Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: GVU Trojaner und jetzt?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 07.07.2012, 02:19   #1
HaraldHH
 
GVU Trojaner und jetzt? - Standard

GVU Trojaner und jetzt?



Hallo zusammen,

jetzt hat es mich auch erwischt. Die Webseite von der "GVU" mit der Zahlungsaufforderung habe ich erhalten. Der Taskmanager spricht nicht mehr
an. Ich habe mit abgesicherten Modus gestartet und es geschafft, den McAfee-Scan zu starten. Der vollständig Scan hat folgende Meldung gebracht:
Viren/Trojaner und Cokkies isoliert. Generic Exploit!pzm GE39c72b-39b899223 C:\Users\Home2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\6e39c72b-39b89923 wurd isoliert.
Leider hat diese Maßmahme nicht den erhofften Erfolg gebracht.
Anschließend habe ich mehrfach das Sytem mit und ohne F8 gestartet und auch tatsächlich geschafft, dasSystem aufrecht zu erhalten. So konnte ich OLT + Anti-Malware laufen lassen.
Systen: Windows 7, 64 Bit, Anitivirs: McAfee

Nachfolgend die Malwareergebnisse:
Spyware.Zbot.DG File
Spyware.Zbot.DG Memory Module

Code:
ATTFilter
OTL logfile created on: 06.07.2012 22:48:13 - Run 1
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\Home2\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,99 Gb Total Physical Memory | 4,11 Gb Available Physical Memory | 68,58% Memory free
11,98 Gb Paging File | 9,37 Gb Available in Paging File | 78,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1387,07 Gb Total Space | 1288,85 Gb Free Space | 92,92% Space Free | Partition Type: NTFS
Drive D: | 200,60 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive J: | 465,76 Gb Total Space | 81,64 Gb Free Space | 17,53% Space Free | Partition Type: NTFS
 
Computer Name: HOME2-PC | User Name: Home2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Home2\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
PRC - C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
PRC - C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - c:\xampp\mysql\bin\mysqld.exe ()
PRC - C:\xampp\apache\bin\httpd.exe (Apache Software Foundation)
PRC - c:\xampp\apache\bin\httpd.exe (Apache Software Foundation)
PRC - C:\Windows\SysWOW64\Ctxfihlp.exe (Creative Technology Ltd)
PRC - C:\Windows\SysWOW64\CTxfispi.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Duden\Duden Korrektor\DKTray.exe (Expert System S.p.A.)
PRC - C:\Program Files (x86)\Duden\Duden-Bibliothek\dudenbib.exe (Bibliographisches Institut GmbH)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
PRC - C:\Program Files (x86)\klickTel\Telefon- und Branchenbuch Frühjahr 2010\kstart32.EXE (telegate MEDIA AG)
PRC - C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks)
PRC - C:\Program Files (x86)\Nuance\PDF Create! 6\PdfCreate6Hook.exe (Nuance Communications, Inc.)
PRC - C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe ()
PRC - C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
PRC - C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ()
PRC - C:\Program Files (x86)\Roxio\CinePlayer\DMXLauncher.exe ()
PRC - C:\Program Files (x86)\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe (Sonic Solutions)
PRC - C:\Program Files (x86)\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe (Sonic Solutions)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Home2\AppData\Local\Temp\glom0_og.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\761fd1afc17f11bf6d49c3a7d16465ca\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Acronis\TrueImageHome\Common\ti_managers.dll ()
MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Program Files (x86)\Duden\Duden Korrektor\MBControls.dll ()
MOD - c:\Programme\McAfee\MSK\mskapbho.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\de\DataSafeOnline.resources.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\de\SdbUI.resources.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STBRCCServCLR.dll ()
MOD - C:\program files (x86)\Dell DataSafe Local Backup\SftBRCCPiped.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCC.dll ()
MOD - C:\Windows\SysWOW64\CTXFIGER.DLL ()
MOD - C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe ()
MOD - C:\Windows\SysWOW64\APOMngr.DLL ()
MOD - C:\Windows\SysWOW64\CmdRtr.DLL ()
MOD - C:\Program Files (x86)\Roxio\CinePlayer\DMXLauncher.exe ()
MOD - C:\Windows\SysWOW64\HLINKPRX.DLL ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (wltrysvc) -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE ()
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\Programme\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV - (StarMoney 8.0 OnlineUpdate) -- C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
SRV - (StarMoney 7.0 OnlineUpdate) -- C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (SQLWriter) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (mysql) -- c:\xampp\mysql\bin\mysqld.exe ()
SRV - (Apache2.2) -- c:\xampp\apache\bin\httpd.exe (Apache Software Foundation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (AdobeActiveFileMonitor8.0) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (RoxMediaDB10) -- c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (DockLoginService) -- C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ()
SRV - (RoxLiveShare) -- C:\Program Files (x86)\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe (Sonic Solutions)
SRV - (RoxMediaDB) -- C:\Program Files (x86)\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe (Sonic Solutions)
SRV - (RoxWatch) -- C:\Program Files (x86)\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe (Sonic Solutions)
SRV - (RoxUPnPRenderer) -- C:\Program Files (x86)\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe (Sonic Solutions)
SRV - (RoxUpnpServer) -- C:\Program Files (x86)\Roxio\Digital Home 8\RoxUpnpServer.exe (Sonic Solutions)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis)
DRV:64bit: - (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273) -- C:\Windows\SysNative\drivers\tdrpm273.sys (Acronis)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (ha20x22k) -- C:\Windows\SysNative\drivers\ha20x22k.sys (Creative Technology Ltd)
DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV:64bit: - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd)
DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcuxd) -- C:\Windows\SysNative\drivers\vpcuxd.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\bcm42rly.sys (Broadcom Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (RxFilter) -- C:\Windows\SysNative\drivers\RxFilter.sys (Sonic Solutions)
DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (DFUBTUSB) -- C:\Windows\SysNative\drivers\frmupgr.sys (Broadcom Corporation.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (RxFilter) -- C:\Windows\SysWOW64\drivers\RxFilter.sys (Sonic Solutions)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0D373E36-5D79-49FA-A10D-145F98B0AE6C}
IE:64bit: - HKLM\..\SearchScopes\{0D373E36-5D79-49FA-A10D-145F98B0AE6C}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {22e03916-85c5-44b0-8dc9-1830c11238d9} - C:\Program Files (x86)\Elf_1\prxtbElf_.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{51349ADB-FB3D-47C7-B6BA-C5307B322DC5}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2856415
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\URLSearchHook: {22e03916-85c5-44b0-8dc9-1830c11238d9} - C:\Program Files (x86)\Elf_1\prxtbElf_.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&babsrc=SP_def&AF=10588
IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2856415
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/home"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: ietab@ip.cn:1.95.20100933
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.7.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.2b
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.2.0
FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.20.00
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=adbartrp&mntrId=34908e13000000000000904ce5303a63&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\Home2\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Home2\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Home2\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012.07.02 10:42:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.30 19:25:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.30 19:25:25 | 000,000,000 | ---D | M]
 
[2010.03.15 22:57:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home2\AppData\Roaming\mozilla\Extensions
[2012.04.12 16:51:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home2\AppData\Roaming\mozilla\Firefox\Profiles\hsp7vlg4.default\extensions
[2011.06.19 18:01:22 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\Home2\AppData\Roaming\mozilla\Firefox\Profiles\hsp7vlg4.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2012.02.10 13:44:27 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Home2\AppData\Roaming\mozilla\Firefox\Profiles\hsp7vlg4.default\extensions\ffxtlbr@babylon.com
[2011.06.25 23:10:28 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\Home2\AppData\Roaming\mozilla\Firefox\Profiles\hsp7vlg4.default\extensions\firebug@software.joehewitt.com
[2011.01.29 15:41:31 | 000,000,000 | ---D | M] (IE Tab Plus) -- C:\Users\Home2\AppData\Roaming\mozilla\Firefox\Profiles\hsp7vlg4.default\extensions\ietab@ip.cn
[2012.02.10 13:32:34 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Home2\AppData\Roaming\mozilla\Firefox\Profiles\hsp7vlg4.default\extensions\plugin@yontoo.com
[2012.06.30 19:25:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.06.15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.05.31 20:32:58 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2012.03.01 13:16:57 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.10 13:44:26 | 000,002,275 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = hxxp://search.babylon.com/?q={searchTerms}&babsrc=SP_def&mntrId=34908e13000000000000904ce5303a63
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Home2\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\Home2\AppData\Local\Google\Chrome\Application\18.0.1025.168\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Home2\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Home2\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Protect Disc License Acquisition Plugin (Enabled) = C:\Users\Home2\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Home2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\Home2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\Home2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google-Suche = C:\Users\Home2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Yontoo = C:\Users\Home2\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.1_0\
CHR - Extension: Yontoo = C:\Users\Home2\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.2_0\
CHR - Extension: Google Mail = C:\Users\Home2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
CHR - Extension: Google Mail = C:\Users\Home2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\McAfee\SystemCore\ScriptSn.20120626234901.dll (McAfee, Inc.)
O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Elf 1 Toolbar) - {22e03916-85c5-44b0-8dc9-1830c11238d9} - C:\Program Files (x86)\Elf_1\prxtbElf_.dll (Conduit Ltd.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120701162754.dll (McAfee, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Elf 1 Toolbar) - {22e03916-85c5-44b0-8dc9-1830c11238d9} - C:\Program Files (x86)\Elf_1\prxtbElf_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Elf 1 Toolbar) - {22E03916-85C5-44B0-8DC9-1830C11238D9} - C:\Program Files (x86)\Elf_1\prxtbElf_.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent File not found
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files (x86)\Roxio\CinePlayer\DMXLauncher.exe ()
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Nuance PDF Create! 6-reminder] C:\Program Files (x86)\Nuance\PDF Create! 6\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF6 Registry Controller] C:\Program Files (x86)\Nuance\PDF Create! 6\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Create! 6\pdfcreate6hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SAOB Monitor] C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [Duden Korrektor SysTray] C:\Program Files (x86)\Duden\Duden Korrektor\DKtray.exe (Expert System S.p.A.)
O4 - HKCU..\Run: [PixelPlanet PdfPrinter-Monitor] "C:\Program Files (x86)\PixelPlanet\PdfPrinter 6\PdfPrinterMonitor.exe" File not found
O4:64bit: - HKLM..\RunOnce: [DSUpdateLauncher] c:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\runhstart.bat ()
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
O4 - HKLM..\RunOnce: [STToasterLauncher] C:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe ()
O4 - HKLM..\RunOnceEx: [ContentMerger] c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe (Sonic Solutions)
O4 - Startup: C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telefon- und Branchenbuch Frühjahr 2010 - Schnellstarter.lnk = C:\Program Files (x86)\klickTel\Telefon- und Branchenbuch Frühjahr 2010\kstart32.EXE (telegate MEDIA AG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8:64bit: - Extra context menu item: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8:64bit: - Extra context menu item: Linkinhalt an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: PDF-Datei aus Linkinhalt erstellen - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8:64bit: - Extra context menu item: PDF-Datei erstellen - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8:64bit: - Extra context menu item: PDF-Dateien aus den ausgewählten Links erstellen - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: An vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Linkinhalt an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: PDF-Datei aus Linkinhalt erstellen - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: PDF-Datei erstellen - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: PDF-Dateien aus den ausgewählten Links erstellen - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: dyndns.org ([sanktpetri] https in Trusted sites)
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553530000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4AFDC60-62B8-4548-82F2-72B1ED4E05B8}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DFFDD980-D70A-4713-A74F-9AB14F97CAA6}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{605960f1-f2c9-11de-9c04-002564e9a1b5}\Shell - "" = AutoRun
O33 - MountPoints2\{605960f1-f2c9-11de-9c04-002564e9a1b5}\Shell\AutoRun\command - "" = I:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.06 22:45:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012.06.30 19:25:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.06.30 19:25:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.06.30 19:12:51 | 000,000,000 | ---D | C] -- C:\Users\Home2\AppData\Local\Macromedia
[2012.06.25 18:41:04 | 000,000,000 | ---D | C] -- C:\TEMP
[2012.06.24 17:44:03 | 000,000,000 | ---D | C] -- C:\Users\Home2\Documents\HMSP2013
[2012.06.23 12:17:51 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.06.23 12:17:51 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.06.23 12:17:51 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.06.23 12:16:30 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.06.23 12:16:30 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.06.23 12:16:30 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.06.23 12:16:03 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.06.23 12:16:03 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012.06.14 00:29:28 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.06.14 00:29:28 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.06.14 00:29:28 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.06.14 00:29:27 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.06.14 00:29:26 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.06.14 00:29:26 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.06.14 00:29:25 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.06.14 00:29:25 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.06.14 00:29:23 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.06.14 00:29:23 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.06.14 00:29:23 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.06.14 00:29:23 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.06.14 00:29:22 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.06.13 18:17:17 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.06.13 18:17:08 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.06.13 18:17:06 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.06.13 18:17:04 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.06.13 18:17:04 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.06.13 18:17:03 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012.06.13 18:16:45 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012.06.13 18:16:36 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.06.13 18:16:31 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.06.12 15:41:55 | 000,000,000 | ---D | C] -- C:\Buch
[2012.06.08 12:42:52 | 000,000,000 | ---D | C] -- C:\Users\Home2\Documents\Access2010_BHV
[2010.01.05 18:12:58 | 008,656,832 | ---- | C] (Dell, Inc.                                                   ) -- C:\Users\Home2\AppData\Roaming\DataSafeDotNet.exe
[3 C:\Users\Home2\Documents\*.tmp files -> C:\Users\Home2\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.06 22:56:46 | 004,503,728 | ---- | M] () -- C:\ProgramData\go_0molg.pad

[2012.07.06 22:51:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2855445283-1414569937-4144548128-1003UA.job
[2012.07.06 22:51:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.06 22:48:12 | 000,014,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.06 22:48:12 | 000,014,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.06 22:43:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.06 22:40:49 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.06 22:40:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.06 22:40:28 | 529,883,135 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.06 19:58:35 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000004-00000000-00000000-00001102-0000000B-00441102}.rfx
[2012.07.06 19:58:35 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000004-00000000-00000000-00001102-0000000B-00441102}.rfx
[2012.07.06 19:58:35 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000004-00000000-00000000-00001102-0000000B-00441102}.rfx
[2012.07.06 16:22:54 | 000,001,887 | ---- | M] () -- C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.06 09:51:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2855445283-1414569937-4144548128-1003Core.job
[2012.07.04 18:28:36 | 004,378,624 | ---- | M] () -- C:\Users\Home2\Documents\Nordwind3.accdb
[2012.07.03 18:32:11 | 001,800,940 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.03 18:32:11 | 000,770,342 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.03 18:32:11 | 000,711,756 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.03 18:32:11 | 000,178,750 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.03 18:32:11 | 000,144,700 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.30 19:25:34 | 000,001,136 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.06.30 18:55:00 | 000,002,405 | ---- | M] () -- C:\Users\Home2\Desktop\Google Chrome.lnk
[2012.06.30 15:57:35 | 004,304,896 | ---- | M] () -- C:\Users\Home2\Documents\Northwind 2007.accdb
[2012.06.30 15:56:27 | 002,752,512 | ---- | M] () -- C:\Users\Home2\Documents\Marketingprojekte.accdb
[2012.06.30 15:54:52 | 004,161,536 | ---- | M] () -- C:\Users\Home2\Documents\Gemeinnützige Spenden-Webdatenbank.accdb
[2012.06.30 15:54:33 | 003,305,472 | ---- | M] () -- C:\Users\Home2\Documents\Gemeinnützige Spenden.accdb
[2012.06.30 14:39:23 | 000,925,696 | ---- | M] () -- C:\Users\Home2\Documents\Institut.accdb
[2012.06.30 14:37:18 | 002,564,096 | ---- | M] () -- C:\Users\Home2\Documents\Projekte.accdb
[2012.06.30 14:36:39 | 001,642,496 | ---- | M] () -- C:\Users\Home2\Documents\Probleme2.accdb
[2012.06.30 14:13:58 | 001,191,936 | ---- | M] () -- C:\Users\Home2\Documents\Aufgaben3.accdb
[2012.06.30 14:10:29 | 004,403,200 | ---- | M] () -- C:\Users\Home2\Documents\Nordwind2.accdb
[2012.06.25 19:09:08 | 000,001,804 | ---- | M] () -- C:\Users\Home2\Desktop\Adressdatenverwaltung2010.accdb - Verknüpfung.lnk
[2012.06.23 21:51:13 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.06.23 21:51:13 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.06.23 15:20:44 | 000,770,048 | ---- | M] () -- C:\Users\Home2\Documents\CreaKombi.accdb
[2012.06.21 17:45:27 | 001,581,056 | ---- | M] () -- C:\Users\Home2\Documents\Kontakte2.accdb
[2012.06.18 17:55:52 | 000,897,024 | ---- | M] () -- C:\Users\Home2\Documents\Lieferantensuche97-2.accdb
[2012.06.18 16:54:54 | 000,692,224 | ---- | M] () -- C:\Users\Home2\Documents\CreaKombi2.accdb
[2012.06.16 21:31:53 | 000,442,368 | ---- | M] () -- C:\Users\Home2\Documents\Benutzerverwaltung97.accdb
[2012.06.16 19:20:50 | 000,688,128 | ---- | M] () -- C:\Users\Home2\Documents\CreaKombi1.accdb
[2012.06.16 18:48:26 | 000,212,992 | ---- | M] () -- C:\Users\Home2\Documents\OptTest.mdb
[2012.06.14 14:22:30 | 000,482,160 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.13 14:48:22 | 000,000,406 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012.06.08 11:27:42 | 002,760,704 | ---- | M] () -- C:\Users\Home2\Documents\Database2.accdb
[2012.06.08 11:22:28 | 002,830,336 | ---- | M] () -- C:\Users\Home2\Documents\Gemeinnützige Spenden4.accdb
[3 C:\Users\Home2\Documents\*.tmp files -> C:\Users\Home2\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.06 16:22:54 | 004,503,728 | ---- | C] () -- C:\ProgramData\go_0molg.pad
[2012.07.06 16:22:54 | 000,001,887 | ---- | C] () -- C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.04 18:26:17 | 004,378,624 | ---- | C] () -- C:\Users\Home2\Documents\Nordwind3.accdb
[2012.06.30 19:25:34 | 000,001,148 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.06.30 14:38:41 | 000,925,696 | ---- | C] () -- C:\Users\Home2\Documents\Institut.accdb
[2012.06.30 14:36:52 | 002,564,096 | ---- | C] () -- C:\Users\Home2\Documents\Projekte.accdb
[2012.06.30 14:31:15 | 001,642,496 | ---- | C] () -- C:\Users\Home2\Documents\Probleme2.accdb
[2012.06.30 14:10:48 | 001,191,936 | ---- | C] () -- C:\Users\Home2\Documents\Aufgaben3.accdb
[2012.06.30 14:00:49 | 004,403,200 | ---- | C] () -- C:\Users\Home2\Documents\Nordwind2.accdb
[2012.06.25 19:06:31 | 000,001,804 | ---- | C] () -- C:\Users\Home2\Desktop\Adressdatenverwaltung2010.accdb - Verknüpfung.lnk
[2012.06.21 17:44:12 | 001,581,056 | ---- | C] () -- C:\Users\Home2\Documents\Kontakte2.accdb
[2012.06.18 17:50:32 | 000,897,024 | ---- | C] () -- C:\Users\Home2\Documents\Lieferantensuche97-2.accdb
[2012.06.18 16:54:03 | 000,692,224 | ---- | C] () -- C:\Users\Home2\Documents\CreaKombi2.accdb
[2012.06.16 19:20:10 | 000,688,128 | ---- | C] () -- C:\Users\Home2\Documents\CreaKombi1.accdb
[2012.06.10 12:58:23 | 000,770,048 | ---- | C] () -- C:\Users\Home2\Documents\CreaKombi.accdb
[2012.06.08 11:23:40 | 002,760,704 | ---- | C] () -- C:\Users\Home2\Documents\Database2.accdb
[2012.06.08 11:22:47 | 002,752,512 | ---- | C] () -- C:\Users\Home2\Documents\Marketingprojekte.accdb
[2012.06.08 11:21:29 | 002,830,336 | ---- | C] () -- C:\Users\Home2\Documents\Gemeinnützige Spenden4.accdb
[2012.04.18 23:07:46 | 000,003,584 | ---- | C] () -- C:\Users\Home2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.19 14:21:58 | 000,008,192 | ---- | C] () -- C:\Users\Home2\AppData\Roaming\DMX.bmk
[2011.11.19 14:20:03 | 000,000,093 | ---- | C] () -- C:\Users\Home2\AppData\Local\fusioncache.dat
[2011.10.21 18:16:54 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\Wrkgadm.exe
[2011.01.13 17:13:23 | 000,009,097 | ---- | C] () -- C:\Windows\DirPrintOK.ini
[2010.10.20 11:44:08 | 000,446,464 | ---- | C] () -- C:\Windows\SysWow64\Tx32.dll
[2010.10.20 11:44:08 | 000,000,151 | ---- | C] () -- C:\Windows\SysWow64\ic32.ini
[2010.09.15 11:49:28 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010.08.21 14:59:46 | 000,002,585 | ---- | C] () -- C:\Windows\Uileitz.INI
[2010.08.21 13:35:33 | 000,000,302 | ---- | C] () -- C:\Windows\lpp32.ini
[2010.08.21 13:25:13 | 000,000,051 | ---- | C] () -- C:\Windows\NetEasyPrint_Server_Demo.ini
[2010.08.21 13:25:10 | 000,058,910 | ---- | C] () -- C:\Windows\uinst32etzsd.ini
[2010.08.21 13:25:02 | 000,000,030 | ---- | C] () -- C:\Windows\m_s.ini
[2010.08.12 22:14:11 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2010.04.06 00:06:06 | 000,007,666 | ---- | C] () -- C:\Users\Home2\AppData\Local\Resmon.ResmonCfg
[2010.03.24 12:29:32 | 000,000,406 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.01.15 23:06:41 | 000,000,760 | ---- | C] () -- C:\Users\Home2\AppData\Roaming\setup_ldm.iss
 
