Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Drohung Veröffentlichung von Daten, Accounts und Passwörter auf einschlägigen Hackerseiten (https://www.trojaner-board.de/87731-drohung-veroeffentlichung-daten-accounts-passwoerter-einschlaegigen-hackerseiten.html)

Seppl21 02.07.2010 16:56
Drohung Veröffentlichung von Daten, Accounts und Passwörter auf einschlägigen Hackerseiten
 
Ich habe eben folgende Mail bekommen:

(auflistung privater Daten)

Name, Nachname
Geburtsdatum- ort
Straße
Wohnort
Handynummer
Emailaddresse

Interesse an Kunststoff- und Kautschuktechnik. Mehrere Bewerbungen, intime Nachrichten u.Ä. im Emailpostfach. Kann jederzeit wieder auf ihr Postfach zugreifen, auch wenn sie das Passwort ändern.
Habe vorsichtshalbar ein Backup der ganzen Emailnachrichten erstellt & diese lokal auf dem PC gespeichert.. ziemlich lustige Sachen darin ;)

Steam Account (gebannt):ADDY Passwort: PASSWORT:XXXXX


Auszug einiger Passwörter damit du siehst das ich es ernst mein:
Seiten + PW


Gibt noch viel viel mehr davon.. werde ALLE (inkl. Adresse + Foto + intime Emails + Email einiger relevanten Personen) auf den einschlägigsten Hackerseiten veröffentlicht falls ich die 150PSC nicht zeitgerecht erhalten sollte.
Sie wissen garnicht wieviele Daten, Infos & Passwörter ich noch von ihnen habe.. Wahnsinn.

Foto: hxxp://www.imagebanana.com/img/xxxxx

Sonst werden die begabtesten Hacker alle Accounts auf Wert durchforsten & immensen Sachschaden anrichten. Bis hin zu Carding auf ihre/ihr Wohnung/Haus. (Versandhausbetrug etc.)
Passwörter ändern bringt ihnen jetzt auch nichts mehr, da ich diese immer wieder auf ihre Email zurücksetzten lassen kann.

Wie sie schon wissen ( sie hatten schonmal mit Paysafecards zu tun), kann man diese easy an jeder Tanke kaufen.

Die 150€ Paysafecard -Codes (1x 100€ & 1x 50€) an:
martin.dietrich11@web.de
(anonyme email / sitzte hinter Servern die die IP's nicht loggen. Bin nicht zurückverfolgbar. )
Ich gebe ihnen bis morgen Abend 21Uhr Zeit.
Wenn ich die Codes rechtzeitig bekomme werden alle relevanten Daten gelöscht & ihr Emailpostfach wieder von meiner Beschränkung aufgehoben. Ich gebe ihnen diese Chance.
- Falls nicht, wissen sie ja was passiert.


WEB.DE DSL ab 19,99 Euro/Monat. Bis zu 150,- Euro Startguthaben und
50,- Euro Geldprämie inklusive! https://freundschaftswerbung.web.de

----------------------------------------------------------------------

Jemand hat sich Zugang zu meinen PC verschafft und alle PW meines Browsers ausgelesen, in denen Zugang zu diversen Seiten habe. Desweiteren muss er Zugang zum PC bekommen, sonst wäre er nicht an Steam PW gelangt. Die Addressen hat er durch die Bewerbungen erhalten.

Derzeit lass ich Avira laufen, sowie online virenscanner und sykbot search und destroy.

Folgender hijacki-log wurde ausgewertet:

HiJackthis Logfile:
Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:25:31, on 02.07.2010
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
D:\Internet\Internet Programme\1&1 EasyLogin\EasyLogin.exe
C:\Windows\SysWOW64\Atray.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
D:\Internet\Internet Programme\firefox.exe
D:\Internet\Internet Programme\plugin-container.exe
C:\PROGRA~2\Java\jre6\bin\jp2launcher.exe
C:\Program Files (x86)\Java\jre6\bin\java.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
D:\Internet\Internet Programme\Spybot - Search & Destroy\SpybotSD.exe
C:\program files (x86)\avira\antivir desktop\avcenter.exe
C:\Users\Seppl\Downloads\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://googleal.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://googleal.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = hxxp://go.1und1.de/suchbox/1und1suche?su=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer bereitgestellt von 1&1 Internet AG
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: Messenger Plus Live Germany Toolbar - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files (x86)\Messenger_Plus_Live_Germany\tbMes1.dll
R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
R3 - URLSearchHook: (no name) -  - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Messenger Plus Live Germany Toolbar - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files (x86)\Messenger_Plus_Live_Germany\tbMes1.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
O2 - BHO: 1&&1 Internet AG Browser Configuration by mquadr.at - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\Windows\SysWow64\ieconfig_1und1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Messenger Plus Live Germany Toolbar - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files (x86)\Messenger_Plus_Live_Germany\tbMes1.dll
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [atray] atray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [mumservice] C:\Program Files\Motorola\Software Update\mumservice.exe
O4 - HKLM\..\Run: [RestartNeroSetup] "C:\Program Files (x86)\Common Files\Ahead\Nero Web\SetupX.exe"  MODE="update"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Internet Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [1&1 EasyLogin] D:\Internet Programme\1&1 EasyLogin\EasyLogin.exe
O4 - HKCU\..\Run: [EPSON Stylus DX5000 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBVE.EXE /FU "C:\Windows\TEMP\E_S3B50.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [\\GOLDBACH\EPSON Stylus DX5000 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBVE.EXE /FU "C:\Users\Seppl\AppData\Local\Temp\E_SD444.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Programme\Nützliche Tools\daemon tool\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Steam] "e:\steam\steam.exe" -silent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [ICQ] "D:\Internet\Internet Programme\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [Microsoft Updat] C:\Program Files\Internet Explorer\services.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Startup: 1&1 EasyLogin.lnk = D:\Internet\Internet Programme\1&1 EasyLogin\EasyLogin.exe
O4 - Startup: Microsoft.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ClickPotato - {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} - C:\Program Files (x86)\ClickPotatoLite\bin\10.0.511.0\ClickPotatoLiteSABHO.dll (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: IEConfig 1und1 Edition (serviceIEConfig) - Unknown owner - C:\Windows\SysWOW64\ieconfig_1und1_svc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14182 bytes
--- --- ---


-------------------------------------------------------------------------

Ich hoffe ihr könnt mir schleungist helfen -werde jetzt auf einen anderen Rechner PW - ändern.


Danke

Larusso 02.07.2010 17:12
:hallo:

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

Zu allererst, Ruhe bewaren. Anscheinend ne neue Masche damit du auf einen Link klickst. Hoffe nicht getan. Passwörter jedenfalls einmal ändern.


Schritt 2

Brich alle Scans die gerade laufen ab, sollten erstens sowieso der Reihe nach und nicht auf einmal gemacht werden.

Bereinigung mit Malwarebytes' Anti-Malware (Quick-Scan)

Downloade Dir bitte Malwarebytes
  • Installiere das Programm in den vorgegebenen Pfad.
  • Denke daran, bei Vista das Programm als Admin zu starten, ansonsten per Doppelklick starten.
  • Lasse es online updaten (Reiter Updates), sofern sich das Programm bereits auf dem Rechner befand.
  • Aktiviere "Quick-Scan durchführen" => Scan.
  • Wenn der Scan beendet ist, klicke auf "Ergebnisse anzeigen".
  • Bei Funden in C:\System Volume Information den Haken entfernen.
    Ansonsten wird dieser Systemwiederherstellungspunkt nicht mehr funktionieren.
    Er könnte jedoch trotz Malware noch gebraucht werden.
  • Versichere Dich, dass ansonsten alle Funde markiert sind und drücke "Entferne Auswahl".
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Scan-Berichte" finden.
  • Berichte, wie der Rechner nun läuft.


Schritt 3

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs


Bitte poste in Deiner nächsten Antwort
MBAM Log
OTL.txt
Extras.txt

Kujao 02.07.2010 19:19
nebenbei als tip auch die polizei natürlich einschalten meiner meinung nach weil das is kein kleikrams mehr und selbst wenn er hinter 7 proxy sitz kann man sowas zurückverfolgen kann aber einige zeit dauern :S


und fals die polizei eingeschaltet wird gib ihm die psc und schau mal dann mit dem code wo er eingekauft hat was er damit vorhat etc diese sachen nämlich können IMMER zurück verfolgt werden :)

Seppl21 02.07.2010 20:22
Ersteinmal herzlichsten Dank für die Hilfestellung und den angepriesenden Lösungsweg.

Nun ich habe jetzt 3h damit verbracht, allein nur meine sämmlichen Pässwörter auf dem Laptop meines Bruders zu ändern und habe mich dann an deine Schritte gehalten. Bei der Beurteilung meines PCs kann ich nicht viel sagen, mein PC ist mit guter Hardewar bestückt und ich habe ein DSL 6000 Zugang. Ein merkbarer Leistungsunterschied war so also nicht zu erkennen. Ich bin mir ziemlich sicher, dass ich bei beim Besuch einer Seite und der entsprechenden Datei spy.exe, mir diesen Trojaner und den Rest eingeholt habe. Bei dem ausführen der zwei Programme wurden etliche Störungen gemeldet, die offenbar gelöst wurden. Aber siehe selbst den Log:

Zitat:
Zitat von MBAM Log
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4268

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

02.07.2010 20:55:17
mbam-log-2010-07-02 (20-55-17).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 133897
Laufzeit: 3 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 31
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 3
Infizierte Dateien: 14

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\clickpotatoliteax.info (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\clickpotatoliteax.info.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\clickpotatoliteax.userprofiles (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\clickpotatoliteax.userprofiles.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\menubuttonie.buttonie (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\menubuttonie.buttonie.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{419eda30-6dff-432c-b534-e15d899abee4} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{0d82acd6-a652-4496-a298-2bde705f4227} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{11c27351-716b-4052-9361-e3b0a3f8221c} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7025e484-d4b0-441a-9f0b-69063bd679ce} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{8258b35c-05b8-4c0e-9525-9bccc70f8f2d} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{a89256ad-ec17-4a83-bef5-4b8bc4f39306} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1602f07d-8bf3-4c08-bdd6-dddb1c48aedc} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7a3d6d17-9dd5-4c60-8076-d1784dabaf8c} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ac6d819e-aa8f-4418-a3bb-d165c1b18bb5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{814baa91-dc22-4350-87d6-0c86e93f7f08} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c55ca95c-324b-451c-b2d2-6e895aa75fec} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b58926d6-cfb0-45d2-9c28-4b5a0f0368ae} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{b58926d6-cfb0-45d2-9c28-4b5a0f0368ae} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a078f691-9c07-4af2-bf43-35e79eecf8b7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{b58926d6-cfb0-45d2-9c28-4b5a0f0368ae} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1602f07d-8bf3-4c08-bdd6-dddb1c48aedc} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{ac6d819e-aa8f-4418-a3bb-d165c1b18bb5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.reporter (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.reporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\microsoft updat (Trojan.Dialer.Gen) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Homepage (Hijack.Homepage) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\ClickPotatoLiteSA (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Users\Seppl\AppData\Roaming\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Program Files\Internet Explorer\services.exe (Trojan.Dialer.Gen) -> Quarantined and deleted successfully.
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.exe (Trojan.Dialer.Gen) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\About Us.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Customer Support.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Uninstall Instructions.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAAbout.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAau.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAEULA.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA_hpk.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA_kyf.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Users\Seppl\AppData\Roaming\chrtmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\Packet.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Windows\wpcap.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
sowie

[QUOTE=OTL TXT]OTL Logfile:
Code:
OTL logfile created on: 02.07.2010 21:03:05 - Run 1
OTL by OldTimer - Version 3.2.7.0    Folder = C:\Users\Seppl\Downloads
64bit- An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 7,00 Gb Available Physical Memory | 83,00% Memory free
16,00 Gb Paging File | 15,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 68,36 Gb Total Space | 6,17 Gb Free Space | 9,02% Space Free | Partition Type: NTFS
Drive D: | 195,21 Gb Total Space | 34,41 Gb Free Space | 17,62% Space Free | Partition Type: NTFS
Drive E: | 202,04 Gb Total Space | 78,20 Gb Free Space | 38,71% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SEPPL-PC
Current User Name: Seppl
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2010.07.02 21:00:29 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Seppl\Downloads\OTL.exe
PRC - [2009.09.27 17:48:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009.07.21 15:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.05.13 17:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2009.03.02 14:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2003.05.15 22:42:26 | 000,529,920 | ---- | M] (ASKEY) -- C:\Windows\SysWOW64\Atray.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.07.02 21:00:29 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Seppl\Downloads\OTL.exe
MOD - [2009.07.14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.11.15 17:30:19 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009.07.14 03:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009.07.14 03:41:54 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\StorSvc.dll -- (StorSvc)
SRV:64bit: - [2009.07.14 03:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009.07.14 03:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009.03.30 18:19:56 | 002,297,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.06.02 16:58:20 | 000,246,520 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.03.18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 11:26:08 | 000,172,328 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009.12.30 00:59:29 | 000,321,320 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009.11.15 17:30:17 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.11.09 11:02:42 | 001,053,848 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\ieconfig_1und1_svc.exe -- (serviceIEConfig)
SRV - [2009.10.20 20:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009.09.27 17:48:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009.07.21 15:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.07.20 13:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.07.14 05:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)
SRV - [2009.07.14 05:20:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2009.07.13 22:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009.05.13 17:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.10.25 12:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2007.05.31 18:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 18:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2010.03.11 11:17:14 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2010.01.27 20:09:04 | 000,007,808 | ---- | M] (SweetLow) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidusbf.sys -- (hidusbf)
DRV:64bit: - [2010.01.21 03:03:10 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2010.01.21 03:03:08 | 000,033,280 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2010.01.21 03:03:06 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2009.12.20 15:37:36 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.12.07 17:00:50 | 000,074,880 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2009.11.17 18:01:20 | 000,294,400 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.10.27 13:10:18 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem)
DRV:64bit: - [2009.10.20 20:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009.07.14 15:35:40 | 000,226,616 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009.07.14 03:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009.07.14 03:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009.07.14 01:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009.07.14 01:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009.07.08 01:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.06.19 18:07:44 | 000,020,992 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)
DRV:64bit: - [2009.06.17 10:54:46 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2009.06.17 10:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009.06.17 10:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.08 12:56:26 | 000,053,632 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motodrv.sys -- (MotDev)
DRV:64bit: - [2009.05.04 18:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009.01.29 18:18:12 | 000,009,216 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl)
DRV:64bit: - [2008.11.04 04:20:56 | 000,098,144 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2008.06.27 08:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2008.03.13 09:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
DRV:64bit: - [2008.02.09 21:16:52 | 000,005,152 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\wcafix.sys -- (wcafix)
DRV:64bit: - [2007.05.09 22:50:48 | 000,050,208 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2007.05.09 22:46:48 | 001,127,328 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV:64bit: - [2007.05.09 22:46:36 | 000,016,032 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)
DRV - [2009.11.07 20:13:32 | 000,000,000 | ---D | M] [Kernel | System | Running] -- C:\Windows\CSC -- (CSC)
DRV - [2009.06.10 23:28:14 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2009.06.10 23:15:18 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2008.08.14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\adfs.sys -- (adfs)
DRV - [2007.02.07 20:27:46 | 000,014,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://googleal.com
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files (x86)\Messenger_Plus_Live_Germany\tbMes1.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://googleal.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://googleal.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 32 24 01 D2 DF 5F CA 01  [binary data]
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files (x86)\Messenger_Plus_Live_Germany\tbMes1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/home"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: {df4e4df5-5cb7-46b0-9aef-6c784c3249f8}:1.0.8
FF - prefs.js..extensions.enabledItems: locationbar2@design-noir.de:1.0.5
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.97
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.6.0.15
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.6
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\ClickPotatoLite@ClickPotatoLite.com: C:\Program Files (x86)\ClickPotatoLite\bin\10.0.511.0\firefox\extensions
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.06.29 14:34:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: D:\Internet Programme\components
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: D:\Internet Programme\plugins
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: D:\Internet\Internet Programme\components [2010.06.29 14:33:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: D:\Internet\Internet Programme\plugins [2010.07.01 19:42:30 | 000,000,000 | ---D | M]
 
[2009.11.07 21:37:52 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\mozilla\Extensions
[2010.07.01 21:17:51 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions
[2010.06.26 10:30:37 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009.11.08 20:35:24 | 000,000,000 | ---D | M] (TorrentBar) -- C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{7b821b0e-b102-4f9b-b6e3-433ede1fe379}
[2010.06.17 13:48:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.05.15 09:13:14 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009.11.08 20:35:25 | 000,000,000 | ---D | M] () -- C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{a7101e54-830c-4d33-a3ed-bedc17ec44da}
[2010.06.29 14:36:02 | 000,000,000 | ---D | M] (myBabylon English Toolbar) -- C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
[2010.04.16 08:39:30 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.05.15 12:25:06 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010.01.08 17:03:45 | 000,000,000 | ---D | M] (Fox!Box) -- C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}
[2009.11.08 20:35:25 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.03.06 18:23:11 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\locationbar2@design-noir.de
[2010.06.27 09:17:04 | 000,000,950 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-1.xml
[2009.09.11 10:44:03 | 000,000,961 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-10.xml
[2009.10.13 12:02:28 | 000,000,961 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-11.xml
[2009.10.13 12:13:24 | 000,000,961 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-12.xml
[2009.10.13 12:13:48 | 000,000,961 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-13.xml
[2009.10.13 12:21:50 | 000,000,961 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-14.xml
[2009.10.21 21:39:22 | 000,000,961 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-15.xml
[2010.06.27 18:57:42 | 000,000,950 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-16.xml
[2009.03.30 17:01:06 | 000,000,950 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-2.xml
[2009.05.05 17:23:41 | 000,000,950 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-3.xml
[2009.06.01 14:08:56 | 000,000,950 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-4.xml
[2009.06.02 00:01:36 | 000,000,950 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-5.xml
[2009.06.08 18:59:31 | 000,000,950 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-6.xml
[2009.07.06 16:07:41 | 000,000,950 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-7.xml
[2009.07.23 22:43:52 | 000,000,950 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-8.xml
[2009.08.05 15:45:19 | 000,000,950 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-9.xml
[2010.06.17 13:48:39 | 000,000,168 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin.gif
[2010.06.17 13:48:39 | 000,000,618 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin.src
[2010.05.12 18:40:06 | 000,001,042 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin.xml
 
O1 HOSTS File: ([2010.07.02 17:31:03 | 000,411,522 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 127.0.0.1        1-2005-search.com
O1 - Hosts: 127.0.0.1        123haustiereundmehr.com
O1 - Hosts: 14217 more lines...
O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Messenger Plus Live Germany Toolbar) - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files (x86)\Messenger_Plus_Live_Germany\tbMes1.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (1&&1 Internet AG Browser Configuration by mquadr.at) - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\Windows\SysWOW64\ieconfig_1und1.dll (mquadr.at software engineering und consulting GmbH)
O3 - HKLM\..\Toolbar: (Messenger Plus Live Germany Toolbar) - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files (x86)\Messenger_Plus_Live_Germany\tbMes1.dll⤀ File not found
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Messenger Plus Live Germany Toolbar) - {542E4D79-1970-4E95-9862-FDB96F61B280} - C:\Program Files (x86)\Messenger_Plus_Live_Germany\tbMes1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Microsoft Updat] C:\Program Files\Internet Explorer\services.exe File not found
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [atray] C:\Windows\SysWow64\Atray.exe (ASKEY)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [mumservice] C:\Program Files\Motorola\Software Update\mumservice.exe File not found
O4 - HKLM..\Run: [RestartNeroSetup] C:\Program Files (x86)\Common Files\Ahead\Nero Web\SetupX.exe File not found
O4 - HKCU..\Run: [\\GOLDBACH\EPSON Stylus DX5000 Series] C:\Windows\SysWow64\spool\DRIVERS\x64\3\E_FATIBVE.EXE File not found
O4 - HKCU..\Run: [1&1 EasyLogin] D:\Internet Programme\1&1 EasyLogin\EasyLogin.exe File not found
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] D:\Programme\Nützliche Tools\daemon tool\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EPSON Stylus DX5000 Series] C:\Windows\SysWow64\spool\DRIVERS\x64\3\E_FATIBVE.EXE File not found
O4 - HKCU..\Run: [ICQ] D:\Internet\Internet Programme\ICQ6.5\ICQ.exe File not found
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] D:\Internet Programme\Spybot - Search & Destroy\TeaTimer.exe File not found
O4 - HKCU..\Run: [Steam] e:\steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1&1 EasyLogin.lnk = D:\Internet\Internet Programme\1&1 EasyLogin\EasyLogin.exe (1&1 Internet AG)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.2
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Programme\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5ed02bec-ee0d-11de-bc33-4061862e2a89}\Shell - "" = AutoRun
O33 - MountPoints2\{5ed02bec-ee0d-11de-bc33-4061862e2a89}\Shell\AutoRun\command - "" = G:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.07.02 20:45:00 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Roaming\Malwarebytes
[2010.07.02 20:44:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.07.02 20:44:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.07.02 20:44:30 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.07.02 20:44:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.07.02 17:36:53 | 000,000,000 | ---D | C] -- C:\Windows\BDOSCAN8
[2010.06.29 15:38:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2010.06.29 14:37:07 | 000,000,000 | ---D | C] -- C:\Users\Seppl\Documents\Downloads
[2010.06.29 14:36:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BabelFish
[2010.06.29 14:34:09 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Local\Real
[2010.06.29 14:33:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2010.06.29 14:33:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2010.06.29 14:33:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2010.06.29 14:33:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Real
[2010.06.29 14:33:44 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Roaming\Real
[2010.06.29 14:33:18 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Local\Google
[2010.06.29 14:33:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2010.06.29 14:27:36 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Roaming\jfTXLiHyP2tAcoxprl
[2010.06.29 14:08:18 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Local\Apps
[2010.06.29 14:08:17 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Local\Deployment
[2010.06.29 14:08:10 | 000,000,000 | ---D | C] -- C:\Users\Seppl\Desktop\Personalausweis
[2010.06.23 11:57:30 | 000,000,000 | ---D | C] -- C:\Users\Seppl\Desktop\Fakecam
[2010.06.17 13:48:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ6Toolbar
[2010.06.17 13:48:39 | 000,000,000 | ---D | C] -- C:\ProgramData\ICQ
[2010.06.17 13:45:56 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Local\AOL
[2010.06.17 13:45:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.2
[2010.06.14 17:21:33 | 000,000,000 | ---D | C] -- C:\Users\Seppl\Desktop\Screens
[2010.06.13 01:21:22 | 000,000,000 | ---D | C] -- C:\Users\Seppl\Documents\FIFA 10
[2010.05.21 01:34:59 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Roaming\1st Free Solitaire
[2010.05.15 12:25:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vuze_Remote
[2010.05.15 12:25:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2010.05.09 23:14:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Messenger_Plus_Live_Germany
[2010.05.06 17:38:15 | 000,000,000 | ---D | C] -- C:\Users\Seppl\Desktop\GTA 4
[2010.05.06 16:23:03 | 000,000,000 | ---D | C] -- C:\Users\Seppl\Documents\Games for Windows - LIVE Demos
[2010.05.06 16:04:35 | 000,000,000 | ---D | C] -- C:\Users\Seppl\Documents\Rockstar Games
[2010.05.06 16:00:37 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Local\Rockstar Games
[2010.05.06 16:00:28 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2010.05.06 13:35:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2010.05.06 13:35:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2010.05.06 13:27:28 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[2010.04.29 00:13:31 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Roaming\DivX
[2010.04.26 09:45:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010.04.23 22:27:40 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Roaming\ManyCam
[2010.04.23 22:22:09 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Local\TechSmith
[2010.04.23 22:20:02 | 000,000,000 | ---D | C] -- C:\Users\Seppl\Documents\Camtasia Studio
[2010.04.23 22:19:59 | 000,411,480 | ---- | C] (TechSmith Corporation) -- C:\Windows\SysWow64\tsccvid.dll
[2010.04.23 22:19:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\QuickTime
[2010.04.23 22:19:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TechSmith Shared
[2010.04.23 22:19:46 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith
[2010.04.17 18:54:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010.04.17 18:54:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010.04.17 18:53:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2010.04.17 18:53:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010.04.17 18:53:34 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Local\Apple
[2010.04.17 18:53:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010.04.13 22:41:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2010.04.13 15:53:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\custom matrices
[2010.04.13 15:53:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\C2MP
[2010.04.13 15:40:23 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Roaming\vlc
[2010.04.13 14:33:17 | 000,000,000 | ---D | C] -- C:\Users\Seppl\Desktop\capale
 
