer Name = Seppl-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: EFLC.exe, Version: 1.1.1.0, Zeitstempel:
 0x4bb19157  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16559, Zeitstempel:
 0x4ba9b29c  Ausnahmecode: 0xc0000264  Fehleroffset: 0x000a1c92  ID des fehlerhaften Prozesses:
 0x560  Startzeit der fehlerhaften Anwendung: 0x01cb17910a638725  Pfad der fehlerhaften
 Anwendung: E:\Grand Theft Auto IV - Episodes From Liberty City\EFLC.exe  Pfad des
 fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: a097c04c-8388-11df-8969-4061862e2a88
 
Error - 29.06.2010 10:14:53 | Computer Name = Seppl-PC | Source = Application Hang | ID = 1002
Description = Programm EFLC.exe, Version 1.1.1.0 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 560    Startzeit: 
01cb17910a638725    Endzeit: 591    Anwendungspfad: E:\Grand Theft Auto IV - Episodes From
 Liberty City\EFLC.exe    Berichts-ID:   
 
Error - 02.07.2010 03:48:00 | Computer Name = Seppl-PC | Source = Application Hang | ID = 1002
Description = Programm services.exe, Version 1.3.0.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 810    Startzeit: 
01cb19ba71e929e5    Endzeit: 0    Anwendungspfad: C:\Program Files\Internet Explorer\services.exe

Berichts-ID:
 c680e1d7-85ad-11df-8b76-4061862e2a88  
 
[ System Events ]
Error - 03.05.2010 18:30:10 | Computer Name = Seppl-PC | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen
 Status gemeldet: 32
 
Error - 04.05.2010 04:05:56 | Computer Name = Seppl-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Cursor Acceleration Fix" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%31
 
Error - 04.05.2010 20:15:07 | Computer Name = Seppl-PC | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen
 Status gemeldet: 32
 
Error - 05.05.2010 02:24:29 | Computer Name = Seppl-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Cursor Acceleration Fix" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%31
 
Error - 05.05.2010 03:26:43 | Computer Name = Seppl-PC | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen
 Status gemeldet: 32
 
Error - 05.05.2010 04:41:11 | Computer Name = Seppl-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Cursor Acceleration Fix" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%31
 
Error - 05.05.2010 19:55:04 | Computer Name = Seppl-PC | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen
 Status gemeldet: 32
 
Error - 06.05.2010 04:41:38 | Computer Name = Seppl-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Cursor Acceleration Fix" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%31
 
Error - 06.05.2010 07:38:07 | Computer Name = Seppl-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "TeamViewer 5" wurde unerwartet beendet. Dies ist bereits 1
 Mal passiert.
 
Error - 06.05.2010 07:38:11 | Computer Name = Seppl-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Volumeschattenkopie" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
 
< End of report >

--- --- ---

lg

Seppl

Larusso · 02.07.2010, 20:42

Mir fehlt noch die Extras.txt

Da es sich um ein 64 bit System handelt, bin ich mit Remover Tools sehr eingeschränkt.

Schritt 1

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

:OTL
[2010.06.29 14:27:36 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Roaming\jfTXLiHyP2tAcoxprl
O33 - MountPoints2\{5ed02bec-ee0d-11de-bc33-4061862e2a89}\Shell - "" = AutoRun
O33 - MountPoints2\{5ed02bec-ee0d-11de-bc33-4061862e2a89}\Shell\AutoRun\command - "" = G:\Autorun.exe -- File not found
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O4 - HKLM..\Run: []  File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
[2010.05.15 12:25:06 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010.06.29 14:36:02 | 000,000,000 | ---D | M] (myBabylon English Toolbar) -- C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/home"
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files (x86)\Messenger_Plus_Live_Germany\tbMes1.dll (Conduit Ltd.)
O2 - BHO: (Messenger Plus Live Germany Toolbar) - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files (x86)\Messenger_Plus_Live_Germany\tbMes1.dll (Conduit Ltd.)
:files
C:\Program Files (x86)\Vuze_Remote
:reg
:Commands
[purity]
[emptytemp]
[reboot]

Schliesse bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
Klick auf .
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt 2

Grundreinigung mit SUPERAntiSpyware

Bitte lade Dir SUPERAntiSpyware FREE Edition herunter.
Das Programm ist geeignet für: Windows 98, 98SE, ME, 2000, 2003, XP und Vista.
Installiere das Programm und lasse das Programm die neuesten Definition und Updates laden.
Eine bebilderte Anleitung findest Du hier.
Schließe alle Anwendungen inkl. Browser.
Öffne SUPERAntiSpyware und klicke auf Ihren Computer durchsuchen.
Setze ein Häkchen bei Kompletter Scan und klicke auf Weiter.
Wenn der Suchlauf beendet ist, wird Dir eine Übersicht mit den Funden angezeigt, die Du mit OK zur Kenntnis nimmst.
Achte darauf, dass bei allen Funden ein Häkchen steht, klicke dann auf Weiter und OK.
Klicke auf Fertig stellen, was Dich ins Hauptfenster bringt.
Es kann sein, dass Dein Rechner neu gestartet werden muss, um Malware mit dem Neustart vom System zu entfernen.
Um das Logfile zu erhalten, musst du erst auf Präferenzen und dann auf den Statistiken und Protokolle klicken.
Klicke auf das datierte Logfile, drücke auf Protokoll anzeigen. Nun erscheint ein Textfenster.
Bitte kopiere diesen Bericht hier in den Thread.

Schritt 3

ESET Online Scanner

Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.

Unterstützte Betriebssysteme: Microsoft Windows 98/ME/NT 4.0/2000/XP und Windows Vista
Anmerkung für Vista-User: Bitte den Browser unbedingt als Administrator starten.
Dein Anti-Virus-Programm während des Scans deaktivieren.
Button "ESET Online Scanner" drücken.
Firefox-User müssen ein zusätzliches Addon (esetsmartinstaller_enu.exe) installieren.
Das Firefox-Addon auf dem Desktop speichern und dann installieren.
IE-User müssen das Installieren eines ActiveX Elements erlauben.
Einen Haken bei "Remove found threads" und "Scan archives" machen.
Start drücken.
Signaturen werden heruntergeladen.
Der Scan beginnt automatisch.
Finish drücken.
Browser schließen.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
Logfile hier posten.
Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
IE-User zusätzlich: mit HJT folgenden Eintrag fixen:
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control)

Schritt 4

Starte bitte OTL.exe und klicke auf den Quick Scan Button.