========== LOP Check ==========
 
[2011.05.18 12:27:09 | 000,000,000 | ---D | M] -- C:\Users\Home2\AppData\Roaming\0126897F-D2F4-4FFA-BCDE-A9183300CB3D
[2011.01.27 13:09:47 | 000,000,000 | ---D | M] -- C:\Users\Home2\AppData\Roaming\67ED2350-3659-4781-8F9E-EC74F2D6811F
[2011.09.25 10:49:21 | 000,000,000 | ---D | M] -- C:\Users\Home2\AppData\Roaming\938AE64A-0A39-4E80-A227-70A147B42D15
[2010.09.18 17:42:05 | 000,000,000 | ---D | M] -- C:\Users\Home2\AppData\Roaming\AC9AC5A4-6092-4A4A-8831-837180105E05
[2011.09.25 11:00:16 | 000,000,000 | ---D | M] -- C:\Users\Home2\AppData\Roaming\Acronis
[2011.11.10 19:58:28 | 000,000,000 | ---D | M] -- C:\Users\Home2\AppData\Roaming\AquaSoft
[2010.06.03 10:58:11 | 000,000,000 | ---D | M] -- C:\Users\Home2\AppData\Roaming\Avery
[2010.08.13 13:14:25 | 000,000,000 | ---D | M] -- C:\Users\Home2\AppData\Roaming\CAD-KAS
[2012.01.28 17:40:26 | 000,000,000 | ---D | M] -- C:\Users\Home2\AppData\Roaming\Canon
[2010.10.31 18:30:17 | 000,000,000 | ---D | M] -- C:\Users\Home2\AppData\Roaming\Duden
[2012.02.10 13:35:36 | 000,000,000 | ---D | M] -- C:\Users\Home2\AppData\Roaming\IrfanView
[2010.03.12 19:25:35 | 000,000,000 | ---D | M] -- C:\Users\Home2\AppData\Roaming\klickTel
[2010.01.15 23:06:47 | 000,000,000 | ---D | M] -- C:\Users\Home2\AppData\Roaming\Leadertech
[2012.02.24 13:27:45 | 000,000,000 | ---D | M] -- C:\Users\Home2\AppData\Roaming\LogoMaker
[2010.06.29 08:19:10 | 000,000,000 | ---D | M] -- C:\Users\Home2\AppData\Roaming\Nuance
[2011.01.31 16:07:40 | 000,000,000 | ---D | M] -- C:\Users\Home2\AppData\Roaming\Opera
[2010.05.30 16:59:55 | 000,000,000 | ---D | M] -- C:\Users\Home2\AppData\Roaming\PixelPlanet
[2010.10.20 12:07:58 | 000,000,000 | ---D | M] -- C:\Users\Home2\AppData\Roaming\ProtectDisc
[2010.07.16 19:32:13 | 000,000,000 | ---D | M] -- C:\Users\Home2\AppData\Roaming\Sigel
[2012.05.31 14:13:43 | 000,000,000 | ---D | M] -- C:\Users\Home2\AppData\Roaming\SmartTools
[2010.03.25 19:47:45 | 000,000,000 | ---D | M] -- C:\Users\Home2\AppData\Roaming\Zeon
[2012.06.26 21:16:31 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Word-Privat:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\WebProf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Test-Datenbanken:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Spenderessen2011:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Seminare_2Halbjahr2011:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Seminare_20062011:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Privat:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Petri-Zuwendungsverwaltung:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\PdfGrabber:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\PDF-Favoriten:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\PDF_Dokumente:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Outlook-Dateien:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\OneNote-Notizbücher:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\ÖffentlichSeminare2010_Temporär:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\ÖffentlicheSeminare2012:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\ÖffentlicheSeminare2011:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\ÖffentlicheSeminare2010_alt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\ÖffentlicheSeminare2010:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\My Albums:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Meine Websites:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\LogoMaker:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Klub Q:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\HmspZusammenstellungaus2010_2011:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\HMSP2013:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\HMSP2012_2HJ:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Hmsp2012_03112011:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\HMSP2012:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Hmsp2011:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Hmsp_Sept2010:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Hmsp_Herbst2011:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Helferdatei:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\HD-BSZ_21062011:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\HD-BSZ_12082011:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\HD-BSZ_11012011:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\HD-BSZ:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\FlyerSeminar2012:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Entwurf_Jahresbericht:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\EinstiegCSS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Eigene Datenquellen:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\diashow1.mpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\diashow.mpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Desktopablegen:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\CSS_Website:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\css_pur:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\BSZ-WORD:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\BSZ-Statistik:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\BSZ-Logos:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\BSZ-Fahrtkosten:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\BSZ-Fachberatung:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\BSZ_Website_Bilder:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\BSZ_Veranstaltungen:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\BSZ_Umstellung2010:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\BSZ_EXCEL:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\BSZ:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Bildungsspender:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\belkin:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Ausstellung-Zuhoeren-St-Petri-e-mail.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\AccessBasics:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Access2010_VBA:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Access2010_Trainingsbuch:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Access2010_Programmierung:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Access2010_Kulpa:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Access2010_DB_entwickeln:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Access2010_BHV:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Access2010_Basis:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\2011:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\01022012:Roxio EMC Stream
@Alternate Data Stream - 240 bytes -> C:\ProgramData\TEMP:07C8C7C8

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 07.07.2012 00:28:26 - Run 1
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\Home2\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,99 Gb Total Physical Memory | 4,21 Gb Available Physical Memory | 70,24% Memory free
11,98 Gb Paging File | 9,10 Gb Available in Paging File | 75,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1387,07 Gb Total Space | 1288,83 Gb Free Space | 92,92% Space Free | Partition Type: NTFS
Drive J: | 465,76 Gb Total Space | 81,64 Gb Free Space | 17,53% Space Free | Partition Type: NTFS
 
Computer Name: HOME2-PC | User Name: Home2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02E7FFFF-727F-4BFA-8B15-4C26CC8F1F8C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{08496CAE-732A-4CAA-A691-866B52C293A0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0EA52B19-2726-4B75-B653-D436B5ED08ED}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{27500981-4395-4BF8-9E90-952F7324C059}" = lport=445 | protocol=6 | dir=in | app=system | 
"{29A2ADF8-CD71-4FD7-8DE9-8F4C0A5E2ABF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3270D079-E467-4620-9D07-D43C7FB87299}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3E0830F9-AD53-4A6B-AF53-0AE41DE0C876}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5ACEC3C6-DAF4-4234-883F-C1C394FEC0C8}" = rport=445 | protocol=6 | dir=out | app=system | 
"{7C953E1D-09B5-4704-8C3B-2FF4A75F85FD}" = rport=138 | protocol=17 | dir=out | app=system | 
"{8491CF4E-8392-4125-BDFB-B480109BB374}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{8B6021CB-FC82-40D8-889F-F2D0AC277750}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{95A918D2-537C-410E-9219-0DD90D2EDC75}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{9737F082-F2CE-4651-A84D-346D954FFF42}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9EEAD624-F5FB-46AF-BCD5-F3121A61713D}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{A5207D60-30E5-4EB6-84A0-C15947ACCBAF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{BB3C72DF-7CEA-4B5F-B911-8DBFBADCF21D}" = lport=138 | protocol=17 | dir=in | app=system | 
"{BC914EA2-DE50-4C49-8C17-AA5CA3C2EE19}" = rport=139 | protocol=6 | dir=out | app=system | 
"{C2944231-CCCB-4143-862C-745F0401E9D9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{C2BCD2BF-D30B-4A39-8368-E4239CFB227D}" = rport=137 | protocol=17 | dir=out | app=system | 
"{CA9F267E-20C7-4284-95CC-45121A57A6EB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D16A9DFC-F0A8-468E-9AF7-D0495ED2D9DE}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{DA3615C0-7A5A-4FA6-ABE6-F3E40A533748}" = lport=137 | protocol=17 | dir=in | app=system | 
"{DACBA6BB-EFF8-4B7D-83F4-7EB5BD54CB57}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{EA91099A-555E-421D-B4CF-303BFF5DF77B}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{F1ADBA44-3595-4190-B683-324E5E61931A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F7989AED-6CA6-4110-9635-F112CCA300C8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FEC70EA4-F29B-4924-99B7-E57859E4BEC1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05A15342-742E-4B20-A1DB-D01241C815F2}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe | 
"{0EC4EFFF-7AF7-4038-A9C2-F6D238E9437F}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{0FBAC44C-3F72-4913-85E6-9A39DB30DFCC}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\digital home 8\roxupnpserver.exe | 
"{17C35E02-FF5F-4887-A435-364F4F8B56C2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{1E9360B9-E6FB-4ABC-9924-7065409FB5D7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{21EBA9E1-52F2-4494-831A-02C24B560135}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{23F29A2D-79C9-40F8-BF41-6A2B8D853ADF}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{23F6AA5E-A0E6-46CB-8D6F-4E6911548A2C}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 8.0\app\starmoney.exe | 
"{27FE0DC4-1E19-4D20-9EA9-D509F64509FD}" = protocol=6 | dir=out | app=system | 
"{30DAB7CF-DC65-46EF-839F-B8D10BE1390E}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\pdvddxsrv.exe | 
"{31E2492F-A5F8-4258-9892-65314B113E34}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{331F90C1-9704-43BC-9177-0EA3C855F456}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{3749C3EE-F20D-4C9F-AE91-34530E9A45EB}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 7.0\app\starmoney.exe | 
"{405A49D2-5603-4E8C-A5C7-B06F69B413A8}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 7.0\ouservice\starmoneyonlineupdate.exe | 
"{41D8664A-8545-411A-A4E4-603C5C267F71}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{429BE60A-347F-45BA-B750-72FD8ABA6A4D}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\digital home 8\roxupnpserver.exe | 
"{498E14AB-D9E0-43BD-B2A7-65F3A568B0DF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4A26878C-2DAE-49DC-A2BF-52A277F043E9}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 7.0\app\starmoney.exe | 
"{4F401F38-A2AB-4345-B3DD-0B33214DD3C7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{517B0BAB-7371-4225-B58F-9242C990981E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{54165524-05E6-403E-BF40-C8CB59C86B32}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{54EE6E2E-032D-4EA8-AE38-67FF7D19B3CA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{5599FDCD-C045-4B11-89EE-BD12ACBEE4CC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{595FC0BB-5F03-4CE5-A68E-36C6219084E9}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{671A2183-8029-4A48-9CAF-FF042FFFF11B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6AB7CC49-7480-42C4-BEFF-FAE7C6211B85}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{75A232A5-C4F9-45AB-832E-A8A84E63DE43}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{7F44DEF8-953C-466F-B24F-94DDE3C4B93A}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 7.0\ouservice\starmoneyonlineupdate.exe | 
"{81F02F20-8F76-4B90-A490-F09F0B55922B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{90903269-1931-4CD9-B129-1AB6AA2D8EC6}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\powerdvd.exe | 
"{945845C6-6FA3-4C95-99A7-6E472DBB6043}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{94C4570B-E6D7-4ADA-832C-720A217ACF5F}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{B5A7DD1C-ED4A-44A4-B738-FB17070BDD99}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 8.0\app\starmoney.exe | 
"{B73E351A-4DB5-4FA9-A44C-5A77C9933E62}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B81A2694-EB74-4A7A-BF5C-A978E5D4EF73}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{C09D74ED-9DB4-4A76-AE98-54F3C5FD992E}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 8.0\ouservice\starmoneyonlineupdate.exe | 
"{C25AB976-782A-4C88-81E6-C4AD172F8048}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{D5EC8AB9-8601-4F4B-8B09-DB9392D11643}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{DF08BB4F-15A1-4557-87A8-775A6B6D9ABB}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 8.0\ouservice\starmoneyonlineupdate.exe | 
"{F0A8A588-8999-43A9-ACFE-90CA46541B1F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FBB1FF65-359D-401B-8619-3AF193D8F8DC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{02AD9D20-03D2-4DE0-8793-E8253026AD86}" = EMCGadgets64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807" = CanoScan LiDE 200 Scanner Driver
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{1FBEA8BA-D40B-48BC-85BC-EE2D5575F27C}" = Microsoft SQL Server VSS Writer
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7C39E0D1-E138-42B1-B083-213EC2CF7692}" = Microsoft SQL Server Native Client
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9035EEAC-E957-467C-89F7-90C48AA26331}" = Nuance PDF Create! 6
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID-Anmelde-Assistent
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"NVIDIA Drivers" = NVIDIA Drivers
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00F0E3D5-D6C8-4997-BB42-7F5784C8586B}" = Roxio Creator 8.2 XE
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis True Image Home 2011
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Create
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{1FCBD504-AB7D-4757-9A14-850348384B08}" = StarMoney
"{20288888-A7AF-4B24-8AEB-398D20CD563C}" = Sound Blaster X-Fi
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2B10F0FA-2BCB-4B08-96FB-BD0788B16564}" = klickTel Telefon- und Branchenbuch Frühjahr 2010
"{2E8ECB58-EE3A-452C-B57E-1B982735F0F2}" = Duden Korrektor PLUS
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3FF8E8A7-5BA8-4D9E-B976-B05B2B00B0AE}" = Microsoft Expression Web 4
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D26B533-269B-4C01-B59E-80A6864824A5}" = Microsoft Expression Encoder 4
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy CD and DVD Burning
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5C81B189-5456-40C4-9313-7FE6FA6DD64C}" = Duden-Bibliothek
"{612B5D2E-8084-4102-91DE-24281E4EFB2C}" = Roxio Easy CD and DVD Burning
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{660B9447-5F6A-463E-B2D5-F2EEF9C3EE15}" = Microsoft Access 2010 Interactive Guide DEU
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{837E620D-B93E-4D84-A753-BE1DBEB716B1}" = StarMoney
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86F4B795-EA3D-48BD-ADFA-DA44B39059F9}" = StarMoney
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A4C0D1E-40F9-48DF-A8ED-AC7E60A5DDCA}" = StarMoney 7.0 
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8FD0F94D-4594-48A0-BE99-5265367603D8}" = Microsoft Expression Design 4
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F0A32A5-4EBF-4B9D-A3CD-31579F2E1400}" = Multimedia Card Reader
"{9FFC4C2D-374D-482B-AA58-67282CE23695}" = AquaSoft DiaShow 7 Premium
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92A4DB0-CD37-42D1-BE1D-603D53C24328}" = Intel(R) Programm für die Prozessorerkennung
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2F2B987-F2BC-4969-95F2-92099486B811}" = StarMoney
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F21D2032-60FE-4729-9C87-46F1615FB965}" = Microsoft Expression Encoder 4 Screen Capture Codec
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5993FCC-DF5D-4879-B70D-AA1F379C5C6B}" = Microsoft Expression Web 4 Service Pack 2
"{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"{FD66E9A0-54C8-4F01-B5C7-9EF9716541AE}" = StarMoney 8.0 
"{FDB46DE7-9045-47BB-970A-3E4ED5369E03}" = EMC 10 Content
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Advanced PDF-to-Word 1.0" = Advanced PDF-to-Word 1.0
"AquaSoft DiaShow 7 Premium" = AquaSoft DiaShow 7 Premium
"AudioCS" = Creative Audio-Systemsteuerung
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"BabylonToolbar" = Babylon toolbar on IE
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanonSolutionMenu" = Canon Utilities Solution Menu
"conduitEngine" = Conduit Engine
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Design_7.0.20516.0" = Microsoft Expression Design 4
"DirPrintOK" = DirPrintOK
"Dolby Digital Live Pack" = Dolby Digital Live Pack
"Elf_1 Toolbar" = Elf 1 Toolbar
"Encoder_4.0.1651.0" = Microsoft Expression Encoder 4
"GPL Ghostscript 9.05" = GPL Ghostscript
"InstallShield_{9F0A32A5-4EBF-4B9D-A3CD-31579F2E1400}" = Multimedia Card Reader
"InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"IrfanView" = IrfanView (remove only)
"LogoMaker_is1" = LogoMaker 4.0
"Microsoft Access 2002 VBA SFS-Übungsdateien" = Microsoft Access 2002 VBA SFS-Übungsdateien
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"MSC" = McAfee SecurityCenter
"Office14.SingleImage" = Microsoft Office Professional 2010
"OpenAL" = OpenAL
"Opera 11.51.1087" = Opera 11.51
"PDF Editor 3" = PDF Editor 3
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PSPad editor_is1" = PSPad editor
"SmartToolsBooklet-Assistentv3.00" = SmartTools Publishing • Word Booklet-Assistent
"SmartToolsClassic Menü 2010, 2007v1.50" = SmartTools Publishing • Word Classic Menü 2010, 2007
"SmartToolsGlobale Suchev1.50" = SmartTools Publishing • Access Globale Suche
"SmartToolsJahresplanv2.00" = SmartTools Publishing • Excel Jahresplan
"SmartToolsSecurity Managerv1.00" = SmartTools Publishing • Access Security Manager
"SmartToolsSerienmailerv2.02" = SmartTools Publishing • Word Serienmailer
"SmartToolsZahl in Wortenv2.50" = SmartTools Publishing • Access Zahl in Worten
"Techinfo Doppelte Datensätze" = Techinfo Doppelte Datensätze
"TSPCzwei" = TSPCzwei
"Web_4.0.1303.0" = Microsoft Expression Web 4
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"xampp" = XAMPP 1.7.4
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Access Berater Suchen-AddIn" = Access Berater Suchen-AddIn
"Access_aktuell · Beispieldatenbank 'Mehrfachauswahl' (FFC)" = Access_aktuell · Beispieldatenbank 'Mehrfachauswahl' (FFC)
"Access_aktuell · Beispieldatenbank 'Word Office Automation' (FCB)" = Access_aktuell · Beispieldatenbank 'Word Office Automation' (FCB)
"Google Chrome" = Google Chrome
"Protect Disc License Helper" = Protect Disc License Helper 1.0.125 (IE)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 03.07.2012 11:58:39 | Computer Name = Home2-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 9.0.8112.16446,
 Zeitstempel: 0x4fb57c8f  Name des fehlerhaften Moduls: YontooIEClient.dll, Version:
 1.10.1.0, Zeitstempel: 0x4ee16049  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0001e37b
ID
 des fehlerhaften Prozesses: 0x1b74  Startzeit der fehlerhaften Anwendung: 0x01cd5934b40cb8ca
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Yontoo\YontooIEClient.dll  Berichtskennung:
 f3c9b527-c527-11e1-994f-002564e9a1b5
 
Error - 03.07.2012 13:59:56 | Computer Name = Home2-PC | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Duden\Duden Korrektor\adxloader.dll.Manifest". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Duden\Duden Korrektor\adxloader.dll.Manifest" in Zeile 
2.  Das Stammelement der Manifestdatei muss assembliert sein.
 
Error - 03.07.2012 14:01:59 | Computer Name = Home2-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 04.07.2012 03:31:34 | Computer Name = Home2-PC | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Duden\Duden Korrektor\adxloader.dll.Manifest". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Duden\Duden Korrektor\adxloader.dll.Manifest" in Zeile 
2.  Das Stammelement der Manifestdatei muss assembliert sein.
 
Error - 04.07.2012 03:36:32 | Computer Name = Home2-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 05.07.2012 03:43:16 | Computer Name = Home2-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16446,
 Zeitstempel: 0x4fb57c8f  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x77b31264  ID des fehlerhaften
 Prozesses: 0x1ad0  Startzeit der fehlerhaften Anwendung: 0x01cd5a81d4f0c6b0  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 14694962-c675-11e1-9cc9-002564e9a1b5
 
Error - 05.07.2012 07:24:43 | Computer Name = Home2-PC | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Duden\Duden Korrektor\adxloader.dll.Manifest". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Duden\Duden Korrektor\adxloader.dll.Manifest" in Zeile 
2.  Das Stammelement der Manifestdatei muss assembliert sein.
 
Error - 05.07.2012 07:29:10 | Computer Name = Home2-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 06.07.2012 05:50:43 | Computer Name = Home2-PC | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Duden\Duden Korrektor\adxloader.dll.Manifest". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Duden\Duden Korrektor\adxloader.dll.Manifest" in Zeile 
2.  Das Stammelement der Manifestdatei muss assembliert sein.
 
Error - 06.07.2012 05:57:18 | Computer Name = Home2-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16446,
 Zeitstempel: 0x4fb57c8f  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc00000fd  Fehleroffset: 0x74ede2d4  ID des fehlerhaften
 Prozesses: 0x4bc  Startzeit der fehlerhaften Anwendung: 0x01cd5b5db93d03ba  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: f811df3e-c750-11e1-9129-002564e9a1b5
 
[ Broadcom Wireless LAN Events ]
Error - 28.04.2012 03:12:52 | Computer Name = Home2-PC | Source = WLAN-Tray | ID = 0
Description = 09:12:48, Sat, Apr 28, 12 Error - Unable to gain access to user store

 
Error - 30.04.2012 12:09:29 | Computer Name = Home2-PC | Source = WLAN-Tray | ID = 0
Description = 18:09:27, Mon, Apr 30, 12 Error - Unable to gain access to user store

 
Error - 01.05.2012 02:41:05 | Computer Name = Home2-PC | Source = WLAN-Tray | ID = 0
Description = 08:41:05, Tue, May 01, 12 Error - Unable to gain access to user store

 
Error - 09.06.2012 07:34:05 | Computer Name = Home2-PC | Source = WLAN-Tray | ID = 0
Description = 13:34:05, Sat, Jun 09, 12 Error - Unable to gain access to user store

 
Error - 12.06.2012 02:34:52 | Computer Name = Home2-PC | Source = WLAN-Tray | ID = 0
Description = 08:34:48, Tue, Jun 12, 12 Error - Unable to gain access to user store

 
[ Media Center Events ]
Error - 02.01.2012 08:11:45 | Computer Name = Home2-PC | Source = MCUpdate | ID = 0
Description = 13:11:44 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die 
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
 konnte keine Vertrauensstellung hergestellt werden..)  
 
Error - 02.01.2012 08:11:49 | Computer Name = Home2-PC | Source = MCUpdate | ID = 0
Description = 13:11:45 - Broadband konnte nicht abgerufen werden (Fehler: Die zugrunde
 liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
 keine Vertrauensstellung hergestellt werden..)  
 