========== Files - Modified Within 90 Days ==========
 
[2010.07.02 21:04:43 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.07.02 21:04:43 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.07.02 20:58:12 | 010,485,760 | -HS- | M] () -- C:\Users\Seppl\NTUSER.DAT
[2010.07.02 20:57:32 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.07.02 20:57:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.07.02 20:57:16 | 2146,099,199 | -HS- | M] () -- C:\hiberfil.sys
[2010.07.02 20:56:32 | 003,009,921 | -H-- | M] () -- C:\Users\Seppl\AppData\Local\IconCache.db
[2010.07.02 20:44:34 | 000,001,016 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.02 17:31:03 | 000,411,522 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010.07.01 19:42:30 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.06.29 14:56:29 | 000,408,679 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100702-173103.backup
[2010.06.29 14:41:42 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.06.29 14:34:00 | 000,001,955 | ---- | M] () -- C:\Users\Public\Desktop\Free Games & Music.lnk
[2010.06.29 14:34:00 | 000,001,271 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2010.06.29 14:33:47 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll
[2010.06.27 19:08:38 | 000,016,384 | ---- | M] () -- C:\Users\Seppl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.26 02:15:58 | 001,522,302 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.06.26 02:15:58 | 000,657,438 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.06.26 02:15:58 | 000,618,714 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.06.26 02:15:58 | 000,130,810 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.06.26 02:15:58 | 000,107,034 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.06.20 17:17:17 | 001,245,744 | ---- | M] () -- C:\Users\Seppl\Desktop\IMG_0020.JPG
[2010.06.19 20:30:58 | 001,341,830 | ---- | M] () -- C:\Users\Seppl\Desktop\Sample Pictures2.jpg
[2010.06.19 20:30:42 | 001,618,145 | ---- | M] () -- C:\Users\Seppl\Desktop\Sample Pictures6.jpg
[2010.06.19 20:30:23 | 000,050,348 | ---- | M] () -- C:\Users\Seppl\Desktop\kiss.jpg
[2010.06.17 13:48:52 | 000,001,831 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7.2.lnk
[2010.06.15 14:13:38 | 000,007,603 | ---- | M] () -- C:\Users\Seppl\AppData\Local\Resmon.ResmonCfg
[2010.06.09 22:18:50 | 003,017,928 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.06.03 14:26:29 | 000,353,245 | ---- | M] () -- C:\Users\Seppl\Desktop\Pic4846.jpg
[2010.06.03 00:47:13 | 003,188,218 | ---- | M] () -- C:\Users\Seppl\Desktop\DSC02475.jpg
[2010.06.02 19:03:44 | 001,109,863 | ---- | M] () -- C:\Users\Seppl\Desktop\fertig.jpg
[2010.06.02 12:32:22 | 000,942,989 | ---- | M] () -- C:\Users\Seppl\Desktop\Anlagen.pdf
[2010.05.28 09:50:22 | 000,698,518 | ---- | M] () -- C:\Users\Seppl\Desktop\Thats Me (4).jpg
[2010.05.23 22:22:31 | 000,278,297 | ---- | M] () -- C:\Users\Seppl\Desktop\du.jpg
[2010.05.23 22:22:15 | 032,468,309 | ---- | M] () -- C:\Users\Seppl\Desktop\IMG_1367.psd
[2010.05.23 19:59:10 | 001,337,677 | ---- | M] () -- C:\Users\Seppl\Desktop\DSCI0094.JPG
[2010.05.23 19:58:16 | 001,307,057 | ---- | M] () -- C:\Users\Seppl\Desktop\DSCI0093.JPG
[2010.05.23 19:46:16 | 000,635,682 | ---- | M] () -- C:\Users\Seppl\Desktop\IMG_1367.JPG
[2010.05.23 19:43:28 | 002,216,463 | ---- | M] () -- C:\Users\Seppl\Desktop\_MG_4124.JPG
[2010.05.23 19:42:51 | 002,140,608 | ---- | M] () -- C:\Users\Seppl\Desktop\_MG_4123.JPG
[2010.05.23 19:41:29 | 001,921,356 | ---- | M] () -- C:\Users\Seppl\Desktop\_MG_4120.JPG
[2010.05.21 14:09:05 | 000,042,611 | ---- | M] () -- C:\Users\Seppl\Desktop\l_88cd20875b4e470d83e92bbfdfa6a0f2.jpg
[2010.05.20 02:12:40 | 000,790,899 | ---- | M] () -- C:\Users\Seppl\Desktop\IMAG0911.JPG
[2010.05.18 15:40:11 | 000,405,657 | ---- | M] () -- C:\Users\Seppl\Desktop\Bild007.jpg
[2010.05.18 15:40:08 | 000,447,308 | ---- | M] () -- C:\Users\Seppl\Desktop\Bild010.jpg
[2010.05.18 15:39:21 | 000,044,534 | ---- | M] () -- C:\Users\Seppl\Desktop\23-10-09.jpg
[2010.05.18 15:38:30 | 000,044,895 | ---- | M] () -- C:\Users\Seppl\Desktop\Webcam6.jpg
[2010.05.18 15:37:58 | 000,045,654 | ---- | M] () -- C:\Users\Seppl\Desktop\Sonnenbrand!.jpg
[2010.05.18 15:37:45 | 000,172,521 | ---- | M] () -- C:\Users\Seppl\Desktop\Pic4771.jpg
[2010.05.18 15:37:39 | 000,155,677 | ---- | M] () -- C:\Users\Seppl\Desktop\Pic4783.jpg
[2010.05.18 15:36:56 | 000,163,132 | ---- | M] () -- C:\Users\Seppl\Desktop\Pic3771.jpg
[2010.05.18 15:36:48 | 000,156,016 | ---- | M] () -- C:\Users\Seppl\Desktop\Pic4082.jpg
[2010.05.18 15:36:45 | 000,152,619 | ---- | M] () -- C:\Users\Seppl\Desktop\Pic4081.jpg
[2010.05.18 15:36:25 | 000,863,020 | ---- | M] () -- C:\Users\Seppl\Desktop\Pic4393.jpg
[2010.05.18 15:36:22 | 000,919,248 | ---- | M] () -- C:\Users\Seppl\Desktop\Pic4410.jpg
[2010.05.18 15:35:36 | 000,245,600 | ---- | M] () -- C:\Users\Seppl\Desktop\Pic4114.jpg
[2010.05.18 15:35:18 | 000,301,357 | ---- | M] () -- C:\Users\Seppl\Desktop\Pic3565.jpg
[2010.05.15 12:25:24 | 000,000,799 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2010.05.14 15:52:17 | 000,183,732 | ---- | M] () -- C:\Users\Seppl\Desktop\na wer ist das.jpg
[2010.05.10 17:15:03 | 035,708,948 | ---- | M] () -- C:\Users\Seppl\Desktop\clip0003.avi
[2010.05.08 21:55:01 | 003,261,586 | ---- | M] () -- C:\Users\Seppl\Desktop\hintergrund.psd
[2010.05.06 15:59:33 | 000,000,878 | ---- | M] () -- C:\Users\Seppl\Desktop\Grand Theft Auto IV - Episodes From Liberty City.lnk
[2010.05.05 14:03:53 | 000,139,432 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2010.05.03 14:47:05 | 005,378,683 | ---- | M] () -- C:\Users\Seppl\Desktop\And Then I Kiss Him.mp3
[2010.05.03 14:46:47 | 003,909,556 | ---- | M] () -- C:\Users\Seppl\Desktop\Brothers.mp3
[2010.05.03 14:46:38 | 003,512,495 | ---- | M] () -- C:\Users\Seppl\Desktop\Tennessee.mp3
[2010.05.02 10:49:23 | 003,358,566 | ---- | M] () -- C:\Users\Seppl\Desktop\die suche.mp3
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.04.29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.04.23 22:23:47 | 013,652,197 | ---- | M] () -- C:\Users\Seppl\Desktop\Katerine_-_Ayo_Technology.mp4
[2010.04.23 22:19:52 | 000,000,923 | ---- | M] () -- C:\Users\Public\Desktop\Camtasia Studio 7.lnk
[2010.04.17 18:54:13 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.04.14 13:04:17 | 000,000,613 | ---- | M] () -- C:\Windows\win.ini
[2010.04.13 22:39:35 | 000,000,036 | -H-- | M] () -- C:\Users\Seppl\AppData\Roaming\swk.ini
[2010.04.13 15:40:00 | 000,000,851 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010.04.13 15:38:10 | 018,499,623 | ---- | M] () -- C:\Users\Seppl\Desktop\vlc-1.0.5-win32.exe
[2010.04.04 11:12:27 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
 
========== Files Created - No Company Name ==========
 
[2010.07.02 20:44:34 | 000,001,016 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.29 14:41:42 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.06.29 14:34:00 | 000,001,955 | ---- | C] () -- C:\Users\Public\Desktop\Free Games & Music.lnk
[2010.06.29 14:34:00 | 000,001,271 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2010.06.20 17:16:53 | 001,245,744 | ---- | C] () -- C:\Users\Seppl\Desktop\IMG_0020.JPG
[2010.06.19 20:30:30 | 001,341,830 | ---- | C] () -- C:\Users\Seppl\Desktop\Sample Pictures2.jpg
[2010.06.19 20:30:21 | 000,050,348 | ---- | C] () -- C:\Users\Seppl\Desktop\kiss.jpg
[2010.06.19 20:30:09 | 001,618,145 | ---- | C] () -- C:\Users\Seppl\Desktop\Sample Pictures6.jpg
[2010.06.17 13:48:52 | 000,001,831 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7.2.lnk
[2010.06.13 00:05:11 | 000,149,254 | ---- | C] () -- C:\Users\Seppl\Desktop\Melly453.jpg
[2010.06.13 00:05:07 | 000,169,356 | ---- | C] () -- C:\Users\Seppl\Desktop\mel270100000.jpg
[2010.06.03 14:26:21 | 000,353,245 | ---- | C] () -- C:\Users\Seppl\Desktop\Pic4846.jpg
[2010.06.03 00:45:46 | 003,188,218 | ---- | C] () -- C:\Users\Seppl\Desktop\DSC02475.jpg
[2010.06.02 19:01:20 | 001,109,863 | ---- | C] () -- C:\Users\Seppl\Desktop\fertig.jpg
[2010.06.02 12:25:58 | 000,942,989 | ---- | C] () -- C:\Users\Seppl\Desktop\Anlagen.pdf
[2010.05.28 09:47:54 | 000,698,518 | ---- | C] () -- C:\Users\Seppl\Desktop\Thats Me (4).jpg
[2010.05.25 00:17:07 | 000,030,953 | ---- | C] () -- C:\Users\Seppl\Desktop\James CMC xD.JPG
[2010.05.23 22:22:28 | 000,278,297 | ---- | C] () -- C:\Users\Seppl\Desktop\du.jpg
[2010.05.23 21:43:25 | 032,468,309 | ---- | C] () -- C:\Users\Seppl\Desktop\IMG_1367.psd
[2010.05.23 19:56:29 | 001,337,677 | ---- | C] () -- C:\Users\Seppl\Desktop\DSCI0094.JPG
[2010.05.23 19:56:15 | 001,307,057 | ---- | C] () -- C:\Users\Seppl\Desktop\DSCI0093.JPG
[2010.05.23 19:45:39 | 000,635,682 | ---- | C] () -- C:\Users\Seppl\Desktop\IMG_1367.JPG
[2010.05.23 19:40:30 | 002,216,463 | ---- | C] () -- C:\Users\Seppl\Desktop\_MG_4124.JPG
[2010.05.23 19:39:21 | 002,140,608 | ---- | C] () -- C:\Users\Seppl\Desktop\_MG_4123.JPG
[2010.05.23 19:38:48 | 001,921,356 | ---- | C] () -- C:\Users\Seppl\Desktop\_MG_4120.JPG
[2010.05.21 17:41:33 | 000,042,611 | ---- | C] () -- C:\Users\Seppl\Desktop\l_88cd20875b4e470d83e92bbfdfa6a0f2.jpg
[2010.05.20 02:12:34 | 000,790,899 | ---- | C] () -- C:\Users\Seppl\Desktop\IMAG0911.JPG
[2010.05.18 15:40:03 | 000,405,657 | ---- | C] () -- C:\Users\Seppl\Desktop\Bild007.jpg
[2010.05.18 15:39:57 | 000,447,308 | ---- | C] () -- C:\Users\Seppl\Desktop\Bild010.jpg
[2010.05.18 15:39:19 | 000,044,534 | ---- | C] () -- C:\Users\Seppl\Desktop\23-10-09.jpg
[2010.05.18 15:38:29 | 000,044,895 | ---- | C] () -- C:\Users\Seppl\Desktop\Webcam6.jpg
[2010.05.18 15:37:56 | 000,045,654 | ---- | C] () -- C:\Users\Seppl\Desktop\Sonnenbrand!.jpg
[2010.05.18 15:37:42 | 000,172,521 | ---- | C] () -- C:\Users\Seppl\Desktop\Pic4771.jpg
[2010.05.18 15:37:36 | 000,155,677 | ---- | C] () -- C:\Users\Seppl\Desktop\Pic4783.jpg
[2010.05.18 15:36:54 | 000,163,132 | ---- | C] () -- C:\Users\Seppl\Desktop\Pic3771.jpg
[2010.05.18 15:36:45 | 000,156,016 | ---- | C] () -- C:\Users\Seppl\Desktop\Pic4082.jpg
[2010.05.18 15:36:42 | 000,152,619 | ---- | C] () -- C:\Users\Seppl\Desktop\Pic4081.jpg
[2010.05.18 15:36:02 | 000,863,020 | ---- | C] () -- C:\Users\Seppl\Desktop\Pic4393.jpg
[2010.05.18 15:35:58 | 000,919,248 | ---- | C] () -- C:\Users\Seppl\Desktop\Pic4410.jpg
[2010.05.18 15:35:31 | 000,245,600 | ---- | C] () -- C:\Users\Seppl\Desktop\Pic4114.jpg
[2010.05.18 15:35:11 | 000,301,357 | ---- | C] () -- C:\Users\Seppl\Desktop\Pic3565.jpg
[2010.05.15 12:25:24 | 000,000,799 | ---- | C] () -- C:\Users\Public\Desktop\Vuze.lnk
[2010.05.14 15:52:17 | 000,183,732 | ---- | C] () -- C:\Users\Seppl\Desktop\na wer ist das.jpg
[2010.05.10 16:54:33 | 035,708,948 | ---- | C] () -- C:\Users\Seppl\Desktop\clip0003.avi
[2010.05.08 21:28:34 | 003,261,586 | ---- | C] () -- C:\Users\Seppl\Desktop\hintergrund.psd
[2010.05.06 15:59:33 | 000,000,878 | ---- | C] () -- C:\Users\Seppl\Desktop\Grand Theft Auto IV - Episodes From Liberty City.lnk
[2010.05.05 14:03:53 | 000,139,432 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010.05.03 14:44:17 | 005,378,683 | ---- | C] () -- C:\Users\Seppl\Desktop\And Then I Kiss Him.mp3
[2010.05.03 14:44:17 | 003,909,556 | ---- | C] () -- C:\Users\Seppl\Desktop\Brothers.mp3
[2010.05.03 14:44:17 | 003,512,495 | ---- | C] () -- C:\Users\Seppl\Desktop\Tennessee.mp3
[2010.05.02 10:47:15 | 003,358,566 | ---- | C] () -- C:\Users\Seppl\Desktop\die suche.mp3
[2010.04.23 22:21:33 | 013,652,197 | ---- | C] () -- C:\Users\Seppl\Desktop\Katerine_-_Ayo_Technology.mp4
[2010.04.23 22:19:52 | 000,000,923 | ---- | C] () -- C:\Users\Public\Desktop\Camtasia Studio 7.lnk
[2010.04.17 18:54:13 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.04.13 22:41:37 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2010.04.13 22:39:35 | 000,000,036 | -H-- | C] () -- C:\Users\Seppl\AppData\Roaming\swk.ini
[2010.04.13 15:40:00 | 000,000,851 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010.04.13 15:36:21 | 018,499,623 | ---- | C] () -- C:\Users\Seppl\Desktop\vlc-1.0.5-win32.exe
[2010.04.08 06:51:14 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.04.04 11:12:27 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo
[2010.03.03 02:00:00 | 004,555,278 | ---- | C] () -- C:\Windows\SysWow64\libavcodec.dll
[2010.03.03 02:00:00 | 001,449,935 | ---- | C] () -- C:\Windows\SysWow64\ffmpegmt.dll
[2010.03.03 02:00:00 | 000,882,688 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010.03.03 02:00:00 | 000,877,385 | ---- | C] () -- C:\Windows\SysWow64\ff_x264.dll
[2010.03.03 02:00:00 | 000,556,491 | ---- | C] () -- C:\Windows\SysWow64\libmplayer.dll
[2010.03.03 02:00:00 | 000,336,384 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
[2010.03.03 02:00:00 | 000,324,096 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2010.03.03 02:00:00 | 000,248,320 | ---- | C] () -- C:\Windows\SysWow64\ff_kernelDeint.dll
[2010.03.03 02:00:00 | 000,216,576 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2010.03.03 02:00:00 | 000,169,984 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2010.03.03 02:00:00 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2010.03.03 02:00:00 | 000,145,408 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2010.03.03 02:00:00 | 000,121,856 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2010.03.03 02:00:00 | 000,116,736 | ---- | C] () -- C:\Windows\SysWow64\ff_tremor.dll
[2010.03.03 02:00:00 | 000,100,864 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2010.03.03 02:00:00 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2010.03.03 02:00:00 | 000,010,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.02.06 12:51:15 | 001,499,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.12.30 15:35:33 | 000,000,082 | ---- | C] () -- C:\Windows\VSWizard.ini
[2009.11.14 20:37:08 | 000,154,112 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
[2009.11.14 20:33:38 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
[2009.11.14 20:11:50 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\avss.dll
[2009.11.14 20:11:42 | 000,150,016 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
[2009.11.14 20:11:42 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
[2009.11.14 20:11:40 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
[2009.11.14 20:11:40 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\avi.dll
[2009.11.14 20:11:38 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\avs.dll
[2009.11.14 20:11:32 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
[2009.11.14 20:11:32 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
[2009.11.07 20:28:34 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009.11.07 20:28:34 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009.11.06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009.10.20 20:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009.08.16 12:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009.08.03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.07 18:24:04 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009.01.11 00:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\mmfinfo.dll
[2009.01.05 14:44:10 | 000,000,483 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2007.10.13 11:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\SysWow64\Registration.ini
[2007.02.05 21:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
 
========== LOP Check ==========
 
[2009.11.07 21:29:30 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\1&1
[2010.05.21 01:37:54 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\1st Free Solitaire
[2010.06.13 11:08:13 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\Azureus
[2010.01.17 19:14:59 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\CPUControl
[2009.12.21 10:49:00 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\DAEMON Tools Lite
[2010.03.04 11:41:36 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\DeepBurner
[2010.03.27 15:03:09 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\FreeFLVConverter
[2010.04.13 12:50:18 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\FrostWire
[2010.07.02 20:56:27 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\ICQ
[2010.06.29 14:27:36 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\jfTXLiHyP2tAcoxprl
[2009.11.24 18:51:58 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\Leadertech
[2010.03.18 22:08:17 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\LG Electronics
[2010.04.23 22:27:46 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\ManyCam
[2010.03.28 15:18:53 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\TeamViewer
[2009.11.08 18:11:38 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\Uniblue
[2009.11.09 12:40:35 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\Win7codecs
[2010.06.27 08:56:16 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %systemroot%\system32\user32.dll /md5 >
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
 
< %systemroot%\system32\ws2help.dll /md5 >
[2009.07.14 03:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 -- C:\Windows\SysWOW64\ws2help.dll
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >
--- --- ---

Seppl21 02.07.2010 20:24
sowie Extras.txt. Sorry für den Doppelpost :)



[QUOTE=Extras.txt]
OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 02.07.2010 21:03:05 - Run 1
OTL by OldTimer - Version 3.2.7.0    Folder = C:\Users\Seppl\Downloads
64bit- An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 7,00 Gb Available Physical Memory | 83,00% Memory free
16,00 Gb Paging File | 15,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 68,36 Gb Total Space | 6,17 Gb Free Space | 9,02% Space Free | Partition Type: NTFS
Drive D: | 195,21 Gb Total Space | 34,41 Gb Free Space | 17,62% Space Free | Partition Type: NTFS
Drive E: | 202,04 Gb Total Space | 78,20 Gb Free Space | 38,71% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SEPPL-PC
Current User Name: Seppl
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- D:\Internet\Internet Programme\firefox.exe (Mozilla Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- D:\Internet\Internet Programme\firefox.exe (Mozilla Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Internet\Internet Programme\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "D:\Internet\Internet Programme\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "D:\Internet\Internet Programme\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "D:\Programme\Ausführende Programme - Player\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "D:\Programme\Ausführende Programme - Player\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "D:\Internet\Internet Programme\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "D:\Internet\Internet Programme\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\Ausführende Programme - Player\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "D:\Programme\Ausführende Programme - Player\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D11240-5C27-4FEF-855E-57AF99C1A538}" = Motorola Driver Installation 4.2.0
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{B0EFB716-085B-4564-8060-212E41F5CE50}" = Windows Live ID-Anmelde-Assistent
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"Win7x64 Components_is1" = Win7x64 Components v1.2.3
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2EF095CE-24AF-4AAA-BB82-85F988EC51C0}" = 1und1 Internet Explorer Add-On
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53FA9A9F-3C19-4D43-AD6B-DEF365D469BA}" = Camtasia Studio 7
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A67911E-8EB5-4F9A-8D8E-1C4CC590B914}" = Motorola Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{75C9CA43-7677-4F89-A971-1104A94DF0F2}" = CSE Demoplayer
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A06714C-F24B-4144-9BA2-788B5DD4F270}_is1" = ICQ Ignore Checker 1.3
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8ED35B48-AFBD-4F32-8271-2257AD8B907E}_is1" = Grand Theft Auto IV - Episodes From Liberty City
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_PROR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{993960EE-CA4D-443F-8F88-E24260DD5FD2}" = LG PC Suite
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4FEA924-630D-11D4-B78E-005004566E4D}" = ViewSonic Monitor Drivers
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CFFCE4FD-0066-4FF4-ACDE-607ED6683841}" = WLAN Card
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"1&1 EasyLogin" = 1&1 EasyLogin
"1STFREE_is1" = 1st Free Solitaire 1.7.1
"1und1 Internet Explorer Add-On" = 1und1 Internet Explorer Add-On
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CPU-Control_is1" = CPU-Control
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free FLV Converter_is1" = Free FLV Converter V 6.7.5
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"FrostWire" = FrostWire 4.20.3
"ICQToolbar" = ICQ Toolbar
"InstallShield_{CFFCE4FD-0066-4FF4-ACDE-607ED6683841}" = WLAN Card
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.2.5 Standard
"Magic ISO Maker v5.5 (build 0265)" = Magic ISO Maker v5.5 (build 0265)
"Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"ManyCam" = ManyCam 2.4 (remove only)
"Messenger Plus! Live" = Messenger Plus! Live
"Messenger_Plus_Live_Germany Toolbar" = Messenger_Plus_Live_Germany Toolbar
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PROR" = Microsoft Office Professional 2007-Testversion
"RealPlayer 12.0" = RealPlayer
"SpeedFan" = SpeedFan (remove only)
"Steam App 10" = Counter-Strike
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 410" = Portal: The First Slice
"TeamViewer 5" = TeamViewer 5
"VLC media player" = VLC media player 1.0.5
"Vuze_Remote Toolbar" = Vuze_Remote Toolbar
"Windows 7 - Codec Pack" = Windows 7 Codec Pack 2.5.0
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 22.06.2010 09:54:06 | Computer Name = Seppl-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "d:\Internet\internet
 programme\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "d:\Internet\internet programme\spybot - search & destroy\DelZip179.dll" in Zeile
 8.  Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 23.06.2010 05:21:27 | Computer Name = Seppl-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 23.06.2010 05:21:59 | Computer Name = Seppl-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "d:\Internet\internet
 programme\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "d:\Internet\internet programme\spybot - search & destroy\DelZip179.dll" in Zeile
 8.  Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 26.06.2010 08:52:26 | Computer Name = Seppl-PC | Source = Application Hang | ID = 1002
Description = Programm xBBrowser.exe, Version 2.0.0.20 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 914    Startzeit:
01cb152e542fedc7    Endzeit: 0    Anwendungspfad: D:\Programme\Nützliche Tools\XB Browser\XeroBank\xBBrowser.exe