Bitte poste in Deiner nächsten Antwort
OTLFix.log
SASW Log
ESET log
OTL.txt
Berichte wie der Rechner läuft

Seppl21 · 03.07.2010, 00:28

Also die Extras.txt habe ich doch in meinen letzten, also zweiten Posting erwähnt

Zitat:

Zitat von SASW.log

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 07/03/2010 at 00:13 AM

Application Version : 4.40.1002

Core Rules Database Version : 5150
Trace Rules Database Version: 2962

Scan type : Complete Scan
Total Scan Time : 00:35:24

Memory items scanned : 596
Memory threats detected : 0
Registry items scanned : 14685
Registry threats detected : 0
File items scanned : 45773
File threats detected : 465

Adware.Tracking Cookie
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@oberon-media[3].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@cts.zroitracker[1].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@cts.metricsdirect[1].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@atdmt[4].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@overture[1].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@media.licenseacquisition[1].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@2o7[3].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@content.yieldmanager[4].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@adtech[2].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@clicks.emarketmakers[1].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@weborama[3].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@www.sexcam-livecam[1].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@content.licenseacquisition[1].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@atwola[4].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@msnportal.112.2o7[2].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@ads.creative-serving[1].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@serving-sys[5].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@revsci[1].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@adfarm1.adition[2].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@trafficmp[1].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@gamecenter.oberon-media[3].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@ar.atwola[1].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@collective-media[1].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@paysafecardgroup.122.2o7[1].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@bs.serving-sys[4].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\Low\seppl@bs.serving-sys[1].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\Low\seppl@himedia.individuad[2].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\Low\seppl@tradedoubler[2].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\Low\seppl@serving-sys[1].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\Low\seppl@adtech[1].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\Low\seppl@adfarm1.adition[1].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\Low\seppl@doubleclick[1].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\Low\seppl@atdmt[1].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\Low\seppl@msnportal.112.2o7[1].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@content.yieldmanager[3].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@bs.serving-sys[1].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@track.adform[2].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@ad.yieldmanager[2].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@content.yieldmanager[2].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@atdmt[3].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@ww251.smartadserver[1].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@ads.bootcampmedia[1].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@atdmt[2].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@serving-sys[2].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@counter.top.chebra[1].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@adserver.terahost[2].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@clickandbuy[1].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@weborama[2].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@sevenoneintermedia.112.2o7[1].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@2o7[2].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@serving-sys[1].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@adserver2.clipkit[1].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@adbrite[2].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@msnportal.112.2o7[1].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@content.yieldmanager[1].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@ad.yieldmanager[3].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@xm.xtendmedia[1].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@atwola[2].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@adtech[1].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@questionmarket[1].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@atwola[1].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@oberon-media[2].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@adfarm1.adition[1].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@ad.adition[2].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@ad.adnet[1].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@www.windowsmedia[2].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@bs.serving-sys[3].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@gamecenter.oberon-media[2].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@serving-sys[3].txt
.himedia.individuad.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.adtech.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.adfarm1.adition.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.adtech.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.adserver.adtechus.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.im.banner.t-online.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
rts.pgmediaserve.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.bs.serving-sys.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.youporn.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.youporn.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.youporn.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.youporn.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
ads.youporn.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
ad.zanox.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
cdn5.specificclick.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
cdn5.specificclick.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.pornhub.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.pornhub.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.zanox.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.4stats.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
www.zanox-affiliate.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.zanox-affiliate.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.traffictrack.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
eas.apm.emediate.eu [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
eas.apm.emediate.eu [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.vodafonegroup.122.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
ad.zanox.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
creatives.commindo-media.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.revsci.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.4stats.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
ad.youporn.videobox.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.pornhub.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.imrworldwide.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.imrworldwide.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.xiti.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.collective-media.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
adx.chip.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
adx.chip.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.tacoda.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.tacoda.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.tacoda.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
adserver.sevenload.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.112.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.112.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
adserver.adreactor.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
de.sitestat.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
rotator.adjuggler.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
rotator.adjuggler.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.atwola.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.at.atwola.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.smartadserver.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.smartadserver.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.smartadserver.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.smartadserver.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
ww251.smartadserver.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.adbrite.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.adbrite.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.adbrite.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.adbrite.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
ad.adserver01.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
eas.apm.emediate.eu [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
creatives.commindo-media.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.4stats.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
www.active-tracking.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.www.active-tracking.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.www.active-tracking.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.tracking.mindshare.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
tracking.mindshare.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.yadro.ru [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.tracking.quisma.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.tracking.quisma.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.traffictrack.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.ad.adnet.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.tribalfusion.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.msnportal.112.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
adserver2.clipkit.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.sevenoneintermedia.112.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.traffictrack.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.traffictrack.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
www5.addfreestats.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
track.adform.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.4stats.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
adserver1.mokono.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.4stats.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.adtech.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.adtech.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
ad.adition.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.im.banner.t-online.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.ad.adnet.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
zbox.zanox.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.clicksor.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.clicksor.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.clicksor.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.clicksor.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.clicksor.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.ad.adnet.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.youporn.videobox.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.tracking.quisma.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.adtech.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.tracking.quisma.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
tracking.quisma.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
tracking.quisma.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
track.effiliation.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
track.effiliation.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
tracking.quisma.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
tracking.quisma.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.guj.122.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
www.etracker.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
www.zanox-affiliate.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
de.sitestat.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
de.sitestat.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
de.sitestat.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
de.sitestat.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
track.effiliation.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
track.effiliation.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.4stats.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.tracking.mindshare.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
adfarm1.adition.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.unitymedia.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
www.etracker.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
s05.flagcounter.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
ads1.vtxnet.ch [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
adserver.piqs.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
stat.onestat.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
stat.onestat.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.estat.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.electronicarts.112.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.dmtracker.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
coremetrics.arkadium.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.nike.112.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
stat.vattenfall.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
stat.vattenfall.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.revsci.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
adsrv.admediate.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
adsrv.admediate.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.ads.quartermedia.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.ads.quartermedia.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.ads.quartermedia.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.eyewonder.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
blogs.menmedia.co.uk [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.youporncams.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.youporncams.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
www.sexymetro.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
www.sexymetro.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.sexymetro.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.sexymetro.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.xm.xtendmedia.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
advertiser.contextmatters.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.ads.quartermedia.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.ads.quartermedia.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.ads.quartermedia.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
ad.adition.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
ad.adition.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.account.frogster-online.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.tele2de.112.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.tracking.quisma.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.surveymonkey.122.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
track.adform.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
track.adform.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
track.adform.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
track.adform.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.nhhotelessa.112.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
c.trafficed.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
fl01.ct2.comclick.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
fl01.ct2.comclick.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
fl01.ct2.comclick.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
d.jambomedia.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
kursnet-finden.arbeitsagentur.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
stats.webredesigner.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.a.revenuemax.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
in.getclicky.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.newsclick.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.newsclick.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.e-2dj6wcl4ehcpkdp.stats.esomniture.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
dfb.stats.yum.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
media.gan-online.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.4stats.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
static.freewebs.getclicky.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.euros4click.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.euros4click.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.euros4click.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.euros4click.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.tracking.quisma.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
www.etracker.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
banner.testberichte.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
banner.testberichte.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
banner.testberichte.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
clicks.pangora.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
clicks.pangora.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
clicks.pangora.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
www.googleadservices.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
s4.trafficmaxx.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.dkvag.112.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
www.count24.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
www.count24.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
www.count24.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
www.count24.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
www.count24.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
cdn4.specificclick.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
cdn4.specificclick.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
cdn4.specificclick.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
cdn4.specificclick.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.toplist.cz [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
www.etracker.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
de.sitestat.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
de.sitestat.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
ww251.smartadserver.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.valueclick.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.finden.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.finden.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.azjmp.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.azjmp.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
www.googleadservices.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.adtech.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.im.banner.t-online.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
piwik.atlantismedia.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
www.etracker.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
adserver.traffictrack.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
www.layermedia-adserver.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.4stats.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.4stats.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.www.sexcam-livecam.info [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.paysafecardgroup.122.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.gostats.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.content.yieldmanager.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.msnaccountservices.112.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
ad2.clickhype.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.ad.adnet.biz [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.ad.adnet.biz [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.clickandbuy.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.clickandbuy.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.youpornmate.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.youpornmate.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.naiadsystems.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.naiadsystems.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.youpornmate.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.hardsextube.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
adserver.hardsextube.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
1xxx.cqcounter.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.banners.facebookofsex.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.banners.facebookofsex.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.banners.facebookofsex.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.banners.facebookofsex.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.banners.facebookofsex.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
stats.webtrafficagents.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
stats.webtrafficagents.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
stats.webtrafficagents.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.alltubeporn.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.alltubeporn.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.eporner.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.eporner.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.secure.youpornmate.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.secure.youpornmate.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
www.active-tracking.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.komtrack.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.komtrack.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
de.sitestat.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
piwik.net4media-typo3.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.tracking.hannoversche.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
counter.live4members.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.im.banner.t-online.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
fl01.ct2.comclick.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
track.effiliation.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
track.effiliation.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
track.effiliation.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.www.clickpotato.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.mediafire.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.mediafire.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.mediafire.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
banner.electronic-arts.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.revsci.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.webstats4u.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
www.elitepvpers.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
www.elitepvpers.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
www.elitepvpers.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
www.etracker.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.im.banner.t-online.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
www.etracker.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
www.etracker.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
www.etracker.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.shinystat.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.himedia.individuad.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.collective-media.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.germanfriendfinder.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.germanfriendfinder.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.germanfriendfinder.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.germanfriendfinder.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.germanfriendfinder.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.fileuploadx.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.fileuploadx.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.germanfriendfinder.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.germanfriendfinder.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.germanfriendfinder.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.traffictrack.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.revsci.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.revsci.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.revsci.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.revsci.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
neocounter.neoworx-blog-tools.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]