Error - 02.01.2012 14:18:48 | Computer Name = Home2-PC | Source = MCUpdate | ID = 0
Description = 19:18:48 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde
 liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
 keine Vertrauensstellung hergestellt werden..)  
 
Error - 02.01.2012 14:18:50 | Computer Name = Home2-PC | Source = MCUpdate | ID = 0
Description = 19:18:49 - MCESpotlight konnte nicht abgerufen werden (Fehler: Die
 zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
 konnte keine Vertrauensstellung hergestellt werden..)  
 
Error - 02.01.2012 14:18:51 | Computer Name = Home2-PC | Source = MCUpdate | ID = 0
Description = 19:18:51 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die 
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
 konnte keine Vertrauensstellung hergestellt werden..)  
 
Error - 02.01.2012 14:18:55 | Computer Name = Home2-PC | Source = MCUpdate | ID = 0
Description = 19:18:52 - Broadband konnte nicht abgerufen werden (Fehler: Die zugrunde
 liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
 keine Vertrauensstellung hergestellt werden..)  
 
Error - 02.01.2012 15:22:10 | Computer Name = Home2-PC | Source = MCUpdate | ID = 0
Description = 20:22:10 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde
 liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
 keine Vertrauensstellung hergestellt werden..)  
 
Error - 02.01.2012 15:22:11 | Computer Name = Home2-PC | Source = MCUpdate | ID = 0
Description = 20:22:11 - MCESpotlight konnte nicht abgerufen werden (Fehler: Die
 zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
 konnte keine Vertrauensstellung hergestellt werden..)  
 
Error - 02.01.2012 15:22:12 | Computer Name = Home2-PC | Source = MCUpdate | ID = 0
Description = 20:22:12 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die 
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
 konnte keine Vertrauensstellung hergestellt werden..)  
 
Error - 02.01.2012 15:22:14 | Computer Name = Home2-PC | Source = MCUpdate | ID = 0
Description = 20:22:13 - Broadband konnte nicht abgerufen werden (Fehler: Die zugrunde
 liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
 keine Vertrauensstellung hergestellt werden..)  
 
[ System Events ]
Error - 06.07.2012 15:39:11 | Computer Name = Home2-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 06.07.2012 15:40:03 | Computer Name = Home2-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 06.07.2012 15:40:38 | Computer Name = Home2-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 06.07.2012 15:41:09 | Computer Name = Home2-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 06.07.2012 15:44:06 | Computer Name = Home2-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 06.07.2012 15:47:01 | Computer Name = Home2-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 06.07.2012 16:19:01 | Computer Name = Home2-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 06.07.2012 16:40:43 | Computer Name = Home2-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SessionLauncher" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%2
 
Error - 06.07.2012 16:41:08 | Computer Name = Home2-PC | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 06.07.2012 16:41:08 | Computer Name = Home2-PC | Source = VDS Basic Provider | ID = 33554433
Description = 
 
 
< End of report >
         
Ich bin nun nicht der Systemspezialist und möchte daher nicht Dinge tun, die sich im nachhinein als falsch herausstellen.
Deshalb bin ich sehr dankbar, wenn ich hier Hilfe erfahren könnte.

Vielen Dank und Grüße
Harald

Alt 09.07.2012, 10:12   #2
kira
/// Helfer-Team
 
GVU Trojaner und jetzt? - Standard

GVU Trojaner und jetzt?



Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du durch [X] oder Sternchen (*) ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen
► Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen, bzw nach einem anderen Verursacher suchen:
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Lade Dir Malwarebytes Anti-Malware Lade Dir Malwarebytes Anti-Malware von hier herunter
  • Installieren und per Doppelklick starten.
  • Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
  • "Komplett Scan durchführen" wählen (überall Haken setzen)
  • wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
  • Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
  • Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"
eine bebilderte Anleitung findest Du hier: Anleitung

2.
Hast Du OTL falsch installiert:
OTL muss auf dem Desktop gespechert werden!
Stell deine Browser so ein, dass er OTL auf dem Desktop speichern soll!
also entfernen und erneut herunterladen:
-> Lade OTL von Oldtimer herunter und speichere es auf Deinem Desktop.

Nach installation in der Log-Datei soll etwa so aussehen:
Zitat:
Folder = C:\Users\***\Desktop
3.
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

4.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
  • Download den CCleaner herunter
  • Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
  • starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
  • ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)
Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw
gruß
kira
__________________

__________________

Alt 09.07.2012, 17:04   #3
HaraldHH
 
GVU Trojaner und jetzt? - Standard

GVU Trojaner und jetzt?



Hallo Kira,
vielen Dank für Deine Unterstützung.
Hier die gewünschten Reports:

1. Anti-Malware
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.09.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Home2 :: HOME2-PC [Administrator]

Schutz: Aktiviert

09.07.2012 11:29:20
mbam-log-2012-07-09 (11-29-20).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 571601
Laufzeit: 2 Stunde(n), 47 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 1
C:\Users\Home2\AppData\Local\Temp\glom0_og.exe (Spyware.Zbot.DG) -> Löschen bei Neustart.

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Home2\AppData\Local\Temp\glom0_og.exe (Spyware.Zbot.DG) -> Löschen bei Neustart.

(Ende)
         
2. OTL.txt
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 09.07.2012 15:01:43 - Run 2
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\Home2\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,99 Gb Total Physical Memory | 3,07 Gb Available Physical Memory | 51,17% Memory free
11,98 Gb Paging File | 7,88 Gb Available in Paging File | 65,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1387,07 Gb Total Space | 1288,48 Gb Free Space | 92,89% Space Free | Partition Type: NTFS
Drive J: | 465,76 Gb Total Space | 81,65 Gb Free Space | 17,53% Space Free | Partition Type: NTFS
 
Computer Name: HOME2-PC | User Name: Home2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Home2\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
PRC - C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - c:\xampp\mysql\bin\mysqld.exe ()
PRC - C:\xampp\apache\bin\httpd.exe (Apache Software Foundation)
PRC - c:\xampp\apache\bin\httpd.exe (Apache Software Foundation)
PRC - C:\xampp\apache\bin\httpd.exe (Apache Software Foundation)
PRC - C:\Windows\SysWOW64\Ctxfihlp.exe (Creative Technology Ltd)
PRC - C:\Windows\SysWOW64\CTxfispi.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Duden\Duden Korrektor\DKTray.exe (Expert System S.p.A.)
PRC - C:\Program Files (x86)\Duden\Duden-Bibliothek\dudenbib.exe (Bibliographisches Institut GmbH)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
PRC - C:\Program Files (x86)\klickTel\Telefon- und Branchenbuch Frühjahr 2010\kstart32.EXE (telegate MEDIA AG)
PRC - C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks)
PRC - C:\Program Files (x86)\Nuance\PDF Create! 6\PdfCreate6Hook.exe (Nuance Communications, Inc.)
PRC - C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe ()
PRC - C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
PRC - C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ()
PRC - C:\Program Files (x86)\Roxio\CinePlayer\DMXLauncher.exe ()
PRC - C:\Program Files (x86)\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe (Sonic Solutions)
PRC - C:\Program Files (x86)\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe (Sonic Solutions)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Home2\AppData\Local\Temp\glom0_og.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\761fd1afc17f11bf6d49c3a7d16465ca\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Acronis\TrueImageHome\Common\ti_managers.dll ()
MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Interop.Word\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Interop.Outlook\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\PROGRA~2\MICROS~1\Office14\OUTLCTL.DLL ()
MOD - C:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\Extensibility.dll ()
MOD - C:\Program Files (x86)\Duden\Duden Korrektor\adxloader.dll ()
MOD - C:\Program Files (x86)\Duden\Duden Korrektor\MBControls.dll ()
MOD - c:\Programme\McAfee\MSK\mskapbho.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\de\DataSafeOnline.resources.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\de\SdbUI.resources.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STBRCCServCLR.dll ()
MOD - C:\program files (x86)\Dell DataSafe Local Backup\SftBRCCPiped.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCC.dll ()
MOD - C:\Windows\SysWOW64\CTXFIGER.DLL ()
MOD - C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe ()
MOD - C:\Windows\SysWOW64\APOMngr.DLL ()
MOD - C:\Windows\SysWOW64\CmdRtr.DLL ()
MOD - C:\Program Files (x86)\Duden\Duden Korrektor\Interop.Excel.dll ()
MOD - C:\Program Files (x86)\Duden\Duden Korrektor\Interop.Access.dll ()
MOD - C:\Program Files (x86)\Duden\Duden Korrektor\Interop.Word.dll ()
MOD - C:\Program Files (x86)\Duden\Duden Korrektor\Interop.Outlook.dll ()
MOD - C:\Program Files (x86)\Duden\Duden Korrektor\Interop.PowerPoint.dll ()
MOD - C:\Program Files (x86)\Duden\Duden Korrektor\Interop.FrontPage.dll ()
MOD - C:\Program Files (x86)\Roxio\CinePlayer\DMXLauncher.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (wltrysvc) -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE ()
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (mfevtp) -- C:\Programme\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV - (StarMoney 8.0 OnlineUpdate) -- C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
SRV - (StarMoney 7.0 OnlineUpdate) -- C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (SQLWriter) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (mysql) -- c:\xampp\mysql\bin\mysqld.exe ()
SRV - (Apache2.2) -- c:\xampp\apache\bin\httpd.exe (Apache Software Foundation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (AdobeActiveFileMonitor8.0) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (RoxMediaDB10) -- c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (DockLoginService) -- C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ()
SRV - (RoxLiveShare) -- C:\Program Files (x86)\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe (Sonic Solutions)
SRV - (RoxMediaDB) -- C:\Program Files (x86)\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe (Sonic Solutions)
SRV - (RoxWatch) -- C:\Program Files (x86)\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe (Sonic Solutions)
SRV - (RoxUPnPRenderer) -- C:\Program Files (x86)\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe (Sonic Solutions)
SRV - (RoxUpnpServer) -- C:\Program Files (x86)\Roxio\Digital Home 8\RoxUpnpServer.exe (Sonic Solutions)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis)
DRV:64bit: - (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273) -- C:\Windows\SysNative\drivers\tdrpm273.sys (Acronis)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (ha20x22k) -- C:\Windows\SysNative\drivers\ha20x22k.sys (Creative Technology Ltd)
DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV:64bit: - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd)
DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcuxd) -- C:\Windows\SysNative\drivers\vpcuxd.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\bcm42rly.sys (Broadcom Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (RxFilter) -- C:\Windows\SysNative\drivers\RxFilter.sys (Sonic Solutions)
DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (DFUBTUSB) -- C:\Windows\SysNative\drivers\frmupgr.sys (Broadcom Corporation.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (RxFilter) -- C:\Windows\SysWOW64\drivers\RxFilter.sys (Sonic Solutions)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0D373E36-5D79-49FA-A10D-145F98B0AE6C}
IE:64bit: - HKLM\..\SearchScopes\{0D373E36-5D79-49FA-A10D-145F98B0AE6C}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {22e03916-85c5-44b0-8dc9-1830c11238d9} - C:\Program Files (x86)\Elf_1\prxtbElf_.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{51349ADB-FB3D-47C7-B6BA-C5307B322DC5}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2856415
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\URLSearchHook: {22e03916-85c5-44b0-8dc9-1830c11238d9} - C:\Program Files (x86)\Elf_1\prxtbElf_.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&babsrc=SP_def&AF=10588
IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2856415
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/home"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: ietab@ip.cn:1.95.20100933
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.7.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.2b
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.2.0
FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.20.00
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=adbartrp&mntrId=34908e13000000000000904ce5303a63&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\Home2\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Home2\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Home2\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012.07.02 10:42:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.30 19:25:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.30 19:25:25 | 000,000,000 | ---D | M]
 
[2010.03.15 22:57:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home2\AppData\Roaming\mozilla\Extensions
[2012.04.12 16:51:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home2\AppData\Roaming\mozilla\Firefox\Profiles\hsp7vlg4.default\extensions
[2011.06.19 18:01:22 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\Home2\AppData\Roaming\mozilla\Firefox\Profiles\hsp7vlg4.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2012.02.10 13:44:27 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Home2\AppData\Roaming\mozilla\Firefox\Profiles\hsp7vlg4.default\extensions\ffxtlbr@babylon.com
[2011.06.25 23:10:28 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\Home2\AppData\Roaming\mozilla\Firefox\Profiles\hsp7vlg4.default\extensions\firebug@software.joehewitt.com
[2011.01.29 15:41:31 | 000,000,000 | ---D | M] (IE Tab Plus) -- C:\Users\Home2\AppData\Roaming\mozilla\Firefox\Profiles\hsp7vlg4.default\extensions\ietab@ip.cn
[2012.02.10 13:32:34 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Home2\AppData\Roaming\mozilla\Firefox\Profiles\hsp7vlg4.default\extensions\plugin@yontoo.com
[2012.06.30 19:25:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.06.15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.05.31 20:32:58 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2012.03.01 13:16:57 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.10 13:44:26 | 000,002,275 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = hxxp://search.babylon.com/?q={searchTerms}&babsrc=SP_def&mntrId=34908e13000000000000904ce5303a63
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Home2\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\Home2\AppData\Local\Google\Chrome\Application\18.0.1025.168\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Home2\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Home2\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Protect Disc License Acquisition Plugin (Enabled) = C:\Users\Home2\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Home2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\Home2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\Home2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google-Suche = C:\Users\Home2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Yontoo = C:\Users\Home2\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.1_0\
CHR - Extension: Yontoo = C:\Users\Home2\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.2_0\
CHR - Extension: Google Mail = C:\Users\Home2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
CHR - Extension: Google Mail = C:\Users\Home2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\McAfee\SystemCore\ScriptSn.20120626234901.dll (McAfee, Inc.)
O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Elf 1 Toolbar) - {22e03916-85c5-44b0-8dc9-1830c11238d9} - C:\Program Files (x86)\Elf_1\prxtbElf_.dll (Conduit Ltd.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120701162754.dll (McAfee, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Elf 1 Toolbar) - {22e03916-85c5-44b0-8dc9-1830c11238d9} - C:\Program Files (x86)\Elf_1\prxtbElf_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Elf 1 Toolbar) - {22E03916-85C5-44B0-8DC9-1830C11238D9} - C:\Program Files (x86)\Elf_1\prxtbElf_.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent File not found
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files (x86)\Roxio\CinePlayer\DMXLauncher.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Nuance PDF Create! 6-reminder] C:\Program Files (x86)\Nuance\PDF Create! 6\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF6 Registry Controller] C:\Program Files (x86)\Nuance\PDF Create! 6\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Create! 6\pdfcreate6hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SAOB Monitor] C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [Duden Korrektor SysTray] C:\Program Files (x86)\Duden\Duden Korrektor\DKtray.exe (Expert System S.p.A.)
O4 - HKCU..\Run: [PixelPlanet PdfPrinter-Monitor] "C:\Program Files (x86)\PixelPlanet\PdfPrinter 6\PdfPrinterMonitor.exe" File not found
O4:64bit: - HKLM..\RunOnce: [DSUpdateLauncher] c:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\runhstart.bat ()
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\Windows\is-3DNVB.exe ()
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [STToasterLauncher] C:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe ()
O4 - HKLM..\RunOnceEx: [ContentMerger] c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe (Sonic Solutions)
O4 - Startup: C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telefon- und Branchenbuch Frühjahr 2010 - Schnellstarter.lnk = C:\Program Files (x86)\klickTel\Telefon- und Branchenbuch Frühjahr 2010\kstart32.EXE (telegate MEDIA AG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8:64bit: - Extra context menu item: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8:64bit: - Extra context menu item: Linkinhalt an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: PDF-Datei aus Linkinhalt erstellen - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8:64bit: - Extra context menu item: PDF-Datei erstellen - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8:64bit: - Extra context menu item: PDF-Dateien aus den ausgewählten Links erstellen - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: An vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Linkinhalt an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: PDF-Datei aus Linkinhalt erstellen - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: PDF-Datei erstellen - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: PDF-Dateien aus den ausgewählten Links erstellen - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: dyndns.org ([sanktpetri] https in Trusted sites)
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553530000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4AFDC60-62B8-4548-82F2-72B1ED4E05B8}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DFFDD980-D70A-4713-A74F-9AB14F97CAA6}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{605960f1-f2c9-11de-9c04-002564e9a1b5}\Shell - "" = AutoRun
O33 - MountPoints2\{605960f1-f2c9-11de-9c04-002564e9a1b5}\Shell\AutoRun\command - "" = I:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.09 14:51:01 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Home2\Desktop\OTL.exe
[2012.07.09 14:19:50 | 000,000,000 | ---D | C] -- C:\Users\Home2\Documents\Scan
[2012.07.09 11:19:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012.07.07 01:27:06 | 000,000,000 | ---D | C] -- C:\Users\Home2\AppData\Roaming\Malwarebytes
[2012.07.07 01:26:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.07 01:26:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.07 01:26:22 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.07 01:26:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.30 19:25:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.06.30 19:25:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.06.30 19:12:51 | 000,000,000 | ---D | C] -- C:\Users\Home2\AppData\Local\Macromedia
[2012.06.25 18:41:04 | 000,000,000 | ---D | C] -- C:\TEMP
[2012.06.24 17:44:03 | 000,000,000 | ---D | C] -- C:\Users\Home2\Documents\HMSP2013
[2012.06.23 12:17:51 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.06.23 12:17:51 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.06.23 12:17:51 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.06.23 12:16:30 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.06.23 12:16:30 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.06.23 12:16:30 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.06.23 12:16:03 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.06.23 12:16:03 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012.06.14 00:29:28 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.06.14 00:29:28 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.06.14 00:29:28 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.06.14 00:29:27 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.06.14 00:29:26 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.06.14 00:29:26 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.06.14 00:29:25 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.06.14 00:29:25 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.06.14 00:29:23 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.06.14 00:29:23 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.06.14 00:29:23 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.06.14 00:29:23 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.06.14 00:29:22 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.06.13 18:17:17 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.06.13 18:17:08 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.06.13 18:17:06 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.06.13 18:17:04 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.06.13 18:17:04 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.06.13 18:17:03 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012.06.13 18:16:45 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012.06.13 18:16:36 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.06.13 18:16:31 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.06.12 15:41:55 | 000,000,000 | ---D | C] -- C:\Buch
[2010.01.05 18:12:58 | 008,656,832 | ---- | C] (Dell, Inc.                                                   ) -- C:\Users\Home2\AppData\Roaming\DataSafeDotNet.exe
[3 C:\Users\Home2\Documents\*.tmp files -> C:\Users\Home2\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.09 15:52:48 | 004,503,728 | ---- | M] () -- C:\ProgramData\go_0molg.pad
[2012.07.09 15:51:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2855445283-1414569937-4144548128-1003UA.job
[2012.07.09 15:51:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.09 15:43:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.09 14:51:17 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Home2\Desktop\OTL.exe
[2012.07.09 11:26:30 | 000,000,509 | ---- | M] () -- C:\Windows\is-3DNVB.lst
[2012.07.09 11:26:29 | 000,711,240 | ---- | M] () -- C:\Windows\is-3DNVB.exe
[2012.07.09 11:26:29 | 000,012,782 | ---- | M] () -- C:\Windows\is-3DNVB.msg
[2012.07.09 11:26:29 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.09 11:24:03 | 000,014,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.09 11:24:03 | 000,014,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.09 11:14:39 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.09 11:14:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.09 11:14:22 | 529,883,135 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.07 11:54:02 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000004-00000000-00000000-00001102-0000000B-00441102}.rfx
[2012.07.07 11:54:02 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000004-00000000-00000000-00001102-0000000B-00441102}.rfx
[2012.07.07 11:54:02 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000004-00000000-00000000-00001102-0000000B-00441102}.rfx
[2012.07.06 16:22:54 | 000,001,887 | ---- | M] () -- C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.06 09:51:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2855445283-1414569937-4144548128-1003Core.job
[2012.07.04 18:28:36 | 004,378,624 | ---- | M] () -- C:\Users\Home2\Documents\Nordwind3.accdb
[2012.07.03 18:32:11 | 001,800,940 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.03 18:32:11 | 000,770,342 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.03 18:32:11 | 000,711,756 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.03 18:32:11 | 000,178,750 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.03 18:32:11 | 000,144,700 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.30 19:25:34 | 000,001,136 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.06.30 18:55:00 | 000,002,405 | ---- | M] () -- C:\Users\Home2\Desktop\Google Chrome.lnk
[2012.06.30 15:57:35 | 004,304,896 | ---- | M] () -- C:\Users\Home2\Documents\Northwind 2007.accdb
[2012.06.30 15:56:27 | 002,752,512 | ---- | M] () -- C:\Users\Home2\Documents\Marketingprojekte.accdb
[2012.06.30 15:54:52 | 004,161,536 | ---- | M] () -- C:\Users\Home2\Documents\Gemeinnützige Spenden-Webdatenbank.accdb
[2012.06.30 15:54:33 | 003,305,472 | ---- | M] () -- C:\Users\Home2\Documents\Gemeinnützige Spenden.accdb
[2012.06.30 14:39:23 | 000,925,696 | ---- | M] () -- C:\Users\Home2\Documents\Institut.accdb
[2012.06.30 14:37:18 | 002,564,096 | ---- | M] () -- C:\Users\Home2\Documents\Projekte.accdb
[2012.06.30 14:36:39 | 001,642,496 | ---- | M] () -- C:\Users\Home2\Documents\Probleme2.accdb
[2012.06.30 14:13:58 | 001,191,936 | ---- | M] () -- C:\Users\Home2\Documents\Aufgaben3.accdb
[2012.06.30 14:10:29 | 004,403,200 | ---- | M] () -- C:\Users\Home2\Documents\Nordwind2.accdb
[2012.06.25 19:09:08 | 000,001,804 | ---- | M] () -- C:\Users\Home2\Desktop\Adressdatenverwaltung2010.accdb - Verknüpfung.lnk
[2012.06.23 21:51:13 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.06.23 21:51:13 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.06.23 15:20:44 | 000,770,048 | ---- | M] () -- C:\Users\Home2\Documents\CreaKombi.accdb
[2012.06.21 17:45:27 | 001,581,056 | ---- | M] () -- C:\Users\Home2\Documents\Kontakte2.accdb
[2012.06.18 17:55:52 | 000,897,024 | ---- | M] () -- C:\Users\Home2\Documents\Lieferantensuche97-2.accdb
[2012.06.18 16:54:54 | 000,692,224 | ---- | M] () -- C:\Users\Home2\Documents\CreaKombi2.accdb
[2012.06.16 21:31:53 | 000,442,368 | ---- | M] () -- C:\Users\Home2\Documents\Benutzerverwaltung97.accdb
[2012.06.16 19:20:50 | 000,688,128 | ---- | M] () -- C:\Users\Home2\Documents\CreaKombi1.accdb
[2012.06.16 18:48:26 | 000,212,992 | ---- | M] () -- C:\Users\Home2\Documents\OptTest.mdb
[2012.06.14 14:22:30 | 000,482,160 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.13 14:48:22 | 000,000,406 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[3 C:\Users\Home2\Documents\*.tmp files -> C:\Users\Home2\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.09 11:26:30 | 000,000,509 | ---- | C] () -- C:\Windows\is-3DNVB.lst
[2012.07.09 11:26:29 | 000,711,240 | ---- | C] () -- C:\Windows\is-3DNVB.exe
[2012.07.09 11:26:29 | 000,012,782 | ---- | C] () -- C:\Windows\is-3DNVB.msg
[2012.07.07 01:26:49 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.06 16:22:54 | 004,503,728 | ---- | C] () -- C:\ProgramData\go_0molg.pad
[2012.07.06 16:22:54 | 000,001,887 | ---- | C] () -- C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.04 18:26:17 | 004,378,624 | ---- | C] () -- C:\Users\Home2\Documents\Nordwind3.accdb
[2012.06.30 19:25:34 | 000,001,148 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.06.30 14:38:41 | 000,925,696 | ---- | C] () -- C:\Users\Home2\Documents\Institut.accdb
[2012.06.30 14:36:52 | 002,564,096 | ---- | C] () -- C:\Users\Home2\Documents\Projekte.accdb
[2012.06.30 14:31:15 | 001,642,496 | ---- | C] () -- C:\Users\Home2\Documents\Probleme2.accdb
[2012.06.30 14:10:48 | 001,191,936 | ---- | C] () -- C:\Users\Home2\Documents\Aufgaben3.accdb
[2012.06.30 14:00:49 | 004,403,200 | ---- | C] () -- C:\Users\Home2\Documents\Nordwind2.accdb
[2012.06.25 19:06:31 | 000,001,804 | ---- | C] () -- C:\Users\Home2\Desktop\Adressdatenverwaltung2010.accdb - Verknüpfung.lnk
[2012.06.21 17:44:12 | 001,581,056 | ---- | C] () -- C:\Users\Home2\Documents\Kontakte2.accdb
[2012.06.18 17:50:32 | 000,897,024 | ---- | C] () -- C:\Users\Home2\Documents\Lieferantensuche97-2.accdb
[2012.06.18 16:54:03 | 000,692,224 | ---- | C] () -- C:\Users\Home2\Documents\CreaKombi2.accdb
[2012.06.16 19:20:10 | 000,688,128 | ---- | C] () -- C:\Users\Home2\Documents\CreaKombi1.accdb
[2012.06.10 12:58:23 | 000,770,048 | ---- | C] () -- C:\Users\Home2\Documents\CreaKombi.accdb
[2012.04.18 23:07:46 | 000,003,584 | ---- | C] () -- C:\Users\Home2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.19 14:21:58 | 000,008,192 | ---- | C] () -- C:\Users\Home2\AppData\Roaming\DMX.bmk
[2011.11.19 14:20:03 | 000,000,093 | ---- | C] () -- C:\Users\Home2\AppData\Local\fusioncache.dat
[2011.10.21 18:16:54 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\Wrkgadm.exe
[2011.01.13 17:13:23 | 000,009,097 | ---- | C] () -- C:\Windows\DirPrintOK.ini
[2010.10.20 11:44:08 | 000,446,464 | ---- | C] () -- C:\Windows\SysWow64\Tx32.dll
[2010.10.20 11:44:08 | 000,000,151 | ---- | C] () -- C:\Windows\SysWow64\ic32.ini
[2010.09.15 11:49:28 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010.08.21 14:59:46 | 000,002,585 | ---- | C] () -- C:\Windows\Uileitz.INI
[2010.08.21 13:35:33 | 000,000,302 | ---- | C] () -- C:\Windows\lpp32.ini
[2010.08.21 13:25:13 | 000,000,051 | ---- | C] () -- C:\Windows\NetEasyPrint_Server_Demo.ini
[2010.08.21 13:25:10 | 000,058,910 | ---- | C] () -- C:\Windows\uinst32etzsd.ini
[2010.08.21 13:25:02 | 000,000,030 | ---- | C] () -- C:\Windows\m_s.ini
[2010.08.12 22:14:11 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2010.04.06 00:06:06 | 000,007,666 | ---- | C] () -- C:\Users\Home2\AppData\Local\Resmon.ResmonCfg
[2010.03.24 12:29:32 | 000,000,406 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.01.15 23:06:41 | 000,000,760 | ---- | C] () -- C:\Users\Home2\AppData\Roaming\setup_ldm.iss
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Word-Privat:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\WebProf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Test-Datenbanken:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Spenderessen2011:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Seminare_2Halbjahr2011:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Seminare_20062011:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Scan:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Privat:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Petri-Zuwendungsverwaltung:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\PdfGrabber:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\PDF-Favoriten:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\PDF_Dokumente:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Outlook-Dateien:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\OneNote-Notizbücher:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\ÖffentlichSeminare2010_Temporär:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\ÖffentlicheSeminare2012:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\ÖffentlicheSeminare2011:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\ÖffentlicheSeminare2010_alt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\ÖffentlicheSeminare2010:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\My Albums:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Meine Websites:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\LogoMaker:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Klub Q:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\HmspZusammenstellungaus2010_2011:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\HMSP2013:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\HMSP2012_2HJ:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Hmsp2012_03112011:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\HMSP2012:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Hmsp2011:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Hmsp_Sept2010:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Hmsp_Herbst2011:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Helferdatei:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\HD-BSZ_21062011:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\HD-BSZ_12082011:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\HD-BSZ_11012011:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\HD-BSZ:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\FlyerSeminar2012:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Entwurf_Jahresbericht:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\EinstiegCSS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Eigene Datenquellen:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\diashow1.mpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\diashow.mpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Desktopablegen:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\CSS_Website:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\css_pur:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\BSZ-WORD:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\BSZ-Statistik:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\BSZ-Logos:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\BSZ-Fahrtkosten:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\BSZ-Fachberatung:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\BSZ_Website_Bilder:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\BSZ_Veranstaltungen:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\BSZ_Umstellung2010:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\BSZ_EXCEL:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\BSZ:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Bildungsspender:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\belkin:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Ausstellung-Zuhoeren-St-Petri-e-mail.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\AccessBasics:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Access2010_VBA:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Access2010_Trainingsbuch:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Access2010_Programmierung:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Access2010_Kulpa:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Access2010_DB_entwickeln:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Access2010_BHV:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Access2010_Basis:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\2011:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\01022012:Roxio EMC Stream
@Alternate Data Stream - 240 bytes -> C:\ProgramData\TEMP:07C8C7C8