Berichts-ID:
 
 
Error - 27.06.2010 18:26:12 | Computer Name = Seppl-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: msnmsgr.exe, Version: 14.0.8089.726,
 Zeitstempel: 0x4a6ce533  Name des fehlerhaften Moduls: PresenceIM.dll, Version: 14.0.8089.726,
 Zeitstempel: 0x4a6ce51e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000104a9  ID des fehlerhaften
 Prozesses: 0x1770  Startzeit der fehlerhaften Anwendung: 0x01cb1647bf925025  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Windows Live\Messenger\PresenceIM.dll
Berichtskennung:
 fd9b15c8-823a-11df-a068-4061862e2a88
 
Error - 29.06.2010 08:33:23 | Computer Name = Seppl-PC | Source = MsiInstaller | ID = 11704
Description =
 
Error - 29.06.2010 08:36:18 | Computer Name = Seppl-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 1.9.2.3828,
 Zeitstempel: 0x4c25a474  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16559,
 Zeitstempel: 0x4ba9b29c  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00022262  ID des fehlerhaften
 Prozesses: 0x1818  Startzeit der fehlerhaften Anwendung: 0x01cb17874a8f2411  Pfad der
 fehlerhaften Anwendung: D:\Internet\Internet Programme\plugin-container.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: e9aa52c9-837a-11df-8969-4061862e2a88
 
Error - 29.06.2010 10:14:28 | Computer Name = Seppl-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: EFLC.exe, Version: 1.1.1.0, Zeitstempel:
 0x4bb19157  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16559, Zeitstempel:
 0x4ba9b29c  Ausnahmecode: 0xc0000264  Fehleroffset: 0x000a1c92  ID des fehlerhaften Prozesses:
 0x560  Startzeit der fehlerhaften Anwendung: 0x01cb17910a638725  Pfad der fehlerhaften
 Anwendung: E:\Grand Theft Auto IV - Episodes From Liberty City\EFLC.exe  Pfad des
 fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: a097c04c-8388-11df-8969-4061862e2a88
 
Error - 29.06.2010 10:14:53 | Computer Name = Seppl-PC | Source = Application Hang | ID = 1002
Description = Programm EFLC.exe, Version 1.1.1.0 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 560    Startzeit:
01cb17910a638725    Endzeit: 591    Anwendungspfad: E:\Grand Theft Auto IV - Episodes From
 Liberty City\EFLC.exe    Berichts-ID: 
 
Error - 02.07.2010 03:48:00 | Computer Name = Seppl-PC | Source = Application Hang | ID = 1002
Description = Programm services.exe, Version 1.3.0.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 810    Startzeit:
01cb19ba71e929e5    Endzeit: 0    Anwendungspfad: C:\Program Files\Internet Explorer\services.exe

Berichts-ID:
 c680e1d7-85ad-11df-8b76-4061862e2a88 
 
[ System Events ]
Error - 03.05.2010 18:30:10 | Computer Name = Seppl-PC | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen
 Status gemeldet: 32
 
Error - 04.05.2010 04:05:56 | Computer Name = Seppl-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Cursor Acceleration Fix" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%31
 
Error - 04.05.2010 20:15:07 | Computer Name = Seppl-PC | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen
 Status gemeldet: 32
 
Error - 05.05.2010 02:24:29 | Computer Name = Seppl-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Cursor Acceleration Fix" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%31
 
Error - 05.05.2010 03:26:43 | Computer Name = Seppl-PC | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen
 Status gemeldet: 32
 
Error - 05.05.2010 04:41:11 | Computer Name = Seppl-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Cursor Acceleration Fix" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%31
 
Error - 05.05.2010 19:55:04 | Computer Name = Seppl-PC | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen
 Status gemeldet: 32
 
Error - 06.05.2010 04:41:38 | Computer Name = Seppl-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Cursor Acceleration Fix" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%31
 
Error - 06.05.2010 07:38:07 | Computer Name = Seppl-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "TeamViewer 5" wurde unerwartet beendet. Dies ist bereits 1
 Mal passiert.
 
Error - 06.05.2010 07:38:11 | Computer Name = Seppl-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Volumeschattenkopie" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
 
< End of report >
--- --- ---


lg


Seppl

Larusso 02.07.2010 20:42
Mir fehlt noch die Extras.txt

Da es sich um ein 64 bit System handelt, bin ich mit Remover Tools sehr eingeschränkt.

Schritt 1
Code:
:OTL
[2010.06.29 14:27:36 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Roaming\jfTXLiHyP2tAcoxprl
O33 - MountPoints2\{5ed02bec-ee0d-11de-bc33-4061862e2a89}\Shell - "" = AutoRun
O33 - MountPoints2\{5ed02bec-ee0d-11de-bc33-4061862e2a89}\Shell\AutoRun\command - "" = G:\Autorun.exe -- File not found
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O4 - HKLM..\Run: []  File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
[2010.05.15 12:25:06 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010.06.29 14:36:02 | 000,000,000 | ---D | M] (myBabylon English Toolbar) -- C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/home"
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files (x86)\Messenger_Plus_Live_Germany\tbMes1.dll (Conduit Ltd.)
O2 - BHO: (Messenger Plus Live Germany Toolbar) - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files (x86)\Messenger_Plus_Live_Germany\tbMes1.dll (Conduit Ltd.)
:files
C:\Program Files (x86)\Vuze_Remote
:reg
:Commands
[purity]
[emptytemp]
[reboot]
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


Schritt 2

Grundreinigung mit SUPERAntiSpyware
  • Bitte lade Dir SUPERAntiSpyware FREE Edition herunter.
  • Das Programm ist geeignet für: Windows 98, 98SE, ME, 2000, 2003, XP und Vista.
  • Installiere das Programm und lasse das Programm die neuesten Definition und Updates laden.
  • Eine bebilderte Anleitung findest Du hier.
  • Schließe alle Anwendungen inkl. Browser.
  • Öffne SUPERAntiSpyware und klicke auf Ihren Computer durchsuchen.
  • Setze ein Häkchen bei Kompletter Scan und klicke auf Weiter.
  • Wenn der Suchlauf beendet ist, wird Dir eine Übersicht mit den Funden angezeigt, die Du mit OK zur Kenntnis nimmst.
  • Achte darauf, dass bei allen Funden ein Häkchen steht, klicke dann auf Weiter und OK.
  • Klicke auf Fertig stellen, was Dich ins Hauptfenster bringt.
  • Es kann sein, dass Dein Rechner neu gestartet werden muss, um Malware mit dem Neustart vom System zu entfernen.
  • Um das Logfile zu erhalten, musst du erst auf Präferenzen und dann auf den Statistiken und Protokolle klicken.
  • Klicke auf das datierte Logfile, drücke auf Protokoll anzeigen. Nun erscheint ein Textfenster.
  • Bitte kopiere diesen Bericht hier in den Thread.


Schritt 3
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Unterstützte Betriebssysteme: Microsoft Windows 98/ME/NT 4.0/2000/XP und Windows Vista
  • Anmerkung für Vista-User: Bitte den Browser unbedingt als Administrator starten.
  • Dein Anti-Virus-Programm während des Scans deaktivieren.
  • Button "ESET Online Scanner" drücken.
  • Firefox-User müssen ein zusätzliches Addon (esetsmartinstaller_enu.exe) installieren.
  • Das Firefox-Addon auf dem Desktop speichern und dann installieren.
  • IE-User müssen das Installieren eines ActiveX Elements erlauben.
  • Einen Haken bei "Remove found threads" und "Scan archives" machen.
  • Start drücken.
  • Signaturen werden heruntergeladen.
  • Der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
  • IE-User zusätzlich: mit HJT folgenden Eintrag fixen:
  • O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control)

Schritt 4

Starte bitte OTL.exe und klicke auf den Quick Scan Button.


Bitte poste in Deiner nächsten Antwort
OTLFix.log
SASW Log
ESET log
OTL.txt
Berichte wie der Rechner läuft

Seppl21 03.07.2010 00:28
Also die Extras.txt habe ich doch in meinen letzten, also zweiten Posting erwähnt :)

Zitat:
Zitat von SASW.log
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 07/03/2010 at 00:13 AM

Application Version : 4.40.1002

Core Rules Database Version : 5150
Trace Rules Database Version: 2962

Scan type : Complete Scan
Total Scan Time : 00:35:24

Memory items scanned : 596
Memory threats detected : 0
Registry items scanned : 14685
Registry threats detected : 0
File items scanned : 45773
File threats detected : 465

Adware.Tracking Cookie
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@oberon-media[3].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@cts.zroitracker[1].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@cts.metricsdirect[1].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@atdmt[4].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@overture[1].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@media.licenseacquisition[1].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@2o7[3].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@content.yieldmanager[4].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@adtech[2].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@clicks.emarketmakers[1].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@weborama[3].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@www.sexcam-livecam[1].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@content.licenseacquisition[1].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@atwola[4].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@msnportal.112.2o7[2].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@ads.creative-serving[1].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@serving-sys[5].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@revsci[1].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@adfarm1.adition[2].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@trafficmp[1].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@gamecenter.oberon-media[3].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@ar.atwola[1].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@collective-media[1].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@paysafecardgroup.122.2o7[1].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@bs.serving-sys[4].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\Low\seppl@bs.serving-sys[1].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\Low\seppl@himedia.individuad[2].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\Low\seppl@tradedoubler[2].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\Low\seppl@serving-sys[1].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\Low\seppl@adtech[1].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\Low\seppl@adfarm1.adition[1].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\Low\seppl@doubleclick[1].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\Low\seppl@atdmt[1].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\Low\seppl@msnportal.112.2o7[1].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@content.yieldmanager[3].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@bs.serving-sys[1].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@track.adform[2].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@ad.yieldmanager[2].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@content.yieldmanager[2].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@atdmt[3].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@ww251.smartadserver[1].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@ads.bootcampmedia[1].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@atdmt[2].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@serving-sys[2].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@counter.top.chebra[1].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@adserver.terahost[2].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@clickandbuy[1].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@weborama[2].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@sevenoneintermedia.112.2o7[1].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@2o7[2].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@serving-sys[1].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@adserver2.clipkit[1].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@adbrite[2].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@msnportal.112.2o7[1].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@content.yieldmanager[1].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@ad.yieldmanager[3].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@xm.xtendmedia[1].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@atwola[2].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@adtech[1].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@questionmarket[1].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@atwola[1].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@oberon-media[2].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@adfarm1.adition[1].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@ad.adition[2].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@ad.adnet[1].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@www.windowsmedia[2].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@bs.serving-sys[3].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@gamecenter.oberon-media[2].txt
C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Cookies\seppl@serving-sys[3].txt
.himedia.individuad.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.adtech.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.adfarm1.adition.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.adtech.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.adserver.adtechus.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.im.banner.t-online.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
rts.pgmediaserve.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.bs.serving-sys.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.youporn.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.youporn.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.youporn.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.youporn.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
ads.youporn.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
ad.zanox.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
cdn5.specificclick.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
cdn5.specificclick.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.pornhub.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.pornhub.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.zanox.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.4stats.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
www.zanox-affiliate.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.zanox-affiliate.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.traffictrack.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
eas.apm.emediate.eu [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
eas.apm.emediate.eu [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.vodafonegroup.122.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
ad.zanox.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
creatives.commindo-media.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.revsci.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.4stats.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
ad.youporn.videobox.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.pornhub.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.imrworldwide.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.imrworldwide.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.xiti.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.collective-media.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
adx.chip.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
adx.chip.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.tacoda.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.tacoda.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.tacoda.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
adserver.sevenload.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.112.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.112.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
adserver.adreactor.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
de.sitestat.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
rotator.adjuggler.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
rotator.adjuggler.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.atwola.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.at.atwola.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.smartadserver.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.smartadserver.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.smartadserver.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.smartadserver.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
ww251.smartadserver.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.adbrite.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.adbrite.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.adbrite.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.adbrite.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
ad.adserver01.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
eas.apm.emediate.eu [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
creatives.commindo-media.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.4stats.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
www.active-tracking.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.www.active-tracking.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.www.active-tracking.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.tracking.mindshare.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
tracking.mindshare.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.yadro.ru [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.tracking.quisma.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.tracking.quisma.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.traffictrack.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.ad.adnet.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.tribalfusion.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.msnportal.112.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
adserver2.clipkit.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.sevenoneintermedia.112.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.traffictrack.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.traffictrack.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
www5.addfreestats.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
track.adform.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.4stats.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
adserver1.mokono.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.4stats.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.adtech.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.adtech.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
ad.adition.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.im.banner.t-online.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.ad.adnet.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
zbox.zanox.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.clicksor.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.clicksor.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.clicksor.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.clicksor.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.clicksor.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.ad.adnet.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.youporn.videobox.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.tracking.quisma.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.adtech.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.tracking.quisma.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
tracking.quisma.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
tracking.quisma.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
track.effiliation.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
track.effiliation.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
tracking.quisma.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
tracking.quisma.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.guj.122.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
www.etracker.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
www.zanox-affiliate.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
de.sitestat.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
de.sitestat.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
de.sitestat.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
de.sitestat.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
track.effiliation.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
track.effiliation.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.4stats.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.tracking.mindshare.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
adfarm1.adition.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.unitymedia.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
www.etracker.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
s05.flagcounter.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
ads1.vtxnet.ch [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
adserver.piqs.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
stat.onestat.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
stat.onestat.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.estat.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.electronicarts.112.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.dmtracker.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
coremetrics.arkadium.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.nike.112.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
stat.vattenfall.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
stat.vattenfall.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.revsci.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
adsrv.admediate.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
adsrv.admediate.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.ads.quartermedia.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.ads.quartermedia.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.ads.quartermedia.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.eyewonder.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
blogs.menmedia.co.uk [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.youporncams.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.youporncams.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
www.sexymetro.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
www.sexymetro.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.sexymetro.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.sexymetro.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.xm.xtendmedia.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
advertiser.contextmatters.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.ads.quartermedia.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.ads.quartermedia.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.ads.quartermedia.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
ad.adition.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
ad.adition.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.account.frogster-online.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.tele2de.112.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.tracking.quisma.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.surveymonkey.122.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
track.adform.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
track.adform.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
track.adform.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
track.adform.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.nhhotelessa.112.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
c.trafficed.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
fl01.ct2.comclick.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
fl01.ct2.comclick.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
fl01.ct2.comclick.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
d.jambomedia.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
kursnet-finden.arbeitsagentur.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
stats.webredesigner.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.a.revenuemax.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
in.getclicky.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.newsclick.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.newsclick.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.e-2dj6wcl4ehcpkdp.stats.esomniture.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
dfb.stats.yum.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
media.gan-online.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.4stats.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
static.freewebs.getclicky.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.euros4click.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.euros4click.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.euros4click.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.euros4click.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.tracking.quisma.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
www.etracker.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
banner.testberichte.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
banner.testberichte.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
banner.testberichte.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
clicks.pangora.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
clicks.pangora.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
clicks.pangora.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
www.googleadservices.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
s4.trafficmaxx.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.dkvag.112.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
www.count24.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
www.count24.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
www.count24.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
www.count24.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
www.count24.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
cdn4.specificclick.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
cdn4.specificclick.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
cdn4.specificclick.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
cdn4.specificclick.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.toplist.cz [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
www.etracker.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
de.sitestat.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
de.sitestat.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
ww251.smartadserver.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.valueclick.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.finden.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.finden.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.azjmp.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.azjmp.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
www.googleadservices.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.adtech.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.im.banner.t-online.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
piwik.atlantismedia.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
www.etracker.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
adserver.traffictrack.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
www.layermedia-adserver.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.4stats.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.4stats.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.www.sexcam-livecam.info [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.paysafecardgroup.122.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.gostats.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.content.yieldmanager.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.msnaccountservices.112.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
ad2.clickhype.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.ad.adnet.biz [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.ad.adnet.biz [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.clickandbuy.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.clickandbuy.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.youpornmate.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.youpornmate.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.naiadsystems.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.naiadsystems.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.youpornmate.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.hardsextube.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
adserver.hardsextube.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
1xxx.cqcounter.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.banners.facebookofsex.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.banners.facebookofsex.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.banners.facebookofsex.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.banners.facebookofsex.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.banners.facebookofsex.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
stats.webtrafficagents.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
stats.webtrafficagents.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
stats.webtrafficagents.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.alltubeporn.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.alltubeporn.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.eporner.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.eporner.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.secure.youpornmate.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.secure.youpornmate.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
www.active-tracking.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.komtrack.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.komtrack.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
de.sitestat.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
piwik.net4media-typo3.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.tracking.hannoversche.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
counter.live4members.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.im.banner.t-online.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
fl01.ct2.comclick.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
track.effiliation.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
track.effiliation.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
track.effiliation.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.www.clickpotato.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.mediafire.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.mediafire.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.mediafire.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
banner.electronic-arts.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.revsci.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.webstats4u.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
www.elitepvpers.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
www.elitepvpers.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
www.elitepvpers.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
www.etracker.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.im.banner.t-online.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
www.etracker.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
www.etracker.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
www.etracker.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.shinystat.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.himedia.individuad.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.collective-media.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.germanfriendfinder.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.germanfriendfinder.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.germanfriendfinder.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.germanfriendfinder.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.germanfriendfinder.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.fileuploadx.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.fileuploadx.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.germanfriendfinder.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.germanfriendfinder.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.germanfriendfinder.com [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.traffictrack.de [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.2o7.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.revsci.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.revsci.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.revsci.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
.revsci.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]
neocounter.neoworx-blog-tools.net [ C:\Users\Seppl\AppData\Roaming\Mozilla\Firefox\Profiles\aoyg1g3i.default\cookies.sqlite ]

Trojan.Agent/Gen-Cryptor[Egun]
C:\USERS\SEPPL\DOWNLOADS\PERSONALAUSWEIS.EXE
sowie:

Zitat:
Zitat von ESET.log
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=ce8a342bef7b7948867c63e173fd53f2
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-07-02 11:24:19
# local_time=2010-07-03 01:24:19 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775166 100 100 731302 53621127 0 0
# compatibility_mode=5893 16776574 100 94 16089009 30515091 0 0
# compatibility_mode=8192 67108863 100 0 145 145 0 0
# scanned=255208
# found=2
# cleaned=2
# scan_time=3639
C:\Program Files\Win7codecs\Tools\settings64.exe Win32/Packed.Autoit.Gen application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Seppl\Documents\Azureus Downloads\Nero 7.10.1.0\Nero-7.10.1.0_eng_full.exe Win32/Toolbar.AskSBar application (deleted - quarantined) 00000000000000000000000000000000 C

Seppl21 03.07.2010 00:36
Hier nun die restlichen Logs für dich :)

[quote=OTL.txt]OTL Logfile:
Code:
OTL logfile created on: 03.07.2010 01:30:48 - Run 2
OTL by OldTimer - Version 3.2.7.0    Folder = C:\Users\Seppl\Downloads
64bit- An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 75,00% Memory free
16,00 Gb Paging File | 14,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 68,36 Gb Total Space | 12,26 Gb Free Space | 17,94% Space Free | Partition Type: NTFS
Drive D: | 195,21 Gb Total Space | 34,55 Gb Free Space | 17,70% Space Free | Partition Type: NTFS
Drive E: | 202,04 Gb Total Space | 85,57 Gb Free Space | 42,35% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SEPPL-PC
Current User Name: Seppl
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2010.07.02 21:00:29 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Seppl\Downloads\OTL.exe
PRC - [2010.06.27 18:57:37 | 000,910,296 | ---- | M] (Mozilla Corporation) -- D:\Internet\Internet Programme\firefox.exe
PRC - [2010.06.27 18:57:37 | 000,014,808 | ---- | M] (Mozilla Corporation) -- D:\Internet\Internet Programme\plugin-container.exe
PRC - [2010.06.02 16:58:20 | 000,246,520 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
PRC - [2010.05.07 08:57:31 | 001,238,352 | ---- | M] (Valve Corporation) -- E:\Steam\Steam.exe
PRC - [2010.04.12 17:29:28 | 000,023,328 | ---- | M] (Sun Microsystems, Inc.) -- C:\PROGRA~2\Java\jre6\bin\jp2launcher.exe
PRC - [2010.04.12 17:29:25 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\java.exe
PRC - [2009.11.09 11:02:42 | 001,053,848 | ---- | M] () -- C:\Windows\SysWOW64\ieconfig_1und1_svc.exe
PRC - [2009.09.30 20:58:42 | 000,026,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
PRC - [2009.09.27 17:48:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009.07.26 17:44:14 | 003,883,840 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
PRC - [2009.07.20 05:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2009.05.13 17:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2003.05.15 22:42:26 | 000,529,920 | ---- | M] (ASKEY) -- C:\Windows\SysWOW64\Atray.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.07.02 21:00:29 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Seppl\Downloads\OTL.exe
MOD - [2009.07.20 05:00:00 | 000,038,912 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\x86\lgscroll.dll
MOD - [2009.07.14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
MOD - [2009.06.10 23:23:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.06.29 19:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009.11.15 17:30:19 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009.07.14 03:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009.07.14 03:41:54 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\StorSvc.dll -- (StorSvc)
SRV:64bit: - [2009.07.14 03:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009.07.14 03:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009.03.30 18:19:56 | 002,297,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.06.02 16:58:20 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.03.18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 11:26:08 | 000,172,328 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009.12.30 00:59:29 | 000,321,320 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009.11.15 17:30:17 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.11.09 11:02:42 | 001,053,848 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ieconfig_1und1_svc.exe -- (serviceIEConfig)
SRV - [2009.10.20 20:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009.09.27 17:48:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009.07.21 15:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.07.20 13:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.07.14 05:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)
SRV - [2009.07.14 05:20:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2009.07.13 22:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009.05.13 17:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.10.25 12:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2007.05.31 18:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 18:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2010.03.11 11:17:14 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2010.01.27 20:09:04 | 000,007,808 | ---- | M] (SweetLow) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidusbf.sys -- (hidusbf)
DRV:64bit: - [2010.01.21 03:03:10 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2010.01.21 03:03:08 | 000,033,280 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2010.01.21 03:03:06 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2009.12.20 15:37:36 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.12.07 17:00:50 | 000,074,880 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2009.11.17 18:01:20 | 000,294,400 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.10.27 13:10:18 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem)
DRV:64bit: - [2009.10.20 20:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009.07.14 15:35:40 | 000,226,616 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009.07.14 03:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009.07.14 03:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009.07.14 01:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009.07.14 01:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009.07.08 01:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.06.19 18:07:44 | 000,020,992 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)
DRV:64bit: - [2009.06.17 10:54:46 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2009.06.17 10:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009.06.17 10:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.08 12:56:26 | 000,053,632 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motodrv.sys -- (MotDev)
DRV:64bit: - [2009.05.04 18:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009.01.29 18:18:12 | 000,009,216 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl)
DRV:64bit: - [2008.11.04 04:20:56 | 000,098,144 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2008.06.27 08:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2008.03.13 09:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
DRV:64bit: - [2008.02.09 21:16:52 | 000,005,152 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\wcafix.sys -- (wcafix)
DRV:64bit: - [2007.05.09 22:50:48 | 000,050,208 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2007.05.09 22:46:48 | 001,127,328 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV:64bit: - [2007.05.09 22:46:36 | 000,016,032 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)
DRV - [2010.02.17 20:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV - [2010.02.17 20:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2009.11.07 20:13:32 | 000,000,000 | ---D | M] [Kernel | System | Running] -- C:\Windows\CSC -- (CSC)
DRV - [2009.06.10 23:28:14 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2009.06.10 23:15:18 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2008.08.14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\adfs.sys -- (adfs)
DRV - [2007.02.07 20:27:46 | 000,014,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://googleal.com
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://googleal.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://googleal.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 32 24 01 D2 DF 5F CA 01  [binary data]
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {542e4d79-1970-4e95-9862-fdb96f61b280} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/home"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: {df4e4df5-5cb7-46b0-9aef-6c784c3249f8}:1.0.8
FF - prefs.js..extensions.enabledItems: locationbar2@design-noir.de:1.0.5
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.97
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.6
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\ClickPotatoLite@ClickPotatoLite.com: C:\Program Files (x86)\ClickPotatoLite\bin\10.0.511.0\firefox\extensions
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.06.29 14:34:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: D:\Internet Programme\components
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: D:\Internet Programme\plugins
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: D:\Internet\Internet Programme\components [2010.06.29 14:33:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: D:\Internet\Internet Programme\plugins [2010.07.01 19:42:30 | 000,000,000 | ---D | M]
 