Trojan.Agent/Gen-Cryptor[Egun]
C:\USERS\SEPPL\DOWNLOADS\PERSONALAUSWEIS.EXE

sowie:

Zitat:

Zitat von ESET.log

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=ce8a342bef7b7948867c63e173fd53f2
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-07-02 11:24:19
# local_time=2010-07-03 01:24:19 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775166 100 100 731302 53621127 0 0
# compatibility_mode=5893 16776574 100 94 16089009 30515091 0 0
# compatibility_mode=8192 67108863 100 0 145 145 0 0
# scanned=255208
# found=2
# cleaned=2
# scan_time=3639
C:\Program Files\Win7codecs\Tools\settings64.exe Win32/Packed.Autoit.Gen application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Seppl\Documents\Azureus Downloads\Nero 7.10.1.0\Nero-7.10.1.0_eng_full.exe Win32/Toolbar.AskSBar application (deleted - quarantined) 00000000000000000000000000000000 C

Seppl21 · 03.07.2010, 00:36

Hier nun die restlichen Logs für dich

[quote=OTL.txt]OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 03.07.2010 01:30:48 - Run 2
OTL by OldTimer - Version 3.2.7.0     Folder = C:\Users\Seppl\Downloads
64bit- An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 75,00% Memory free
16,00 Gb Paging File | 14,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 68,36 Gb Total Space | 12,26 Gb Free Space | 17,94% Space Free | Partition Type: NTFS
Drive D: | 195,21 Gb Total Space | 34,55 Gb Free Space | 17,70% Space Free | Partition Type: NTFS
Drive E: | 202,04 Gb Total Space | 85,57 Gb Free Space | 42,35% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SEPPL-PC
Current User Name: Seppl
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2010.07.02 21:00:29 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Seppl\Downloads\OTL.exe
PRC - [2010.06.27 18:57:37 | 000,910,296 | ---- | M] (Mozilla Corporation) -- D:\Internet\Internet Programme\firefox.exe
PRC - [2010.06.27 18:57:37 | 000,014,808 | ---- | M] (Mozilla Corporation) -- D:\Internet\Internet Programme\plugin-container.exe
PRC - [2010.06.02 16:58:20 | 000,246,520 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
PRC - [2010.05.07 08:57:31 | 001,238,352 | ---- | M] (Valve Corporation) -- E:\Steam\Steam.exe
PRC - [2010.04.12 17:29:28 | 000,023,328 | ---- | M] (Sun Microsystems, Inc.) -- C:\PROGRA~2\Java\jre6\bin\jp2launcher.exe
PRC - [2010.04.12 17:29:25 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\java.exe
PRC - [2009.11.09 11:02:42 | 001,053,848 | ---- | M] () -- C:\Windows\SysWOW64\ieconfig_1und1_svc.exe
PRC - [2009.09.30 20:58:42 | 000,026,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
PRC - [2009.09.27 17:48:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009.07.26 17:44:14 | 003,883,840 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
PRC - [2009.07.20 05:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2009.05.13 17:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2003.05.15 22:42:26 | 000,529,920 | ---- | M] (ASKEY) -- C:\Windows\SysWOW64\Atray.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.07.02 21:00:29 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Seppl\Downloads\OTL.exe
MOD - [2009.07.20 05:00:00 | 000,038,912 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\x86\lgscroll.dll
MOD - [2009.07.14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
MOD - [2009.06.10 23:23:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.06.29 19:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009.11.15 17:30:19 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009.07.14 03:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009.07.14 03:41:54 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\StorSvc.dll -- (StorSvc)
SRV:64bit: - [2009.07.14 03:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009.07.14 03:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009.03.30 18:19:56 | 002,297,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.06.02 16:58:20 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.03.18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 11:26:08 | 000,172,328 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009.12.30 00:59:29 | 000,321,320 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009.11.15 17:30:17 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.11.09 11:02:42 | 001,053,848 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ieconfig_1und1_svc.exe -- (serviceIEConfig)
SRV - [2009.10.20 20:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009.09.27 17:48:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009.07.21 15:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.07.20 13:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.07.14 05:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)
SRV - [2009.07.14 05:20:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2009.07.13 22:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009.05.13 17:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.10.25 12:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2007.05.31 18:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 18:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2010.03.11 11:17:14 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2010.01.27 20:09:04 | 000,007,808 | ---- | M] (SweetLow) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidusbf.sys -- (hidusbf)
DRV:64bit: - [2010.01.21 03:03:10 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2010.01.21 03:03:08 | 000,033,280 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2010.01.21 03:03:06 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2009.12.20 15:37:36 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.12.07 17:00:50 | 000,074,880 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2009.11.17 18:01:20 | 000,294,400 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.10.27 13:10:18 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem)
DRV:64bit: - [2009.10.20 20:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009.07.14 15:35:40 | 000,226,616 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009.07.14 03:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009.07.14 03:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009.07.14 01:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009.07.14 01:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009.07.08 01:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.06.19 18:07:44 | 000,020,992 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)
DRV:64bit: - [2009.06.17 10:54:46 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2009.06.17 10:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009.06.17 10:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.08 12:56:26 | 000,053,632 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motodrv.sys -- (MotDev)
DRV:64bit: - [2009.05.04 18:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009.01.29 18:18:12 | 000,009,216 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl)
DRV:64bit: - [2008.11.04 04:20:56 | 000,098,144 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2008.06.27 08:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2008.03.13 09:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
DRV:64bit: - [2008.02.09 21:16:52 | 000,005,152 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\wcafix.sys -- (wcafix)
DRV:64bit: - [2007.05.09 22:50:48 | 000,050,208 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2007.05.09 22:46:48 | 001,127,328 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV:64bit: - [2007.05.09 22:46:36 | 000,016,032 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)
DRV - [2010.02.17 20:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV - [2010.02.17 20:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2009.11.07 20:13:32 | 000,000,000 | ---D | M] [Kernel | System | Running] -- C:\Windows\CSC -- (CSC)
DRV - [2009.06.10 23:28:14 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2009.06.10 23:15:18 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2008.08.14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\adfs.sys -- (adfs)
DRV - [2007.02.07 20:27:46 | 000,014,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://googleal.com
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://googleal.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://googleal.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 32 24 01 D2 DF 5F CA 01  [binary data]
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {542e4d79-1970-4e95-9862-fdb96f61b280} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/home"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: {df4e4df5-5cb7-46b0-9aef-6c784c3249f8}:1.0.8
FF - prefs.js..extensions.enabledItems: locationbar2@design-noir.de:1.0.5
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.97
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.6
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\ClickPotatoLite@ClickPotatoLite.com: C:\Program Files (x86)\ClickPotatoLite\bin\10.0.511.0\firefox\extensions
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.06.29 14:34:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: D:\Internet Programme\components
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: D:\Internet Programme\plugins
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: D:\Internet\Internet Programme\components [2010.06.29 14:33:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: D:\Internet\Internet Programme\plugins [2010.07.01 19:42:30 | 000,000,000 | ---D | M]
 