< End of report >
         
--- --- ---


3. Extras.txt
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 09.07.2012 15:01:43 - Run 2
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\Home2\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,99 Gb Total Physical Memory | 3,07 Gb Available Physical Memory | 51,17% Memory free
11,98 Gb Paging File | 7,88 Gb Available in Paging File | 65,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1387,07 Gb Total Space | 1288,48 Gb Free Space | 92,89% Space Free | Partition Type: NTFS
Drive J: | 465,76 Gb Total Space | 81,65 Gb Free Space | 17,53% Space Free | Partition Type: NTFS
 
Computer Name: HOME2-PC | User Name: Home2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02E7FFFF-727F-4BFA-8B15-4C26CC8F1F8C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{08496CAE-732A-4CAA-A691-866B52C293A0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0EA52B19-2726-4B75-B653-D436B5ED08ED}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{27500981-4395-4BF8-9E90-952F7324C059}" = lport=445 | protocol=6 | dir=in | app=system | 
"{29A2ADF8-CD71-4FD7-8DE9-8F4C0A5E2ABF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3270D079-E467-4620-9D07-D43C7FB87299}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3E0830F9-AD53-4A6B-AF53-0AE41DE0C876}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5ACEC3C6-DAF4-4234-883F-C1C394FEC0C8}" = rport=445 | protocol=6 | dir=out | app=system | 
"{7C953E1D-09B5-4704-8C3B-2FF4A75F85FD}" = rport=138 | protocol=17 | dir=out | app=system | 
"{8491CF4E-8392-4125-BDFB-B480109BB374}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{8B6021CB-FC82-40D8-889F-F2D0AC277750}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{95A918D2-537C-410E-9219-0DD90D2EDC75}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{9737F082-F2CE-4651-A84D-346D954FFF42}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9EEAD624-F5FB-46AF-BCD5-F3121A61713D}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{A5207D60-30E5-4EB6-84A0-C15947ACCBAF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{BB3C72DF-7CEA-4B5F-B911-8DBFBADCF21D}" = lport=138 | protocol=17 | dir=in | app=system | 
"{BC914EA2-DE50-4C49-8C17-AA5CA3C2EE19}" = rport=139 | protocol=6 | dir=out | app=system | 
"{C2944231-CCCB-4143-862C-745F0401E9D9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{C2BCD2BF-D30B-4A39-8368-E4239CFB227D}" = rport=137 | protocol=17 | dir=out | app=system | 
"{CA9F267E-20C7-4284-95CC-45121A57A6EB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D16A9DFC-F0A8-468E-9AF7-D0495ED2D9DE}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{DA3615C0-7A5A-4FA6-ABE6-F3E40A533748}" = lport=137 | protocol=17 | dir=in | app=system | 
"{DACBA6BB-EFF8-4B7D-83F4-7EB5BD54CB57}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{EA91099A-555E-421D-B4CF-303BFF5DF77B}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{F1ADBA44-3595-4190-B683-324E5E61931A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F7989AED-6CA6-4110-9635-F112CCA300C8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FEC70EA4-F29B-4924-99B7-E57859E4BEC1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05A15342-742E-4B20-A1DB-D01241C815F2}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe | 
"{0EC4EFFF-7AF7-4038-A9C2-F6D238E9437F}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{0FBAC44C-3F72-4913-85E6-9A39DB30DFCC}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\digital home 8\roxupnpserver.exe | 
"{17C35E02-FF5F-4887-A435-364F4F8B56C2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{1E9360B9-E6FB-4ABC-9924-7065409FB5D7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{21EBA9E1-52F2-4494-831A-02C24B560135}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{23F29A2D-79C9-40F8-BF41-6A2B8D853ADF}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{23F6AA5E-A0E6-46CB-8D6F-4E6911548A2C}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 8.0\app\starmoney.exe | 
"{27FE0DC4-1E19-4D20-9EA9-D509F64509FD}" = protocol=6 | dir=out | app=system | 
"{30DAB7CF-DC65-46EF-839F-B8D10BE1390E}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\pdvddxsrv.exe | 
"{31E2492F-A5F8-4258-9892-65314B113E34}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{331F90C1-9704-43BC-9177-0EA3C855F456}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{3749C3EE-F20D-4C9F-AE91-34530E9A45EB}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 7.0\app\starmoney.exe | 
"{405A49D2-5603-4E8C-A5C7-B06F69B413A8}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 7.0\ouservice\starmoneyonlineupdate.exe | 
"{41D8664A-8545-411A-A4E4-603C5C267F71}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{429BE60A-347F-45BA-B750-72FD8ABA6A4D}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\digital home 8\roxupnpserver.exe | 
"{498E14AB-D9E0-43BD-B2A7-65F3A568B0DF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4A26878C-2DAE-49DC-A2BF-52A277F043E9}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 7.0\app\starmoney.exe | 
"{4F401F38-A2AB-4345-B3DD-0B33214DD3C7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{517B0BAB-7371-4225-B58F-9242C990981E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{54165524-05E6-403E-BF40-C8CB59C86B32}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{54EE6E2E-032D-4EA8-AE38-67FF7D19B3CA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{5599FDCD-C045-4B11-89EE-BD12ACBEE4CC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{595FC0BB-5F03-4CE5-A68E-36C6219084E9}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{671A2183-8029-4A48-9CAF-FF042FFFF11B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6AB7CC49-7480-42C4-BEFF-FAE7C6211B85}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{75A232A5-C4F9-45AB-832E-A8A84E63DE43}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{7F44DEF8-953C-466F-B24F-94DDE3C4B93A}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 7.0\ouservice\starmoneyonlineupdate.exe | 
"{81F02F20-8F76-4B90-A490-F09F0B55922B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{90903269-1931-4CD9-B129-1AB6AA2D8EC6}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\powerdvd.exe | 
"{945845C6-6FA3-4C95-99A7-6E472DBB6043}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{94C4570B-E6D7-4ADA-832C-720A217ACF5F}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{B5A7DD1C-ED4A-44A4-B738-FB17070BDD99}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 8.0\app\starmoney.exe | 
"{B73E351A-4DB5-4FA9-A44C-5A77C9933E62}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B81A2694-EB74-4A7A-BF5C-A978E5D4EF73}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{C09D74ED-9DB4-4A76-AE98-54F3C5FD992E}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 8.0\ouservice\starmoneyonlineupdate.exe | 
"{C25AB976-782A-4C88-81E6-C4AD172F8048}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{D5EC8AB9-8601-4F4B-8B09-DB9392D11643}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{DF08BB4F-15A1-4557-87A8-775A6B6D9ABB}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 8.0\ouservice\starmoneyonlineupdate.exe | 
"{F0A8A588-8999-43A9-ACFE-90CA46541B1F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FBB1FF65-359D-401B-8619-3AF193D8F8DC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{02AD9D20-03D2-4DE0-8793-E8253026AD86}" = EMCGadgets64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807" = CanoScan LiDE 200 Scanner Driver
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{1FBEA8BA-D40B-48BC-85BC-EE2D5575F27C}" = Microsoft SQL Server VSS Writer
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7C39E0D1-E138-42B1-B083-213EC2CF7692}" = Microsoft SQL Server Native Client
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9035EEAC-E957-467C-89F7-90C48AA26331}" = Nuance PDF Create! 6
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID-Anmelde-Assistent
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"NVIDIA Drivers" = NVIDIA Drivers
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00F0E3D5-D6C8-4997-BB42-7F5784C8586B}" = Roxio Creator 8.2 XE
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis True Image Home 2011
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Create
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{1FCBD504-AB7D-4757-9A14-850348384B08}" = StarMoney
"{20288888-A7AF-4B24-8AEB-398D20CD563C}" = Sound Blaster X-Fi
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2B10F0FA-2BCB-4B08-96FB-BD0788B16564}" = klickTel Telefon- und Branchenbuch Frühjahr 2010
"{2E8ECB58-EE3A-452C-B57E-1B982735F0F2}" = Duden Korrektor PLUS
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3FF8E8A7-5BA8-4D9E-B976-B05B2B00B0AE}" = Microsoft Expression Web 4
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D26B533-269B-4C01-B59E-80A6864824A5}" = Microsoft Expression Encoder 4
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy CD and DVD Burning
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5C81B189-5456-40C4-9313-7FE6FA6DD64C}" = Duden-Bibliothek
"{612B5D2E-8084-4102-91DE-24281E4EFB2C}" = Roxio Easy CD and DVD Burning
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{660B9447-5F6A-463E-B2D5-F2EEF9C3EE15}" = Microsoft Access 2010 Interactive Guide DEU
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{837E620D-B93E-4D84-A753-BE1DBEB716B1}" = StarMoney
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86F4B795-EA3D-48BD-ADFA-DA44B39059F9}" = StarMoney
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A4C0D1E-40F9-48DF-A8ED-AC7E60A5DDCA}" = StarMoney 7.0 
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8FD0F94D-4594-48A0-BE99-5265367603D8}" = Microsoft Expression Design 4
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F0A32A5-4EBF-4B9D-A3CD-31579F2E1400}" = Multimedia Card Reader
"{9FFC4C2D-374D-482B-AA58-67282CE23695}" = AquaSoft DiaShow 7 Premium
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92A4DB0-CD37-42D1-BE1D-603D53C24328}" = Intel(R) Programm für die Prozessorerkennung
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2F2B987-F2BC-4969-95F2-92099486B811}" = StarMoney
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F21D2032-60FE-4729-9C87-46F1615FB965}" = Microsoft Expression Encoder 4 Screen Capture Codec
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5993FCC-DF5D-4879-B70D-AA1F379C5C6B}" = Microsoft Expression Web 4 Service Pack 2
"{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"{FD66E9A0-54C8-4F01-B5C7-9EF9716541AE}" = StarMoney 8.0 
"{FDB46DE7-9045-47BB-970A-3E4ED5369E03}" = EMC 10 Content
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Advanced PDF-to-Word 1.0" = Advanced PDF-to-Word 1.0
"AquaSoft DiaShow 7 Premium" = AquaSoft DiaShow 7 Premium
"AudioCS" = Creative Audio-Systemsteuerung
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"BabylonToolbar" = Babylon toolbar on IE
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanonSolutionMenu" = Canon Utilities Solution Menu
"conduitEngine" = Conduit Engine
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Design_7.0.20516.0" = Microsoft Expression Design 4
"DirPrintOK" = DirPrintOK
"Dolby Digital Live Pack" = Dolby Digital Live Pack
"Elf_1 Toolbar" = Elf 1 Toolbar
"Encoder_4.0.1651.0" = Microsoft Expression Encoder 4
"GPL Ghostscript 9.05" = GPL Ghostscript
"InstallShield_{9F0A32A5-4EBF-4B9D-A3CD-31579F2E1400}" = Multimedia Card Reader
"InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"IrfanView" = IrfanView (remove only)
"LogoMaker_is1" = LogoMaker 4.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft Access 2002 VBA SFS-Übungsdateien" = Microsoft Access 2002 VBA SFS-Übungsdateien
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"MSC" = McAfee SecurityCenter
"Office14.SingleImage" = Microsoft Office Professional 2010
"OpenAL" = OpenAL
"Opera 11.51.1087" = Opera 11.51
"PDF Editor 3" = PDF Editor 3
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PSPad editor_is1" = PSPad editor
"SmartToolsBooklet-Assistentv3.00" = SmartTools Publishing • Word Booklet-Assistent
"SmartToolsClassic Menü 2010, 2007v1.50" = SmartTools Publishing • Word Classic Menü 2010, 2007
"SmartToolsGlobale Suchev1.50" = SmartTools Publishing • Access Globale Suche
"SmartToolsJahresplanv2.00" = SmartTools Publishing • Excel Jahresplan
"SmartToolsSecurity Managerv1.00" = SmartTools Publishing • Access Security Manager
"SmartToolsSerienmailerv2.02" = SmartTools Publishing • Word Serienmailer
"SmartToolsZahl in Wortenv2.50" = SmartTools Publishing • Access Zahl in Worten
"Techinfo Doppelte Datensätze" = Techinfo Doppelte Datensätze
"TSPCzwei" = TSPCzwei
"Web_4.0.1303.0" = Microsoft Expression Web 4
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"xampp" = XAMPP 1.7.4
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Access Berater Suchen-AddIn" = Access Berater Suchen-AddIn
"Access_aktuell · Beispieldatenbank 'Mehrfachauswahl' (FFC)" = Access_aktuell · Beispieldatenbank 'Mehrfachauswahl' (FFC)
"Access_aktuell · Beispieldatenbank 'Word Office Automation' (FCB)" = Access_aktuell · Beispieldatenbank 'Word Office Automation' (FCB)
"Google Chrome" = Google Chrome
"Protect Disc License Helper" = Protect Disc License Helper 1.0.125 (IE)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 07.07.2012 05:55:48 | Computer Name = Home2-PC | Source = Outlook | ID = 35
Description = Fehler beim Bestimmen, ob sich der Speicher im Durchforstungsbereich
 befindet (Fehler=0x8007043c).
 
Error - 07.07.2012 05:55:48 | Computer Name = Home2-PC | Source = Outlook | ID = 34
Description = Fehler beim Abrufen des Durchforstungsbereichs-Managers. Fehler=0x8007043c.
 
Error - 07.07.2012 05:55:48 | Computer Name = Home2-PC | Source = Outlook | ID = 35
Description = Fehler beim Bestimmen, ob sich der Speicher im Durchforstungsbereich
 befindet (Fehler=0x8007043c).
 
Error - 07.07.2012 05:56:03 | Computer Name = Home2-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 07.07.2012 06:03:24 | Computer Name = Home2-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 07.07.2012 06:03:58 | Computer Name = Home2-PC | Source = Outlook | ID = 34
Description = Fehler beim Abrufen des Durchforstungsbereichs-Managers. Fehler=0x8007043c.
 
Error - 07.07.2012 06:03:58 | Computer Name = Home2-PC | Source = Outlook | ID = 35
Description = Fehler beim Bestimmen, ob sich der Speicher im Durchforstungsbereich
 befindet (Fehler=0x8007043c).
 
Error - 07.07.2012 06:03:58 | Computer Name = Home2-PC | Source = Outlook | ID = 34
Description = Fehler beim Abrufen des Durchforstungsbereichs-Managers. Fehler=0x8007043c.
 
Error - 07.07.2012 06:03:58 | Computer Name = Home2-PC | Source = Outlook | ID = 35
Description = Fehler beim Bestimmen, ob sich der Speicher im Durchforstungsbereich
 befindet (Fehler=0x8007043c).
 