[2009.11.07 21:37:52 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\mozilla\Extensions
[2010.07.02 23:28:01 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions
[2010.06.26 10:30:37 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009.11.08 20:35:24 | 000,000,000 | ---D | M] (TorrentBar) -- C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{7b821b0e-b102-4f9b-b6e3-433ede1fe379}
[2010.06.17 13:48:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.05.15 09:13:14 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009.11.08 20:35:25 | 000,000,000 | ---D | M] () -- C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{a7101e54-830c-4d33-a3ed-bedc17ec44da}
[2010.04.16 08:39:30 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.01.08 17:03:45 | 000,000,000 | ---D | M] (Fox!Box) -- C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}
[2009.11.08 20:35:25 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.03.06 18:23:11 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\locationbar2@design-noir.de
[2010.06.27 09:17:04 | 000,000,950 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-1.xml
[2009.09.11 10:44:03 | 000,000,961 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-10.xml
[2009.10.13 12:02:28 | 000,000,961 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-11.xml
[2009.10.13 12:13:24 | 000,000,961 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-12.xml
[2009.10.13 12:13:48 | 000,000,961 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-13.xml
[2009.10.13 12:21:50 | 000,000,961 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-14.xml
[2009.10.21 21:39:22 | 000,000,961 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-15.xml
[2010.06.27 18:57:42 | 000,000,950 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-16.xml
[2009.03.30 17:01:06 | 000,000,950 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-2.xml
[2009.05.05 17:23:41 | 000,000,950 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-3.xml
[2009.06.01 14:08:56 | 000,000,950 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-4.xml
[2009.06.02 00:01:36 | 000,000,950 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-5.xml
[2009.06.08 18:59:31 | 000,000,950 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-6.xml
[2009.07.06 16:07:41 | 000,000,950 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-7.xml
[2009.07.23 22:43:52 | 000,000,950 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-8.xml
[2009.08.05 15:45:19 | 000,000,950 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-9.xml
[2010.06.17 13:48:39 | 000,000,168 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin.gif
[2010.06.17 13:48:39 | 000,000,618 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin.src
[2010.05.12 18:40:06 | 000,001,042 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin.xml
 
O1 HOSTS File: ([2010.07.02 17:31:03 | 000,411,522 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 127.0.0.1        1-2005-search.com
O1 - Hosts: 127.0.0.1        123haustiereundmehr.com
O1 - Hosts: 14217 more lines...
O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (1&&1 Internet AG Browser Configuration by mquadr.at) - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\Windows\SysWOW64\ieconfig_1und1.dll (mquadr.at software engineering und consulting GmbH)
O3 - HKLM\..\Toolbar: (no name) - {542e4d79-1970-4e95-9862-fdb96f61b280} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {542E4D79-1970-4E95-9862-FDB96F61B280} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Microsoft Updat] C:\Program Files\Internet Explorer\services.exe File not found
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [atray] C:\Windows\SysWow64\Atray.exe (ASKEY)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [mumservice] C:\Program Files\Motorola\Software Update\mumservice.exe File not found
O4 - HKLM..\Run: [RestartNeroSetup] C:\Program Files (x86)\Common Files\Ahead\Nero Web\SetupX.exe File not found
O4 - HKCU..\Run: [\\GOLDBACH\EPSON Stylus DX5000 Series] C:\Windows\SysWow64\spool\DRIVERS\x64\3\E_FATIBVE.EXE File not found
O4 - HKCU..\Run: [1&1 EasyLogin] D:\Internet Programme\1&1 EasyLogin\EasyLogin.exe File not found
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] D:\Programme\Nützliche Tools\daemon tool\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EPSON Stylus DX5000 Series] C:\Windows\SysWow64\spool\DRIVERS\x64\3\E_FATIBVE.EXE File not found
O4 - HKCU..\Run: [ICQ] D:\Internet\Internet Programme\ICQ6.5\ICQ.exe File not found
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] D:\Internet Programme\Spybot - Search & Destroy\TeaTimer.exe File not found
O4 - HKCU..\Run: [Steam] e:\steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1&1 EasyLogin.lnk = D:\Internet\Internet Programme\1&1 EasyLogin\EasyLogin.exe (1&1 Internet AG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.2
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Programme\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.07.02 23:32:27 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Roaming\SUPERAntiSpyware.com
[2010.07.02 23:32:27 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010.07.02 23:32:25 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010.07.02 23:32:24 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware
[2010.07.02 23:22:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.07.02 20:45:00 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Roaming\Malwarebytes
[2010.07.02 20:44:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.07.02 20:44:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.07.02 20:44:30 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.07.02 20:44:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.07.02 17:36:53 | 000,000,000 | ---D | C] -- C:\Windows\BDOSCAN8
[2010.06.29 15:38:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2010.06.29 14:37:07 | 000,000,000 | ---D | C] -- C:\Users\Seppl\Documents\Downloads
[2010.06.29 14:36:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BabelFish
[2010.06.29 14:34:09 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Local\Real
[2010.06.29 14:33:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2010.06.29 14:33:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2010.06.29 14:33:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2010.06.29 14:33:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Real
[2010.06.29 14:33:44 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Roaming\Real
[2010.06.29 14:33:18 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Local\Google
[2010.06.29 14:33:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2010.06.29 14:08:18 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Local\Apps
[2010.06.29 14:08:17 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Local\Deployment
[2010.06.29 14:08:10 | 000,000,000 | ---D | C] -- C:\Users\Seppl\Desktop\Personalausweis
[2010.06.23 11:57:30 | 000,000,000 | ---D | C] -- C:\Users\Seppl\Desktop\Fakecam
[2010.06.17 13:48:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ6Toolbar
[2010.06.17 13:48:39 | 000,000,000 | ---D | C] -- C:\ProgramData\ICQ
[2010.06.17 13:45:56 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Local\AOL
[2010.06.17 13:45:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.2
[2010.06.14 17:21:33 | 000,000,000 | ---D | C] -- C:\Users\Seppl\Desktop\Screens
[2010.06.13 01:21:22 | 000,000,000 | ---D | C] -- C:\Users\Seppl\Documents\FIFA 10
[2010.05.21 01:34:59 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Roaming\1st Free Solitaire
[2010.05.15 12:25:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2010.05.09 23:14:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Messenger_Plus_Live_Germany
[2010.05.06 17:38:15 | 000,000,000 | ---D | C] -- C:\Users\Seppl\Desktop\GTA 4
[2010.05.06 16:23:03 | 000,000,000 | ---D | C] -- C:\Users\Seppl\Documents\Games for Windows - LIVE Demos
[2010.05.06 16:04:35 | 000,000,000 | ---D | C] -- C:\Users\Seppl\Documents\Rockstar Games
[2010.05.06 16:00:37 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Local\Rockstar Games
[2010.05.06 16:00:28 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2010.05.06 13:35:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2010.05.06 13:35:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2010.05.06 13:27:28 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[2010.04.29 00:13:31 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Roaming\DivX
[2010.04.26 09:45:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010.04.23 22:27:40 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Roaming\ManyCam
[2010.04.23 22:22:09 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Local\TechSmith
[2010.04.23 22:20:02 | 000,000,000 | ---D | C] -- C:\Users\Seppl\Documents\Camtasia Studio
[2010.04.23 22:19:59 | 000,411,480 | ---- | C] (TechSmith Corporation) -- C:\Windows\SysWow64\tsccvid.dll
[2010.04.23 22:19:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\QuickTime
[2010.04.23 22:19:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TechSmith Shared
[2010.04.23 22:19:46 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith
[2010.04.17 18:54:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010.04.17 18:54:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010.04.17 18:53:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2010.04.17 18:53:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010.04.17 18:53:34 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Local\Apple
[2010.04.17 18:53:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010.04.13 22:41:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2010.04.13 15:53:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\custom matrices
[2010.04.13 15:53:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\C2MP
[2010.04.13 15:40:23 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Roaming\vlc
[2010.04.13 14:33:17 | 000,000,000 | ---D | C] -- C:\Users\Seppl\Desktop\capale
 
========== Files - Modified Within 90 Days ==========
 
[2010.07.03 01:31:02 | 010,485,760 | -HS- | M] () -- C:\Users\Seppl\NTUSER.DAT
[2010.07.03 00:22:49 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.07.03 00:22:49 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.07.03 00:15:40 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.07.03 00:15:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.07.03 00:15:29 | 2146,099,199 | -HS- | M] () -- C:\hiberfil.sys
[2010.07.03 00:14:46 | 003,010,893 | -H-- | M] () -- C:\Users\Seppl\AppData\Local\IconCache.db
[2010.07.02 23:32:25 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.07.02 20:44:34 | 000,001,016 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.02 17:31:03 | 000,411,522 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010.07.01 19:42:30 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.06.29 14:56:29 | 000,408,679 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100702-173103.backup
[2010.06.29 14:41:42 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.06.29 14:34:00 | 000,001,955 | ---- | M] () -- C:\Users\Public\Desktop\Free Games & Music.lnk
[2010.06.29 14:34:00 | 000,001,271 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2010.06.29 14:33:47 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll
[2010.06.27 19:08:38 | 000,016,384 | ---- | M] () -- C:\Users\Seppl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.26 02:15:58 | 001,522,302 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.06.26 02:15:58 | 000,657,438 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.06.26 02:15:58 | 000,618,714 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.06.26 02:15:58 | 000,130,810 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.06.26 02:15:58 | 000,107,034 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.06.20 17:17:17 | 001,245,744 | ---- | M] () -- C:\Users\Seppl\Desktop\IMG_0020.JPG
[2010.06.19 20:30:58 | 001,341,830 | ---- | M] () -- C:\Users\Seppl\Desktop\Sample Pictures2.jpg
[2010.06.19 20:30:42 | 001,618,145 | ---- | M] () -- C:\Users\Seppl\Desktop\Sample Pictures6.jpg
[2010.06.19 20:30:23 | 000,050,348 | ---- | M] () -- C:\Users\Seppl\Desktop\kiss.jpg
[2010.06.17 13:48:52 | 000,001,831 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7.2.lnk
[2010.06.15 14:13:38 | 000,007,603 | ---- | M] () -- C:\Users\Seppl\AppData\Local\Resmon.ResmonCfg
[2010.06.09 22:18:50 | 003,017,928 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.06.03 14:26:29 | 000,353,245 | ---- | M] () -- C:\Users\Seppl\Desktop\Pic4846.jpg
[2010.06.03 00:47:13 | 003,188,218 | ---- | M] () -- C:\Users\Seppl\Desktop\DSC02475.jpg
[2010.06.02 19:03:44 | 001,109,863 | ---- | M] () -- C:\Users\Seppl\Desktop\fertig.jpg
[2010.06.02 12:32:22 | 000,942,989 | ---- | M] () -- C:\Users\Seppl\Desktop\Anlagen.pdf
[2010.05.28 09:50:22 | 000,698,518 | ---- | M] () -- C:\Users\Seppl\Desktop\Thats Me (4).jpg
[2010.05.23 22:22:31 | 000,278,297 | ---- | M] () -- C:\Users\Seppl\Desktop\du.jpg
[2010.05.23 22:22:15 | 032,468,309 | ---- | M] () -- C:\Users\Seppl\Desktop\IMG_1367.psd
[2010.05.23 19:59:10 | 001,337,677 | ---- | M] () -- C:\Users\Seppl\Desktop\DSCI0094.JPG
[2010.05.23 19:58:16 | 001,307,057 | ---- | M] () -- C:\Users\Seppl\Desktop\DSCI0093.JPG
[2010.05.23 19:46:16 | 000,635,682 | ---- | M] () -- C:\Users\Seppl\Desktop\IMG_1367.JPG
[2010.05.23 19:43:28 | 002,216,463 | ---- | M] () -- C:\Users\Seppl\Desktop\_MG_4124.JPG
[2010.05.23 19:42:51 | 002,140,608 | ---- | M] () -- C:\Users\Seppl\Desktop\_MG_4123.JPG
[2010.05.23 19:41:29 | 001,921,356 | ---- | M] () -- C:\Users\Seppl\Desktop\_MG_4120.JPG
[2010.05.21 14:09:05 | 000,042,611 | ---- | M] () -- C:\Users\Seppl\Desktop\l_88cd20875b4e470d83e92bbfdfa6a0f2.jpg
[2010.05.20 02:12:40 | 000,790,899 | ---- | M] () -- C:\Users\Seppl\Desktop\IMAG0911.JPG
[2010.05.18 15:40:11 | 000,405,657 | ---- | M] () -- C:\Users\Seppl\Desktop\Bild007.jpg
[2010.05.18 15:40:08 | 000,447,308 | ---- | M] () -- C:\Users\Seppl\Desktop\Bild010.jpg
[2010.05.18 15:39:21 | 000,044,534 | ---- | M] () -- C:\Users\Seppl\Desktop\23-10-09.jpg
[2010.05.18 15:38:30 | 000,044,895 | ---- | M] () -- C:\Users\Seppl\Desktop\Webcam6.jpg
[2010.05.18 15:37:58 | 000,045,654 | ---- | M] () -- C:\Users\Seppl\Desktop\Sonnenbrand!.jpg
[2010.05.18 15:37:45 | 000,172,521 | ---- | M] () -- C:\Users\Seppl\Desktop\Pic4771.jpg
[2010.05.18 15:37:39 | 000,155,677 | ---- | M] () -- C:\Users\Seppl\Desktop\Pic4783.jpg
[2010.05.18 15:36:56 | 000,163,132 | ---- | M] () -- C:\Users\Seppl\Desktop\Pic3771.jpg
[2010.05.18 15:36:48 | 000,156,016 | ---- | M] () -- C:\Users\Seppl\Desktop\Pic4082.jpg
[2010.05.18 15:36:45 | 000,152,619 | ---- | M] () -- C:\Users\Seppl\Desktop\Pic4081.jpg
[2010.05.18 15:36:25 | 000,863,020 | ---- | M] () -- C:\Users\Seppl\Desktop\Pic4393.jpg
[2010.05.18 15:36:22 | 000,919,248 | ---- | M] () -- C:\Users\Seppl\Desktop\Pic4410.jpg
[2010.05.18 15:35:36 | 000,245,600 | ---- | M] () -- C:\Users\Seppl\Desktop\Pic4114.jpg
[2010.05.18 15:35:18 | 000,301,357 | ---- | M] () -- C:\Users\Seppl\Desktop\Pic3565.jpg
[2010.05.15 12:25:24 | 000,000,799 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2010.05.14 15:52:17 | 000,183,732 | ---- | M] () -- C:\Users\Seppl\Desktop\na wer ist das.jpg
[2010.05.10 17:15:03 | 035,708,948 | ---- | M] () -- C:\Users\Seppl\Desktop\clip0003.avi
[2010.05.08 21:55:01 | 003,261,586 | ---- | M] () -- C:\Users\Seppl\Desktop\hintergrund.psd
[2010.05.06 15:59:33 | 000,000,878 | ---- | M] () -- C:\Users\Seppl\Desktop\Grand Theft Auto IV - Episodes From Liberty City.lnk
[2010.05.05 14:03:53 | 000,139,432 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2010.05.03 14:47:05 | 005,378,683 | ---- | M] () -- C:\Users\Seppl\Desktop\And Then I Kiss Him.mp3
[2010.05.03 14:46:47 | 003,909,556 | ---- | M] () -- C:\Users\Seppl\Desktop\Brothers.mp3
[2010.05.03 14:46:38 | 003,512,495 | ---- | M] () -- C:\Users\Seppl\Desktop\Tennessee.mp3
[2010.05.02 10:49:23 | 003,358,566 | ---- | M] () -- C:\Users\Seppl\Desktop\die suche.mp3
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.04.29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.04.23 22:23:47 | 013,652,197 | ---- | M] () -- C:\Users\Seppl\Desktop\Katerine_-_Ayo_Technology.mp4
[2010.04.23 22:19:52 | 000,000,923 | ---- | M] () -- C:\Users\Public\Desktop\Camtasia Studio 7.lnk
[2010.04.17 18:54:13 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.04.14 13:04:17 | 000,000,613 | ---- | M] () -- C:\Windows\win.ini
[2010.04.13 22:39:35 | 000,000,036 | -H-- | M] () -- C:\Users\Seppl\AppData\Roaming\swk.ini
[2010.04.13 15:40:00 | 000,000,851 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010.04.13 15:38:10 | 018,499,623 | ---- | M] () -- C:\Users\Seppl\Desktop\vlc-1.0.5-win32.exe
[2010.04.04 11:12:27 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
 
========== Files Created - No Company Name ==========
 
[2010.07.02 23:32:25 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.07.02 20:44:34 | 000,001,016 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.29 14:41:42 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.06.29 14:34:00 | 000,001,955 | ---- | C] () -- C:\Users\Public\Desktop\Free Games & Music.lnk
[2010.06.29 14:34:00 | 000,001,271 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2010.06.20 17:16:53 | 001,245,744 | ---- | C] () -- C:\Users\Seppl\Desktop\IMG_0020.JPG
[2010.06.19 20:30:30 | 001,341,830 | ---- | C] () -- C:\Users\Seppl\Desktop\Sample Pictures2.jpg
[2010.06.19 20:30:21 | 000,050,348 | ---- | C] () -- C:\Users\Seppl\Desktop\kiss.jpg
[2010.06.19 20:30:09 | 001,618,145 | ---- | C] () -- C:\Users\Seppl\Desktop\Sample Pictures6.jpg
[2010.06.17 13:48:52 | 000,001,831 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7.2.lnk
[2010.06.13 00:05:11 | 000,149,254 | ---- | C] () -- C:\Users\Seppl\Desktop\Melly453.jpg
[2010.06.13 00:05:07 | 000,169,356 | ---- | C] () -- C:\Users\Seppl\Desktop\mel270100000.jpg
[2010.06.03 14:26:21 | 000,353,245 | ---- | C] () -- C:\Users\Seppl\Desktop\Pic4846.jpg
[2010.06.03 00:45:46 | 003,188,218 | ---- | C] () -- C:\Users\Seppl\Desktop\DSC02475.jpg
[2010.06.02 19:01:20 | 001,109,863 | ---- | C] () -- C:\Users\Seppl\Desktop\fertig.jpg
[2010.06.02 12:25:58 | 000,942,989 | ---- | C] () -- C:\Users\Seppl\Desktop\Anlagen.pdf
[2010.05.28 09:47:54 | 000,698,518 | ---- | C] () -- C:\Users\Seppl\Desktop\Thats Me (4).jpg
[2010.05.25 00:17:07 | 000,030,953 | ---- | C] () -- C:\Users\Seppl\Desktop\James CMC xD.JPG
[2010.05.23 22:22:28 | 000,278,297 | ---- | C] () -- C:\Users\Seppl\Desktop\du.jpg
[2010.05.23 21:43:25 | 032,468,309 | ---- | C] () -- C:\Users\Seppl\Desktop\IMG_1367.psd
[2010.05.23 19:56:29 | 001,337,677 | ---- | C] () -- C:\Users\Seppl\Desktop\DSCI0094.JPG
[2010.05.23 19:56:15 | 001,307,057 | ---- | C] () -- C:\Users\Seppl\Desktop\DSCI0093.JPG
[2010.05.23 19:45:39 | 000,635,682 | ---- | C] () -- C:\Users\Seppl\Desktop\IMG_1367.JPG
[2010.05.23 19:40:30 | 002,216,463 | ---- | C] () -- C:\Users\Seppl\Desktop\_MG_4124.JPG
[2010.05.23 19:39:21 | 002,140,608 | ---- | C] () -- C:\Users\Seppl\Desktop\_MG_4123.JPG
[2010.05.23 19:38:48 | 001,921,356 | ---- | C] () -- C:\Users\Seppl\Desktop\_MG_4120.JPG
[2010.05.21 17:41:33 | 000,042,611 | ---- | C] () -- C:\Users\Seppl\Desktop\l_88cd20875b4e470d83e92bbfdfa6a0f2.jpg
[2010.05.20 02:12:34 | 000,790,899 | ---- | C] () -- C:\Users\Seppl\Desktop\IMAG0911.JPG
[2010.05.18 15:40:03 | 000,405,657 | ---- | C] () -- C:\Users\Seppl\Desktop\Bild007.jpg
[2010.05.18 15:39:57 | 000,447,308 | ---- | C] () -- C:\Users\Seppl\Desktop\Bild010.jpg
[2010.05.18 15:39:19 | 000,044,534 | ---- | C] () -- C:\Users\Seppl\Desktop\23-10-09.jpg
[2010.05.18 15:38:29 | 000,044,895 | ---- | C] () -- C:\Users\Seppl\Desktop\Webcam6.jpg
[2010.05.18 15:37:56 | 000,045,654 | ---- | C] () -- C:\Users\Seppl\Desktop\Sonnenbrand!.jpg
[2010.05.18 15:37:42 | 000,172,521 | ---- | C] () -- C:\Users\Seppl\Desktop\Pic4771.jpg
[2010.05.18 15:37:36 | 000,155,677 | ---- | C] () -- C:\Users\Seppl\Desktop\Pic4783.jpg
[2010.05.18 15:36:54 | 000,163,132 | ---- | C] () -- C:\Users\Seppl\Desktop\Pic3771.jpg
[2010.05.18 15:36:45 | 000,156,016 | ---- | C] () -- C:\Users\Seppl\Desktop\Pic4082.jpg
[2010.05.18 15:36:42 | 000,152,619 | ---- | C] () -- C:\Users\Seppl\Desktop\Pic4081.jpg
[2010.05.18 15:36:02 | 000,863,020 | ---- | C] () -- C:\Users\Seppl\Desktop\Pic4393.jpg
[2010.05.18 15:35:58 | 000,919,248 | ---- | C] () -- C:\Users\Seppl\Desktop\Pic4410.jpg
[2010.05.18 15:35:31 | 000,245,600 | ---- | C] () -- C:\Users\Seppl\Desktop\Pic4114.jpg
[2010.05.18 15:35:11 | 000,301,357 | ---- | C] () -- C:\Users\Seppl\Desktop\Pic3565.jpg
[2010.05.15 12:25:24 | 000,000,799 | ---- | C] () -- C:\Users\Public\Desktop\Vuze.lnk
[2010.05.14 15:52:17 | 000,183,732 | ---- | C] () -- C:\Users\Seppl\Desktop\na wer ist das.jpg
[2010.05.10 16:54:33 | 035,708,948 | ---- | C] () -- C:\Users\Seppl\Desktop\clip0003.avi
[2010.05.08 21:28:34 | 003,261,586 | ---- | C] () -- C:\Users\Seppl\Desktop\hintergrund.psd
[2010.05.06 15:59:33 | 000,000,878 | ---- | C] () -- C:\Users\Seppl\Desktop\Grand Theft Auto IV - Episodes From Liberty City.lnk
[2010.05.05 14:03:53 | 000,139,432 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010.05.03 14:44:17 | 005,378,683 | ---- | C] () -- C:\Users\Seppl\Desktop\And Then I Kiss Him.mp3
[2010.05.03 14:44:17 | 003,909,556 | ---- | C] () -- C:\Users\Seppl\Desktop\Brothers.mp3
[2010.05.03 14:44:17 | 003,512,495 | ---- | C] () -- C:\Users\Seppl\Desktop\Tennessee.mp3
[2010.05.02 10:47:15 | 003,358,566 | ---- | C] () -- C:\Users\Seppl\Desktop\die suche.mp3
[2010.04.23 22:21:33 | 013,652,197 | ---- | C] () -- C:\Users\Seppl\Desktop\Katerine_-_Ayo_Technology.mp4
[2010.04.23 22:19:52 | 000,000,923 | ---- | C] () -- C:\Users\Public\Desktop\Camtasia Studio 7.lnk
[2010.04.17 18:54:13 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.04.13 22:41:37 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2010.04.13 22:39:35 | 000,000,036 | -H-- | C] () -- C:\Users\Seppl\AppData\Roaming\swk.ini
[2010.04.13 15:40:00 | 000,000,851 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010.04.13 15:36:21 | 018,499,623 | ---- | C] () -- C:\Users\Seppl\Desktop\vlc-1.0.5-win32.exe
[2010.04.08 06:51:14 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.04.04 11:12:27 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo
[2010.03.03 02:00:00 | 004,555,278 | ---- | C] () -- C:\Windows\SysWow64\libavcodec.dll
[2010.03.03 02:00:00 | 001,449,935 | ---- | C] () -- C:\Windows\SysWow64\ffmpegmt.dll
[2010.03.03 02:00:00 | 000,882,688 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010.03.03 02:00:00 | 000,877,385 | ---- | C] () -- C:\Windows\SysWow64\ff_x264.dll
[2010.03.03 02:00:00 | 000,556,491 | ---- | C] () -- C:\Windows\SysWow64\libmplayer.dll
[2010.03.03 02:00:00 | 000,336,384 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
[2010.03.03 02:00:00 | 000,324,096 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2010.03.03 02:00:00 | 000,248,320 | ---- | C] () -- C:\Windows\SysWow64\ff_kernelDeint.dll
[2010.03.03 02:00:00 | 000,216,576 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2010.03.03 02:00:00 | 000,169,984 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2010.03.03 02:00:00 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2010.03.03 02:00:00 | 000,145,408 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2010.03.03 02:00:00 | 000,121,856 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2010.03.03 02:00:00 | 000,116,736 | ---- | C] () -- C:\Windows\SysWow64\ff_tremor.dll
[2010.03.03 02:00:00 | 000,100,864 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2010.03.03 02:00:00 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2010.03.03 02:00:00 | 000,010,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.02.06 12:51:15 | 001,499,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.12.30 15:35:33 | 000,000,082 | ---- | C] () -- C:\Windows\VSWizard.ini
[2009.11.14 20:37:08 | 000,154,112 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
[2009.11.14 20:33:38 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
[2009.11.14 20:11:50 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\avss.dll
[2009.11.14 20:11:42 | 000,150,016 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
[2009.11.14 20:11:42 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
[2009.11.14 20:11:40 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
[2009.11.14 20:11:40 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\avi.dll
[2009.11.14 20:11:38 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\avs.dll
[2009.11.14 20:11:32 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
[2009.11.14 20:11:32 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
[2009.11.07 20:28:34 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009.11.07 20:28:34 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009.11.06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009.10.20 20:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009.08.16 12:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009.08.03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.07 18:24:04 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009.01.11 00:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\mmfinfo.dll
[2009.01.05 14:44:10 | 000,000,483 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2007.10.13 11:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\SysWow64\Registration.ini
[2007.02.05 21:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
 