[2009.11.07 21:37:52 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\mozilla\Extensions
[2010.07.02 23:28:01 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions
[2010.06.26 10:30:37 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009.11.08 20:35:24 | 000,000,000 | ---D | M] (TorrentBar) -- C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{7b821b0e-b102-4f9b-b6e3-433ede1fe379}
[2010.06.17 13:48:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.05.15 09:13:14 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009.11.08 20:35:25 | 000,000,000 | ---D | M] () -- C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{a7101e54-830c-4d33-a3ed-bedc17ec44da}
[2010.04.16 08:39:30 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.01.08 17:03:45 | 000,000,000 | ---D | M] (Fox!Box) -- C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}
[2009.11.08 20:35:25 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.03.06 18:23:11 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\locationbar2@design-noir.de
[2010.06.27 09:17:04 | 000,000,950 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-1.xml
[2009.09.11 10:44:03 | 000,000,961 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-10.xml
[2009.10.13 12:02:28 | 000,000,961 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-11.xml
[2009.10.13 12:13:24 | 000,000,961 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-12.xml
[2009.10.13 12:13:48 | 000,000,961 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-13.xml
[2009.10.13 12:21:50 | 000,000,961 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-14.xml
[2009.10.21 21:39:22 | 000,000,961 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-15.xml
[2010.06.27 18:57:42 | 000,000,950 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-16.xml
[2009.03.30 17:01:06 | 000,000,950 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-2.xml
[2009.05.05 17:23:41 | 000,000,950 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-3.xml
[2009.06.01 14:08:56 | 000,000,950 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-4.xml
[2009.06.02 00:01:36 | 000,000,950 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-5.xml
[2009.06.08 18:59:31 | 000,000,950 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-6.xml
[2009.07.06 16:07:41 | 000,000,950 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-7.xml
[2009.07.23 22:43:52 | 000,000,950 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-8.xml
[2009.08.05 15:45:19 | 000,000,950 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-9.xml
[2010.06.17 13:48:39 | 000,000,168 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin.gif
[2010.06.17 13:48:39 | 000,000,618 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin.src
[2010.05.12 18:40:06 | 000,001,042 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin.xml
 
O1 HOSTS File: ([2010.07.02 17:31:03 | 000,411,522 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	123haustiereundmehr.com
O1 - Hosts: 14217 more lines...
O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (1&&1 Internet AG Browser Configuration by mquadr.at) - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\Windows\SysWOW64\ieconfig_1und1.dll (mquadr.at software engineering und consulting GmbH)
O3 - HKLM\..\Toolbar: (no name) - {542e4d79-1970-4e95-9862-fdb96f61b280} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {542E4D79-1970-4E95-9862-FDB96F61B280} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Microsoft Updat] C:\Program Files\Internet Explorer\services.exe File not found
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [atray] C:\Windows\SysWow64\Atray.exe (ASKEY)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [mumservice] C:\Program Files\Motorola\Software Update\mumservice.exe File not found
O4 - HKLM..\Run: [RestartNeroSetup] C:\Program Files (x86)\Common Files\Ahead\Nero Web\SetupX.exe File not found
O4 - HKCU..\Run: [\\GOLDBACH\EPSON Stylus DX5000 Series] C:\Windows\SysWow64\spool\DRIVERS\x64\3\E_FATIBVE.EXE File not found
O4 - HKCU..\Run: [1&1 EasyLogin] D:\Internet Programme\1&1 EasyLogin\EasyLogin.exe File not found
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] D:\Programme\Nützliche Tools\daemon tool\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EPSON Stylus DX5000 Series] C:\Windows\SysWow64\spool\DRIVERS\x64\3\E_FATIBVE.EXE File not found
O4 - HKCU..\Run: [ICQ] D:\Internet\Internet Programme\ICQ6.5\ICQ.exe File not found
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] D:\Internet Programme\Spybot - Search & Destroy\TeaTimer.exe File not found
O4 - HKCU..\Run: [Steam] e:\steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1&1 EasyLogin.lnk = D:\Internet\Internet Programme\1&1 EasyLogin\EasyLogin.exe (1&1 Internet AG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.2
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Programme\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.07.02 23:32:27 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Roaming\SUPERAntiSpyware.com
[2010.07.02 23:32:27 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010.07.02 23:32:25 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010.07.02 23:32:24 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware
[2010.07.02 23:22:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.07.02 20:45:00 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Roaming\Malwarebytes
[2010.07.02 20:44:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.07.02 20:44:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.07.02 20:44:30 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.07.02 20:44:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.07.02 17:36:53 | 000,000,000 | ---D | C] -- C:\Windows\BDOSCAN8
[2010.06.29 15:38:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2010.06.29 14:37:07 | 000,000,000 | ---D | C] -- C:\Users\Seppl\Documents\Downloads
[2010.06.29 14:36:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BabelFish
[2010.06.29 14:34:09 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Local\Real
[2010.06.29 14:33:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2010.06.29 14:33:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2010.06.29 14:33:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2010.06.29 14:33:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Real
[2010.06.29 14:33:44 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Roaming\Real
[2010.06.29 14:33:18 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Local\Google
[2010.06.29 14:33:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2010.06.29 14:08:18 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Local\Apps
[2010.06.29 14:08:17 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Local\Deployment
[2010.06.29 14:08:10 | 000,000,000 | ---D | C] -- C:\Users\Seppl\Desktop\Personalausweis
[2010.06.23 11:57:30 | 000,000,000 | ---D | C] -- C:\Users\Seppl\Desktop\Fakecam
[2010.06.17 13:48:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ6Toolbar
[2010.06.17 13:48:39 | 000,000,000 | ---D | C] -- C:\ProgramData\ICQ
[2010.06.17 13:45:56 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Local\AOL
[2010.06.17 13:45:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.2
[2010.06.14 17:21:33 | 000,000,000 | ---D | C] -- C:\Users\Seppl\Desktop\Screens
[2010.06.13 01:21:22 | 000,000,000 | ---D | C] -- C:\Users\Seppl\Documents\FIFA 10
[2010.05.21 01:34:59 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Roaming\1st Free Solitaire
[2010.05.15 12:25:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2010.05.09 23:14:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Messenger_Plus_Live_Germany
[2010.05.06 17:38:15 | 000,000,000 | ---D | C] -- C:\Users\Seppl\Desktop\GTA 4
[2010.05.06 16:23:03 | 000,000,000 | ---D | C] -- C:\Users\Seppl\Documents\Games for Windows - LIVE Demos
[2010.05.06 16:04:35 | 000,000,000 | ---D | C] -- C:\Users\Seppl\Documents\Rockstar Games
[2010.05.06 16:00:37 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Local\Rockstar Games
[2010.05.06 16:00:28 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2010.05.06 13:35:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2010.05.06 13:35:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2010.05.06 13:27:28 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[2010.04.29 00:13:31 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Roaming\DivX
[2010.04.26 09:45:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010.04.23 22:27:40 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Roaming\ManyCam
[2010.04.23 22:22:09 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Local\TechSmith
[2010.04.23 22:20:02 | 000,000,000 | ---D | C] -- C:\Users\Seppl\Documents\Camtasia Studio
[2010.04.23 22:19:59 | 000,411,480 | ---- | C] (TechSmith Corporation) -- C:\Windows\SysWow64\tsccvid.dll
[2010.04.23 22:19:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\QuickTime
[2010.04.23 22:19:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TechSmith Shared
[2010.04.23 22:19:46 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith
[2010.04.17 18:54:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010.04.17 18:54:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010.04.17 18:53:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2010.04.17 18:53:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010.04.17 18:53:34 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Local\Apple
[2010.04.17 18:53:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010.04.13 22:41:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2010.04.13 15:53:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\custom matrices
[2010.04.13 15:53:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\C2MP
[2010.04.13 15:40:23 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Roaming\vlc
[2010.04.13 14:33:17 | 000,000,000 | ---D | C] -- C:\Users\Seppl\Desktop\capale
 