Error - 07.07.2012 06:04:01 | Computer Name = Home2-PC | Source = System Restore | ID = 8193
Description = 
 
[ Broadcom Wireless LAN Events ]
Error - 28.04.2012 03:12:52 | Computer Name = Home2-PC | Source = WLAN-Tray | ID = 0
Description = 09:12:48, Sat, Apr 28, 12 Error - Unable to gain access to user store

 
Error - 30.04.2012 12:09:29 | Computer Name = Home2-PC | Source = WLAN-Tray | ID = 0
Description = 18:09:27, Mon, Apr 30, 12 Error - Unable to gain access to user store

 
Error - 01.05.2012 02:41:05 | Computer Name = Home2-PC | Source = WLAN-Tray | ID = 0
Description = 08:41:05, Tue, May 01, 12 Error - Unable to gain access to user store

 
Error - 09.06.2012 07:34:05 | Computer Name = Home2-PC | Source = WLAN-Tray | ID = 0
Description = 13:34:05, Sat, Jun 09, 12 Error - Unable to gain access to user store

 
Error - 12.06.2012 02:34:52 | Computer Name = Home2-PC | Source = WLAN-Tray | ID = 0
Description = 08:34:48, Tue, Jun 12, 12 Error - Unable to gain access to user store

 
[ Media Center Events ]
Error - 02.01.2012 08:11:45 | Computer Name = Home2-PC | Source = MCUpdate | ID = 0
Description = 13:11:44 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die 
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
 konnte keine Vertrauensstellung hergestellt werden..)  
 
Error - 02.01.2012 08:11:49 | Computer Name = Home2-PC | Source = MCUpdate | ID = 0
Description = 13:11:45 - Broadband konnte nicht abgerufen werden (Fehler: Die zugrunde
 liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
 keine Vertrauensstellung hergestellt werden..)  
 
Error - 02.01.2012 14:18:48 | Computer Name = Home2-PC | Source = MCUpdate | ID = 0
Description = 19:18:48 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde
 liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
 keine Vertrauensstellung hergestellt werden..)  
 
Error - 02.01.2012 14:18:50 | Computer Name = Home2-PC | Source = MCUpdate | ID = 0
Description = 19:18:49 - MCESpotlight konnte nicht abgerufen werden (Fehler: Die
 zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
 konnte keine Vertrauensstellung hergestellt werden..)  
 
Error - 02.01.2012 14:18:51 | Computer Name = Home2-PC | Source = MCUpdate | ID = 0
Description = 19:18:51 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die 
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
 konnte keine Vertrauensstellung hergestellt werden..)  
 
Error - 02.01.2012 14:18:55 | Computer Name = Home2-PC | Source = MCUpdate | ID = 0
Description = 19:18:52 - Broadband konnte nicht abgerufen werden (Fehler: Die zugrunde
 liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
 keine Vertrauensstellung hergestellt werden..)  
 
Error - 02.01.2012 15:22:10 | Computer Name = Home2-PC | Source = MCUpdate | ID = 0
Description = 20:22:10 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde
 liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
 keine Vertrauensstellung hergestellt werden..)  
 
Error - 02.01.2012 15:22:11 | Computer Name = Home2-PC | Source = MCUpdate | ID = 0
Description = 20:22:11 - MCESpotlight konnte nicht abgerufen werden (Fehler: Die
 zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
 konnte keine Vertrauensstellung hergestellt werden..)  
 
Error - 02.01.2012 15:22:12 | Computer Name = Home2-PC | Source = MCUpdate | ID = 0
Description = 20:22:12 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die 
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
 konnte keine Vertrauensstellung hergestellt werden..)  
 
Error - 02.01.2012 15:22:14 | Computer Name = Home2-PC | Source = MCUpdate | ID = 0
Description = 20:22:13 - Broadband konnte nicht abgerufen werden (Fehler: Die zugrunde
 liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
 keine Vertrauensstellung hergestellt werden..)  
 
[ System Events ]
Error - 07.07.2012 05:55:30 | Computer Name = Home2-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 07.07.2012 05:55:30 | Computer Name = Home2-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 07.07.2012 05:55:30 | Computer Name = Home2-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 07.07.2012 05:55:30 | Computer Name = Home2-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 07.07.2012 05:55:56 | Computer Name = Home2-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 07.07.2012 05:56:03 | Computer Name = Home2-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 07.07.2012 05:59:14 | Computer Name = Home2-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 07.07.2012 06:02:05 | Computer Name = Home2-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 09.07.2012 05:14:39 | Computer Name = Home2-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SessionLauncher" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%2
 
Error - 09.07.2012 05:14:54 | Computer Name = Home2-PC | Source = VDS Basic Provider | ID = 33554433
Description = 
 
 
< End of report >
         
--- --- ---


4. CCleaner Bericht
Code:
ATTFilter
Access Berater Suchen-AddIn	SmartTools Publishing	14.04.2010		
Access_aktuell · Beispieldatenbank 'Mehrfachauswahl' (FFC)	SmartTools Publishing	08.08.2010		
Access_aktuell · Beispieldatenbank 'Word Office Automation' (FCB)	SmartTools Publishing	03.05.2012		
Acronis True Image Home 2011	Acronis	25.09.2011	284MB	14.0.6868
Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	13.06.2012	6,00MB	11.3.300.257
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	23.06.2012	6,00MB	11.3.300.262
Adobe Photoshop Elements 8.0	Adobe Systems Incorporated	18.09.2010	1,54GB	8.0
Adobe Reader 9.5.1 - Deutsch	Adobe Systems Incorporated	14.04.2012	118MB	9.5.1
Advanced PDF-to-Word 1.0		16.08.2010		
Apple Application Support	Apple Inc.	27.05.2012	60,9MB	2.1.7
Apple Software Update	Apple Inc.	08.07.2011	2,38MB	2.1.3.127
AquaSoft DiaShow 7 Premium	AquaSoft	10.11.2011		7.6.11
ArcSoft PhotoStudio 5.5	ArcSoft	10.01.2010		
AVM FRITZ!Box Dokumentation	AVM Berlin	27.12.2009		
AVM FRITZ!Box Druckeranschluss	AVM Berlin	27.12.2009		
Babylon toolbar on IE		10.02.2012		
Bing Bar	Microsoft Corporation	29.12.2011	26,8MB	7.0.850.0
Canon MP Navigator EX 2.0		10.01.2010		
Canon Utilities Solution Menu		10.01.2010		
CanoScan LiDE 200 Scanner Driver		10.01.2010		
CCleaner	Piriform	22.06.2012		3.20
Cisco EAP-FAST Module	Cisco Systems, Inc.	14.12.2009	1,55MB	2.2.14
Cisco LEAP Module	Cisco Systems, Inc.	14.12.2009	644KB	1.0.19
Cisco PEAP Module	Cisco Systems, Inc.	14.12.2009	1,23MB	1.1.6
Conduit Engine	Conduit Ltd.	13.01.2011		
Creative Audio-Systemsteuerung	Creative Technology Limited	29.12.2011		3.00
Creative Software AutoUpdate	Creative Technology Limited	29.12.2011		1.40
Creative Sound Blaster Properties x64 Edition	Creative Technology Limited	29.12.2011		1.02
Dell DataSafe Local Backup	Dell	14.12.2009		9.3.36
Dell DataSafe Local Backup - Support Software	Dell	14.12.2009		2.25
Dell DataSafe Online	Dell, Inc.	28.04.2010	8,33MB	1.2.0011
Dell Dock	Dell	14.12.2009		2.0.0
Dell Getting Started Guide	Dell Inc.	14.12.2009		1.00.0000
Dell Support Center (Support Software)	Dell	14.12.2009		2.5.09100
Dell Wireless WLAN Card Utility	Dell Inc.	14.12.2009		5.30.21.0
DesignPro 5	Avery Dennison	03.06.2010	18,1MB	5.5.708
DirPrintOK		13.01.2011		
Dolby Digital Live Pack	Creative Technology Limited	14.12.2009		3.00
Duden Korrektor PLUS	Bibliographisches Institut GmbH	31.01.2011	821MB	7.00.0000
Duden-Bibliothek	Bibliographisches Institut GmbH	07.07.2011	68,0MB	5.1.0
Elf 1 Toolbar	Elf 1	13.01.2011		6.3.0.26
Google Chrome	Google Inc.	31.01.2011		20.0.1132.47
Google Toolbar for Internet Explorer	Google Inc.	18.03.2012		7.3.2710.138
GPL Ghostscript	Artifex Software Inc.	10.02.2012		9.05
Inkjet Printer/Scanner Extended Survey Program		10.01.2010		
Intel(R) Programm für die Prozessorerkennung	Intel Corporation	24.11.2011	4,64MB	4.40.0000
IrfanView (remove only)	Irfan Skiljan	10.02.2012	1,50MB	4.32
Java(TM) 6 Update 14 (64-bit)	Sun Microsystems, Inc.	14.12.2009	90,6MB	6.0.140
Java(TM) 6 Update 31	Oracle	01.03.2012	95,1MB	6.0.310
klickTel Telefon- und Branchenbuch Frühjahr 2010	telegate MEDIA AG	27.02.2010		1.00.0000
Logitech SetPoint	Logitech	30.03.2010	17,0KB	4.80
LogoMaker 4.0	Avanquest	24.02.2012		
Malwarebytes Anti-Malware Version 1.61.0.1400	Malwarebytes Corporation	09.07.2012	18,0MB	1.61.0.1400
McAfee SecurityCenter	McAfee, Inc.	27.06.2012		11.0.678
Microsoft .NET Framework 1.1	Microsoft	24.03.2010	34,8MB	1.1.4322
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	13.09.2010	38,8MB	4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	13.09.2010	2,93MB	4.0.30319
Microsoft .NET Framework 4 Extended	Microsoft Corporation	13.09.2010	51,9MB	4.0.30319
Microsoft .NET Framework 4 Extended DEU Language Pack	Microsoft Corporation	13.09.2010	10,6MB	4.0.30319
Microsoft Access 2002 VBA SFS-Übungsdateien		02.05.2012		
Microsoft Access 2010 Interactive Guide DEU	Microsoft	30.06.2011	5,85MB	1.2.1
Microsoft Expression Design 4	Microsoft Corporation	13.03.2012		7.0.20516.0
Microsoft Expression Encoder 4	Microsoft Corporation	13.09.2010		4.0.1651.0
Microsoft Expression Encoder 4 Screen Capture Codec	Microsoft Corporation	13.09.2010	1,80MB	4.0.1651.0
Microsoft Expression Web 4	Microsoft Corporation	29.07.2011		4.0.1303.0
Microsoft IntelliPoint 8.2	Microsoft Corporation	05.02.2012		8.20.468.0
Microsoft Office 2003 Web Components	Microsoft Corporation	12.04.2012	28,0MB	11.0.8003.0
Microsoft Office Live Add-in 1.5	Microsoft Corporation	26.05.2010	508KB	2.0.4024.1
Microsoft Office Professional 2010	Microsoft Corporation	07.01.2012		14.0.6029.1000
Microsoft Office Small Business Connectivity Components	Microsoft Corporation	14.12.2009		2.0.7024.0
Microsoft Silverlight	Microsoft Corporation	11.05.2012	242MB	4.1.10329.0
Microsoft SQL Server 2005	Microsoft Corporation	14.12.2009		
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	14.12.2009	1,72MB	3.1.0000
Microsoft SQL Server Native Client	Microsoft Corporation	17.03.2011	5,89MB	9.00.5000.00
Microsoft SQL Server VSS Writer	Microsoft Corporation	17.03.2011	1,12MB	9.00.5000.00
Microsoft Sync Framework Runtime Native v1.0 (x86)	Microsoft Corporation	11.09.2011	625KB	1.0.1215.0
Microsoft Sync Framework Services Native v1.0 (x86)	Microsoft Corporation	11.09.2011	1,44MB	1.0.1215.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053	Microsoft Corporation	27.12.2009	260KB	8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	27.12.2009	252KB	8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	15.06.2011	300KB	8.0.61001
Microsoft Visual C++ 2005 Redistributable (x64)	Microsoft Corporation	15.01.2010	3,84MB	8.0.61000
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175	Microsoft Corporation	11.05.2011	580KB	8.0.51011
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148	Microsoft Corporation	27.12.2009	212KB	9.0.30729.4148
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148	Microsoft Corporation	24.03.2010	200KB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570	Microsoft Corporation	07.05.2011	790KB	9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570	Microsoft Corporation	07.05.2011	598KB	9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17	Microsoft Corporation	14.12.2009	788KB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	15.06.2011	788KB	9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	24.03.2010	596KB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	15.06.2011	600KB	9.0.30729.6161
Mozilla Firefox 13.0.1 (x86 de)	Mozilla	30.06.2012	37,4MB	13.0.1
Mozilla Maintenance Service	Mozilla	30.06.2012	199KB	13.0.1
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	27.12.2009	1,27MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	27.12.2009	1,33MB	4.20.9876.0
Multimedia Card Reader	Fitipower	14.12.2009	633KB	1.4.915.1
Nuance PDF Create! 6	Nuance Communications, Inc	24.03.2010	122MB	6.00.6401
NVIDIA Drivers	NVIDIA Corporation	14.12.2009		1.4
NVIDIA PhysX	NVIDIA Corporation	14.12.2009	119MB	9.09.0203
OpenAL		29.12.2011		
Opera 11.51	Opera Software ASA	12.04.2012		11.51.1087
PDF Editor 3		12.08.2010		
PowerDVD DX	CyberLink Corp.	14.12.2009		8.3.5424
Protect Disc License Helper 1.0.125 (IE)	Protect Disc	20.10.2010		1.0.125
ProtectDisc Driver, Version 11	ProtectDisc Software GmbH	20.10.2010		11.0.0.14
PSPad editor	Jan Fiala	17.06.2010		
QuickTime	Apple Inc.	27.05.2012	73,2MB	7.72.80.56
Roxio Creator 8.2 XE	Roxio, Inc.	24.03.2010	410MB	8.2.298
Roxio Easy CD and DVD Burning	Roxio	14.12.2009	1,40GB	10.3
SmartTools Publishing • Access Globale Suche	SmartTools Publishing	31.05.2012		v1.50
SmartTools Publishing • Access Security Manager	SmartTools Publishing	26.11.2010		v1.00
SmartTools Publishing • Access Zahl in Worten	SmartTools Publishing	06.04.2012		v2.50
SmartTools Publishing • Excel Jahresplan	SmartTools Publishing	25.03.2010		v2.00
SmartTools Publishing • Word Booklet-Assistent	SmartTools Publishing	20.03.2011		v3.00
SmartTools Publishing • Word Classic Menü 2010, 2007	SmartTools Publishing	24.11.2011		v1.50
SmartTools Publishing • Word Serienmailer	SmartTools Publishing	05.06.2010		v2.02
Sound Blaster X-Fi		10.02.2010		1.0
Spelling Dictionaries Support For Adobe Reader 9	Adobe Systems Incorporated	18.09.2010	29,6MB	9.0.0
StarMoney 7.0	Star Finanz GmbH	05.04.2010		7.0
StarMoney 8.0	Star Finanz GmbH	02.02.2012		8.0
Techinfo Doppelte Datensätze		18.04.2010		
TSPCzwei		25.11.2011		
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)	Microsoft Corporation	17.03.2011	30,5MB	9.00.5000.00
Windows Live Essentials	Microsoft Corporation	11.09.2011		14.0.8117.0416
Windows Live ID-Anmelde-Assistent	Microsoft Corporation	26.05.2010	10,0MB	6.500.3165.0
Windows Live Sync	Microsoft Corporation	11.09.2011	2,79MB	14.0.8117.416
Windows Live-Uploadtool	Microsoft Corporation	14.12.2009	224KB	14.0.8014.1029
Windows XP Mode	Microsoft Corporation	24.11.2011	1,13GB	1.3.7600.16422
WinRAR		06.07.2010		
XAMPP 1.7.4		21.02.2011		
Yontoo 1.10.02	Yontoo LLC	10.02.2012	857KB	1.10.02
         
Ich hoffe, ich habe alles richtig gemacht.

Viele Grüße
Harald
__________________

Alt 10.07.2012, 15:46   #4
kira
/// Helfer-Team
 
GVU Trojaner und jetzt? - Standard

GVU Trojaner und jetzt?



Systemreinigung und Prüfung:

1.
Deinstalliere unter Systemsteuerung-> Software/Programme :
Code:
ATTFilter
Babylon toolbar 
Bing Bar 
Conduit Engine 
Elf 1 Toolbar
         
Leider oft tragen sich "ungebetene Gäste direkt in die Suchleiste, Startseite und unter Erweiterungen ein" und sie können schon wirklich lästig sein... meistens aus Unwissenheit oder Ignoranz wird mitinstalliert, manche davon gehört sogar zur gefährlichsten Art der Adware , oder auch zum eine "Foistware-Gruppe".

Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte.
Während des Installationsvorgangs die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen bzw gesetzten Haken belassen, weil damit stimmt man nämlich zu, dass andere "Fremdprogramm", oder sogar Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert.

In diese Kategorie gehören noch einige, wie z.B: -> Unerwünschte Toolbars
Zitat:
Daher ist es ratsam, nach jeder Installation in alle installierten Browser zu kontrollieren, ob:
die aktuelle Webseite als Startseite unter die Lupe nehmen
unter Extras ⇒ Erweiterungen nach ungewollte AddOns/PlugIns, Toolbars schauen
In der Liste Zurzeit installierte Programme (unter Systemsteuerung) nachsehen, ob sich so etwas "ungewoltes" (Programm, Toolbar etc) eingenistet hat!
2.
Hast Du zur Zone Vertrauenswürdige Sites absichtlich hinzugefügt?:
Zitat:
O15 - HKCU\..Trusted Domains: dyndns.org ([sanktpetri] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)
3.
kann ich nicht zuordnen, um was handelt es sich dabei ?:
Code:
ATTFilter
[2012.06.23 15:20:44 | 000,770,048 | ---- | M] () -- C:\Users\Home2\Documents\CreaKombi.accdb
[2012.06.21 17:45:27 | 001,581,056 | ---- | M] () -- C:\Users\Home2\Documents\Kontakte2.accdb
[2012.06.18 17:55:52 | 000,897,024 | ---- | M] () -- C:\Users\Home2\Documents\Lieferantensuche97-2.accdb
[2012.06.18 16:54:54 | 000,692,224 | ---- | M] () -- C:\Users\Home2\Documents\CreaKombi2.accdb
[2012.06.16 21:31:53 | 000,442,368 | ---- | M] () -- C:\Users\Home2\Documents\Benutzerverwaltung97.accdb
[2012.06.16 19:20:50 | 000,688,128 | ---- | M] () -- C:\Users\Home2\Documents\CreaKombi1.accdb
[2012.06.30 14:38:41 | 000,925,696 | ---- | C] () -- C:\Users\Home2\Documents\Institut.accdb
[2012.06.30 14:36:52 | 002,564,096 | ---- | C] () -- C:\Users\Home2\Documents\Projekte.accdb
[2012.06.30 14:31:15 | 001,642,496 | ---- | C] () -- C:\Users\Home2\Documents\Probleme2.accdb
[2012.06.30 14:10:48 | 001,191,936 | ---- | C] () -- C:\Users\Home2\Documents\Aufgaben3.accdb
[2012.06.30 14:00:49 | 004,403,200 | ---- | C] () -- C:\Users\Home2\Documents\Nordwind2.accdb
[2012.06.25 19:06:31 | 000,001,804 | ---- | C] () -- C:\Users\Home2\Desktop\Adressdatenverwaltung2010.accdb - Verknüpfung.lnk
[2012.06.21 17:44:12 | 001,581,056 | ---- | C] () -- C:\Users\Home2\Documents\Kontakte2.accdb
[2012.06.18 17:50:32 | 000,897,024 | ---- | C] () -- C:\Users\Home2\Documents\Lieferantensuche97-2.accdb
[2012.06.18 16:54:03 | 000,692,224 | ---- | C] () -- C:\Users\Home2\Documents\CreaKombi2.accdb
[2012.06.16 19:20:10 | 000,688,128 | ---- | C] () -- C:\Users\Home2\Documents\CreaKombi1.accdb
[2012.06.10 12:58:23 | 000,770,048 | ---- | C] () -- C:\Users\Home2\Documents\CreaKombi.accdb
         
4.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript also - nach dem "Code", alles was in der Codebox steht - (also beginnend mit :OTL und am Ende [emptytemp]), alles was in der Codebox steht (ohne "code"!) :
Code:
ATTFilter
:OTL
MOD - C:\Users\Home2\AppData\Local\Temp\glom0_og.exe ()
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0D373E36-5D79-49FA-A10D-145F98B0AE6C}
IE:64bit: - HKLM\..\SearchScopes\{0D373E36-5D79-49FA-A10D-145F98B0AE6C}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\..\URLSearchHook: {22e03916-85c5-44b0-8dc9-1830c11238d9} - C:\Program Files (x86)\Elf_1\prxtbElf_.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{51349ADB-FB3D-47C7-B6BA-C5307B322DC5}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2856415
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
IE - HKCU\..\URLSearchHook: {22e03916-85c5-44b0-8dc9-1830c11238d9} - C:\Program Files (x86)\Elf_1\prxtbElf_.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&babsrc=SP_def&AF=10588
IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2856415
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/home"
FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=adbartrp&mntrId=34908e13000000000000904ce5303a63&q="
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Home2\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Home2\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.10 13:44:26 | 000,002,275 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = http://search.babylon.com/?q={searchTerms}&babsrc=SP_def&mntrId=34908e13000000000000904ce5303a63
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{605960f1-f2c9-11de-9c04-002564e9a1b5}\Shell - "" = AutoRun
O33 - MountPoints2\{605960f1-f2c9-11de-9c04-002564e9a1b5}\Shell\AutoRun\command - "" = I:\pushinst.exe
[2012.07.09 15:52:48 | 004,503,728 | ---- | M] () -- C:\ProgramData\go_0molg.pad
[2012.07.09 15:51:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2855445283-1414569937-4144548128-1003UA.job
[2012.07.09 15:43:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.09 11:14:39 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.06 16:22:54 | 000,001,887 | ---- | M] () -- C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.06 09:51:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2855445283-1414569937-4144548128-1003Core.job
[2012.07.06 16:22:54 | 000,001,887 | ---- | C] () -- C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Word-Privat:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\WebProf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Test-Datenbanken:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Spenderessen2011:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Seminare_2Halbjahr2011:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Seminare_20062011:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Scan:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Privat:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Petri-Zuwendungsverwaltung:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\PdfGrabber:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\PDF-Favoriten:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\PDF_Dokumente:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Outlook-Dateien:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\OneNote-Notizbücher:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\ÖffentlichSeminare2010_Temporär:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\ÖffentlicheSeminare2012:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\ÖffentlicheSeminare2011:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\ÖffentlicheSeminare2010_alt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\ÖffentlicheSeminare2010:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\My Albums:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Meine Websites:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\LogoMaker:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Klub Q:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\HmspZusammenstellungaus2010_2011:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\HMSP2013:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\HMSP2012_2HJ:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Hmsp2012_03112011:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\HMSP2012:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Hmsp2011:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Hmsp_Sept2010:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Hmsp_Herbst2011:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Helferdatei:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\HD-BSZ_21062011:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\HD-BSZ_12082011:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\HD-BSZ_11012011:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\HD-BSZ:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\FlyerSeminar2012:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Entwurf_Jahresbericht:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\EinstiegCSS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Eigene Datenquellen:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\diashow1.mpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\diashow.mpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Desktopablegen:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\CSS_Website:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\css_pur:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\BSZ-WORD:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\BSZ-Statistik:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\BSZ-Logos:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\BSZ-Fahrtkosten:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\BSZ-Fachberatung:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\BSZ_Website_Bilder:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\BSZ_Veranstaltungen:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\BSZ_Umstellung2010:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\BSZ_EXCEL:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\BSZ:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Bildungsspender:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\belkin:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Ausstellung-Zuhoeren-St-Petri-e-mail.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\AccessBasics:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Access2010_VBA:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Access2010_Trainingsbuch:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Access2010_Programmierung:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Access2010_Kulpa:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Access2010_DB_entwickeln:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Access2010_BHV:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\Access2010_Basis:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\2011:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Home2\Documents\01022012:Roxio EMC Stream
@Alternate Data Stream - 240 bytes -> C:\ProgramData\TEMP:07C8C7C8

:Files
C:\Users\Home2\AppData\Local\Temp\glom0_og.exe 
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
         
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Deinen Thread.