========== LOP Check ==========
 
[2009.11.07 21:29:30 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\1&1
[2010.05.21 01:37:54 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\1st Free Solitaire
[2010.06.13 11:08:13 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\Azureus
[2010.01.17 19:14:59 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\CPUControl
[2009.12.21 10:49:00 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\DAEMON Tools Lite
[2010.03.04 11:41:36 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\DeepBurner
[2010.03.27 15:03:09 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\FreeFLVConverter
[2010.04.13 12:50:18 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\FrostWire
[2010.07.02 20:56:27 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\ICQ
[2009.11.24 18:51:58 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\Leadertech
[2010.03.18 22:08:17 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\LG Electronics
[2010.04.23 22:27:46 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\ManyCam
[2010.03.28 15:18:53 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\TeamViewer
[2009.11.08 18:11:38 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\Uniblue
[2009.11.09 12:40:35 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\Win7codecs
[2010.06.27 08:56:16 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
--- --- ---


Zitat:
Zitat von OTLFix.log
All processes killed
========== OTL ==========
C:\Users\Seppl\AppData\Roaming\jfTXLiHyP2tAcoxprl\CamSpy V2.3 Installer\2.3.0.0 folder moved successfully.
C:\Users\Seppl\AppData\Roaming\jfTXLiHyP2tAcoxprl\CamSpy V2.3 Installer folder moved successfully.
C:\Users\Seppl\AppData\Roaming\jfTXLiHyP2tAcoxprl folder moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5ed02bec-ee0d-11de-bc33-4061862e2a89}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5ed02bec-ee0d-11de-bc33-4061862e2a89}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5ed02bec-ee0d-11de-bc33-4061862e2a89}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5ed02bec-ee0d-11de-bc33-4061862e2a89}\ not found.
File G:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BA14329E-9550-4989-B3F2-9732E92D17CC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}\ deleted successfully.
C:\Program Files (x86)\Vuze_Remote\tbVuze.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
File C:\Program Files (x86)\Vuze_Remote\tbVuze.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
File C:\Program Files (x86)\Vuze_Remote\tbVuze.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\searchplugin folder moved successfully.
C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\META-INF folder moved successfully.
C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\lib folder moved successfully.
C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\defaults folder moved successfully.
C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components folder moved successfully.
C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\chrome folder moved successfully.
C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} folder moved successfully.
C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\searchplugin folder moved successfully.
C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\META-INF folder moved successfully.
C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\lib folder moved successfully.
C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\defaults folder moved successfully.
C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components folder moved successfully.
C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\chrome folder moved successfully.
C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} folder moved successfully.
Prefs.js: "hxxp://search.babylon.com/home" removed from browser.startup.homepage
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
File C:\Program Files (x86)\Vuze_Remote\tbVuze.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
File C:\Program Files (x86)\Vuze_Remote\tbVuze.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{542e4d79-1970-4e95-9862-fdb96f61b280} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{542e4d79-1970-4e95-9862-fdb96f61b280}\ deleted successfully.
C:\Program Files (x86)\Messenger_Plus_Live_Germany\tbMes1.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{542e4d79-1970-4e95-9862-fdb96f61b280}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{542e4d79-1970-4e95-9862-fdb96f61b280}\ not found.
File C:\Program Files (x86)\Messenger_Plus_Live_Germany\tbMes1.dll not found.
========== FILES ==========
C:\Program Files (x86)\Vuze_Remote folder moved successfully.
========== REGISTRY ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Seppl
->Temp folder emptied: 2506062 bytes
->Temporary Internet Files folder emptied: 44688488 bytes
->Java cache emptied: 647180 bytes
->FireFox cache emptied: 148462104 bytes
->Flash cache emptied: 1809 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 103104 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67765 bytes
RecycleBin emptied: 11165968833 bytes

Total Files Cleaned = 10.836,00 mb


OTL by OldTimer - Version 3.2.7.0 log created on 07022010_232254

Files\Folders moved on Reboot...
C:\Users\Seppl\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Heike 03.07.2010 06:04
Zitat:
C:\Users\Seppl\Documents\Azureus Downloads\Nero 7.10.1.0\Nero-7.10.1.0_eng_full.exe Win32/Toolbar.AskSBar application (deleted - quarantined) 00000000000000000000000000000000 C
da sieht man es mal wieder, man sollte die Hände von Cracks lassen. ;)

Normalerweise gilt in solchen Fällen: Neuaufsetzen des PC.

Larusso 03.07.2010 08:20
Och Heike, ist doch nur ne ToolBar ;)

Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista-User: Bitte den Browser unbedingt als Administrator starten.
  • Bitte während des Scans alle Hintergrundwächter abstellen/deaktivieren.
  • Java muss installiert, aktiv und erlaubt sein.
  • Bebilderte Anleitung von sundavis.
  • Dieser Scanner entfernt die Funde nicht, gibt aber einen guten Überblick.
  • Wir werden Dir helfen, die Funde manuell vom System zu entfernen.
  • Die Datenschutzerklärung akzeptieren.
  • Programm installieren lassen.
  • Update der Signaturen installieren lassen.
  • Wenn der Status "Complete" ist,
  • Scan-Einstellungen (Settings) Standard lassen
  • Links den Link "My Computer" anklicken.
  • Scan beginnt automatisch.
  • Wenn der Scan fertig ist, auf "View scan report" klicken,
  • "Save report as" und Dateityp auf .txt umstellen,
  • und auf dem Desktop als Kaspersky.txt speichern.
  • Logdatei hier posten.
  • Deinstallation ist nicht nötig, alle Dateien werden in temporären Ordnern gespeichert.


Schritt 2

Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.


Bitte poste in Deiner nächsten Antwort
Kaspersky.txt
OTL.txt
Extras.txt

Heike 03.07.2010 08:51
Zitat:
Zitat von Larusso (Beitrag 538365)
Och Heike, ist doch nur ne ToolBar ;)
hmmm, egal was es in diesem Fall ist, er mag Cracks. ;)

Und da ist es eben so: wer mit dem Feuer spielt kann sich auch mal verbrennen. ;)

Aus meiner Sicht: verdient er auch, kein Mitleid. :)

Seppl21 03.07.2010 09:57
Ich erwarte kein Mitleid und bin über jede freundliche Hilfe sehr dankbar.
Nun, der Log von Kaspersky dauert etwas, denn bin erst bei 14% und es läuft schon knapp eine Stunde :-)

lg Seppl

Hacker 03.07.2010 10:04
@TO
Kurze Frage: Ist der Rechener von deinem Bruder 100% sauber?
Ansonsten würde ich die Passwörter am besten über eine Knoppix live DVD ändern.
Ist sicherer.

@Heike
Zitat:
er mag Cracks.
Wer mag sie nicht? Sie sind doch so schön knusprig:rolleyes:

Heike 03.07.2010 10:11
@Hacker
wer Cracks mag sollte damit umgehen können, und dann nicht zum Heulen auftauchen.
Wie gesagt: wer mit dem Teufel spielt kann sich auch mal verbrennen. ;)

Seppl21 03.07.2010 10:30
Zitat:
Zitat von Hacker (Beitrag 538373)
@TO
Kurze Frage: Ist der Rechener von deinem Bruder 100% sauber?
Ansonsten würde ich die Passwörter am besten über eine Knoppix live DVD ändern.
Ist sicherer.
[...]
Ja das haben wir danach auch festgestellt, da wir so eine DVD haben. Doch auch wenn es sicherer ist, hatten wir genug Sicherheitsvorkehrungen (Internet auf Hauptrechner trennen, Netzwerkfreigaben und ähnliches ausstellen, getroffen. Da das ein alter Laptop war und er gar nicht zu der Zeit lief, hätte auch in der Zwischenzeit kein Trojaner darauf Platz finden können)

Da die Passwörter inzwischen schon komplett geändert wurden, brauchen wir uns darüber nun auch keine Gedanken mehr zu machen.

Zitat:
Zitat von Heike
@Hacker
wer Cracks mag sollte damit umgehen können, und dann nicht zum Heulen auftauchen.
Wie gesagt: wer mit dem Teufel spielt kann sich auch mal verbrennen.
Ich weiß nicht wie alt du bist, doch dein Niveau lässt wirklich zu wünschen übrig. Ich habe in den Forum nach Hilfe gesucht und habe sie auch bekommen, dafür ist es ja da. Wenn jeder, der hier ungewollt, oder fahrlässig angegriffen wurde und sich beraten lässt, schon deiner Meinung nach "als heulend" bezeichnest, solltest du dir mal ein Kniggebuch zulegen.

Ich bitte zudem solchen Off Topic zu lassen und sich dem Thread zu widmen.
Die entsprechenden Logs werden in kürze hier gepostet. Noch einmal herzlichsten Dank an Larusso.

lg

Seppl

Heike 03.07.2010 10:39
Seppl21, dies Forum ist nicht dazu da Leute zu unterstützen die offensichtlich illegal Software nutzen wollen.

Dieser Grundsatz hat nichts mit meinem Alter zu tun. :) Und mein Niveau, lies meine Sig. ;)

Du bist nicht ungewollt angegriffen worden, wer mit Cracks spielt, nimmt sowas einfach in Kauf, ist so. Wenn Du es anders siehst, mußt Du noch etwas lernen. ;)

Seppl21 03.07.2010 10:56
Zitat:
Zitat von Heike (Beitrag 538380)
Seppl21, dies Forum ist nicht dazu da Leute zu unterstützen die offensichtlich illegal Software nutzen wollen.

Dieser Grundsatz hat nichts mit meinem Alter zu tun. :) Und mein Niveau, lies meine Sig. ;)

Du bist nicht ungewollt angegriffen worden, wer mit Cracks spielt, nimmt sowas einfach in Kauf, ist so. Wenn Du es anders siehst, mußt Du noch etwas lernen. ;)
Ich habe auch nicht um Hilfe gebeten illegale Software zu nutzen. Aber ich denke das wurde im Topic und mehrmals im Threadverlauf deutlich. Niveau hat auch weniger mit dem Alter zu tun, es dient aber als genereller Maßstab, mit Hilfe man auch eine bestimmte geistliche Reife erwarten kann.

Es ist richtig das ich ungewollt, aber fahrlässig angegriffen wurden bin und ich bin mir bewusst, deratige Angriffe im Kauf zu nehmen, deswegen "heule" ich aber nicht rum, wie du es so schön versuchst da zustellen. Ich bitte dich jetzt letztmalig den OT sein zulassen, sonst werde ich das einen Moderator melden. Wenn du mir gern durch dein Interpretationswinkel Dinge wie "heulen", "Hilfe suchen um illegale Software" zu nutzen unterstellen magst, dann kannst du das gern in einer privaten Nachricht tun. Da du seit 2001 hier angemeldet bist, sollte dir das nicht schwer fallen.

lg Seppl


P.S Auf weitere Anfeindungen oder Unterstellungen werde ich nicht mehr antworten, sondern nur noch melden lassen, damit sich ein Moderator darum kümmert.

Heike 03.07.2010 11:04
Du gibst zu Cracks benutzt zu haben, melde mich gerne dem Team weil ich es so feststelle. :)

Seppl21 03.07.2010 11:12
Nun endlich hier die gefoderten Logs:

Zitat:
Zitat von Kaspersky.txt
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, July 3, 2010
Operating system: Microsoft (build 7600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, July 03, 2010 03:17:18
Records in database: 4258646
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan statistics:
Objects scanned: 257415
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 02:15:24


File name / Threat / Threats count
D:\Internet\Internet Download\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.63 1

Selected area has been scanned.
[QUOTE=OTL.txt]OTL Logfile:
Code:
OTL logfile created on: 03.07.2010 12:09:07 - Run 3
OTL by OldTimer - Version 3.2.7.0    Folder = C:\Users\Seppl\Downloads
64bit- An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 70,00% Memory free
16,00 Gb Paging File | 13,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 68,36 Gb Total Space | 12,12 Gb Free Space | 17,72% Space Free | Partition Type: NTFS
Drive D: | 195,21 Gb Total Space | 34,55 Gb Free Space | 17,70% Space Free | Partition Type: NTFS
Drive E: | 202,04 Gb Total Space | 85,57 Gb Free Space | 42,35% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SEPPL-PC
Current User Name: Seppl
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Processes (SafeList) ==========
 
PRC - [2010.07.03 09:28:18 | 000,139,264 | ---- | M] (Kaspersky Lab.) -- C:\Users\Seppl\AppData\Local\Temp\jkos-Seppl\binaries\ScanningProcess.exe
PRC - [2010.07.02 21:00:29 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Seppl\Downloads\OTL.exe
PRC - [2010.06.27 18:57:37 | 000,910,296 | ---- | M] (Mozilla Corporation) -- D:\Internet\Internet Programme\firefox.exe
PRC - [2010.06.27 18:57:37 | 000,014,808 | ---- | M] (Mozilla Corporation) -- D:\Internet\Internet Programme\plugin-container.exe
PRC - [2010.06.02 16:58:20 | 000,246,520 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
PRC - [2010.04.12 17:29:28 | 000,023,328 | ---- | M] (Sun Microsystems, Inc.) -- C:\PROGRA~2\Java\jre6\bin\jp2launcher.exe
PRC - [2010.04.12 17:29:25 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\java.exe
PRC - [2009.09.27 17:48:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009.07.21 15:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.07.20 05:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2009.05.13 17:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2003.05.15 22:42:26 | 000,529,920 | ---- | M] (ASKEY) -- C:\Windows\SysWOW64\Atray.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.07.02 21:00:29 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Seppl\Downloads\OTL.exe
MOD - [2009.07.20 05:00:00 | 000,038,912 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\x86\lgscroll.dll
MOD - [2009.07.14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
MOD - [2009.06.10 23:23:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.06.29 19:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009.11.15 17:30:19 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009.07.14 03:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009.07.14 03:41:54 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\StorSvc.dll -- (StorSvc)
SRV:64bit: - [2009.07.14 03:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009.07.14 03:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009.03.30 18:19:56 | 002,297,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.06.02 16:58:20 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.03.18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 11:26:08 | 000,172,328 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009.12.30 00:59:29 | 000,321,320 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009.11.15 17:30:17 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.11.09 11:02:42 | 001,053,848 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\ieconfig_1und1_svc.exe -- (serviceIEConfig)
SRV - [2009.10.20 20:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009.09.27 17:48:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009.07.21 15:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.07.20 13:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.07.14 05:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)
SRV - [2009.07.14 05:20:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2009.07.14 03:16:19 | 000,348,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009.07.13 22:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009.05.13 17:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.10.25 12:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2007.05.31 18:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 18:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2010.03.11 11:17:14 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2010.01.27 20:09:04 | 000,007,808 | ---- | M] (SweetLow) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidusbf.sys -- (hidusbf)
DRV:64bit: - [2010.01.21 03:03:10 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2010.01.21 03:03:08 | 000,033,280 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2010.01.21 03:03:06 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2009.12.20 15:37:36 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.12.07 17:00:50 | 000,074,880 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2009.11.17 18:01:20 | 000,294,400 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.10.27 13:10:18 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem)
DRV:64bit: - [2009.10.20 20:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009.07.14 15:35:40 | 000,226,616 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009.07.14 03:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009.07.14 03:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009.07.14 01:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009.07.14 01:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009.07.08 01:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.06.19 18:07:44 | 000,020,992 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)
DRV:64bit: - [2009.06.17 10:54:46 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2009.06.17 10:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009.06.17 10:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.08 12:56:26 | 000,053,632 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motodrv.sys -- (MotDev)
DRV:64bit: - [2009.05.04 18:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009.01.29 18:18:12 | 000,009,216 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl)
DRV:64bit: - [2008.11.04 04:20:56 | 000,098,144 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2008.06.27 08:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2008.03.13 09:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
DRV:64bit: - [2008.02.09 21:16:52 | 000,005,152 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\wcafix.sys -- (wcafix)
DRV:64bit: - [2007.05.09 22:50:48 | 000,050,208 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2007.05.09 22:46:48 | 001,127,328 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV:64bit: - [2007.05.09 22:46:36 | 000,016,032 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)
DRV - [2010.02.17 20:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV - [2010.02.17 20:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2009.11.07 20:13:32 | 000,000,000 | ---D | M] [Kernel | System | Running] -- C:\Windows\CSC -- (CSC)
DRV - [2009.06.10 23:28:14 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2009.06.10 23:15:18 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2008.08.14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\adfs.sys -- (adfs)
DRV - [2007.02.07 20:27:46 | 000,014,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google search
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Google search [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 32 24 01 D2 DF 5F CA 01  [binary data]
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {542e4d79-1970-4e95-9862-fdb96f61b280} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/home"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: {df4e4df5-5cb7-46b0-9aef-6c784c3249f8}:1.0.8
FF - prefs.js..extensions.enabledItems: locationbar2@design-noir.de:1.0.5
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.97
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.6
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\ClickPotatoLite@ClickPotatoLite.com: C:\Program Files (x86)\ClickPotatoLite\bin\10.0.511.0\firefox\extensions
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.06.29 14:34:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: D:\Internet Programme\components
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: D:\Internet Programme\plugins
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: D:\Internet\Internet Programme\components [2010.06.29 14:33:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: D:\Internet\Internet Programme\plugins [2010.07.01 19:42:30 | 000,000,000 | ---D | M]
 
[2009.11.07 21:37:52 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\mozilla\Extensions
[2010.07.02 23:28:01 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions
[2010.06.26 10:30:37 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009.11.08 20:35:24 | 000,000,000 | ---D | M] (TorrentBar) -- C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{7b821b0e-b102-4f9b-b6e3-433ede1fe379}
[2010.06.17 13:48:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.05.15 09:13:14 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009.11.08 20:35:25 | 000,000,000 | ---D | M] () -- C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{a7101e54-830c-4d33-a3ed-bedc17ec44da}
[2010.04.16 08:39:30 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.01.08 17:03:45 | 000,000,000 | ---D | M] (Fox!Box) -- C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}
[2009.11.08 20:35:25 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.03.06 18:23:11 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\locationbar2@design-noir.de
[2010.06.27 09:17:04 | 000,000,950 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-1.xml
[2009.09.11 10:44:03 | 000,000,961 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-10.xml
[2009.10.13 12:02:28 | 000,000,961 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-11.xml
[2009.10.13 12:13:24 | 000,000,961 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-12.xml
[2009.10.13 12:13:48 | 000,000,961 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-13.xml
[2009.10.13 12:21:50 | 000,000,961 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-14.xml
[2009.10.21 21:39:22 | 000,000,961 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-15.xml
[2010.06.27 18:57:42 | 000,000,950 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-16.xml
[2009.03.30 17:01:06 | 000,000,950 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-2.xml
[2009.05.05 17:23:41 | 000,000,950 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-3.xml
[2009.06.01 14:08:56 | 000,000,950 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-4.xml
[2009.06.02 00:01:36 | 000,000,950 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-5.xml
[2009.06.08 18:59:31 | 000,000,950 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-6.xml
[2009.07.06 16:07:41 | 000,000,950 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-7.xml
[2009.07.23 22:43:52 | 000,000,950 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-8.xml
[2009.08.05 15:45:19 | 000,000,950 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-9.xml
[2010.06.17 13:48:39 | 000,000,168 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin.gif
[2010.06.17 13:48:39 | 000,000,618 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin.src
[2010.05.12 18:40:06 | 000,001,042 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin.xml
 