========== Files - Modified Within 90 Days ==========
 
[2010.07.03 01:31:02 | 010,485,760 | -HS- | M] () -- C:\Users\Seppl\NTUSER.DAT
[2010.07.03 00:22:49 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.07.03 00:22:49 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.07.03 00:15:40 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.07.03 00:15:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.07.03 00:15:29 | 2146,099,199 | -HS- | M] () -- C:\hiberfil.sys
[2010.07.03 00:14:46 | 003,010,893 | -H-- | M] () -- C:\Users\Seppl\AppData\Local\IconCache.db
[2010.07.02 23:32:25 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.07.02 20:44:34 | 000,001,016 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.02 17:31:03 | 000,411,522 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010.07.01 19:42:30 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.06.29 14:56:29 | 000,408,679 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100702-173103.backup
[2010.06.29 14:41:42 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.06.29 14:34:00 | 000,001,955 | ---- | M] () -- C:\Users\Public\Desktop\Free Games & Music.lnk
[2010.06.29 14:34:00 | 000,001,271 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2010.06.29 14:33:47 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll
[2010.06.27 19:08:38 | 000,016,384 | ---- | M] () -- C:\Users\Seppl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.26 02:15:58 | 001,522,302 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.06.26 02:15:58 | 000,657,438 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.06.26 02:15:58 | 000,618,714 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.06.26 02:15:58 | 000,130,810 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.06.26 02:15:58 | 000,107,034 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.06.20 17:17:17 | 001,245,744 | ---- | M] () -- C:\Users\Seppl\Desktop\IMG_0020.JPG
[2010.06.19 20:30:58 | 001,341,830 | ---- | M] () -- C:\Users\Seppl\Desktop\Sample Pictures2.jpg
[2010.06.19 20:30:42 | 001,618,145 | ---- | M] () -- C:\Users\Seppl\Desktop\Sample Pictures6.jpg
[2010.06.19 20:30:23 | 000,050,348 | ---- | M] () -- C:\Users\Seppl\Desktop\kiss.jpg
[2010.06.17 13:48:52 | 000,001,831 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7.2.lnk
[2010.06.15 14:13:38 | 000,007,603 | ---- | M] () -- C:\Users\Seppl\AppData\Local\Resmon.ResmonCfg
[2010.06.09 22:18:50 | 003,017,928 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.06.03 14:26:29 | 000,353,245 | ---- | M] () -- C:\Users\Seppl\Desktop\Pic4846.jpg
[2010.06.03 00:47:13 | 003,188,218 | ---- | M] () -- C:\Users\Seppl\Desktop\DSC02475.jpg
[2010.06.02 19:03:44 | 001,109,863 | ---- | M] () -- C:\Users\Seppl\Desktop\fertig.jpg
[2010.06.02 12:32:22 | 000,942,989 | ---- | M] () -- C:\Users\Seppl\Desktop\Anlagen.pdf
[2010.05.28 09:50:22 | 000,698,518 | ---- | M] () -- C:\Users\Seppl\Desktop\Thats Me (4).jpg
[2010.05.23 22:22:31 | 000,278,297 | ---- | M] () -- C:\Users\Seppl\Desktop\du.jpg
[2010.05.23 22:22:15 | 032,468,309 | ---- | M] () -- C:\Users\Seppl\Desktop\IMG_1367.psd
[2010.05.23 19:59:10 | 001,337,677 | ---- | M] () -- C:\Users\Seppl\Desktop\DSCI0094.JPG
[2010.05.23 19:58:16 | 001,307,057 | ---- | M] () -- C:\Users\Seppl\Desktop\DSCI0093.JPG
[2010.05.23 19:46:16 | 000,635,682 | ---- | M] () -- C:\Users\Seppl\Desktop\IMG_1367.JPG
[2010.05.23 19:43:28 | 002,216,463 | ---- | M] () -- C:\Users\Seppl\Desktop\_MG_4124.JPG
[2010.05.23 19:42:51 | 002,140,608 | ---- | M] () -- C:\Users\Seppl\Desktop\_MG_4123.JPG
[2010.05.23 19:41:29 | 001,921,356 | ---- | M] () -- C:\Users\Seppl\Desktop\_MG_4120.JPG
[2010.05.21 14:09:05 | 000,042,611 | ---- | M] () -- C:\Users\Seppl\Desktop\l_88cd20875b4e470d83e92bbfdfa6a0f2.jpg
[2010.05.20 02:12:40 | 000,790,899 | ---- | M] () -- C:\Users\Seppl\Desktop\IMAG0911.JPG
[2010.05.18 15:40:11 | 000,405,657 | ---- | M] () -- C:\Users\Seppl\Desktop\Bild007.jpg
[2010.05.18 15:40:08 | 000,447,308 | ---- | M] () -- C:\Users\Seppl\Desktop\Bild010.jpg
[2010.05.18 15:39:21 | 000,044,534 | ---- | M] () -- C:\Users\Seppl\Desktop\23-10-09.jpg
[2010.05.18 15:38:30 | 000,044,895 | ---- | M] () -- C:\Users\Seppl\Desktop\Webcam6.jpg
[2010.05.18 15:37:58 | 000,045,654 | ---- | M] () -- C:\Users\Seppl\Desktop\Sonnenbrand!.jpg
[2010.05.18 15:37:45 | 000,172,521 | ---- | M] () -- C:\Users\Seppl\Desktop\Pic4771.jpg
[2010.05.18 15:37:39 | 000,155,677 | ---- | M] () -- C:\Users\Seppl\Desktop\Pic4783.jpg
[2010.05.18 15:36:56 | 000,163,132 | ---- | M] () -- C:\Users\Seppl\Desktop\Pic3771.jpg
[2010.05.18 15:36:48 | 000,156,016 | ---- | M] () -- C:\Users\Seppl\Desktop\Pic4082.jpg
[2010.05.18 15:36:45 | 000,152,619 | ---- | M] () -- C:\Users\Seppl\Desktop\Pic4081.jpg
[2010.05.18 15:36:25 | 000,863,020 | ---- | M] () -- C:\Users\Seppl\Desktop\Pic4393.jpg
[2010.05.18 15:36:22 | 000,919,248 | ---- | M] () -- C:\Users\Seppl\Desktop\Pic4410.jpg
[2010.05.18 15:35:36 | 000,245,600 | ---- | M] () -- C:\Users\Seppl\Desktop\Pic4114.jpg
[2010.05.18 15:35:18 | 000,301,357 | ---- | M] () -- C:\Users\Seppl\Desktop\Pic3565.jpg
[2010.05.15 12:25:24 | 000,000,799 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2010.05.14 15:52:17 | 000,183,732 | ---- | M] () -- C:\Users\Seppl\Desktop\na wer ist das.jpg
[2010.05.10 17:15:03 | 035,708,948 | ---- | M] () -- C:\Users\Seppl\Desktop\clip0003.avi
[2010.05.08 21:55:01 | 003,261,586 | ---- | M] () -- C:\Users\Seppl\Desktop\hintergrund.psd
[2010.05.06 15:59:33 | 000,000,878 | ---- | M] () -- C:\Users\Seppl\Desktop\Grand Theft Auto IV - Episodes From Liberty City.lnk
[2010.05.05 14:03:53 | 000,139,432 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2010.05.03 14:47:05 | 005,378,683 | ---- | M] () -- C:\Users\Seppl\Desktop\And Then I Kiss Him.mp3
[2010.05.03 14:46:47 | 003,909,556 | ---- | M] () -- C:\Users\Seppl\Desktop\Brothers.mp3
[2010.05.03 14:46:38 | 003,512,495 | ---- | M] () -- C:\Users\Seppl\Desktop\Tennessee.mp3
[2010.05.02 10:49:23 | 003,358,566 | ---- | M] () -- C:\Users\Seppl\Desktop\die suche.mp3
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.04.29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.04.23 22:23:47 | 013,652,197 | ---- | M] () -- C:\Users\Seppl\Desktop\Katerine_-_Ayo_Technology.mp4
[2010.04.23 22:19:52 | 000,000,923 | ---- | M] () -- C:\Users\Public\Desktop\Camtasia Studio 7.lnk
[2010.04.17 18:54:13 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.04.14 13:04:17 | 000,000,613 | ---- | M] () -- C:\Windows\win.ini
[2010.04.13 22:39:35 | 000,000,036 | -H-- | M] () -- C:\Users\Seppl\AppData\Roaming\swk.ini
[2010.04.13 15:40:00 | 000,000,851 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010.04.13 15:38:10 | 018,499,623 | ---- | M] () -- C:\Users\Seppl\Desktop\vlc-1.0.5-win32.exe
[2010.04.04 11:12:27 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
 