5.
Java aktualisieren- über Systemsteuerung-> Nach Update suchen...
oder:
Downloade nun die Offline-Version von Java "Empfohlen Version Java(TM) 7 Update 4 " von Oracle und installiere sie. Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar entfernen.

6.
Adobe Reader aktualisieren :
- Während der Installation aufpassen/mitlesen!: Wenn irgendeine Software, Toolbar etc angeboten wird, bitte abwählen! - (z.B "McAfee Security Scan Plus")
Adobe Reader
Oder: Adobe starten-> gehe auf "Hilfe"-> "Nach Update suchen..."

7.
Tipps (unabhängig davon ob man den Internet Explorer benutzt oder nicht!):
-> Tipps zu Internet Explorer
-> Standard Suchmaschine des Explorers ändern
-> Ändern oder Auswählen eines Suchanbieters in Internet Explorer 7/8
-> Wie kann ich den Cache im Internet Explorer leeren?

8.
reinige dein System mit CCleaner:
  • "CCleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

9.
  • lade Dir SUPERAntiSpyware FREE Edition herunter.
    Achte darauf, eventuell angebotene Toolbar nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar (falls nötig), entfernen.
  • installiere das Programm und update online.
  • starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
  • setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
  • anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
  • auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
  • um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
  • drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

10.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

11.
-> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch
Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<

12.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

damit ich weiß, welche Änderungen Du vorgenommen hast:
Zitat:
► Berichte mir kurz über alle Umsetzungsschritte (zu jedem Punkt), die Du erledigt hast!
► berichte auch erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 11.07.2012, 10:01   #5
HaraldHH
 
GVU Trojaner und jetzt? - Standard

GVU Trojaner und jetzt?



Hallo Kira,
de Punkte habe ich jetzt abgearbeitet.
Das resiltat:
zu 1. die vier Programme habe ich deinstalliert

zu 2. den ersten Eintrag (dyndns.org) benötige ich für Outlook Web Access und ist vertrauenswürdig. Der 2. Eintrag (Range 1) sagt mir nichts.


zu 3. dabei handelt es ausschließlich um Access 2010 Datenbanken.

zu 4. Fixen mit OTL
Das Textdokument:
Code:
ATTFilter
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0D373E36-5D79-49FA-A10D-145F98B0AE6C}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D373E36-5D79-49FA-A10D-145F98B0AE6C}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{22e03916-85c5-44b0-8dc9-1830c11238d9} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22e03916-85c5-44b0-8dc9-1830c11238d9}\ not found.
File C:\Program Files (x86)\Elf_1\prxtbElf_.dll not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{51349ADB-FB3D-47C7-B6BA-C5307B322DC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51349ADB-FB3D-47C7-B6BA-C5307B322DC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{22e03916-85c5-44b0-8dc9-1830c11238d9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22e03916-85c5-44b0-8dc9-1830c11238d9}\ not found.
File C:\Program Files (x86)\Elf_1\prxtbElf_.dll not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found.
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: "hxxp://search.babylon.com/home" removed from browser.startup.homepage
Prefs.js: "hxxp://search.babylon.com/?babsrc=adbartrp&mntrId=34908e13000000000000904ce5303a63&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Users\Home2\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Users\Home2\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml moved successfully.
Unable to fix default_search_provider items.
Unable to fix default_search_provider items.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{605960f1-f2c9-11de-9c04-002564e9a1b5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{605960f1-f2c9-11de-9c04-002564e9a1b5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{605960f1-f2c9-11de-9c04-002564e9a1b5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{605960f1-f2c9-11de-9c04-002564e9a1b5}\ not found.
File I:\pushinst.exe not found.
C:\ProgramData\go_0molg.pad moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2855445283-1414569937-4144548128-1003UA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2855445283-1414569937-4144548128-1003Core.job moved successfully.
File C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
ADS C:\Users\Home2\Documents\Word-Privat:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\WebProf:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\Test-Datenbanken:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\Spenderessen2011:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\Seminare_2Halbjahr2011:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\Seminare_20062011:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\Scan:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\Privat:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\Petri-Zuwendungsverwaltung:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\PdfGrabber:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\PDF-Favoriten:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\PDF_Dokumente:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\Outlook-Dateien:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\OneNote-Notizbücher:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\ÖffentlichSeminare2010_Temporär:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\ÖffentlicheSeminare2012:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\ÖffentlicheSeminare2011:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\ÖffentlicheSeminare2010_alt:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\ÖffentlicheSeminare2010:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\My Albums:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\Meine Websites:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\LogoMaker:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\Klub Q:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\HmspZusammenstellungaus2010_2011:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\HMSP2013:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\HMSP2012_2HJ:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\Hmsp2012_03112011:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\HMSP2012:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\Hmsp2011:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\Hmsp_Sept2010:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\Hmsp_Herbst2011:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\Helferdatei:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\HD-BSZ_21062011:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\HD-BSZ_12082011:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\HD-BSZ_11012011:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\HD-BSZ:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\FlyerSeminar2012:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\Entwurf_Jahresbericht:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\EinstiegCSS:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\Eigene Datenquellen:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\diashow1.mpg:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\diashow.mpg:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\Desktopablegen:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\CSS_Website:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\css_pur:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\BSZ-WORD:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\BSZ-Statistik:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\BSZ-Logos:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\BSZ-Fahrtkosten:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\BSZ-Fachberatung:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\BSZ_Website_Bilder:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\BSZ_Veranstaltungen:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\BSZ_Umstellung2010:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\BSZ_EXCEL:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\BSZ:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\Bildungsspender:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\belkin:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\Ausstellung-Zuhoeren-St-Petri-e-mail.jpg:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\AccessBasics:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\Access2010_VBA:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\Access2010_Trainingsbuch:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\Access2010_Programmierung:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\Access2010_Kulpa:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\Access2010_DB_entwickeln:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\Access2010_BHV:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\Access2010_Basis:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\2011:Roxio EMC Stream deleted successfully.
ADS C:\Users\Home2\Documents\01022012:Roxio EMC Stream deleted successfully.
ADS C:\ProgramData\TEMP:07C8C7C8 deleted successfully.
========== FILES ==========
File\Folder C:\Users\Home2\AppData\Local\Temp\glom0_og.exe not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Home2\Desktop\cmd.bat deleted successfully.
C:\Users\Home2\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: FCB
 
User: Home2
->Temp folder emptied: 2606382124 bytes
->Temporary Internet Files folder emptied: 2980719936 bytes
->Java cache emptied: 12579140 bytes
->FireFox cache emptied: 52225959 bytes
->Google Chrome cache emptied: 18234468 bytes
->Opera cache emptied: 12361869 bytes
->Flash cache emptied: 213858 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 319501025 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 100719 bytes
RecycleBin emptied: 16826854230 bytes
 
Total Files Cleaned = 21.772,00 mb
 
 
OTL by OldTimer - Version 3.2.53.1 log created on 07102012_191953

Files\Folders moved on Reboot...
C:\Users\Home2\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\JET891E.tmp moved successfully.
C:\Windows\temp\~ROMFN_000009DC moved successfully.

PendingFileRenameOperations files...
File C:\Users\Home2\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Windows\temp\JET891E.tmp not found!
File C:\Windows\temp\~ROMFN_000009DC not found!

Registry entries deleted on Reboot...
         
5. Java habe ich komplett neu installiert (7 Update 4.

6. Adobe Reader ist auf dem neusten Stand

7. habe ich z.K. genommen

8. CCleaner habe ich ausgeführt.

10. SUPER ANTI SPYWARE
Code:
ATTFilter
UPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 07/10/2012 at 10:08 PM

Application Version : 5.5.1006

Core Rules Database Version : 8875
Trace Rules Database Version: 6687

Scan type       : Complete Scan
Total Scan Time : 01:03:08

Operating System Information
Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 716
Memory threats detected   : 0
Registry items scanned    : 74079
Registry threats detected : 0
File items scanned        : 82479
File threats detected     : 616