O1 HOSTS File: ([2010.07.02 17:31:03 | 000,411,522 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1        007guard.com - 007guard and Windows Vista
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 127.0.0.1        1-2005-search.com
O1 - Hosts: 127.0.0.1        123haustiereundmehr.com
O1 - Hosts: 14217 more lines...
O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (1&&1 Internet AG Browser Configuration by mquadr.at) - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\Windows\SysWOW64\ieconfig_1und1.dll (mquadr.at software engineering und consulting GmbH)
O3 - HKLM\..\Toolbar: (no name) - {542e4d79-1970-4e95-9862-fdb96f61b280} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {542E4D79-1970-4E95-9862-FDB96F61B280} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Microsoft Updat] C:\Program Files\Internet Explorer\services.exe File not found
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [atray] atray.exe (ASKEY)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [mumservice] C:\Program Files\Motorola\Software Update\mumservice.exe File not found
O4 - HKLM..\Run: [RestartNeroSetup] C:\Program Files (x86)\Common Files\Ahead\Nero Web\SetupX.exe File not found
O4 - HKCU..\Run: [\\GOLDBACH\EPSON Stylus DX5000 Series] C:\Windows\SysWow64\spool\DRIVERS\x64\3\E_FATIBVE.EXE File not found
O4 - HKCU..\Run: [1&1 EasyLogin] D:\Internet Programme\1&1 EasyLogin\EasyLogin.exe File not found
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] D:\Programme\Nützliche Tools\daemon tool\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EPSON Stylus DX5000 Series] C:\Windows\SysWow64\spool\DRIVERS\x64\3\E_FATIBVE.EXE File not found
O4 - HKCU..\Run: [ICQ] D:\Internet\Internet Programme\ICQ6.5\ICQ.exe File not found
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] D:\Internet Programme\Spybot - Search & Destroy\TeaTimer.exe File not found
O4 - HKCU..\Run: [Steam] e:\steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1&1 EasyLogin.lnk = D:\Internet\Internet Programme\1&1 EasyLogin\EasyLogin.exe (1&1 Internet AG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.2
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Programme\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\LIVESSP.DLL (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\LIVESSP.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.07.02 23:32:27 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Roaming\SUPERAntiSpyware.com
[2010.07.02 23:32:27 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010.07.02 23:32:25 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010.07.02 23:32:24 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware
[2010.07.02 23:22:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.07.02 20:45:00 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Roaming\Malwarebytes
[2010.07.02 20:44:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.07.02 20:44:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.07.02 20:44:30 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.07.02 20:44:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.07.02 17:36:53 | 000,000,000 | ---D | C] -- C:\Windows\BDOSCAN8
[2010.06.29 15:38:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2010.06.29 14:37:07 | 000,000,000 | ---D | C] -- C:\Users\Seppl\Documents\Downloads
[2010.06.29 14:36:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BabelFish
[2010.06.29 14:34:09 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Local\Real
[2010.06.29 14:33:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2010.06.29 14:33:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2010.06.29 14:33:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2010.06.29 14:33:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Real
[2010.06.29 14:33:44 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Roaming\Real
[2010.06.29 14:33:18 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Local\Google
[2010.06.29 14:33:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2010.06.29 14:08:18 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Local\Apps
[2010.06.29 14:08:17 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Local\Deployment
[2010.06.29 14:08:10 | 000,000,000 | ---D | C] -- C:\Users\Seppl\Desktop\Personalausweis
[2010.06.24 02:28:13 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2010.06.24 02:28:13 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2010.06.24 02:28:13 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2010.06.24 02:28:13 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2010.06.24 02:28:13 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010.06.24 02:28:13 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2010.06.24 02:28:13 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2010.06.24 02:28:13 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2010.06.24 02:03:27 | 001,736,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2010.06.24 02:03:23 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010.06.24 02:03:22 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010.06.24 02:03:22 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010.06.24 02:03:22 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010.06.24 02:03:22 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2010.06.24 02:03:22 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010.06.24 02:03:22 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2010.06.23 11:57:30 | 000,000,000 | ---D | C] -- C:\Users\Seppl\Desktop\Fakecam
[2010.06.17 13:48:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ6Toolbar
[2010.06.17 13:48:39 | 000,000,000 | ---D | C] -- C:\ProgramData\ICQ
[2010.06.17 13:45:56 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Local\AOL
[2010.06.17 13:45:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.2
[2010.06.14 17:21:33 | 000,000,000 | ---D | C] -- C:\Users\Seppl\Desktop\Screens
[2010.06.13 01:21:22 | 000,000,000 | ---D | C] -- C:\Users\Seppl\Documents\FIFA 10
[2010.06.09 17:14:57 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010.06.09 17:14:57 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010.06.09 17:14:57 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010.06.09 17:14:57 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.07.03 12:11:01 | 010,485,760 | -HS- | M] () -- C:\Users\Seppl\NTUSER.DAT
[2010.07.03 09:28:48 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.07.03 09:28:48 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.07.03 09:21:28 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.07.03 09:21:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.07.03 09:21:10 | 2146,099,199 | -HS- | M] () -- C:\hiberfil.sys
[2010.07.03 01:37:31 | 003,024,234 | -H-- | M] () -- C:\Users\Seppl\AppData\Local\IconCache.db
[2010.07.02 23:32:25 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.07.02 20:44:34 | 000,001,016 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.02 17:31:03 | 000,411,522 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010.07.01 19:42:30 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.06.29 14:56:29 | 000,408,679 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100702-173103.backup
[2010.06.29 14:41:42 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.06.29 14:34:00 | 000,001,955 | ---- | M] () -- C:\Users\Public\Desktop\Free Games & Music.lnk
[2010.06.29 14:34:00 | 000,001,271 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2010.06.29 14:33:58 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2010.06.29 14:33:57 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2010.06.29 14:33:57 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2010.06.29 14:33:47 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp71.dll
[2010.06.29 14:33:47 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll
[2010.06.27 19:08:38 | 000,016,384 | ---- | M] () -- C:\Users\Seppl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.26 02:15:58 | 001,522,302 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.06.26 02:15:58 | 000,657,438 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.06.26 02:15:58 | 000,618,714 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.06.26 02:15:58 | 000,130,810 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.06.26 02:15:58 | 000,107,034 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.06.20 17:17:17 | 001,245,744 | ---- | M] () -- C:\Users\Seppl\Desktop\IMG_0020.JPG
[2010.06.19 20:30:58 | 001,341,830 | ---- | M] () -- C:\Users\Seppl\Desktop\Sample Pictures2.jpg
[2010.06.19 20:30:42 | 001,618,145 | ---- | M] () -- C:\Users\Seppl\Desktop\Sample Pictures6.jpg
[2010.06.19 20:30:23 | 000,050,348 | ---- | M] () -- C:\Users\Seppl\Desktop\kiss.jpg
[2010.06.17 13:48:52 | 000,001,831 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7.2.lnk
[2010.06.15 14:13:38 | 000,007,603 | ---- | M] () -- C:\Users\Seppl\AppData\Local\Resmon.ResmonCfg
[2010.06.09 22:18:50 | 003,017,928 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.06.03 14:26:29 | 000,353,245 | ---- | M] () -- C:\Users\Seppl\Desktop\Pic4846.jpg
 
========== Files Created - No Company Name ==========
 
[2010.07.02 23:32:25 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.07.02 20:44:34 | 000,001,016 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.29 14:41:42 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.06.29 14:34:00 | 000,001,955 | ---- | C] () -- C:\Users\Public\Desktop\Free Games & Music.lnk
[2010.06.29 14:34:00 | 000,001,271 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2010.06.20 17:16:53 | 001,245,744 | ---- | C] () -- C:\Users\Seppl\Desktop\IMG_0020.JPG
[2010.06.19 20:30:30 | 001,341,830 | ---- | C] () -- C:\Users\Seppl\Desktop\Sample Pictures2.jpg
[2010.06.19 20:30:21 | 000,050,348 | ---- | C] () -- C:\Users\Seppl\Desktop\kiss.jpg
[2010.06.19 20:30:09 | 001,618,145 | ---- | C] () -- C:\Users\Seppl\Desktop\Sample Pictures6.jpg
[2010.06.17 13:48:52 | 000,001,831 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7.2.lnk
[2010.06.13 00:05:11 | 000,149,254 | ---- | C] () -- C:\Users\Seppl\Desktop\Melly453.jpg
[2010.06.13 00:05:07 | 000,169,356 | ---- | C] () -- C:\Users\Seppl\Desktop\mel270100000.jpg
[2010.06.03 14:26:21 | 000,353,245 | ---- | C] () -- C:\Users\Seppl\Desktop\Pic4846.jpg
[2010.04.13 22:41:37 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2010.03.03 02:00:00 | 004,555,278 | ---- | C] () -- C:\Windows\SysWow64\libavcodec.dll
[2010.03.03 02:00:00 | 001,449,935 | ---- | C] () -- C:\Windows\SysWow64\ffmpegmt.dll
[2010.03.03 02:00:00 | 000,882,688 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010.03.03 02:00:00 | 000,877,385 | ---- | C] () -- C:\Windows\SysWow64\ff_x264.dll
[2010.03.03 02:00:00 | 000,556,491 | ---- | C] () -- C:\Windows\SysWow64\libmplayer.dll
[2010.03.03 02:00:00 | 000,336,384 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
[2010.03.03 02:00:00 | 000,324,096 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2010.03.03 02:00:00 | 000,248,320 | ---- | C] () -- C:\Windows\SysWow64\ff_kernelDeint.dll
[2010.03.03 02:00:00 | 000,216,576 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2010.03.03 02:00:00 | 000,169,984 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2010.03.03 02:00:00 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2010.03.03 02:00:00 | 000,145,408 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2010.03.03 02:00:00 | 000,121,856 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2010.03.03 02:00:00 | 000,116,736 | ---- | C] () -- C:\Windows\SysWow64\ff_tremor.dll
[2010.03.03 02:00:00 | 000,100,864 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2010.03.03 02:00:00 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2010.03.03 02:00:00 | 000,010,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.02.06 12:51:15 | 001,499,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.12.30 15:35:33 | 000,000,082 | ---- | C] () -- C:\Windows\VSWizard.ini
[2009.11.14 20:37:08 | 000,154,112 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
[2009.11.14 20:33:38 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
[2009.11.14 20:11:50 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\avss.dll
[2009.11.14 20:11:42 | 000,150,016 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
[2009.11.14 20:11:42 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
[2009.11.14 20:11:40 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
[2009.11.14 20:11:40 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\avi.dll
[2009.11.14 20:11:38 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\avs.dll
[2009.11.14 20:11:32 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
[2009.11.14 20:11:32 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
[2009.11.07 20:28:34 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009.11.07 20:28:34 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009.11.06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009.10.20 20:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009.08.16 12:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009.08.03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.07 18:24:04 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009.01.11 00:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\mmfinfo.dll
[2009.01.05 14:44:10 | 000,000,483 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2007.10.13 11:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\SysWow64\Registration.ini
[2007.02.05 21:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
< End of report >
--- --- ---



[QUOTE=Extras.txt]OTL Logfile:
Code:
OTL Extras logfile created on: 03.07.2010 12:09:07 - Run 3
OTL by OldTimer - Version 3.2.7.0    Folder = C:\Users\Seppl\Downloads
64bit- An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 70,00% Memory free
16,00 Gb Paging File | 13,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 68,36 Gb Total Space | 12,12 Gb Free Space | 17,72% Space Free | Partition Type: NTFS
Drive D: | 195,21 Gb Total Space | 34,55 Gb Free Space | 17,70% Space Free | Partition Type: NTFS
Drive E: | 202,04 Gb Total Space | 85,57 Gb Free Space | 42,35% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SEPPL-PC
Current User Name: Seppl
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- D:\Internet\Internet Programme\firefox.exe (Mozilla Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- D:\Internet\Internet Programme\firefox.exe (Mozilla Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Internet\Internet Programme\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "D:\Internet\Internet Programme\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "D:\Internet\Internet Programme\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "D:\Programme\Ausführende Programme - Player\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "D:\Programme\Ausführende Programme - Player\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "D:\Internet\Internet Programme\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "D:\Internet\Internet Programme\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\Ausführende Programme - Player\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "D:\Programme\Ausführende Programme - Player\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D11240-5C27-4FEF-855E-57AF99C1A538}" = Motorola Driver Installation 4.2.0
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{B0EFB716-085B-4564-8060-212E41F5CE50}" = Windows Live ID-Anmelde-Assistent
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"Win7x64 Components_is1" = Win7x64 Components v1.2.3
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2EF095CE-24AF-4AAA-BB82-85F988EC51C0}" = 1und1 Internet Explorer Add-On
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53FA9A9F-3C19-4D43-AD6B-DEF365D469BA}" = Camtasia Studio 7
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A67911E-8EB5-4F9A-8D8E-1C4CC590B914}" = Motorola Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{75C9CA43-7677-4F89-A971-1104A94DF0F2}" = CSE Demoplayer
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A06714C-F24B-4144-9BA2-788B5DD4F270}_is1" = ICQ Ignore Checker 1.3
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8ED35B48-AFBD-4F32-8271-2257AD8B907E}_is1" = Grand Theft Auto IV - Episodes From Liberty City
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_PROR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{993960EE-CA4D-443F-8F88-E24260DD5FD2}" = LG PC Suite
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4FEA924-630D-11D4-B78E-005004566E4D}" = ViewSonic Monitor Drivers
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CFFCE4FD-0066-4FF4-ACDE-607ED6683841}" = WLAN Card
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"1&1 EasyLogin" = 1&1 EasyLogin
"1STFREE_is1" = 1st Free Solitaire 1.7.1
"1und1 Internet Explorer Add-On" = 1und1 Internet Explorer Add-On
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CPU-Control_is1" = CPU-Control
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free FLV Converter_is1" = Free FLV Converter V 6.7.5
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"FrostWire" = FrostWire 4.20.3
"ICQToolbar" = ICQ Toolbar
"InstallShield_{CFFCE4FD-0066-4FF4-ACDE-607ED6683841}" = WLAN Card
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.2.5 Standard
"Magic ISO Maker v5.5 (build 0265)" = Magic ISO Maker v5.5 (build 0265)
"Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"ManyCam" = ManyCam 2.4 (remove only)
"Messenger Plus! Live" = Messenger Plus! Live
"Messenger_Plus_Live_Germany Toolbar" = Messenger_Plus_Live_Germany Toolbar
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PROR" = Microsoft Office Professional 2007-Testversion
"RealPlayer 12.0" = RealPlayer
"SpeedFan" = SpeedFan (remove only)
"Steam App 10" = Counter-Strike
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 410" = Portal: The First Slice
"TeamViewer 5" = TeamViewer 5
"VLC media player" = VLC media player 1.0.5
"Vuze_Remote Toolbar" = Vuze_Remote Toolbar
"Windows 7 - Codec Pack" = Windows 7 Codec Pack 2.5.0
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 23.06.2010 05:21:27 | Computer Name = Seppl-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 23.06.2010 05:21:59 | Computer Name = Seppl-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "d:\Internet\internet
 programme\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "d:\Internet\internet programme\spybot - search & destroy\DelZip179.dll" in Zeile
 8.  Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 26.06.2010 08:52:26 | Computer Name = Seppl-PC | Source = Application Hang | ID = 1002
Description = Programm xBBrowser.exe, Version 2.0.0.20 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 914    Startzeit:
01cb152e542fedc7    Endzeit: 0    Anwendungspfad: D:\Programme\Nützliche Tools\XB Browser\XeroBank\xBBrowser.exe

Berichts-ID:
 
 
Error - 27.06.2010 18:26:12 | Computer Name = Seppl-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: msnmsgr.exe, Version: 14.0.8089.726,
 Zeitstempel: 0x4a6ce533  Name des fehlerhaften Moduls: PresenceIM.dll, Version: 14.0.8089.726,
 Zeitstempel: 0x4a6ce51e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000104a9  ID des fehlerhaften
 Prozesses: 0x1770  Startzeit der fehlerhaften Anwendung: 0x01cb1647bf925025  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Windows Live\Messenger\PresenceIM.dll
Berichtskennung:
 fd9b15c8-823a-11df-a068-4061862e2a88
 
Error - 29.06.2010 08:33:23 | Computer Name = Seppl-PC | Source = MsiInstaller | ID = 11704
Description =
 
Error - 29.06.2010 08:36:18 | Computer Name = Seppl-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 1.9.2.3828,
 Zeitstempel: 0x4c25a474  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16559,
 Zeitstempel: 0x4ba9b29c  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00022262  ID des fehlerhaften
 Prozesses: 0x1818  Startzeit der fehlerhaften Anwendung: 0x01cb17874a8f2411  Pfad der
 fehlerhaften Anwendung: D:\Internet\Internet Programme\plugin-container.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: e9aa52c9-837a-11df-8969-4061862e2a88
 
Error - 29.06.2010 10:14:28 | Computer Name = Seppl-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: EFLC.exe, Version: 1.1.1.0, Zeitstempel:
 0x4bb19157  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16559, Zeitstempel:
 0x4ba9b29c  Ausnahmecode: 0xc0000264  Fehleroffset: 0x000a1c92  ID des fehlerhaften Prozesses:
 0x560  Startzeit der fehlerhaften Anwendung: 0x01cb17910a638725  Pfad der fehlerhaften
 Anwendung: E:\Grand Theft Auto IV - Episodes From Liberty City\EFLC.exe  Pfad des
 fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: a097c04c-8388-11df-8969-4061862e2a88
 
Error - 29.06.2010 10:14:53 | Computer Name = Seppl-PC | Source = Application Hang | ID = 1002
Description = Programm EFLC.exe, Version 1.1.1.0 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 560    Startzeit:
01cb17910a638725    Endzeit: 591    Anwendungspfad: E:\Grand Theft Auto IV - Episodes From
 Liberty City\EFLC.exe    Berichts-ID: 
 
Error - 02.07.2010 03:48:00 | Computer Name = Seppl-PC | Source = Application Hang | ID = 1002
Description = Programm services.exe, Version 1.3.0.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 810    Startzeit:
01cb19ba71e929e5    Endzeit: 0    Anwendungspfad: C:\Program Files\Internet Explorer\services.exe

Berichts-ID:
 c680e1d7-85ad-11df-8b76-4061862e2a88 
 
Error - 02.07.2010 19:26:09 | Computer Name = Seppl-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in  Manifest- oder
 Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
 
[ System Events ]
Error - 03.05.2010 18:30:10 | Computer Name = Seppl-PC | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen
 Status gemeldet: 32
 
Error - 04.05.2010 04:05:56 | Computer Name = Seppl-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Cursor Acceleration Fix" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%31
 
Error - 04.05.2010 20:15:07 | Computer Name = Seppl-PC | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen
 Status gemeldet: 32
 
Error - 05.05.2010 02:24:29 | Computer Name = Seppl-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Cursor Acceleration Fix" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%31
 
Error - 05.05.2010 03:26:43 | Computer Name = Seppl-PC | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen
 Status gemeldet: 32
 
Error - 05.05.2010 04:41:11 | Computer Name = Seppl-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Cursor Acceleration Fix" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%31
 
Error - 05.05.2010 19:55:04 | Computer Name = Seppl-PC | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen
 Status gemeldet: 32
 
Error - 06.05.2010 04:41:38 | Computer Name = Seppl-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Cursor Acceleration Fix" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%31
 
Error - 06.05.2010 07:38:07 | Computer Name = Seppl-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "TeamViewer 5" wurde unerwartet beendet. Dies ist bereits 1
 Mal passiert.
 
Error - 06.05.2010 07:38:11 | Computer Name = Seppl-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Volumeschattenkopie" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
 
< End of report >
--- --- ---

Larusso 03.07.2010 20:28
Noch Probleme?

Seppl21 03.07.2010 21:28
Ich hatte nie ein Problem bis ich die Mail im Postfach hatte...
Kannst du mir eventuell aufschlüsseln anhand welcher Trojaner etc. die Person an die Daten gelangt ist? Wie sicher siehst du mich nun hingegend zu neuen Angriffen dieser Art? Kann ich nun wie gewohnt wieder die Passwörter eingeben?

lg Seppl

Larusso 04.07.2010 09:17
btw,
Zitat:
Zitat von heike
wer Cracks mag sollte damit umgehen können, und dann nicht zum Heulen auftauchen.
Wie gesagt: wer mit dem Teufel spielt kann sich auch mal verbrennen.
Von Ihrem Niveau können hier viele nur träumen.
Und wenn Du im Forum Hilfe suchst, würde ich nicht blöd rummaulen. Schon gar nicht an Personen die schon über 1000 Beiträge rüber sind.
Tatsache ist, dass Ich wegen dem einen Fund auch den Support einstellen könnte. Da aber nur der eine Scan es als Adware findet, drücke ich ein Auge zu.
Sollte ich nochmals sowas lesen, werde ich mein Auge wieder aufmachen!

Wie die Person an deine Daten gelangt ist, ist schwierig. Pishing Fishing, Backdoor, dafür gibt es viele Wege die ich jetzt nicht aufzählen werde.
100% Garantie kann ich nicht geben das ich alles gefunden habe. Die gibt es nur bei Format C:


Schritt 1

Teatimer abstellen

Mit laufendem TeaTimer von Spybot Search&Destroy lässt sich keine Reinigung durchführen, da er alle gelöschten Einträge wiederherstellt. Der Teatimer muss also während der Reinigungsarbeiten abgestellt werden (lasse den Teatimer so lange ausgeschaltet, bis wir mit der Reinigung fertig sind):
Starte Spybot S&D => stelle im Menü "Modus" den "Erweiterten Modus" ein => klicke dann links unten auf "Werkzeuge" => klicke auf "Resident" => das Häkchen entfernen bei Resident "TeaTimer" (Schutz aller Systemeinstellungen) => Spybot Search&Destroy schließen => Rechner neu starten. Bebilderte Anleitung.


Schritt 2

Peer to peer oder filesharing software

Deine Logfile(s) zeigen mir das Du sogenannte Peer to Peer oder Filesharing Programme verwendest ( Bei Dir Vuze
 ). Diese Programme erlauben es Dir, Daten mit anderen Usern auszutauschen. Heutzutage bekommt Cyber Crime einen immer höher werdenden Status und die Ausmaße sind enorm. Leider ist auch p2p oder Filesharing davon nicht ausgenommen. Es dient auch dazu, infizierte Dateien zu verbreiten und ist auch ein Grund warum sich Malware so schnell verbreitet.
Es ist also möglich, dass Du Dir eine Infizierte Datei herunter ladest. Du kannst niemals wissen, woher diese stammen. Daher sollte diese Art Software mit äusserster Vorsicht benutzt werden.

Ein ebenfalls wichtiger Punkt ist, dass das verbreiten von Media und Entertainment Dateien in den meisten Ländern der Welt gegen Copyright Rechte verstößt.
Du setzt Dich also selbst dem Risiko einer Anklage durch Orginastionen ( oder dem Author der "Datei" selbst ) die diese Rechte überwachen
Natürlich gibt es auch einen legalen Weg zur Nutzung dieses Service. Zum Beispiel zum Downloaden von Linux oder Open Office.
Denoch würde ich Dich ersuchen, diese Art von Software nicht weiterhin zu verwenden.
Bitte gehe zu

Start --> Systemsteuerung --> Software

und deinstalliere (falls vorhanden) Vuze

Bitte sag bescheid wenn Du eines der gelisteten Software nicht finden kannst.


Deinstalliere ebenfalls SuperAntiSpyware


Schritt 3
Code:
:OTL
O3 - HKLM\..\Toolbar: (no name) - {542e4d79-1970-4e95-9862-fdb96f61b280} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {542E4D79-1970-4E95-9862-FDB96F61B280} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Microsoft Updat] C:\Program Files\Internet Explorer\services.exe File not found
:reg
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoActiveDesktop"=Dword:00000000
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoActiveDesktopChanges"=Dword:00000000
:services
:files
:Commands
[purity]
[emptytemp]
[resethosts]
[reboot]
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


Schritt 4

Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.