========== Files Created - No Company Name ==========
 
[2010.07.02 23:32:25 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.07.02 20:44:34 | 000,001,016 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.29 14:41:42 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.06.29 14:34:00 | 000,001,955 | ---- | C] () -- C:\Users\Public\Desktop\Free Games & Music.lnk
[2010.06.29 14:34:00 | 000,001,271 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2010.06.20 17:16:53 | 001,245,744 | ---- | C] () -- C:\Users\Seppl\Desktop\IMG_0020.JPG
[2010.06.19 20:30:30 | 001,341,830 | ---- | C] () -- C:\Users\Seppl\Desktop\Sample Pictures2.jpg
[2010.06.19 20:30:21 | 000,050,348 | ---- | C] () -- C:\Users\Seppl\Desktop\kiss.jpg
[2010.06.19 20:30:09 | 001,618,145 | ---- | C] () -- C:\Users\Seppl\Desktop\Sample Pictures6.jpg
[2010.06.17 13:48:52 | 000,001,831 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7.2.lnk
[2010.06.13 00:05:11 | 000,149,254 | ---- | C] () -- C:\Users\Seppl\Desktop\Melly453.jpg
[2010.06.13 00:05:07 | 000,169,356 | ---- | C] () -- C:\Users\Seppl\Desktop\mel270100000.jpg
[2010.06.03 14:26:21 | 000,353,245 | ---- | C] () -- C:\Users\Seppl\Desktop\Pic4846.jpg
[2010.06.03 00:45:46 | 003,188,218 | ---- | C] () -- C:\Users\Seppl\Desktop\DSC02475.jpg
[2010.06.02 19:01:20 | 001,109,863 | ---- | C] () -- C:\Users\Seppl\Desktop\fertig.jpg
[2010.06.02 12:25:58 | 000,942,989 | ---- | C] () -- C:\Users\Seppl\Desktop\Anlagen.pdf
[2010.05.28 09:47:54 | 000,698,518 | ---- | C] () -- C:\Users\Seppl\Desktop\Thats Me (4).jpg
[2010.05.25 00:17:07 | 000,030,953 | ---- | C] () -- C:\Users\Seppl\Desktop\James CMC xD.JPG
[2010.05.23 22:22:28 | 000,278,297 | ---- | C] () -- C:\Users\Seppl\Desktop\du.jpg
[2010.05.23 21:43:25 | 032,468,309 | ---- | C] () -- C:\Users\Seppl\Desktop\IMG_1367.psd
[2010.05.23 19:56:29 | 001,337,677 | ---- | C] () -- C:\Users\Seppl\Desktop\DSCI0094.JPG
[2010.05.23 19:56:15 | 001,307,057 | ---- | C] () -- C:\Users\Seppl\Desktop\DSCI0093.JPG
[2010.05.23 19:45:39 | 000,635,682 | ---- | C] () -- C:\Users\Seppl\Desktop\IMG_1367.JPG
[2010.05.23 19:40:30 | 002,216,463 | ---- | C] () -- C:\Users\Seppl\Desktop\_MG_4124.JPG
[2010.05.23 19:39:21 | 002,140,608 | ---- | C] () -- C:\Users\Seppl\Desktop\_MG_4123.JPG
[2010.05.23 19:38:48 | 001,921,356 | ---- | C] () -- C:\Users\Seppl\Desktop\_MG_4120.JPG
[2010.05.21 17:41:33 | 000,042,611 | ---- | C] () -- C:\Users\Seppl\Desktop\l_88cd20875b4e470d83e92bbfdfa6a0f2.jpg
[2010.05.20 02:12:34 | 000,790,899 | ---- | C] () -- C:\Users\Seppl\Desktop\IMAG0911.JPG
[2010.05.18 15:40:03 | 000,405,657 | ---- | C] () -- C:\Users\Seppl\Desktop\Bild007.jpg
[2010.05.18 15:39:57 | 000,447,308 | ---- | C] () -- C:\Users\Seppl\Desktop\Bild010.jpg
[2010.05.18 15:39:19 | 000,044,534 | ---- | C] () -- C:\Users\Seppl\Desktop\23-10-09.jpg
[2010.05.18 15:38:29 | 000,044,895 | ---- | C] () -- C:\Users\Seppl\Desktop\Webcam6.jpg
[2010.05.18 15:37:56 | 000,045,654 | ---- | C] () -- C:\Users\Seppl\Desktop\Sonnenbrand!.jpg
[2010.05.18 15:37:42 | 000,172,521 | ---- | C] () -- C:\Users\Seppl\Desktop\Pic4771.jpg
[2010.05.18 15:37:36 | 000,155,677 | ---- | C] () -- C:\Users\Seppl\Desktop\Pic4783.jpg
[2010.05.18 15:36:54 | 000,163,132 | ---- | C] () -- C:\Users\Seppl\Desktop\Pic3771.jpg
[2010.05.18 15:36:45 | 000,156,016 | ---- | C] () -- C:\Users\Seppl\Desktop\Pic4082.jpg
[2010.05.18 15:36:42 | 000,152,619 | ---- | C] () -- C:\Users\Seppl\Desktop\Pic4081.jpg
[2010.05.18 15:36:02 | 000,863,020 | ---- | C] () -- C:\Users\Seppl\Desktop\Pic4393.jpg
[2010.05.18 15:35:58 | 000,919,248 | ---- | C] () -- C:\Users\Seppl\Desktop\Pic4410.jpg
[2010.05.18 15:35:31 | 000,245,600 | ---- | C] () -- C:\Users\Seppl\Desktop\Pic4114.jpg
[2010.05.18 15:35:11 | 000,301,357 | ---- | C] () -- C:\Users\Seppl\Desktop\Pic3565.jpg
[2010.05.15 12:25:24 | 000,000,799 | ---- | C] () -- C:\Users\Public\Desktop\Vuze.lnk
[2010.05.14 15:52:17 | 000,183,732 | ---- | C] () -- C:\Users\Seppl\Desktop\na wer ist das.jpg
[2010.05.10 16:54:33 | 035,708,948 | ---- | C] () -- C:\Users\Seppl\Desktop\clip0003.avi
[2010.05.08 21:28:34 | 003,261,586 | ---- | C] () -- C:\Users\Seppl\Desktop\hintergrund.psd
[2010.05.06 15:59:33 | 000,000,878 | ---- | C] () -- C:\Users\Seppl\Desktop\Grand Theft Auto IV - Episodes From Liberty City.lnk
[2010.05.05 14:03:53 | 000,139,432 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010.05.03 14:44:17 | 005,378,683 | ---- | C] () -- C:\Users\Seppl\Desktop\And Then I Kiss Him.mp3
[2010.05.03 14:44:17 | 003,909,556 | ---- | C] () -- C:\Users\Seppl\Desktop\Brothers.mp3
[2010.05.03 14:44:17 | 003,512,495 | ---- | C] () -- C:\Users\Seppl\Desktop\Tennessee.mp3
[2010.05.02 10:47:15 | 003,358,566 | ---- | C] () -- C:\Users\Seppl\Desktop\die suche.mp3
[2010.04.23 22:21:33 | 013,652,197 | ---- | C] () -- C:\Users\Seppl\Desktop\Katerine_-_Ayo_Technology.mp4
[2010.04.23 22:19:52 | 000,000,923 | ---- | C] () -- C:\Users\Public\Desktop\Camtasia Studio 7.lnk
[2010.04.17 18:54:13 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.04.13 22:41:37 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2010.04.13 22:39:35 | 000,000,036 | -H-- | C] () -- C:\Users\Seppl\AppData\Roaming\swk.ini