Adware.Tracking Cookie
	C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\home2@acronis.122.2o7[1].txt [ /acronis.122.2o7 ]
	C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\home2@ads.medienhaus[1].txt [ /ads.medienhaus ]
	C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\home2@ads.sun[1].txt [ /ads.sun ]
	C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\home2@adserver.handball-welt[2].txt [ /adserver.handball-welt ]
	C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\home2@adultfriendfinder[1].txt [ /adultfriendfinder ]
	C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\home2@advertising[1].txt [ /advertising ]
	C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\home2@imrworldwide[2].txt [ /imrworldwide ]
	C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\home2@lxtraffic[2].txt [ /lxtraffic ]
	C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\home2@statse.webtrendslive[1].txt [ /statse.webtrendslive ]
	C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\home2@tracking.mindshare[1].txt [ /tracking.mindshare ]
	C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\home2@www.etracker[1].txt [ /www.etracker ]
	C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\5VQ5SM3M.txt [ /smartadserver.com ]
	C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\K1I2GVAM.txt [ /doubleclick.net ]
	C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\3JG4TO50.txt [ /c.atdmt.com ]
	C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\O94OVK0U.txt [ /revsci.net ]
	C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\home2@de.sitestat[2].txt [ /de.sitestat.com ]
	C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\ZAPBYP92.txt [ /ad4.adfarm1.adition.com ]
	C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\EL0RVHKX.txt [ /ad.adnet.de ]
	C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\home2@de.sitestat[3].txt [ /de.sitestat.com ]
	C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\HEM6URWT.txt [ /adform.net ]
	C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\8DJ7IIL2.txt [ /microsoftwllivemkt.112.2o7.net ]
	C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\XBCVC701.txt [ /ad2.adfarm1.adition.com ]
	C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\home2@de.sitestat[1].txt [ /de.sitestat.com ]
	C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\01A0PKNE.txt [ /specificclick.net ]
	C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\A29QPZ03.txt [ /webmasterplan.com ]
	C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\X3Q1YXBO.txt [ /ad.ad-srv.net ]
	C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\XBQPL934.txt [ /ad.zanox.com ]
	C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\FP383K2R.txt [ /eas.apm.emediate.eu ]
	C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\A43WX29G.txt [ /atdmt.com ]
	C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\QF8N2N6V.txt [ /www.zanox-affiliate.de ]
	C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\SGEHC50S.txt [ /traffictrack.de ]
	C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\M75CC8KA.txt [ /im.banner.t-online.de ]
	C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\4U638UJJ.txt [ /adfarm1.adition.com ]
	C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\D3RK9JL4.txt [ /perf.overture.com ]
	C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\E2QCV5C3.txt [ /track.adform.net ]
	C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\SUUN43TT.txt [ /de.sitestat.com ]
	C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\9PUCYC1X.txt [ /xiti.com ]
	C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\B1ZH271B.txt [ /tradedoubler.com ]
	C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\IDI5T9D6.txt [ /de.sitestat.com ]
	C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\68N8B7U7.txt [ /apmebf.com ]
	C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\MS3USIWE.txt [ /ads.creative-serving.com ]
	C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\L3TSK0VG.txt [ /zanox-affiliate.de ]
	C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\NDC03ODR.txt [ /invitemedia.com ]
	C:\Users\Home2\AppData\Roaming\Microsoft\Windows\Cookies\BTG765J7.txt [ /adviva.net ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Y0SM0BZF.txt [ Cookie:home2@ich.adscale.de/adserver-ich/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZH52JN99.txt [ Cookie:home2@smartadserver.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@rocketpenis[2].txt [ Cookie:home2@rocketpenis.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@counter.hitslink[1].txt [ Cookie:home2@counter.hitslink.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y6F4NGQN.txt [ Cookie:home2@adbrite.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\XQG63FDU.txt [ Cookie:home2@zanox.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\4D2WP8C6.txt [ Cookie:home2@questionmarket.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@frontlinegmbh.122.2o7[1].txt [ Cookie:home2@frontlinegmbh.122.2o7.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@mediafire[1].txt [ Cookie:home2@mediafire.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\2ZW18KCS.txt [ Cookie:home2@menofporn.typepad.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZZ0DBPFS.txt [ Cookie:home2@track.effiliation.com/servlet/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@wikiporno[1].txt [ Cookie:home2@wikiporno.org/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\H88M2ANO.txt [ Cookie:home2@a.clickclicknetwork.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\9A5B7SQF.txt [ Cookie:home2@adultdvdtalk.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\78WQ0MHW.txt [ Cookie:home2@partypoker.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@de.sitestat[1].txt [ Cookie:home2@de.sitestat.com/sport1/sport1-de/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@bluestreak[1].txt [ Cookie:home2@bluestreak.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\INCUY9AL.txt [ Cookie:home2@www.machfucker.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\N97I6CJE.txt [ Cookie:home2@bareback-porn-blog.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\48VND876.txt [ Cookie:home2@euros4click.de/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZDNJJ7NU.txt [ Cookie:home2@pro-market.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\12E66MKI.txt [ Cookie:home2@teufel-media.de/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\E0TTHV9Y.txt [ Cookie:home2@specificclick.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@de.sitestat[4].txt [ Cookie:home2@de.sitestat.com/idgcom-de/pcwelt/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\D5F0G9ZP.txt [ Cookie:home2@ad.yieldmanager.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\1ZM53RX2.txt [ Cookie:home2@counter.sexsuche.tv/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@youporngay.videoboxmen[2].txt [ Cookie:home2@youporngay.videoboxmen.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@warezfactor[1].txt [ Cookie:home2@warezfactor.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@microsoftinternetexplorer.112.2o7[1].txt [ Cookie:home2@microsoftinternetexplorer.112.2o7.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\F9PSVTNE.txt [ Cookie:home2@eas.apm.emediate.eu/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\AA1N65H7.txt [ Cookie:home2@hornygreek.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@in.getclicky[1].txt [ Cookie:home2@in.getclicky.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\RIIKW6CF.txt [ Cookie:home2@clickandbuy.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\QCVBX0Y5.txt [ Cookie:home2@www.access-paradies.de/counter/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@de.sitestat[3].txt [ Cookie:home2@de.sitestat.com/sport1/dsf-de/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\1PHGO3HA.txt [ Cookie:home2@www.buttfuckingbunch.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\8ES7DMLI.txt [ Cookie:home2@track.effiliation.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@www.8teenboysex[1].txt [ Cookie:home2@www.8teenboysex.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\3UILNF13.txt [ Cookie:home2@ww251.smartadserver.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\J12D7QPP.txt [ Cookie:home2@atdmt.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\WIKHV93O.txt [ Cookie:home2@www.zanox-affiliate.de/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\YZIIB338.txt [ Cookie:home2@track.yellostrom.de/792742425687471,219869629063635/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@xxx.falconstudios[3].txt [ Cookie:home2@xxx.falconstudios.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\R8GWD127.txt [ Cookie:home2@im.banner.t-online.de/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\MYO4OQFY.txt [ Cookie:home2@traffictrack.de/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\T4TX5UR7.txt [ Cookie:home2@manfuckman.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\UZNZS85W.txt [ Cookie:home2@de.partypoker.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\14L9P0SO.txt [ Cookie:home2@www7.addfreestats.com/cgi-bin ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\A5R85WCN.txt [ Cookie:home2@ads.neudesicmediagroup.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@adsrv.admediate[2].txt [ Cookie:home2@adsrv.admediate.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\9SJIS8MA.txt [ Cookie:home2@tracking.hermesworld.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\2TDA8Z5C.txt [ Cookie:home2@rts.pgmediaserve.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\DQS5WQC3.txt [ Cookie:home2@gotgayporn.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\NL81YMBA.txt [ Cookie:home2@tracking.mindshare.de/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\BCX9LQOH.txt [ Cookie:home2@advertising.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\GM81646M.txt [ Cookie:home2@zedo.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@xiti[1].txt [ Cookie:home2@xiti.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZVLEJ069.txt [ Cookie:home2@tradedoubler.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@gayvod.pornotube[1].txt [ Cookie:home2@gayvod.pornotube.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\J7FDWD1A.txt [ Cookie:home2@ad.adserver01.de/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\85DJQ14P.txt [ Cookie:home2@apmebf.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\IWOND4J6.txt [ Cookie:home2@www.queerclick.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\TAK34PJF.txt [ Cookie:home2@machfucker.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\5IYAUVVS.txt [ Cookie:home2@youporngay.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\X6GRCHAE.txt [ Cookie:home2@treasureislandmedia.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\D31K5H4S.txt [ Cookie:home2@www.gaymoviedome.com/gaysex/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\WQ3WKBQP.txt [ Cookie:home2@www.etracker.de/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\K9UPBLCA.txt [ Cookie:home2@c1.atdmt.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@xxx.falconstudios[1].txt [ Cookie:home2@xxx.falconstudios.com/index.cfm/fuseaction/product.detail/_/Marco-Bill/productID/e6648f58-a975-45c1-a44a-8ee22eac964c/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\RBZF0I59.txt [ Cookie:home2@zanox-affiliate.de/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZCKW7BYE.txt [ Cookie:home2@tracking.quisma.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\6YSEDWHU.txt [ Cookie:home2@statse.webtrendslive.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\RREWNEXO.txt [ Cookie:home2@doubleclick.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\APQ92UAF.txt [ Cookie:home2@server.lon.liveperson.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\LBD6TPXW.txt [ Cookie:home2@www.pornstaremart.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\40MDPSZQ.txt [ Cookie:home2@maniamediallc.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\SEUOFF1S.txt [ Cookie:home2@ads.crakmedia.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\8OM0IPJE.txt [ Cookie:home2@www.burstnet.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\7WP7DJPP.txt [ Cookie:home2@revsci.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\D3568NY8.txt [ Cookie:home2@dirtyfuckers.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\4Z9LW5V0.txt [ Cookie:home2@ad.adnet.de/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@my.brandwire[1].txt [ Cookie:home2@my.brandwire.tv/Brandwire/deliverAd/flashBannerXml/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\7UU9MQMI.txt [ Cookie:home2@adsys.airbus.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\CBY5IWFK.txt [ Cookie:home2@deutschepostag.112.2o7.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\IGHFV9ZJ.txt [ Cookie:home2@porn.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@msexchangefaq[1].txt [ Cookie:home2@msexchangefaq.de/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\VCOGU60Z.txt [ Cookie:home2@counter2.sexmoney.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\WY79FYHS.txt [ Cookie:home2@ero-advertising.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\60QTD8WC.txt [ Cookie:home2@gayfuckporn.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\XT2FC1JF.txt [ Cookie:home2@kontera.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\ASLXPEMP.txt [ Cookie:home2@google.com/adsense/support/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@wkdporn[2].txt [ Cookie:home2@wkdporn.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q90PYFQ6.txt [ Cookie:home2@insightexpressai.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@pornforpatric[1].txt [ Cookie:home2@pornforpatric.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@de.sitestat[6].txt [ Cookie:home2@de.sitestat.com/sport1/tvdsf-de/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\FJ3GGWLJ.txt [ Cookie:home2@microsoftsto.112.2o7.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\PTUWMRGO.txt [ Cookie:home2@uk.at.atwola.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\YAOVXKYB.txt [ Cookie:home2@hotbarebacking.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\2PVP78MS.txt [ Cookie:home2@sexsohbet.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\O5IPLW48.txt [ Cookie:home2@casalemedia.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\AE8WC8Y9.txt [ Cookie:home2@ar.atwola.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\TTVIT0FY.txt [ Cookie:home2@www.active-tracking.de/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@fr.youporngay[2].txt [ Cookie:home2@fr.youporngay.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\R8EHC0YK.txt [ Cookie:home2@stats.crsend.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@e-2dj6wjk4wpczclo.stats.esomniture[2].txt [ Cookie:home2@e-2dj6wjk4wpczclo.stats.esomniture.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\NWA057BH.txt [ Cookie:home2@collective-media.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@gaypornblog[1].txt [ Cookie:home2@gaypornblog.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@de.sitestat[5].txt [ Cookie:home2@de.sitestat.com/bitburger/bitburger/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\QMCYA6LG.txt [ Cookie:home2@track.adform.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@microsoftmachinetranslation.112.2o7[1].txt [ Cookie:home2@microsoftmachinetranslation.112.2o7.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@gay.adultrental[1].txt [ Cookie:home2@gay.adultrental.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\7OH536RV.txt [ Cookie:home2@yieldmanager.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\MSLP0B94.txt [ Cookie:home2@pornstaremart.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\JQQFH3C8.txt [ Cookie:home2@livefucking.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\L70WY3SP.txt [ Cookie:home2@liveperson.net/hc/599832 ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@pumphousemedia[2].txt [ Cookie:home2@pumphousemedia.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@2.bfugmedia[2].txt [ Cookie:home2@2.bfugmedia.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@ad.adnet[3].txt [ Cookie:home2@ad.adnet.biz/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\YHCLNGAO.txt [ Cookie:home2@nakedsword.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@subscriber.netmediaeurope[1].txt [ Cookie:home2@subscriber.netmediaeurope.de/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@topteenboys[2].txt [ Cookie:home2@topteenboys.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@haporn[1].txt [ Cookie:home2@haporn.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@freegaypassfinder[1].txt [ Cookie:home2@freegaypassfinder.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@qnsr[1].txt [ Cookie:home2@qnsr.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@movies.smartssex[2].txt [ Cookie:home2@movies.smartssex.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@eas8.emediate[2].txt [ Cookie:home2@eas8.emediate.eu/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\7XNLL635.txt [ Cookie:home2@counter15.sextracker.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@www.gayteenboylinks[2].txt [ Cookie:home2@www.gayteenboylinks.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@de.sitestat[7].txt [ Cookie:home2@de.sitestat.com/idgcom-de/tecchannel/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\56TOKOWV.txt [ Cookie:home2@trafficholder.com/cgi-bin/traffic/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@gay.pornbb[2].txt [ Cookie:home2@gay.pornbb.org/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@jmedia16.justusboys[2].txt [ Cookie:home2@jmedia16.justusboys.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\2LROX7XI.txt [ Cookie:home2@adserver.sevenload.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@tracking.klicktel[1].txt [ Cookie:home2@tracking.klicktel.de/dcss6p7z710000st9t9gc2lxn_3c5g ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\SFMHRS51.txt [ Cookie:home2@stat.dealtime.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\XXV8T8QO.txt [ Cookie:home2@www.treasureislandmedia.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\P99B2UHG.txt [ Cookie:home2@tradetracker.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@www.sexkey[2].txt [ Cookie:home2@www.sexkey.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\3UCEJULR.txt [ Cookie:home2@photosex.biz/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\V3GJSDTC.txt [ Cookie:home2@ad2.adfarm1.adition.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\5S7WE2K2.txt [ Cookie:home2@gay.pornstarfuck.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@xxxamaturxxx[1].txt [ Cookie:home2@xxxamaturxxx.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\MA5ZNEA9.txt [ Cookie:home2@www.hotbarebacking.com/tour/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@gaysextv[2].txt [ Cookie:home2@gaysextv.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\9O8H1UHB.txt [ Cookie:home2@adition.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\T3J1ZKPI.txt [ Cookie:home2@adx.chip.de/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@de.sitestat[11].txt [ Cookie:home2@de.sitestat.com/karstadt-de/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@pornofilm-suche[1].txt [ Cookie:home2@pornofilm-suche.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@aboutgaypornblog[2].txt [ Cookie:home2@aboutgaypornblog.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\IINFO9SK.txt [ Cookie:home2@unitymedia.de/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\VMV6FICV.txt [ Cookie:home2@ad.dyntracker.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@averydennison.112.2o7[1].txt [ Cookie:home2@averydennison.112.2o7.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@nymmedia[1].txt [ Cookie:home2@nymmedia.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@vodafonegroup.122.2o7[1].txt [ Cookie:home2@vodafonegroup.122.2o7.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\U7XD40EE.txt [ Cookie:home2@liveperson.net/hc/9954793 ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@servedby.adxpower[1].txt [ Cookie:home2@servedby.adxpower.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\CNNGHERJ.txt [ Cookie:home2@makinggayporn.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@mofosex[2].txt [ Cookie:home2@mofosex.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@www.pornoxo[2].txt [ Cookie:home2@www.pornoxo.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@track.webtrekk[1].txt [ Cookie:home2@track.webtrekk.de/471497967328727/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@liveperson[4].txt [ Cookie:home2@liveperson.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@hunkporntube[1].txt [ Cookie:home2@hunkporntube.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\D88SRIM9.txt [ Cookie:home2@advertising.justusboys.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\F8SWCIJ0.txt [ Cookie:home2@pornoxo.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\UKKJURWH.txt [ Cookie:home2@chatsex.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z322PJV0.txt [ Cookie:home2@vod.pornstardatabase.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\YOPOGTAL.txt [ Cookie:home2@eyewonder.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\SQVH76UL.txt [ Cookie:home2@maleflixxx.tv/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@acronis.122.2o7[1].txt [ Cookie:home2@acronis.122.2o7.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\9CUM6BL0.txt [ Cookie:home2@adxpansion.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@allporntube[2].txt [ Cookie:home2@allporntube.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@efeducationfirst.112.2o7[1].txt [ Cookie:home2@efeducationfirst.112.2o7.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\MVP3KPHY.txt [ Cookie:home2@livestat.derstandard.at/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@friendfinder[2].txt [ Cookie:home2@friendfinder.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@xxx-xxx-xxx[2].txt [ Cookie:home2@xxx-xxx-xxx.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\W9QYP7NR.txt [ Cookie:home2@sexad.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\AQ04IMU7.txt [ Cookie:home2@maleflixxx.tv/pc/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\6LN1CO10.txt [ Cookie:home2@queerpornnation.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@sexymalecelebrities[1].txt [ Cookie:home2@sexymalecelebrities.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\UVUCK79K.txt [ Cookie:home2@banners.xxxgaymatch.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@join.dirtyfuckers[1].txt [ Cookie:home2@join.dirtyfuckers.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\VNF71HN3.txt [ Cookie:home2@payment.dhdmedia.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\HQR20XOZ.txt [ Cookie:home2@beiersdorf.122.2o7.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@estat[2].txt [ Cookie:home2@estat.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@track.webtrekk[2].txt [ Cookie:home2@track.webtrekk.de/907304619607711/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@microsoftconsumermarketing.112.2o7[1].txt [ Cookie:home2@microsoftconsumermarketing.112.2o7.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@youporn[1].txt [ Cookie:home2@youporn.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\HZD8PGWF.txt [ Cookie:home2@clicksor.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@www.xxx-xxx-xxx[2].txt [ Cookie:home2@www.xxx-xxx-xxx.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\JOK2EXQF.txt [ Cookie:home2@www.intporn.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\O9QKISIA.txt [ Cookie:home2@intporn.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@www.aboutgaypornblog[1].txt [ Cookie:home2@www.aboutgaypornblog.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\P2YDGETG.txt [ Cookie:home2@count.asnetworks.de/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\NJP3JNNG.txt [ Cookie:home2@go.dynamic-tracking.de/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\256W9EPO.txt [ Cookie:home2@advertstream.com/a ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@www.freegaysex[2].txt [ Cookie:home2@www.freegaysex.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@sexkey[2].txt [ Cookie:home2@sexkey.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\OF4TO7QL.txt [ Cookie:home2@interclick.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\3FRMB9BA.txt [ Cookie:home2@de.sitestat.com/idgcom-de/macwelt/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@ads.zeusclicks[2].txt [ Cookie:home2@ads.zeusclicks.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\76VWCIL7.txt [ Cookie:home2@triptosex.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@gaysexyboy[1].txt [ Cookie:home2@gaysexyboy.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@stepstone.112.2o7[1].txt [ Cookie:home2@stepstone.112.2o7.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@CAH2YOAG.txt [ Cookie:home2@de.sitestat.com/sueddeutscher/it-fachportal-de/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@server.cpmstar[2].txt [ Cookie:home2@server.cpmstar.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\YZEYCRRG.txt [ Cookie:home2@eu.clickandbuy.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@usenext.122.2o7[1].txt [ Cookie:home2@usenext.122.2o7.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@adserver.traffictrack[1].txt [ Cookie:home2@adserver.traffictrack.de/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@trafficmp[1].txt [ Cookie:home2@trafficmp.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\BYNFO20J.txt [ Cookie:home2@www.chatsex.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\0V89661I.txt [ Cookie:home2@buttfuckingbunch.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\C916GM8Z.txt [ Cookie:home2@snapfish.112.2o7.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@track.webtrekk[4].txt [ Cookie:home2@track.webtrekk.de/152153056700370/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\WHZ2XZWH.txt [ Cookie:home2@gay.porn.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\NJ2LIZ61.txt [ Cookie:home2@join.makinggayporn.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@casual-sex-ads[1].txt [ Cookie:home2@casual-sex-ads.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\2FIHV3OF.txt [ Cookie:home2@ad1.adfarm1.adition.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZWEY60W1.txt [ Cookie:home2@homosexualtube.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@anakedguy[2].txt [ Cookie:home2@anakedguy.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@teenboyreview[2].txt [ Cookie:home2@teenboyreview.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\GVJBCO2W.txt [ Cookie:home2@www.redtube.com/gay/pornstar/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\93XQUMOU.txt [ Cookie:home2@stat.vattenfall.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@85.25.120[1].txt [ Cookie:home2@85.25.120.181/stats/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\FBBNXZK8.txt [ Cookie:home2@urban-fuckers.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@de.sitestat[9].txt [ Cookie:home2@de.sitestat.com/berlitz/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\LJHA69RD.txt [ Cookie:home2@gaysexblog.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\H2YLTWHR.txt [ Cookie:home2@ad4.adfarm1.adition.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\7OIJSF36.txt [ Cookie:home2@de.sitestat.com/idgcom-de/projekt3/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\CU55EZ2Y.txt [ Cookie:home2@eas4.emediate.eu/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\03Q0XUA4.txt [ Cookie:home2@pt.trafficjunky.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@gaypornengine[2].txt [ Cookie:home2@gaypornengine.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\RL4467T6.txt [ Cookie:home2@overture.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@bareassnaked[1].txt [ Cookie:home2@bareassnaked.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@gay-porn-here[1].txt [ Cookie:home2@gay-porn-here.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\BDIWQR65.txt [ Cookie:home2@epochstats.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\HJ0N6ZST.txt [ Cookie:home2@terrashop.traffective-tracking.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\KMUQ3WED.txt [ Cookie:home2@vod.nakedsword.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@freegaysex[3].txt [ Cookie:home2@freegaysex.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@mikespornreview[1].txt [ Cookie:home2@mikespornreview.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\37SC53Z1.txt [ Cookie:home2@gaypornzone.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@CABUDVY2.txt [ Cookie:home2@de.sitestat.com/otto-de/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@track.funpic[2].txt [ Cookie:home2@track.funpic.de/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@samsungfunclub.122.2o7[1].txt [ Cookie:home2@samsungfunclub.122.2o7.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\QSK75459.txt [ Cookie:home2@ru4.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\RAC7IE2Q.txt [ Cookie:home2@legolas-media.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@terra.112.2o7[1].txt [ Cookie:home2@terra.112.2o7.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@clickshift[1].txt [ Cookie:home2@clickshift.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\R8ZZN7PT.txt [ Cookie:home2@gayfriendfinder.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@twinksexpics[1].txt [ Cookie:home2@twinksexpics.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\08H9OXUX.txt [ Cookie:home2@tracking.klicktel.de/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\RPDVCSXI.txt [ Cookie:home2@www.redtube.com/pornstar/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@sexkontakt[2].txt [ Cookie:home2@sexkontakt.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@usenext[1].txt [ Cookie:home2@usenext.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\89TE0W32.txt [ Cookie:home2@www.4sex4.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y8G705VY.txt [ Cookie:home2@view.advert-layer.de/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\1VG6B6UH.txt [ Cookie:home2@point2click.de/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\NZFKK994.txt [ Cookie:home2@gaypornshare.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\379OD0VK.txt [ Cookie:home2@www.statsq.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@cmpmedica.112.2o7[1].txt [ Cookie:home2@cmpmedica.112.2o7.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@de.at.atwola[1].txt [ Cookie:home2@de.at.atwola.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\29GUMXW4.txt [ Cookie:home2@naiadsystems.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@findgaytube[2].txt [ Cookie:home2@findgaytube.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@ice.112.2o7[1].txt [ Cookie:home2@ice.112.2o7.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\QS7EYV4H.txt [ Cookie:home2@www.pornhub.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\127SVLJC.txt [ Cookie:home2@www.rawfuckclub.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\R8VNQ9EO.txt [ Cookie:home2@partners.webmasterplan.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@www.totaltrafficsystem[1].txt [ Cookie:home2@www.totaltrafficsystem.com/feeder/gay/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\BVQIB9XI.txt [ Cookie:home2@test.coremetrics.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\6GJ9SUO9.txt [ Cookie:home2@21sextury.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@hansenet.122.2o7[1].txt [ Cookie:home2@hansenet.122.2o7.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\OSDZZ05A.txt [ Cookie:home2@realmedia.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@join.adultdigitalservices[1].txt [ Cookie:home2@join.adultdigitalservices.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@dealtime[1].txt [ Cookie:home2@dealtime.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@fuckcams[2].txt [ Cookie:home2@fuckcams.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@gaypornomaniak[2].txt [ Cookie:home2@gaypornomaniak.biz/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\9FB2ODBA.txt [ Cookie:home2@www.loadxxx.co.uk/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@sexvideos[1].txt [ Cookie:home2@sexvideos.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@gayfuckbookdatinglive[2].txt [ Cookie:home2@gayfuckbookdatinglive.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@freegaymobile[3].txt [ Cookie:home2@freegaymobile.com/free-gay-mobile-porn/150981/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\1VW4BTUT.txt [ Cookie:home2@pornoeye.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\1I79EKJX.txt [ Cookie:home2@yahoogroups.112.2o7.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@gayforever.sexbiro[1].txt [ Cookie:home2@gayforever.sexbiro.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\JBD802E4.txt [ Cookie:home2@ads2.zeusclicks.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@stat.vattenfall[1].txt [ Cookie:home2@stat.vattenfall.com/dcsgc06jk00000sxgh4j27570_7l3s/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@adserver.adtechus[1].txt [ Cookie:home2@adserver.adtechus.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@pornxplorer[2].txt [ Cookie:home2@pornxplorer.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\UZ10IUSH.txt [ Cookie:home2@pornerbros.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\EBEBYBST.txt [ Cookie:home2@naked.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@auslieferung.commindo-media-ressourcen[1].txt [ Cookie:home2@auslieferung.commindo-media-ressourcen.de/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\21GZFIDG.txt [ Cookie:home2@pornhub.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@www.abmahnung-pornofilm[2].txt [ Cookie:home2@www.abmahnung-pornofilm.de/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\D5P31UOK.txt [ Cookie:home2@indigio.122.2o7.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\KD38D8UQ.txt [ Cookie:home2@www.livefucking.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@www.gaypissporn[1].txt [ Cookie:home2@www.gaypissporn.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@freesexnet[1].txt [ Cookie:home2@freesexnet.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@gaypornovod[1].txt [ Cookie:home2@gaypornovod.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\X5CZ8W7X.txt [ Cookie:home2@adnetxchange.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@ppv.hornyboy[2].txt [ Cookie:home2@ppv.hornyboy.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@dstraffic[1].txt [ Cookie:home2@dstraffic.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\4IMMT4FL.txt [ Cookie:home2@markussexblog.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@stats.ilsemedia[2].txt [ Cookie:home2@stats.ilsemedia.nl/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\A0MFS4DC.txt [ Cookie:home2@www.89teen.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@adsrv1.admediate[1].txt [ Cookie:home2@adsrv1.admediate.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@adservercentral[1].txt [ Cookie:home2@adservercentral.info/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@stats.n3po[2].txt [ Cookie:home2@stats.n3po.com/p/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\JKGYQG1Y.txt [ Cookie:home2@ads.pornerbros.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\JYRL02K4.txt [ Cookie:home2@butlers.traffective-tracking.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@bestexclusiveporn[1].txt [ Cookie:home2@bestexclusiveporn.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@www.barong-traffic[2].txt [ Cookie:home2@www.barong-traffic.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\69OTLF4U.txt [ Cookie:home2@generaltracking.de/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\J8XQBBQ6.txt [ Cookie:home2@www.porntube.info/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@liveperson[6].txt [ Cookie:home2@liveperson.net/hc/25891714 ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\RGVLLJZ7.txt [ Cookie:home2@de.sitestat.com/pm/muenchen-de/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\L17ZNNK1.txt [ Cookie:home2@adserv.chirurgie-portal.de/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@uk.sitestat[1].txt [ Cookie:home2@uk.sitestat.com/newcastle/ncl/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\D8RZG1P2.txt [ Cookie:home2@autoscout24.112.2o7.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\O87K2GOZ.txt [ Cookie:home2@gaypornofilme.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\DYN05PX1.txt [ Cookie:home2@de.sitestat.com/ndr/tagesschau/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\JGC268Z7.txt [ Cookie:home2@counter13.sextracker.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@pornmonster[1].txt [ Cookie:home2@pornmonster.info/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@static.freewebs.getclicky[1].txt [ Cookie:home2@static.freewebs.getclicky.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@CA27TC3F.txt [ Cookie:home2@de.sitestat.com/ndr/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@CAXS0SSW.txt [ Cookie:home2@de.sitestat.com/laola1/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\YN52S67A.txt [ Cookie:home2@filmscanner.info/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\TJ95OBB9.txt [ Cookie:home2@www.adultdvdtalk.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@wissende.122.2o7[1].txt [ Cookie:home2@wissende.122.2o7.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\633FHUF7.txt [ Cookie:home2@oporn.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\XH36C2OJ.txt [ Cookie:home2@mediabrandsww.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@sexlist.gays-im[1].txt [ Cookie:home2@sexlist.gays-im.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@www.tommydxxx[2].txt [ Cookie:home2@www.tommydxxx.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@adserver.exgfnetwork[1].txt [ Cookie:home2@adserver.exgfnetwork.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@counter.surfcounters[1].txt [ Cookie:home2@counter.surfcounters.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@counter.live4members[1].txt [ Cookie:home2@counter.live4members.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@shop.gay-sexshop[1].txt [ Cookie:home2@shop.gay-sexshop.eu/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@adultdvdmarketplace[1].txt [ Cookie:home2@adultdvdmarketplace.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@gayfuck[2].txt [ Cookie:home2@gayfuck.tv/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\VLKXPE28.txt [ Cookie:home2@germanwings.112.2o7.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\3DID8KP3.txt [ Cookie:home2@wmedia.rotator.hadj7.adjuggler.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\D01FX7JP.txt [ Cookie:home2@ads2.247activemedia.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\T01AE0X5.txt [ Cookie:home2@www.googleadservices.com/pagead/conversion/1060927923/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\DY22TWP7.txt [ Cookie:home2@pornme.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\4HYB3O97.txt [ Cookie:home2@www.alsgaypornstars.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@ua-teens[3].txt [ Cookie:home2@ua-teens.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@edge.ru4[1].txt [ Cookie:home2@edge.ru4.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@tracking.ejoni[2].txt [ Cookie:home2@tracking.ejoni.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@komtrack[3].txt [ Cookie:home2@komtrack.com/tr ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\CPCLJQZU.txt [ Cookie:home2@adform.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\XLDWOT7G.txt [ Cookie:home2@www.porno-boys.com.au.ms/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@revenue[2].txt [ Cookie:home2@revenue.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@freegaymobile[2].txt [ Cookie:home2@freegaymobile.com/free-gay-mobile-porn/152530/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@ua-teens[1].txt [ Cookie:home2@ua-teens.com/forum/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\IF4BV4CL.txt [ Cookie:home2@a.trackfox2.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\1BWP2KA7.txt [ Cookie:home2@aidsfinder.org/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\NQDK2RQ4.txt [ Cookie:home2@studivz.adfarm1.adition.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\56FJ52KB.txt [ Cookie:home2@www.sexpartnerclub.de/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@thums.hornysilver[2].txt [ Cookie:home2@thums.hornysilver.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@CAMKGJ4F.txt [ Cookie:home2@de.sitestat.com/idgcom-de/computerwoche/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@www.adultdvdmarketplace[2].txt [ Cookie:home2@www.adultdvdmarketplace.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\1GT1ULFG.txt [ Cookie:home2@olympiaverlag.122.2o7.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@juicyadult[2].txt [ Cookie:home2@juicyadult.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\RPBP2PVH.txt [ Cookie:home2@xxx-boys.com.au.ms/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@nakedmen69[1].txt [ Cookie:home2@nakedmen69.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@gaylordfucker[2].txt [ Cookie:home2@gaylordfucker.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\BZ117YFO.txt [ Cookie:home2@ww.ukadultproducers.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q6N8MUM9.txt [ Cookie:home2@cheaptickets.122.2o7.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\SIOYLMI2.txt [ Cookie:home2@pornodvdtube.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@stats.freak-search[1].txt [ Cookie:home2@stats.freak-search.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@adserver2.clipkit[2].txt [ Cookie:home2@adserver2.clipkit.de/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@www.gay-watch-pornostars.com.au[3].txt [ Cookie:home2@www.gay-watch-pornostars.com.au.ms/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\DWXCDUGF.txt [ Cookie:home2@www.pornteam.com/catalog ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@gay-watch-pornostrs.com.au[1].txt [ Cookie:home2@gay-watch-pornostrs.com.au.ms/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\A2JLDPE3.txt [ Cookie:home2@www.counter-gratis.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\IQQODGFD.txt [ Cookie:home2@banner.webtar.hu/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@bt.ilsemedia[2].txt [ Cookie:home2@bt.ilsemedia.nl/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\7LKIRX2N.txt [ Cookie:home2@uncut.adulttextstories.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\JV690V3J.txt [ Cookie:home2@pornotube.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\DFTBBH45.txt [ Cookie:home2@gayfinder.tv/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@www.google[2].txt [ Cookie:home2@www.google.com/accounts ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\OGQZJV4W.txt [ Cookie:home2@de.sitestat.com/sueddeutsche/sueddeutsche/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\3WPDVDTZ.txt [ Cookie:home2@lfstmedia.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@countomat[1].txt [ Cookie:home2@countomat.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@www.sexynaked[2].txt [ Cookie:home2@www.sexynaked.org/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\D31KIL66.txt [ Cookie:home2@www.iggymedia.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\U6D5T1UB.txt [ Cookie:home2@ads.ventivmedia.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZRMNPCMD.txt [ Cookie:home2@www.gayfinder.tv/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@komtrack[1].txt [ Cookie:home2@komtrack.com/tr/104440 ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@pornpup.blogspot[2].txt [ Cookie:home2@pornpup.blogspot.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@naked-gay-men-stripping.pornlivenews[1].txt [ Cookie:home2@naked-gay-men-stripping.pornlivenews.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\CFTN32X1.txt [ Cookie:home2@adsonar.com/adserving ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\MKKN9TG5.txt [ Cookie:home2@de.sitestat.com/laola1/hsv-tv/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@pornleaks[1].txt [ Cookie:home2@pornleaks.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\LGTDKA9Y.txt [ Cookie:home2@gayadultblog.com/blog/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\4XOC1612.txt [ Cookie:home2@gay.schwulen-sex.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\WP1FP904.txt [ Cookie:home2@xxx.gaynet.tv/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@clicks.pangora[1].txt [ Cookie:home2@clicks.pangora.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\RBLU0JD5.txt [ Cookie:home2@pornotubecams.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\6GHI5GIE.txt [ Cookie:home2@de.sitestat.com/sueddeutscher/stuttgarter-zeitung/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@gayporn[1].txt [ Cookie:home2@gayporn.tv/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\E83XZEMH.txt [ Cookie:home2@pornografish.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@www.begaysex[1].txt [ Cookie:home2@www.begaysex.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@CAXC0X3M.txt [ Cookie:home2@de.sitestat.com/ndr/ts/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\E1US9SSN.txt [ Cookie:home2@alsgaypornstars.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@baresexymoms[1].txt [ Cookie:home2@baresexymoms.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@bshg.122.2o7[1].txt [ Cookie:home2@bshg.122.2o7.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y2HBID51.txt [ Cookie:home2@banners.bookofsex.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\YSOMU1KE.txt [ Cookie:home2@hotdawgsgaysex.bestmalediaries.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\ELEQNLHR.txt [ Cookie:home2@track.gridlockparadise.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\8KIU39W0.txt [ Cookie:home2@urbia.wwe-media.de/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\U2MTDD79.txt [ Cookie:home2@aok.122.2o7.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\9HTHOXRT.txt [ Cookie:home2@findfreegaymovies.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\WL09M0ZY.txt [ Cookie:home2@server.adform.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\A3KR7PI2.txt [ Cookie:home2@sexpartnerclub.de/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\6YCZWNLI.txt [ Cookie:home2@sexhoundlinks.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\MV1V9VWA.txt [ Cookie:home2@lpa.trackfox2.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\D5ARJJO3.txt [ Cookie:home2@usatoday1.112.2o7.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\APYHHOTE.txt [ Cookie:home2@adserver2.exgfnetwork.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@www.sexinyourcity[1].txt [ Cookie:home2@www.sexinyourcity.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\LP3RVMFO.txt [ Cookie:home2@phoenixxx.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\OB5653SK.txt [ Cookie:home2@sextubespot.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\PLR3H0PH.txt [ Cookie:home2@cofidis2.solution.weborama.fr/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\YW1USGHL.txt [ Cookie:home2@track.senzapudore.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\L330TK2I.txt [ Cookie:home2@histats.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@dmtracker[1].txt [ Cookie:home2@dmtracker.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\FT909SEQ.txt [ Cookie:home2@content.yieldmanager.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\5HML2V5J.txt [ Cookie:home2@www.googleadservices.com/pagead/conversion/1072716437/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\LA3N9JWL.txt [ Cookie:home2@anrtx.tacoda.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\3G0DCKNO.txt [ Cookie:home2@h.atdmt.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\4GN34DZ5.txt [ Cookie:home2@amazon-adsystem.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\MET80BS5.txt [ Cookie:home2@quartermedia.de/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@liveperson[2].txt [ Cookie:home2@liveperson.net/hc/84267026 ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\BE4D65J4.txt [ Cookie:home2@openx.jeetyetmedia.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\EV2OOU2D.txt [ Cookie:home2@gaysexsite.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\ATGOL1T8.txt [ Cookie:home2@dkk.traffective-tracking.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\1FVAI5L2.txt [ Cookie:home2@ads.audience2media.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\XY0SNLO6.txt [ Cookie:home2@mediaplex.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@sexinyourcity[2].txt [ Cookie:home2@sexinyourcity.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\XEFJNIG5.txt [ Cookie:home2@www.porn.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@dafuckbook[1].txt [ Cookie:home2@dafuckbook.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@CASZ46JR.txt [ Cookie:home2@de.sitestat.com/sport1/softclick/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\UY32CSGC.txt [ Cookie:home2@de.sitestat.com/ing-diba/de/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\6OXVPNFH.txt [ Cookie:home2@www.plehn-media.de/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@tracking.publicidees[2].txt [ Cookie:home2@tracking.publicidees.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\3T8PM60O.txt [ Cookie:home2@liveperson.net/hc/85950269 ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\XOZ7QX9R.txt [ Cookie:home2@w3counter.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\VLPR21JJ.txt [ Cookie:home2@go.evolutionmedia.bbelements.com/please/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\MFI7CO2S.txt [ Cookie:home2@musicmakersexpo.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\1VJ4BMRI.txt [ Cookie:home2@xxxprivates.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\LE7JOZRY.txt [ Cookie:home2@nextag.de/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\4TLDX97O.txt [ Cookie:home2@www.trafficrank.de/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\07D3O7I1.txt [ Cookie:home2@jeetyetmedia.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\DKYTO6LW.txt [ Cookie:home2@trackalyzer.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\FEO3A497.txt [ Cookie:home2@freesex.com-q.me/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\DN12UBDU.txt [ Cookie:home2@superpornorama.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\home2@adserv.kwick[2].txt [ Cookie:home2@adserv.kwick.de/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\MQK2VR0K.txt [ Cookie:home2@sexyell.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\5Z2IM00X.txt [ Cookie:home2@skydeutschland.122.2o7.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\VD60VZ9R.txt [ Cookie:home2@clicks.thespecialsearch.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\8CP0YN92.txt [ Cookie:home2@stat.fu-berlin.de/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\7EFLL2FD.txt [ Cookie:home2@epicporntube.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\PDTEL22Y.txt [ Cookie:home2@de.sitestat.com/is24-community/is24-community/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\3VN90QUN.txt [ Cookie:home2@4sex4.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\SI3F0OGG.txt [ Cookie:home2@www.twifansadnet.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\0PQAL71F.txt [ Cookie:home2@moviepilot.de/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\W5EW1T5J.txt [ Cookie:home2@adserver.doccheck.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\QR7Y6JWM.txt [ Cookie:home2@tribalfusion.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\PTFVE28L.txt [ Cookie:home2@kundenbereich.plehn-media.de/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\2VYK7S06.txt [ Cookie:home2@ads.gamersmedia.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\R4PWZU0R.txt [ Cookie:home2@partners.webmasterplan.com/art/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\N72S9M7R.txt [ Cookie:home2@www.gaypornofilme.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\046QR1XX.txt [ Cookie:home2@rawfuckclub.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\5W8WZ51A.txt [ Cookie:home2@adulttextstories.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\JHWQ1BXZ.txt [ Cookie:home2@adinterax.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\FW4R9C6D.txt [ Cookie:home2@menofporn.dreamhosters.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\00KR3DKH.txt [ Cookie:home2@de.sitestat.com/otto-de/ottode-testcl/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\1VZ6FGH3.txt [ Cookie:home2@www.news4adults.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\JZI9JRI3.txt [ Cookie:home2@theblogofsex.blogspot.de/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\CH13T27F.txt [ Cookie:home2@gayporngossip.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\OOVSK6IC.txt [ Cookie:home2@fidelity.rotator.hadj7.adjuggler.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\OULL7ZKS.txt [ Cookie:home2@machofucker.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\IU6T0D9X.txt [ Cookie:home2@geobanner.sexfinder.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\82FLFT8A.txt [ Cookie:home2@plehn-media.de/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\0KJ0K7IL.txt [ Cookie:home2@e2.emediate.se/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\4U4KY0IT.txt [ Cookie:home2@banners.mennation.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\4OKLGUIA.txt [ Cookie:home2@gaypornotubexxx.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\5VVSVR2X.txt [ Cookie:home2@a.banner.t-online.de/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\SKL23ZNF.txt [ Cookie:home2@www.pornme.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\2PAZA41Y.txt [ Cookie:home2@www.traffective-tracking.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\BMRYSN3K.txt [ Cookie:home2@adserver.wolterskluwer.de/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\53VK6T22.txt [ Cookie:home2@berlinpornblog.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\TSPI7S2I.txt [ Cookie:home2@adformdsp.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\ELNTQ3PS.txt [ Cookie:home2@pornyep.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\4C8YITXI.txt [ Cookie:home2@adnetwork.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y0B73C5X.txt [ Cookie:home2@publishers.domainadvertising.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\QWL41JLQ.txt [ Cookie:home2@trafficjunky.xtube.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\PTX4CB6O.txt [ Cookie:home2@bwr-media.de/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\2EKSHW3D.txt [ Cookie:home2@libri.112.2o7.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\QTRT8E2C.txt [ Cookie:home2@www.googleadservices.com/pagead/conversion/1056095806/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\JHJBA2RL.txt [ Cookie:home2@tracking.dc-storm.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\E7EJYBXE.txt [ Cookie:home2@accessbuch.tripod.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\YR7T4I0R.txt [ Cookie:home2@gaypornpolice.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\IE5E6FRZ.txt [ Cookie:home2@lucidmedia.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\XPI7W285.txt [ Cookie:home2@adtech.de/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\XCX42D87.txt [ Cookie:home2@fr.sitestat.com/jpg/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\NAB5HLJK.txt [ Cookie:home2@accounts.google.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\E3YJ1F1C.txt [ Cookie:home2@fastclick.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\25J8338B.txt [ Cookie:home2@static.unister-adservices.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\L3XP7HZM.txt [ Cookie:home2@unister-adservices.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\LSF1G1K1.txt [ Cookie:home2@www.tnaflix.com/hardcore-porn/Gay-Men-Fucking/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\O344H9Y5.txt [ Cookie:home2@tracking.hostgator.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\V3NRFJ5Z.txt [ Cookie:home2@geobanner.xxxgaymatch.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\9YSO1RUC.txt [ Cookie:home2@stats.messe-fn.de/piwik/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\F08DDISU.txt [ Cookie:home2@hotgaysextube.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\GKJPTCDZ.txt [ Cookie:home2@torstardigital.122.2o7.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\EGENNTO8.txt [ Cookie:home2@adserver.adreactor.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\18ZXC61N.txt [ Cookie:home2@www.sexkiste.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\57QW116T.txt [ Cookie:home2@homemadesextube.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\7QM8VHCR.txt [ Cookie:home2@2mdn.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\GSIDM0NV.txt [ Cookie:home2@server.adformdsp.net/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\008U46CF.txt [ Cookie:home2@panzertraffic.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z55AR1KX.txt [ Cookie:home2@de.sitestat.com/ndr/ardsport/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\XG08O5WU.txt [ Cookie:home2@filmpornohard.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\EV1FAOBE.txt [ Cookie:home2@violent.musicmakersexpo.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\SN53X3SQ.txt [ Cookie:home2@ad6media.fr/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\2N0Q9QQ7.txt [ Cookie:home2@www.gayrealityporn.com/xcart ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\GA5XKR6B.txt [ Cookie:home2@tripod.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\0QWK7R02.txt [ Cookie:home2@webstats.online-spendensysteme.de/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y9MAYDB0.txt [ Cookie:home2@horyzon-media.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\TQGFMFMU.txt [ Cookie:home2@banners.sexfinder.com/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\JLHOJ7O8.txt [ Cookie:home2@medianac.nacamar.de/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y3YZ1Y00.txt [ Cookie:home2@loadxxx.co.uk/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\SF729U1V.txt [ Cookie:home2@www.gaybarebackpornmovies.com/dispatcher/ajax/ ]
	C:\USERS\HOME2\AppData\Roaming\Microsoft\Windows\Cookies\Low\66HTLUL1.txt [ Cookie:home2@2o7.net/ ]
	C:\USERS\HOME2\Cookies\5VQ5SM3M.txt [ Cookie:home2@smartadserver.com/ ]
	C:\USERS\HOME2\Cookies\home2@acronis.122.2o7[1].txt [ Cookie:home2@acronis.122.2o7.net/ ]
	C:\USERS\HOME2\Cookies\K1I2GVAM.txt [ Cookie:home2@doubleclick.net/ ]
	C:\USERS\HOME2\Cookies\Y0SM0BZF.txt [ Cookie:home2@ich.adscale.de/adserver-ich/ ]
	C:\USERS\HOME2\Cookies\home2@lxtraffic[2].txt [ Cookie:home2@lxtraffic.com/ ]
	C:\USERS\HOME2\Cookies\O94OVK0U.txt [ Cookie:home2@revsci.net/ ]
	C:\USERS\HOME2\Cookies\home2@de.sitestat[2].txt [ Cookie:home2@de.sitestat.com/sport1/sport1-de/ ]
	C:\USERS\HOME2\Cookies\ZAPBYP92.txt [ Cookie:home2@ad4.adfarm1.adition.com/ ]
	C:\USERS\HOME2\Cookies\EL0RVHKX.txt [ Cookie:home2@ad.adnet.de/ ]
	C:\USERS\HOME2\Cookies\HEM6URWT.txt [ Cookie:home2@adform.net/ ]
	C:\USERS\HOME2\Cookies\8DJ7IIL2.txt [ Cookie:home2@microsoftwllivemkt.112.2o7.net/ ]
	C:\USERS\HOME2\Cookies\XBCVC701.txt [ Cookie:home2@ad2.adfarm1.adition.com/ ]
	C:\USERS\HOME2\Cookies\home2@de.sitestat[1].txt [ Cookie:home2@de.sitestat.com/idgcom-de/pcwelt/ ]
	C:\USERS\HOME2\Cookies\01A0PKNE.txt [ Cookie:home2@specificclick.net/ ]
	C:\USERS\HOME2\Cookies\FP383K2R.txt [ Cookie:home2@eas.apm.emediate.eu/ ]
	C:\USERS\HOME2\Cookies\A43WX29G.txt [ Cookie:home2@atdmt.com/ ]
	C:\USERS\HOME2\Cookies\QF8N2N6V.txt [ Cookie:home2@www.zanox-affiliate.de/ ]
	C:\USERS\HOME2\Cookies\SGEHC50S.txt [ Cookie:home2@traffictrack.de/ ]
	C:\USERS\HOME2\Cookies\M75CC8KA.txt [ Cookie:home2@im.banner.t-online.de/ ]
	C:\USERS\HOME2\Cookies\D3RK9JL4.txt [ Cookie:home2@perf.overture.com/ ]
	C:\USERS\HOME2\Cookies\E2QCV5C3.txt [ Cookie:home2@track.adform.net/ ]
	C:\USERS\HOME2\Cookies\home2@tracking.mindshare[1].txt [ Cookie:home2@tracking.mindshare.de/ ]
	C:\USERS\HOME2\Cookies\SUUN43TT.txt [ Cookie:home2@de.sitestat.com/ndr/tagesschau/ ]
	C:\USERS\HOME2\Cookies\home2@advertising[1].txt [ Cookie:home2@advertising.com/ ]
	C:\USERS\HOME2\Cookies\9PUCYC1X.txt [ Cookie:home2@xiti.com/ ]
	C:\USERS\HOME2\Cookies\B1ZH271B.txt [ Cookie:home2@tradedoubler.com/ ]
	C:\USERS\HOME2\Cookies\IDI5T9D6.txt [ Cookie:home2@de.sitestat.com/ndr/ ]
	C:\USERS\HOME2\Cookies\68N8B7U7.txt [ Cookie:home2@apmebf.com/ ]
	C:\USERS\HOME2\Cookies\home2@www.etracker[1].txt [ Cookie:home2@www.etracker.de/ ]
	C:\USERS\HOME2\Cookies\L3TSK0VG.txt [ Cookie:home2@zanox-affiliate.de/ ]
	C:\USERS\HOME2\Cookies\home2@statse.webtrendslive[1].txt [ Cookie:home2@statse.webtrendslive.com/ ]
	.microsoftinternetexplorer.112.2o7.net [ C:\USERS\HOME2\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ww251.smartadserver.com [ C:\USERS\HOME2\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.smartadserver.com [ C:\USERS\HOME2\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.smartadserver.com [ C:\USERS\HOME2\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.smartadserver.com [ C:\USERS\HOME2\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.smartadserver.com [ C:\USERS\HOME2\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.doubleclick.net [ C:\USERS\HOME2\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.smartadserver.com [ C:\USERS\HOME2\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