Bitte poste in Deiner nächsten Antwort
OTLFixLog
OTL.txt
Extras.txt

Seppl21 04.07.2010 10:24
huhu danke das du weiterhin supportest :)
Ich wusste nicht das das hier mit berücksichtigt wird.
Nun du meintest ich soll Vuze aufgrund rechtlicher Verfolgung und Virengefahr einstellen...
Ich brauche aber diese Art von Netzwerk, da ich mir dort viele brauchbare Datein besorgt habe. Mir wäre es aber lieber und das habe ich nun auch durch diesen Angriff verstanden, wenn ich anonymer sein könnte. Ich hörte das es da eine Möglichkeit mit Tor gibt? Gibt es eventuell ein Netzwerk, indem man nicht gezwungen wird, Daten zu verteilen? Denn soweit ich weiß, steht ausschließlich das im deutschen Recht unter Strafe.

Hier nun die gefoderten Logs:

Zitat:
Zitat von OTLFixLog
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{542e4d79-1970-4e95-9862-fdb96f61b280} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{542e4d79-1970-4e95-9862-fdb96f61b280}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{542E4D79-1970-4E95-9862-FDB96F61B280} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{542E4D79-1970-4E95-9862-FDB96F61B280}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft Updat not found.
========== REGISTRY ==========
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\"NoActiveDesktop"|Dword:00000000 /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\"NoActiveDesktopChanges"|Dword:00000000 /E : value set successfully!
========== SERVICES/DRIVERS ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Seppl
->Temp folder emptied: 110322180 bytes
->Temporary Internet Files folder emptied: 8016989 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 78037066 bytes
->Flash cache emptied: 1806 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3040 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 200312 bytes

Total Files Cleaned = 188,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Error: Unable to interpret <[reboot> in the current context!

OTL by OldTimer - Version 3.2.7.0 log created on 07042010_110900

Files\Folders moved on Reboot...
C:\Users\Seppl\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Seppl\AppData\Local\Temp\SASDF56.tmp not found!

Registry entries deleted on Reboot...
OTL.txt

OTL Logfile:
Code:
OTL logfile created on: 04.07.2010 11:13:04 - Run 4
OTL by OldTimer - Version 3.2.7.0    Folder = C:\Users\Seppl\Downloads
64bit- An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 79,00% Memory free
16,00 Gb Paging File | 14,00 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 68,36 Gb Total Space | 12,36 Gb Free Space | 18,08% Space Free | Partition Type: NTFS
Drive D: | 195,21 Gb Total Space | 34,55 Gb Free Space | 17,70% Space Free | Partition Type: NTFS
Drive E: | 202,04 Gb Total Space | 85,57 Gb Free Space | 42,35% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SEPPL-PC
Current User Name: Seppl
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Processes (SafeList) ==========
 
PRC - [2010.07.02 21:00:29 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Seppl\Downloads\OTL.exe
PRC - [2010.06.27 18:57:37 | 000,910,296 | ---- | M] (Mozilla Corporation) -- D:\Internet\Internet Programme\firefox.exe
PRC - [2010.06.27 18:57:37 | 000,014,808 | ---- | M] (Mozilla Corporation) -- D:\Internet\Internet Programme\plugin-container.exe
PRC - [2010.06.02 16:58:20 | 000,246,520 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
PRC - [2010.04.12 17:29:28 | 000,023,328 | ---- | M] (Sun Microsystems, Inc.) -- C:\PROGRA~2\Java\jre6\bin\jp2launcher.exe
PRC - [2010.04.12 17:29:25 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\java.exe
PRC - [2010.03.18 11:26:08 | 000,172,328 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2009.11.09 11:02:42 | 001,053,848 | ---- | M] () -- C:\Windows\SysWOW64\ieconfig_1und1_svc.exe
PRC - [2009.09.30 20:58:42 | 000,026,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
PRC - [2009.09.27 17:48:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009.07.26 17:44:14 | 003,883,840 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
PRC - [2009.07.21 15:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.07.20 05:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2009.05.13 17:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2009.03.02 14:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2003.05.15 22:42:26 | 000,529,920 | ---- | M] (ASKEY) -- C:\Windows\SysWOW64\Atray.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.07.02 21:00:29 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Seppl\Downloads\OTL.exe
MOD - [2009.07.20 05:00:00 | 000,038,912 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\x86\lgscroll.dll
MOD - [2009.07.14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
MOD - [2009.06.10 23:23:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.11.15 17:30:19 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009.07.14 03:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009.07.14 03:41:54 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\StorSvc.dll -- (StorSvc)
SRV:64bit: - [2009.07.14 03:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009.07.14 03:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009.03.30 18:19:56 | 002,297,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.06.02 16:58:20 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.03.18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 11:26:08 | 000,172,328 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009.12.30 00:59:29 | 000,321,320 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009.11.15 17:30:17 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.11.09 11:02:42 | 001,053,848 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ieconfig_1und1_svc.exe -- (serviceIEConfig)
SRV - [2009.10.20 20:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009.09.27 17:48:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009.07.21 15:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.07.20 13:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.07.14 05:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)
SRV - [2009.07.14 05:20:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2009.07.14 03:16:19 | 000,348,672 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009.07.13 22:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009.05.13 17:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.10.25 12:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2007.05.31 18:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 18:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2010.03.11 11:17:14 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2010.01.27 20:09:04 | 000,007,808 | ---- | M] (SweetLow) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidusbf.sys -- (hidusbf)
DRV:64bit: - [2010.01.21 03:03:10 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2010.01.21 03:03:08 | 000,033,280 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2010.01.21 03:03:06 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2009.12.20 15:37:36 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.12.07 17:00:50 | 000,074,880 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2009.11.17 18:01:20 | 000,294,400 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.10.27 13:10:18 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem)
DRV:64bit: - [2009.10.20 20:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009.07.14 15:35:40 | 000,226,616 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009.07.14 03:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009.07.14 03:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009.07.14 01:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009.07.14 01:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009.07.08 01:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.06.19 18:07:44 | 000,020,992 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)
DRV:64bit: - [2009.06.17 10:54:46 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2009.06.17 10:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009.06.17 10:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.08 12:56:26 | 000,053,632 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motodrv.sys -- (MotDev)
DRV:64bit: - [2009.05.04 18:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009.01.29 18:18:12 | 000,009,216 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl)
DRV:64bit: - [2008.11.04 04:20:56 | 000,098,144 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2008.06.27 08:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2008.03.13 09:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
DRV:64bit: - [2008.02.09 21:16:52 | 000,005,152 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\wcafix.sys -- (wcafix)
DRV:64bit: - [2007.05.09 22:50:48 | 000,050,208 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2007.05.09 22:46:48 | 001,127,328 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV:64bit: - [2007.05.09 22:46:36 | 000,016,032 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)
DRV - [2009.11.07 20:13:32 | 000,000,000 | ---D | M] [Kernel | System | Running] -- C:\Windows\CSC -- (CSC)
DRV - [2009.06.10 23:28:14 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2009.06.10 23:15:18 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2008.08.14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\adfs.sys -- (adfs)
DRV - [2007.02.07 20:27:46 | 000,014,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google search
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Google search [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 32 24 01 D2 DF 5F CA 01  [binary data]
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {542e4d79-1970-4e95-9862-fdb96f61b280} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/home"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: {df4e4df5-5cb7-46b0-9aef-6c784c3249f8}:1.0.8
FF - prefs.js..extensions.enabledItems: locationbar2@design-noir.de:1.0.5
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.97
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.6
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\ClickPotatoLite@ClickPotatoLite.com: C:\Program Files (x86)\ClickPotatoLite\bin\10.0.511.0\firefox\extensions
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.06.29 14:34:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: D:\Internet Programme\components
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: D:\Internet Programme\plugins
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: D:\Internet\Internet Programme\components [2010.06.29 14:33:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: D:\Internet\Internet Programme\plugins [2010.07.01 19:42:30 | 000,000,000 | ---D | M]
 
[2009.11.07 21:37:52 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\mozilla\Extensions
[2010.07.03 21:37:38 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions
[2010.06.26 10:30:37 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009.11.08 20:35:24 | 000,000,000 | ---D | M] (TorrentBar) -- C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{7b821b0e-b102-4f9b-b6e3-433ede1fe379}
[2010.06.17 13:48:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.05.15 09:13:14 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009.11.08 20:35:25 | 000,000,000 | ---D | M] () -- C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{a7101e54-830c-4d33-a3ed-bedc17ec44da}
[2010.04.16 08:39:30 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.01.08 17:03:45 | 000,000,000 | ---D | M] (Fox!Box) -- C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}
[2009.11.08 20:35:25 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.03.06 18:23:11 | 000,000,000 | ---D | M] -- C:\Users\Seppl\AppData\Roaming\mozilla\Firefox\Profiles\aoyg1g3i.default\extensions\locationbar2@design-noir.de
[2010.06.27 09:17:04 | 000,000,950 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-1.xml
[2009.09.11 10:44:03 | 000,000,961 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-10.xml
[2009.10.13 12:02:28 | 000,000,961 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-11.xml
[2009.10.13 12:13:24 | 000,000,961 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-12.xml
[2009.10.13 12:13:48 | 000,000,961 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-13.xml
[2009.10.13 12:21:50 | 000,000,961 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-14.xml
[2009.10.21 21:39:22 | 000,000,961 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-15.xml
[2010.06.27 18:57:42 | 000,000,950 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-16.xml
[2009.03.30 17:01:06 | 000,000,950 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-2.xml
[2009.05.05 17:23:41 | 000,000,950 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-3.xml
[2009.06.01 14:08:56 | 000,000,950 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-4.xml
[2009.06.02 00:01:36 | 000,000,950 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-5.xml
[2009.06.08 18:59:31 | 000,000,950 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-6.xml
[2009.07.06 16:07:41 | 000,000,950 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-7.xml
[2009.07.23 22:43:52 | 000,000,950 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-8.xml
[2009.08.05 15:45:19 | 000,000,950 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin-9.xml
[2010.06.17 13:48:39 | 000,000,168 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin.gif
[2010.06.17 13:48:39 | 000,000,618 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin.src
[2010.05.12 18:40:06 | 000,001,042 | ---- | M] () -- C:\Users\Seppl\AppData\Roaming\Mozilla\FireFox\Profiles\aoyg1g3i.default\searchplugins\icqplugin.xml
 
O1 HOSTS File: ([2010.07.04 11:09:24 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1      localhost
O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (1&&1 Internet AG Browser Configuration by mquadr.at) - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\Windows\SysWOW64\ieconfig_1und1.dll (mquadr.at software engineering und consulting GmbH)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Microsoft Updat] C:\Program Files\Internet Explorer\services.exe File not found
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [atray] atray.exe (ASKEY)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [mumservice] C:\Program Files\Motorola\Software Update\mumservice.exe File not found
O4 - HKLM..\Run: [RestartNeroSetup] C:\Program Files (x86)\Common Files\Ahead\Nero Web\SetupX.exe File not found
O4 - HKCU..\Run: [\\GOLDBACH\EPSON Stylus DX5000 Series] C:\Windows\SysWow64\spool\DRIVERS\x64\3\E_FATIBVE.EXE File not found
O4 - HKCU..\Run: [1&1 EasyLogin] D:\Internet Programme\1&1 EasyLogin\EasyLogin.exe File not found
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] D:\Programme\Nützliche Tools\daemon tool\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EPSON Stylus DX5000 Series] C:\Windows\SysWow64\spool\DRIVERS\x64\3\E_FATIBVE.EXE File not found
O4 - HKCU..\Run: [ICQ] D:\Internet\Internet Programme\ICQ6.5\ICQ.exe File not found
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Steam] e:\steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Seppl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1&1 EasyLogin.lnk = D:\Internet\Internet Programme\1&1 EasyLogin\EasyLogin.exe (1&1 Internet AG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.2
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Programme\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\LIVESSP.DLL (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\LIVESSP.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.07.02 23:32:27 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010.07.02 23:32:25 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010.07.02 23:22:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.07.02 20:45:00 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Roaming\Malwarebytes
[2010.07.02 20:44:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.07.02 20:44:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.07.02 20:44:30 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.07.02 20:44:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.07.02 17:36:53 | 000,000,000 | ---D | C] -- C:\Windows\BDOSCAN8
[2010.06.29 15:38:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2010.06.29 14:37:07 | 000,000,000 | ---D | C] -- C:\Users\Seppl\Documents\Downloads
[2010.06.29 14:36:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BabelFish
[2010.06.29 14:34:09 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Local\Real
[2010.06.29 14:33:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2010.06.29 14:33:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2010.06.29 14:33:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2010.06.29 14:33:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Real
[2010.06.29 14:33:44 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Roaming\Real
[2010.06.29 14:33:18 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Local\Google
[2010.06.29 14:33:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2010.06.29 14:08:18 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Local\Apps
[2010.06.29 14:08:17 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Local\Deployment
[2010.06.29 14:08:10 | 000,000,000 | ---D | C] -- C:\Users\Seppl\Desktop\Personalausweis
[2010.06.24 02:28:13 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2010.06.24 02:28:13 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2010.06.24 02:28:13 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2010.06.24 02:28:13 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2010.06.24 02:28:13 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010.06.24 02:28:13 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2010.06.24 02:28:13 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2010.06.24 02:28:13 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2010.06.24 02:03:27 | 001,736,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2010.06.24 02:03:23 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010.06.24 02:03:22 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010.06.24 02:03:22 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010.06.24 02:03:22 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010.06.24 02:03:22 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2010.06.24 02:03:22 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010.06.24 02:03:22 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2010.06.23 11:57:30 | 000,000,000 | ---D | C] -- C:\Users\Seppl\Desktop\Fakecam
[2010.06.17 13:48:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ6Toolbar
[2010.06.17 13:48:39 | 000,000,000 | ---D | C] -- C:\ProgramData\ICQ
[2010.06.17 13:45:56 | 000,000,000 | ---D | C] -- C:\Users\Seppl\AppData\Local\AOL
[2010.06.17 13:45:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.2
[2010.06.14 17:21:33 | 000,000,000 | ---D | C] -- C:\Users\Seppl\Desktop\Screens
[2010.06.13 01:21:22 | 000,000,000 | ---D | C] -- C:\Users\Seppl\Documents\FIFA 10
[2010.06.09 17:14:57 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010.06.09 17:14:57 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010.06.09 17:14:57 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010.06.09 17:14:57 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.07.04 11:11:52 | 010,485,760 | -HS- | M] () -- C:\Users\Seppl\NTUSER.DAT
[2010.07.04 11:10:32 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.07.04 11:10:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.07.04 11:10:11 | 2146,099,199 | -HS- | M] () -- C:\hiberfil.sys
[2010.07.04 11:09:31 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.07.04 11:09:30 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.07.04 11:09:28 | 003,118,059 | -H-- | M] () -- C:\Users\Seppl\AppData\Local\IconCache.db
[2010.07.04 11:09:24 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2010.07.02 20:44:34 | 000,001,016 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.01 19:42:30 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.06.29 14:56:29 | 000,408,679 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100702-173103.backup
[2010.06.29 14:41:42 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.06.29 14:34:00 | 000,001,955 | ---- | M] () -- C:\Users\Public\Desktop\Free Games & Music.lnk
[2010.06.29 14:34:00 | 000,001,271 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2010.06.29 14:33:58 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2010.06.29 14:33:57 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2010.06.29 14:33:57 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2010.06.29 14:33:47 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp71.dll
[2010.06.29 14:33:47 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll
[2010.06.27 19:08:38 | 000,016,384 | ---- | M] () -- C:\Users\Seppl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.26 02:15:58 | 001,522,302 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.06.26 02:15:58 | 000,657,438 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.06.26 02:15:58 | 000,618,714 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.06.26 02:15:58 | 000,130,810 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.06.26 02:15:58 | 000,107,034 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.06.20 17:17:17 | 001,245,744 | ---- | M] () -- C:\Users\Seppl\Desktop\IMG_0020.JPG
[2010.06.19 20:30:58 | 001,341,830 | ---- | M] () -- C:\Users\Seppl\Desktop\Sample Pictures2.jpg
[2010.06.19 20:30:42 | 001,618,145 | ---- | M] () -- C:\Users\Seppl\Desktop\Sample Pictures6.jpg
[2010.06.19 20:30:23 | 000,050,348 | ---- | M] () -- C:\Users\Seppl\Desktop\kiss.jpg
[2010.06.17 13:48:52 | 000,001,831 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7.2.lnk
[2010.06.15 14:13:38 | 000,007,603 | ---- | M] () -- C:\Users\Seppl\AppData\Local\Resmon.ResmonCfg
[2010.06.09 22:18:50 | 003,017,928 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2010.07.02 20:44:34 | 000,001,016 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.29 14:41:42 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.06.29 14:34:00 | 000,001,955 | ---- | C] () -- C:\Users\Public\Desktop\Free Games & Music.lnk
[2010.06.29 14:34:00 | 000,001,271 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2010.06.20 17:16:53 | 001,245,744 | ---- | C] () -- C:\Users\Seppl\Desktop\IMG_0020.JPG
[2010.06.19 20:30:30 | 001,341,830 | ---- | C] () -- C:\Users\Seppl\Desktop\Sample Pictures2.jpg
[2010.06.19 20:30:21 | 000,050,348 | ---- | C] () -- C:\Users\Seppl\Desktop\kiss.jpg
[2010.06.19 20:30:09 | 001,618,145 | ---- | C] () -- C:\Users\Seppl\Desktop\Sample Pictures6.jpg
[2010.06.17 13:48:52 | 000,001,831 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7.2.lnk
[2010.06.13 00:05:11 | 000,149,254 | ---- | C] () -- C:\Users\Seppl\Desktop\Melly453.jpg
[2010.06.13 00:05:07 | 000,169,356 | ---- | C] () -- C:\Users\Seppl\Desktop\mel270100000.jpg
[2010.04.13 22:41:37 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2010.03.03 02:00:00 | 004,555,278 | ---- | C] () -- C:\Windows\SysWow64\libavcodec.dll
[2010.03.03 02:00:00 | 001,449,935 | ---- | C] () -- C:\Windows\SysWow64\ffmpegmt.dll
[2010.03.03 02:00:00 | 000,882,688 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010.03.03 02:00:00 | 000,877,385 | ---- | C] () -- C:\Windows\SysWow64\ff_x264.dll
[2010.03.03 02:00:00 | 000,556,491 | ---- | C] () -- C:\Windows\SysWow64\libmplayer.dll
[2010.03.03 02:00:00 | 000,336,384 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
[2010.03.03 02:00:00 | 000,324,096 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2010.03.03 02:00:00 | 000,248,320 | ---- | C] () -- C:\Windows\SysWow64\ff_kernelDeint.dll
[2010.03.03 02:00:00 | 000,216,576 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2010.03.03 02:00:00 | 000,169,984 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2010.03.03 02:00:00 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2010.03.03 02:00:00 | 000,145,408 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2010.03.03 02:00:00 | 000,121,856 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2010.03.03 02:00:00 | 000,116,736 | ---- | C] () -- C:\Windows\SysWow64\ff_tremor.dll
[2010.03.03 02:00:00 | 000,100,864 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2010.03.03 02:00:00 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2010.03.03 02:00:00 | 000,010,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.02.06 12:51:15 | 001,499,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.12.30 15:35:33 | 000,000,082 | ---- | C] () -- C:\Windows\VSWizard.ini
[2009.11.14 20:37:08 | 000,154,112 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
[2009.11.14 20:33:38 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
[2009.11.14 20:11:50 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\avss.dll
[2009.11.14 20:11:42 | 000,150,016 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
[2009.11.14 20:11:42 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
[2009.11.14 20:11:40 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
[2009.11.14 20:11:40 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\avi.dll
[2009.11.14 20:11:38 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\avs.dll
[2009.11.14 20:11:32 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
[2009.11.14 20:11:32 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
[2009.11.07 20:28:34 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009.11.07 20:28:34 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009.11.06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009.10.20 20:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009.08.16 12:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009.08.03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.07 18:24:04 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009.01.11 00:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\mmfinfo.dll
[2009.01.05 14:44:10 | 000,000,483 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2007.10.13 11:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\SysWow64\Registration.ini
[2007.02.05 21:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
< End of report >
--- --- ---

Seppl21 04.07.2010 10:25
Hier der Extras.txt

OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 04.07.2010 11:13:04 - Run 4
OTL by OldTimer - Version 3.2.7.0    Folder = C:\Users\Seppl\Downloads
64bit- An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 79,00% Memory free
16,00 Gb Paging File | 14,00 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 68,36 Gb Total Space | 12,36 Gb Free Space | 18,08% Space Free | Partition Type: NTFS
Drive D: | 195,21 Gb Total Space | 34,55 Gb Free Space | 17,70% Space Free | Partition Type: NTFS
Drive E: | 202,04 Gb Total Space | 85,57 Gb Free Space | 42,35% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SEPPL-PC
Current User Name: Seppl
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- D:\Internet\Internet Programme\firefox.exe (Mozilla Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- D:\Internet\Internet Programme\firefox.exe (Mozilla Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Internet\Internet Programme\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "D:\Internet\Internet Programme\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "D:\Internet\Internet Programme\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "D:\Programme\Ausführende Programme - Player\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "D:\Programme\Ausführende Programme - Player\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "D:\Internet\Internet Programme\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "D:\Internet\Internet Programme\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\Ausführende Programme - Player\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "D:\Programme\Ausführende Programme - Player\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D11240-5C27-4FEF-855E-57AF99C1A538}" = Motorola Driver Installation 4.2.0
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{B0EFB716-085B-4564-8060-212E41F5CE50}" = Windows Live ID-Anmelde-Assistent
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"Win7x64 Components_is1" = Win7x64 Components v1.2.3
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2EF095CE-24AF-4AAA-BB82-85F988EC51C0}" = 1und1 Internet Explorer Add-On
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53FA9A9F-3C19-4D43-AD6B-DEF365D469BA}" = Camtasia Studio 7
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A67911E-8EB5-4F9A-8D8E-1C4CC590B914}" = Motorola Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{75C9CA43-7677-4F89-A971-1104A94DF0F2}" = CSE Demoplayer
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A06714C-F24B-4144-9BA2-788B5DD4F270}_is1" = ICQ Ignore Checker 1.3
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8ED35B48-AFBD-4F32-8271-2257AD8B907E}_is1" = Grand Theft Auto IV - Episodes From Liberty City
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_PROR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{993960EE-CA4D-443F-8F88-E24260DD5FD2}" = LG PC Suite
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4FEA924-630D-11D4-B78E-005004566E4D}" = ViewSonic Monitor Drivers
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CFFCE4FD-0066-4FF4-ACDE-607ED6683841}" = WLAN Card
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"1&1 EasyLogin" = 1&1 EasyLogin
"1STFREE_is1" = 1st Free Solitaire 1.7.1
"1und1 Internet Explorer Add-On" = 1und1 Internet Explorer Add-On
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CPU-Control_is1" = CPU-Control
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free FLV Converter_is1" = Free FLV Converter V 6.7.5
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"FrostWire" = FrostWire 4.20.3
"ICQToolbar" = ICQ Toolbar
"InstallShield_{CFFCE4FD-0066-4FF4-ACDE-607ED6683841}" = WLAN Card
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.2.5 Standard
"Magic ISO Maker v5.5 (build 0265)" = Magic ISO Maker v5.5 (build 0265)
"Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"ManyCam" = ManyCam 2.4 (remove only)
"Messenger Plus! Live" = Messenger Plus! Live
"Messenger_Plus_Live_Germany Toolbar" = Messenger_Plus_Live_Germany Toolbar
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PROR" = Microsoft Office Professional 2007-Testversion
"RealPlayer 12.0" = RealPlayer
"SpeedFan" = SpeedFan (remove only)
"Steam App 10" = Counter-Strike
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 410" = Portal: The First Slice
"TeamViewer 5" = TeamViewer 5
"VLC media player" = VLC media player 1.0.5
"Vuze_Remote Toolbar" = Vuze_Remote Toolbar
"Windows 7 - Codec Pack" = Windows 7 Codec Pack 2.5.0
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 23.06.2010 05:21:27 | Computer Name = Seppl-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 23.06.2010 05:21:59 | Computer Name = Seppl-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "d:\Internet\internet
 programme\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "d:\Internet\internet programme\spybot - search & destroy\DelZip179.dll" in Zeile
 8.  Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 26.06.2010 08:52:26 | Computer Name = Seppl-PC | Source = Application Hang | ID = 1002
Description = Programm xBBrowser.exe, Version 2.0.0.20 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 914    Startzeit:
01cb152e542fedc7    Endzeit: 0    Anwendungspfad: D:\Programme\Nützliche Tools\XB Browser\XeroBank\xBBrowser.exe