[2010.04.13 15:40:00 | 000,000,851 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010.04.13 15:36:21 | 018,499,623 | ---- | C] () -- C:\Users\Seppl\Desktop\vlc-1.0.5-win32.exe
[2010.04.08 06:51:14 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.04.04 11:12:27 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo
[2010.03.03 02:00:00 | 004,555,278 | ---- | C] () -- C:\Windows\SysWow64\libavcodec.dll
[2010.03.03 02:00:00 | 001,449,935 | ---- | C] () -- C:\Windows\SysWow64\ffmpegmt.dll
[2010.03.03 02:00:00 | 000,882,688 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010.03.03 02:00:00 | 000,877,385 | ---- | C] () -- C:\Windows\SysWow64\ff_x264.dll
[2010.03.03 02:00:00 | 000,556,491 | ---- | C] () -- C:\Windows\SysWow64\libmplayer.dll
[2010.03.03 02:00:00 | 000,336,384 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
[2010.03.03 02:00:00 | 000,324,096 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2010.03.03 02:00:00 | 000,248,320 | ---- | C] () -- C:\Windows\SysWow64\ff_kernelDeint.dll
[2010.03.03 02:00:00 | 000,216,576 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2010.03.03 02:00:00 | 000,169,984 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2010.03.03 02:00:00 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2010.03.03 02:00:00 | 000,145,408 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2010.03.03 02:00:00 | 000,121,856 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2010.03.03 02:00:00 | 000,116,736 | ---- | C] () -- C:\Windows\SysWow64\ff_tremor.dll
[2010.03.03 02:00:00 | 000,100,864 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2010.03.03 02:00:00 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2010.03.03 02:00:00 | 000,010,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.02.06 12:51:15 | 001,499,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.12.30 15:35:33 | 000,000,082 | ---- | C] () -- C:\Windows\VSWizard.ini
[2009.11.14 20:37:08 | 000,154,112 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
[2009.11.14 20:33:38 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
[2009.11.14 20:11:50 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\avss.dll
[2009.11.14 20:11:42 | 000,150,016 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
[2009.11.14 20:11:42 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
[2009.11.14 20:11:40 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
[2009.11.14 20:11:40 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\avi.dll
[2009.11.14 20:11:38 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\avs.dll
[2009.11.14 20:11:32 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
[2009.11.14 20:11:32 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
[2009.11.07 20:28:34 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009.11.07 20:28:34 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009.11.06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009.10.20 20:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009.08.16 12:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009.08.03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.07 18:24:04 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009.01.11 00:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\mmfinfo.dll
[2009.01.05 14:44:10 | 000,000,483 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2007.10.13 11:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\SysWow64\Registration.ini
[2007.02.05 21:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
 
========== LOP Check ==========
 
[2009.11.07 21:29:30 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\1&1
[2010.05.21 01:37:54 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\1st Free Solitaire
[2010.06.13 11:08:13 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\Azureus
[2010.01.17 19:14:59 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\CPUControl
[2009.12.21 10:49:00 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\DAEMON Tools Lite
[2010.03.04 11:41:36 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\DeepBurner
[2010.03.27 15:03:09 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\FreeFLVConverter
[2010.04.13 12:50:18 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\FrostWire
[2010.07.02 20:56:27 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\ICQ
[2009.11.24 18:51:58 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\Leadertech
[2010.03.18 22:08:17 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\LG Electronics
[2010.04.23 22:27:46 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\ManyCam
[2010.03.28 15:18:53 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\TeamViewer
[2009.11.08 18:11:38 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\Uniblue
[2009.11.09 12:40:35 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\Win7codecs
[2010.06.27 08:56:16 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >

--- --- ---

Zitat:

Zitat von OTLFix.log

All processes killed
========== OTL ==========
C:\Users\Seppl\AppData\Roaming\jfTXLiHyP2tAcoxprl\CamSpy V2.3 Installer\2.3.0.0 folder moved successfully.
C:\Users\Seppl\AppData\Roaming\jfTXLiHyP2tAcoxprl\CamSpy V2.3 Installer folder moved successfully.
C:\Users\Seppl\AppData\Roaming\jfTXLiHyP2tAcoxprl folder moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5ed02bec-ee0d-11de-bc33-4061862e2a89}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5ed02bec-ee0d-11de-bc33-4061862e2a89}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5ed02bec-ee0d-11de-bc33-4061862e2a89}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5ed02bec-ee0d-11de-bc33-4061862e2a89}\ not found.
File G:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BA14329E-9550-4989-B3F2-9732E92D17CC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}\ deleted successfully.
C:\Program Files (x86)\Vuze_Remote\tbVuze.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
File C:\Program Files (x86)\Vuze_Remote\tbVuze.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
File C:\Program Files (x86)\Vuze_Remote\tbVuze.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\searchplugin folder moved successfully.
C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\META-INF folder moved successfully.
C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\lib folder moved successfully.
C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\defaults folder moved successfully.
C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components folder moved successfully.
C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\chrome folder moved successfully.
C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} folder moved successfully.
C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\searchplugin folder moved successfully.
C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\META-INF folder moved successfully.
C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\lib folder moved successfully.
C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\defaults folder moved successfully.
C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components folder moved successfully.
C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\chrome folder moved successfully.
C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} folder moved successfully.
Prefs.js: "hxxp://search.babylon.com/home" removed from browser.startup.homepage
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
File C:\Program Files (x86)\Vuze_Remote\tbVuze.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
File C:\Program Files (x86)\Vuze_Remote\tbVuze.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{542e4d79-1970-4e95-9862-fdb96f61b280} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{542e4d79-1970-4e95-9862-fdb96f61b280}\ deleted successfully.
C:\Program Files (x86)\Messenger_Plus_Live_Germany\tbMes1.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{542e4d79-1970-4e95-9862-fdb96f61b280}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{542e4d79-1970-4e95-9862-fdb96f61b280}\ not found.
File C:\Program Files (x86)\Messenger_Plus_Live_Germany\tbMes1.dll not found.
========== FILES ==========
C:\Program Files (x86)\Vuze_Remote folder moved successfully.
========== REGISTRY ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Seppl
->Temp folder emptied: 2506062 bytes
->Temporary Internet Files folder emptied: 44688488 bytes
->Java cache emptied: 647180 bytes
->FireFox cache emptied: 148462104 bytes
->Flash cache emptied: 1809 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 103104 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67765 bytes
RecycleBin emptied: 11165968833 bytes

Total Files Cleaned = 10.836,00 mb

OTL by OldTimer - Version 3.2.7.0 log created on 07022010_232254

Files\Folders moved on Reboot...
C:\Users\Seppl\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Heike · 03.07.2010, 06:04

Zitat:

C:\Users\Seppl\Documents\Azureus Downloads\Nero 7.10.1.0\Nero-7.10.1.0_eng_full.exe Win32/Toolbar.AskSBar application (deleted - quarantined) 00000000000000000000000000000000 C

da sieht man es mal wieder, man sollte die Hände von Cracks lassen.

Normalerweise gilt in solchen Fällen: Neuaufsetzen des PC.

Larusso · 03.07.2010, 08:20

Och Heike, ist doch nur ne ToolBar

Kaspersky Online Scanner

Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.

Anmerkung für Vista-User: Bitte den Browser unbedingt als Administrator starten.
Bitte während des Scans alle Hintergrundwächter abstellen/deaktivieren.
Java muss installiert, aktiv und erlaubt sein.
Bebilderte Anleitung von sundavis.
Dieser Scanner entfernt die Funde nicht, gibt aber einen guten Überblick.

Wir werden Dir helfen, die Funde manuell vom System zu entfernen.
Die Datenschutzerklärung akzeptieren.
Programm installieren lassen.
Update der Signaturen installieren lassen.
Wenn der Status "Complete" ist,
Scan-Einstellungen (Settings) Standard lassen
Links den Link "My Computer" anklicken.
Scan beginnt automatisch.
Wenn der Scan fertig ist, auf "View scan report" klicken,
"Save report as" und Dateityp auf .txt umstellen,
und auf dem Desktop als Kaspersky.txt speichern.
Logdatei hier posten.
Deinstallation ist nicht nötig, alle Dateien werden in temporären Ordnern gespeichert.

Schritt 2

Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.

Bitte poste in Deiner nächsten Antwort
Kaspersky.txt
OTL.txt
Extras.txt

Heike · 03.07.2010, 08:51

Zitat:

Zitat von Larusso

Och Heike, ist doch nur ne ToolBar

hmmm, egal was es in diesem Fall ist, er mag Cracks.

Und da ist es eben so: wer mit dem Feuer spielt kann sich auch mal verbrennen.

Aus meiner Sicht: verdient er auch, kein Mitleid.

Seppl21 · 03.07.2010, 09:57

Ich erwarte kein Mitleid und bin über jede freundliche Hilfe sehr dankbar.
Nun, der Log von Kaspersky dauert etwas, denn bin erst bei 14% und es läuft schon knapp eine Stunde :-)

lg Seppl

Hacker · 03.07.2010, 10:04

@TO
Kurze Frage: Ist der Rechener von deinem Bruder 100% sauber?
Ansonsten würde ich die Passwörter am besten über eine Knoppix live DVD ändern.
Ist sicherer.

@Heike

Zitat:

er mag Cracks.

Wer mag sie nicht? Sie sind doch so schön knusprig

Heike · 03.07.2010, 10:11

@Hacker
wer Cracks mag sollte damit umgehen können, und dann nicht zum Heulen auftauchen.
Wie gesagt: wer mit dem Teufel spielt kann sich auch mal verbrennen.

Seppl21 · 03.07.2010, 10:30

Zitat:

Zitat von Hacker

@TO
Kurze Frage: Ist der Rechener von deinem Bruder 100% sauber?
Ansonsten würde ich die Passwörter am besten über eine Knoppix live DVD ändern.
Ist sicherer.
[...]

Ja das haben wir danach auch festgestellt, da wir so eine DVD haben. Doch auch wenn es sicherer ist, hatten wir genug Sicherheitsvorkehrungen (Internet auf Hauptrechner trennen, Netzwerkfreigaben und ähnliches ausstellen, getroffen. Da das ein alter Laptop war und er gar nicht zu der Zeit lief, hätte auch in der Zwischenzeit kein Trojaner darauf Platz finden können)

Da die Passwörter inzwischen schon komplett geändert wurden, brauchen wir uns darüber nun auch keine Gedanken mehr zu machen.

Zitat:

Zitat von Heike

@Hacker
wer Cracks mag sollte damit umgehen können, und dann nicht zum Heulen auftauchen.
Wie gesagt: wer mit dem Teufel spielt kann sich auch mal verbrennen.

Ich weiß nicht wie alt du bist, doch dein Niveau lässt wirklich zu wünschen übrig. Ich habe in den Forum nach Hilfe gesucht und habe sie auch bekommen, dafür ist es ja da. Wenn jeder, der hier ungewollt, oder fahrlässig angegriffen wurde und sich beraten lässt, schon deiner Meinung nach "als heulend" bezeichnest, solltest du dir mal ein Kniggebuch zulegen.

Ich bitte zudem solchen Off Topic zu lassen und sich dem Thread zu widmen.
Die entsprechenden Logs werden in kürze hier gepostet. Noch einmal herzlichsten Dank an Larusso.

lg

Seppl

Drohung Veröffentlichung von Daten, Accounts und Passwörter auf einschlägigen Hackerseiten

Log-Analyse und Auswertung: Drohung Veröffentlichung von Daten, Accounts und Passwörter auf einschlägigen Hackerseiten