Trojan.Agent/Gen-Patchload
	C:\WINDOWS\INSTALLER\{90A40407-6000-11D3-8CFE-0150048383C9}\MISC.EXE
         
10 Externe Festplatte und USB Sticks sind geprüft.

11. Online Scanner
Code:
ATTFilter
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=fd2b81a8d07a3b489c4d44d41c1af3ca
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-10 10:28:33
# local_time=2012-07-11 12:28:33 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5121 16777213 100 75 364096 7178002 0 0
# compatibility_mode=5893 16776574 66 85 37183132 93582356 0 0
# compatibility_mode=8192 67108863 100 0 109 109 0 0
# scanned=345275
# found=5
# cleaned=5
# scan_time=6806
C:\Program Files (x86)\Yontoo\YontooIEClient.dll	a variant of Win32/Adware.Yontoo.A application (cleaned by deleting (after the next restart) - quarantined)	00000000000000000000000000000000	C
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll	a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\ProgramData\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\_Setupx.dll	a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\Home2\AppData\Local\Temp\NOD5D81.tmp	a variant of Win32/Adware.Yontoo.A application (cleaned by deleting (after the next restart) - quarantined)	00000000000000000000000000000000	C
C:\Users\Home2\Desktop\ezLookerSilent_DDD_FTT_BG_BD_BVD.exe	Win32/Adware.Yontoo application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
         
12 OTL
OTL.txt und Extras.txt al gezipte datei im Anhanh.
Der Platz hier im Thread reicht nicht mehr aus.

Ich konnte wegen Zeitmangels das Sytem noch nicht ausreichend testen. Ich hole es in Kürze nach und melde mich dann.

Nochmals herzlichen Dank und viele Grüße
Harald


Alt 11.07.2012, 10:29   #6
kira
/// Helfer-Team
 
GVU Trojaner und jetzt? - Standard

GVU Trojaner und jetzt?



** Lass dein System ein paar Tage noch unter Beobachtung, dann melde dich wieder und berichte
__________________
--> GVU Trojaner und jetzt?

Alt 19.07.2012, 17:47   #7
HaraldHH
 
GVU Trojaner und jetzt? - Icon17

GVU Trojaner und jetzt?



Hallo Kira, zwischenzeitlich sind 8 Tage vergangen und es sind keine Probleme mehr aufgetreten. Ich nehme an, dass das System wieder "sauber" ist. Ich habe McAfee schon seit einigen Jahren als Antivirenprogramm im Einsatz und werde auch regelmäßig mit Updates versorgt. Das gleiche gilt für die Microsoft-Produkte (Windows, Office..). Die Meldung "Ihr System ist sicher" scheint wohl nicht (mehr) zu stimmen. Was ist aus Deiner Sicht - außer den schon genannten Tipps - noch erforderlich, um das System sicherer zu machen? Vielen herzlichen Dank für Deine Bemühungen!!! Viele Grüße Harald

Antwort

Themen zu GVU Trojaner und jetzt?
adobe, alternate, autorun, babylon toolbar, babylontoolbar, bingbar, conduit, document, error, firefox, flash player, format, glom0, glom0_og.exe, gvu trojaner windows7, home, hängen, iexplore.exe, install.exe, intranet, logfile, microsoft office 2003, microsoft office word, phishing, richtlinie, rundll, search the web, searchscopes, security, senden, server, software, starmoney, svchost.exe, taskmanager, temp, temporär, trojaner, usb, wickel, windows, windows xp, wlan



Ähnliche Themen: GVU Trojaner und jetzt?


  1. ist mein Trojaner jetzt weg ?
    Plagegeister aller Art und deren Bekämpfung - 28.02.2015 (3)
  2. Durch Biet-o-matic jetzt statt google startseite jetzt webssearches
    Plagegeister aller Art und deren Bekämpfung - 22.12.2014 (9)
  3. GVU Trojaner jetzt auch bei mir
    Log-Analyse und Auswertung - 01.06.2013 (19)
  4. Trojaner jetzt weg?
    Log-Analyse und Auswertung - 31.05.2013 (13)
  5. Trojaner gefunden was jetzt
    Log-Analyse und Auswertung - 23.05.2013 (13)
  6. Ist jetzt der Trojaner jetzt weg?
    Log-Analyse und Auswertung - 30.03.2013 (19)
  7. GVU Trojaner jetzt auch bei mir
    Log-Analyse und Auswertung - 06.07.2012 (11)
  8. Trojaner entfernt und jetzt?
    Plagegeister aller Art und deren Bekämpfung - 14.02.2012 (1)
  9. BKA Trojaner jetzt auch bei mir
    Plagegeister aller Art und deren Bekämpfung - 11.01.2012 (2)
  10. BKA Trojaner - jetzt sauber?
    Log-Analyse und Auswertung - 05.09.2011 (32)
  11. Trojaner gelöscht... und jetzt?
    Plagegeister aller Art und deren Bekämpfung - 18.09.2009 (3)
  12. ist der trojaner jetzt restlos weg?
    Mülltonne - 14.06.2008 (0)
  13. Trojaner jetzt wirklich weg??? oO
    Plagegeister aller Art und deren Bekämpfung - 02.07.2007 (2)
  14. Trojaner, formatiert und jetzt?
    Plagegeister aller Art und deren Bekämpfung - 22.02.2007 (16)
  15. Ein Trojaner -und was jetzt?
    Plagegeister aller Art und deren Bekämpfung - 20.04.2006 (8)
  16. Escan Auswertung durch find.bat - und jetzt? Was muss ich jetzt machen???
    Log-Analyse und Auswertung - 06.02.2006 (6)
  17. trojaner dialer und jetzt?
    Plagegeister aller Art und deren Bekämpfung - 01.06.2004 (7)

Zum Thema GVU Trojaner und jetzt? - Hallo zusammen, jetzt hat es mich auch erwischt. Die Webseite von der "GVU" mit der Zahlungsaufforderung habe ich erhalten. Der Taskmanager spricht nicht mehr an. Ich habe mit abgesicherten Modus - GVU Trojaner und jetzt?...
Archiv
Du betrachtest: GVU Trojaner und jetzt? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.