Berichts-ID:
 
 
Error - 27.06.2010 18:26:12 | Computer Name = Seppl-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: msnmsgr.exe, Version: 14.0.8089.726,
 Zeitstempel: 0x4a6ce533  Name des fehlerhaften Moduls: PresenceIM.dll, Version: 14.0.8089.726,
 Zeitstempel: 0x4a6ce51e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000104a9  ID des fehlerhaften
 Prozesses: 0x1770  Startzeit der fehlerhaften Anwendung: 0x01cb1647bf925025  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Windows Live\Messenger\PresenceIM.dll
Berichtskennung:
 fd9b15c8-823a-11df-a068-4061862e2a88
 
Error - 29.06.2010 08:33:23 | Computer Name = Seppl-PC | Source = MsiInstaller | ID = 11704
Description =
 
Error - 29.06.2010 08:36:18 | Computer Name = Seppl-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 1.9.2.3828,
 Zeitstempel: 0x4c25a474  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16559,
 Zeitstempel: 0x4ba9b29c  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00022262  ID des fehlerhaften
 Prozesses: 0x1818  Startzeit der fehlerhaften Anwendung: 0x01cb17874a8f2411  Pfad der
 fehlerhaften Anwendung: D:\Internet\Internet Programme\plugin-container.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: e9aa52c9-837a-11df-8969-4061862e2a88
 
Error - 29.06.2010 10:14:28 | Computer Name = Seppl-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: EFLC.exe, Version: 1.1.1.0, Zeitstempel:
 0x4bb19157  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16559, Zeitstempel:
 0x4ba9b29c  Ausnahmecode: 0xc0000264  Fehleroffset: 0x000a1c92  ID des fehlerhaften Prozesses:
 0x560  Startzeit der fehlerhaften Anwendung: 0x01cb17910a638725  Pfad der fehlerhaften
 Anwendung: E:\Grand Theft Auto IV - Episodes From Liberty City\EFLC.exe  Pfad des
 fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: a097c04c-8388-11df-8969-4061862e2a88
 
Error - 29.06.2010 10:14:53 | Computer Name = Seppl-PC | Source = Application Hang | ID = 1002
Description = Programm EFLC.exe, Version 1.1.1.0 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 560    Startzeit:
01cb17910a638725    Endzeit: 591    Anwendungspfad: E:\Grand Theft Auto IV - Episodes From
 Liberty City\EFLC.exe    Berichts-ID: 
 
Error - 02.07.2010 03:48:00 | Computer Name = Seppl-PC | Source = Application Hang | ID = 1002
Description = Programm services.exe, Version 1.3.0.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 810    Startzeit:
01cb19ba71e929e5    Endzeit: 0    Anwendungspfad: C:\Program Files\Internet Explorer\services.exe

Berichts-ID:
 c680e1d7-85ad-11df-8b76-4061862e2a88 
 
Error - 02.07.2010 19:26:09 | Computer Name = Seppl-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in  Manifest- oder
 Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
 
[ System Events ]
Error - 03.05.2010 18:30:10 | Computer Name = Seppl-PC | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen
 Status gemeldet: 32
 
Error - 04.05.2010 04:05:56 | Computer Name = Seppl-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Cursor Acceleration Fix" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%31
 
Error - 04.05.2010 20:15:07 | Computer Name = Seppl-PC | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen
 Status gemeldet: 32
 
Error - 05.05.2010 02:24:29 | Computer Name = Seppl-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Cursor Acceleration Fix" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%31
 
Error - 05.05.2010 03:26:43 | Computer Name = Seppl-PC | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen
 Status gemeldet: 32
 
Error - 05.05.2010 04:41:11 | Computer Name = Seppl-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Cursor Acceleration Fix" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%31
 
Error - 05.05.2010 19:55:04 | Computer Name = Seppl-PC | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen
 Status gemeldet: 32
 
Error - 06.05.2010 04:41:38 | Computer Name = Seppl-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Cursor Acceleration Fix" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%31
 
Error - 06.05.2010 07:38:07 | Computer Name = Seppl-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "TeamViewer 5" wurde unerwartet beendet. Dies ist bereits 1
 Mal passiert.
 
Error - 06.05.2010 07:38:11 | Computer Name = Seppl-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Volumeschattenkopie" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
 
< End of report >
--- --- ---

Larusso 04.07.2010 10:36
Vuze ist noch vorhanden. Ebenfalls Frostwire (p2p Cleint). Ist deine Entscheidung.

Deinstalliere bitte Vuze_Remote Toolbar

Logfile ist sauber :daumenhoc

Hier noch die letzten paar Schritte zur Säuberung Deines Rechners.


Schritt 1

Tool CleanUp

Starte bitte die OTL.exe.
Klicke nun auf den Bereinigung Button. Dies wird die meisten Tools und Logfiles entfernen.
Sollte denoch etwas bestehen bleiben, bitte manuell entfernen sowie den Papierkorb leeren.


Schritt 2

Automatische Updates

Sehen wir nach ob die Updates für Windows sich automatisch downloaden. Das ist der beste Weg um all die Sicherheits- Patches und Fixes zu erhalten.

Windows + R Taste drücken. Kopiere nun folgenden Text in die Kommandozeile

RunDll32.exe shell32.dll,Control_RunDLL wscui.cpl

und klicke auf OK.
Stelle sicher das die automatischen Updates aktiviert sind.


Schritt 3

Um Dich für die Zukunft vor weiteren Infizierungen zu schützen empfehle ich Dir noch ein paar Programme.
  • SpywareBlaster
    Ein Tutorial zur Verwendung findest Du Hier

  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
    Hinweis: MBAM ersetzt keine Anti- Viren- Software.

  • Temp File Cleaner
    TFC ist ein wirklich starkes Tool zum entfernen von Temp Dateien vom IE und WIndows, leert den Papierkorb und noch viel mehr.
    Ausserdem hilft es Deinen Computer zu beschleunigen.
    Du kannst Dir TFC ( by OldTimer ) hier downloaden.

  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.

  • Halte Dein System aktuell
    Ich kann gar nicht oft genug betonen, wie wichtig es ist, dass der PC auf dem aktuellsten Stand der Dinge ist.
    Es werden oft genug Sicherheitslücken in Windows eigenen Anwendungen gefunden. Diese "Löcher" gehören entfernt, weil Angreifer diese womöglich nutzen um unauthorisiert auf Dein System zu zugreifen.
    Jeden zweiten Dienstag im Monat ist Update Tag. Besuche bitte dazu die Microsoft Update Seite.

  • Halte Deine Software aktuell
    Der einfachste Weg dafür ist der Secunia Online Software.


Schritt 4

Tipps für sicheres Surfen

Das sind meine Vorschläge.
Verwende einen alternativen Browser statt den IE.
Ich empfehle Mozilla Firefox.

Für Firefox gibt es verschiedenste AddOns um sicher durch das WWW zu kommen.
  • NoScript
    Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.

  • AdblockPlus
    Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
    Es spart ausserdem Downloadkapazität.

  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Seppl21 04.07.2010 11:56
Wow danke für die zahlreichen Tipps. Ich bin für sowas sehr denkbar, denn ich war vorkurzem noch selbst Admin, in einen deutschsprachigen Chat und dort kam es oft vor, das Nicks entwendet wurden. Bereits schon da hat das APT = Anti Phishing Team Aufklärung geleistet, doch auf solche Kleinigkeiten ging niemand ein.

Ich habe die Vuze_Remote Toolbar erfolgreich entfernt, die anderen zwei p2p Clients entferne ich erst dann, wenn ich bessere gefunden habe. Leider konntest du mir zwecks Rechtssicherheit und Anonymität keine Hilfestellung bieten (Wie wäre es denn mit rapidshare?). Aber ich kann mich dazu ja nochmal im Netz schlau machen.

Windows habe ich immer auf dem neusten Stand und automatische Updates sind bei mir an der Tagesordnung. Was sagst du eigentlich zu den Vorwürfen, Windows würde durch diverse Updates und Programme, die bspw. Fehlermeldung zurück zur Zentrale schicken, Nutzerverhalten analysieren oder anderweitige Daten schicken, die Datenschutzrechtlich relevant wären?

-lach-

hättest du mir gesagt das bei dem Button Bereinigung das ganze Tool entfernt werden würde und ein Neustart zur Folge hätte, hätte ich mich drauf einstellen können gg.

Da der spywareblaster nur in der kommerziellen Version automatische updates bietet und der Hintergrundwächter nur bei Spybot Search and Destroy + den Teatimer läuft , wäre es da ratsam, dass weiterhin laufen zu lassen oder ist das Programm nur deshalb so oft von Zeitschriten angepriesen wurden, da es sich gut verkauft? Denn soweit ich weiß sollte man keine Antivirenprogramme gleichzeitig laufen lassen und ich denke das gilt auch bei Antispywareprogrammen.

Schade das du die Zusammenfassung von dem - MVPs hosts file - nur in englisch gefunden hast, denn ich war in Englisch schon immer schlecht. Dieses TUT da, besteht aber ausschließlich nur aus englisch. Wäre dir sehr dankbar wenn du da eine gute Übersetzung finden, anbieten oder anderweite Erklärung auf deutsch mir vorlegen könntest.

Tipp 4 hatte ich bereits als Admin bei mir konfiguriert, da mal etliche Admins durch Java/Javascript, schon beim betreten einer Phinshingseite ihr PW ungewollt weitergegeben haben. Da aktive Elemente eigenständig agieren, ist das natürlich eine hohe Sicherheitsgefahr.

Nun ich hätte noch eine Frage zu dem Speichern von PW in Firefox. Als Regel gilt ja, das man diese nicht speichern soll. Was ist denn, wenn ich ein Masterpasswort festgelegt hätte, hätte dann der Erpresser trotzdem an alle PW gelangen können oder nur dann wenn ich sie selbst eingebe?

lg

Marco


P.S derzeit bin ich in ein Chat durch ein Häckchen im Kästchen, mit einen festen Passwort belegt, welches nun natürlich nicht mehr stimmt und automatisch generiert wird. Wie schaffe ich das PW zu löschen, sodass es nicht mehr generiert wurde? Im Chat konnte man mir bis jetzt da noch nicht helfen. Wenn das Häckchen im Kästchen entfernt wird, wird es denoch beim neuladen der Seite generiert..

Larusso 04.07.2010 12:20
Sorry, die Frage hab ich übersehen.

Zitat:
Ich brauche aber diese Art von Netzwerk, da ich mir dort viele brauchbare Datein besorgt habe
Ich seh auch welche :kloppen:

Zitat:
wenn ich anonymer sein könnte
Gibt es nicht im Netz, alle Daten was Du egal wo eingibst, können rausgefunden werden.
Ich halte von Tor etc nichts. Ich hab nur gelesen das es die Geschwindigkeit von Netz erheblich einschränkt. Persönlich hab ich keine Erfahrung damit.

Zitat:
Denn soweit ich weiß, steht ausschließlich das im deutschen Recht unter Strafe.
Copyright gilt in den meisten Ländern.


Zitat:
Da der spywareblaster nur in der kommerziellen Version automatische updates bietet und der Hintergrundwächter nur bei Spybot Search and Destroy + den Teatimer läuft
ABer Manuell geht es ohne Probleme.
Ich (und viele andere) persönlich empfehlen Spybot nicht, erkennungsrate ist schlecht, entfernen vom Gefunden schon bei 0%.
Und der TeaTimer nervt.

Zitat:
keine Antivirenprogramme gleichzeitig laufen lassen und ich denke das gilt auch bei Antispywareprogrammen
Richtig

Zitat:
Windows würde durch diverse Updates und Programme, die bspw. Fehlermeldung zurück zur Zentrale schicken, Nutzerverhalten analysieren oder anderweitige Daten schicken, die Datenschutzrechtlich relevant wären?
Sage ich nichts zu. Vorwerfen kann ich jedem etwas. Sogar Google analysiert das Surfverhalten.

Zitat:
Schade das du die Zusammenfassung von dem - MVPs hosts file - nur in englisch gefunden hast
Google einmal was die HOSTS file macht, was anderes wird dort nicht erklärt.

Zitat:
Nun ich hätte noch eine Frage zu dem Speichern von PW in Firefox
Sollte man nicht. Aber wer machts nicht ? ;)

Zitat:
hätte dann der Erpresser trotzdem an alle PW gelangen können oder nur dann wenn ich sie selbst eingebe
Malware kann alles.

Seppl21 04.07.2010 12:51
Zitat:
Zitat von Larusso
Gibt es nicht im Netz, alle Daten was Du egal wo eingibst, können rausgefunden werden.
Ich halte von Tor etc nichts. Ich hab nur gelesen das es die Geschwindigkeit von Netz erheblich einschränkt. Persönlich hab ich keine Erfahrung damit.
Naja sie können aber nicht unmittelbar rausgefunden werden und die IP ist zu allererst einmal unsichtbar. Es stellt ja auch eine riesen Arbeit da das zurück zu verfolgen. Der Erpresser hat das ja schließlich auch getan. Sich hinter mehreren Proxyservern versteckt...

Und, warum sollte ein Proxyserver, da wo meinetwegen die Spur endet, den Strafverfolgungsbehörden/gar Hackern entsprechende Auskunft geben, wenn dieser z. B im Ausland steht?

Zitat:
Zitat von Larusso
Copyright gilt in den meisten Ländern.
Ich mein damit, das das Verbreiten verboten ist, doch das herunterladen nicht. Bei p2p ist das ja zwanghaft damit gegeben. Nutzt man z. B nun rapidshare besteht dieses Problem ja nicht?

Zitat:
Zitat von Larusso
Google einmal was die HOSTS file macht, was anderes wird dort nicht erklärt.
Sowie ich das durch mein schlechtes Englisch verstanden habe, Filter die Host File bekannte Werbeserver so, dass diese blockieren, indem sie als Alias für 127.0.0.1 eingetragen werden.

Dazu habe ich auch folgendes gefunden:

Zitat:
Zitat von Wiki
Besonders Windows-Betriebssysteme sind häufig das Ziel von Viren, die die Hosts-Datei so modifizieren, dass Benutzer auf gefälschte Onlinedienste geleitet werden. Mit diesem Trick kann etwa ein Benutzer auf eine gefälschte Online-Banking-Seite umgeleitet werden (siehe Pharming und Phishing). Im Zweifelsfall empfiehlt es sich auf verschlüsselte Verbindungen zu achten sowie das Zertifikat des Verbindungsschlüssels zu überprüfen.
Sind das diese redirect - die die Browserzeile auch deratig modifzieren, das eine "normale, sichere Addresse" angezeigt wird, denoch auf eine und Phishing leitet? (das müsste dann ja pharming sein) Und selbst wenn ich dann darauf bin, sehe ich in erster Linie es nicht. Ich müsste dann Zertifikate des Verbindungsschlüssels überprüfen um sicher zu stellen, dass ich auf der echten Seite bin (wie auch immer das gehen soll)


BTW:

Noch einmal rechtvielen Dank für den kompetenten und schnellen Support, denn mein PC ist jetzt nicht nur sauber, sondern auch (merkbar) schneller und sicherer- Danke :)

lg

Seppl

Larusso 04.07.2010 12:59
Zitat:
Und, warum sollte ein Proxyserver, da wo meinetwegen die Spur endet, den Strafverfolgungsbehörden entsprechende Auskunft geben, wenn dieser z. B im Ausland steht
Man kann alles zurück verfolgen. Und egal wo der Server steht, gilt die tatsache wo Du dich befindest.

Zitat:
Ich mein damit, das das Verbreiten verboten ist, doch das herunterladen nicht.
Wo besteht hier der Unterschied? Was verbreitet wird kann herunter geladen werden. Und auch das Nutzen von Raubkopien ist verboten

Zitat:
Bei p2p ist das ja zwanghaft damit gegeben. Nutzt man z. B nun rapidshare besteht dieses Problem ja nicht?
Versuch mal eine .mp3 Datei hochzuladen :rolleyes:

Zitat:
Sind das diese redirect - die die Browserzeile auch deratig modifzieren, das eine "normale, sichere Addresse" angezeigt wird, denoch auf eine und Phishing leitet?
Ja. Wie das jetzt funktioniert werde ich jedoch nicht erläutern. Hoffe Du verstehst warum ;)

Zitat:
Ich müsste dann Zertifikate des Verbindungsschlüssels überprüfen um sicher zu stellen, dass ich auf der echten Seite bin
Soviel ich weiß fragt Firefox da nach, wenn ein Zertifikat nicht als "bekannt" gesehen wird. Spätestens dann stuzig werden.

Seppl21 04.07.2010 13:11
Ich bin eben dabei das mit dem MVP Host File einzustellen und habe da nun die Intstruktionen für das OS Windows 7 auf Hier gefunden. Nur leider stößt auch hier mein Englisch an seine Grenzen, weshalb ich dich auch hier um Hilfe bitte. Hast du eventuell ein Instantmessenger, indem wir uns dessen annehmen können? Natürlich nur wenn du willst.

lg

Seppl

P.S Ich darf kein Link einfügen... ist eine Unterseite von der Seite die du mir gegeben hast.

Larusso 04.07.2010 13:17
Datei downloaden --> Rechtsklick --> alle extrahieren (oder so ähnlich) -->
Danach sollte ein Ordner Hosts erscheinen, diesen öffnen.

Rechtsklick auf die mvps.bat --> "ausführen als Administrator" wählen.

fertig

Danach kannst die Ordner wieder löschen.

Seppl21 04.07.2010 13:19
Da steht denoch - press any key... sowie auf Seite in Englisch diese Anweisungen und mehr x.x

Editing the HOSTS file

In the event you need to edit the HOSTS file and are unable (system message) it may be due to the "permissions" preventing you from editing the file.

* Right click the Hosts file and select > Properties
* Click the Security tab
* Highlight your user account in the list
* Press the Edit button
* Select (place a check in) Full control
* Press OK in the various dialogue boxes to confirm the changes.


SendTo Tip: if you add Notepad to your SendTo menu, then you can View/Edit the HOSTS file that way.

* Start > Run (type) shell:sendto (press Ok)
* File > New > Shortcut then click Browse and navigate to the Windows folder, highlight "notepad.exe"
* Name your shortcut: Notepad and Ok


You cannot modify the Hosts file or the Lmhosts file in Windows Vista and Windows 7 - wobei das wohl dann dein fertig erklärt?

P.S Warum soll man alles als Administrator ausführen? (bin doch mit administratorkonto eingelogt)
P.P.S h t t p : / /w w w.m v p s. o r g / w i n h e l p 2 0 0 2 / h o s t s w in 7 . h t m << das mein ich


Zitat:
Zitat von Larusso
Versuch mal eine .mp3 Datei hochzuladen
Habe ich getan und lässt sich bequem runterladen.

Larusso 04.07.2010 13:45
Zitat:
P.S Warum soll man alles als Administrator ausführen?
Einfachste Erklärung: Ist so

Press any key = Drücke eine Taste

Du hast ein 64 bit System. Hab mir die batch gerade angesehen.

Du hast im Ordner HOSTS, eine Datei HOSTS

Speichere diese auf deinem Desktop !!!

start --> ausführen --> notepad (reinschreiben)
Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument
Code:
@echo off
cd \
cd  "%windir%\SysNative\drivers\etc"
atribb -s -h -r hosts
ren hosts hosts.bak
cd \
copy "%userprofile%\desktop\Hosts" "%windir%\SysNative\drivers\etc\hosts"
del %0
Speichere diese unter file.bat auf Deinem Desktop.
Wähle bei Dateityp alle Dateien aus.
Doppelklich auf die file.bat.
Vista- User: Mit Rechtsklick "als Administrator starten"

Berichte ob es geklappt hat


Admins findest du in der Liste der Forenmitarbeiter.

Seppl21 04.07.2010 14:45
Was soll geklappt haben? (datei hat sich in nichts aufgelöst)
Und wo finde ich die Forenmitarbeiter?

Larusso 04.07.2010 14:48
Keine Fehlermeldung ? Gut dann sollte es das gewesen sein.

Zu faul um mal selber was zu finden ?
http://www.trojaner-board.de/showgroups.php

Seppl21 04.07.2010 15:02
Und was ist nun passiert?
Ich habe ja eben nicht die Liste gefunden -seufzt-

aber danke!

Larusso 04.07.2010 15:06
Zitat:
Und was ist nun passiert?
Die Hosts wurde ersetzt. Sonst noch Fragen ?

Seppl21 04.07.2010 15:30
Nein Thread kann geschloßen werden - ich benachrichtige nebenbei den Administrator. Recht vielen dank für deine aufopferungsvolle Hilfestellung.

lg Seppl

Zitat:
Zitat von Seppl21
P.S derzeit bin ich in ein Chat durch ein Häckchen im Kästchen, mit einen festen Passwort belegt, welches nun natürlich nicht mehr stimmt und automatisch generiert wird. Wie schaffe ich das PW zu löschen, sodass es nicht mehr generiert wurde? Im Chat konnte man mir bis jetzt da noch nicht helfen. Wenn das Häckchen im Kästchen entfernt wird, wird es denoch beim neuladen der Seite generiert..
das steht noch aus.

lg

Seppl

Larusso 05.07.2010 17:14
Zitat:
P.S derzeit bin ich in ein Chat durch ein Häckchen im Kästchen, mit einen festen Passwort belegt, welches nun natürlich nicht mehr stimmt und automatisch generiert wird. Wie schaffe ich das PW zu löschen, sodass es nicht mehr generiert wurde?
Keine Ahnung.

Seppl21 08.07.2010 07:44
Ich habe eine Admin hier aufgefodert zu löschen und warte seit 5 Tage auf eine Antwort. Gibt es hier sowas wie ein Beschwerdeweg? Möchte doch nur die Inhalte von meinen PC gelöscht haben...

lg

Seppl

Breedfight 08.07.2010 09:46
das passwort kannst du mit ccleaner löschen unter dem punkt:
formulardaten löschen (bei allen browsern) und internet cache löschen.

falls du bei msn bist kannst du einfach durch einen click auf anmeldeinformationen löschen, dein passwort entfernen

Seppl21 08.07.2010 12:12
Danke für die Information. Und nein, ich mein nicht das PW, sondern die Logs die ich hier gepostet habe.


lg

Seppl

Larusso 08.07.2010 14:31
Beschwerdeweg ?

Du willst dich weil wir DIR HIER KOSTENLOS geholfen haben, irgendwo beschweren !!????!!!!??? :koch:

Dir ist klar das die Aufrechterhaltung eines Forum den Verantwortlichen nicht gerade wenig Geld kostet?
Ich wär ja dafür das man sowieso was verlangt. Nicht für meine Zeit, sondern für die Aufrechterhaltung.


Weißt Du auf das Malware Support basiert? Infos, und Infos bekomm ich durch Logfiles.
Würde jeder seine Logfiles löschen lassen, hätten wir hier alle ein riesen Problem bzw ihr.

Und ja, auch Admins haben was besseres zu tun als deine Logfiles hier zu editieren. Das steht als letzter in ner ToDo Liste.

Ich frag mich wirklich wie undankbar Leute sein können.

Dieses Thema scheint erledigt und wird aus den Abos gelöscht.

/me ist ziemlich sauer

Jeder andere möge bitte einen eigenen Thread starten.


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:06 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131