Desinfec't 2012/Kaspersky findet Exploit.Java.CVE-2011-3544. und Exploit.Java.CVE-2012-0507.

Bangalorean · 10.06.2012, 21:51

Hallo allerseits,

Ich habe "eigentlich" keine konkreten Probleme (außer dass mir etwa einmal in der Woche die Kiste einfriert weil der ESet Virenscanner über Stunden 100% CPU verbraucht und durch nichts abzulenken ist). Wir sprechen über ein Win7 /Home 64-Bit.

Jedenfalls habe ich dieses Wochenende wieder einmal die aktuelle Desinfec't laufenlassen, und sie hat tatsächlich einiges gefunden.

Der Betriebsmodus war:

Alle angeschlossenen Laufwerke scannen (dazu später mehr)
Archive und Mail-Archive untersuchen (oder wie auch immer das genau heißt)
Nur Kaspersky-Scanner

Zu den Laufwerken und dem Kaspersky-Scanner: CPU und Plattenkapazität stehen in einem Missverhältnis, Kaspersky hat für die ~300GB große Root-Platte etwa 20 Stunden gebraucht und war immer noch nicht fertig, als ich mit dem Rechner wieder arbeiten musste :-/ - und da hatte er wohl mit der 2. internen Festplatte (500GB) und der externen (1TB) noch gar nicht angefangen. Auch wenn's nicht optimal ist, ich lasse jetzt die Desinfec't in einer VirtualBox-VM alles absuchen. Immerhin ist hier ein aktueller ESET in Betrieb. (edit: ich vermute, dass es am defogger liegt, dass ich VirtualBox gerade nicht starten kann? Das wäre extrem hinderlich, normalerweise habe ich für die Arbeit drei VMs laufen...)

So oder so, hier ist das Logfile von Kaspersky/Desinfec't:

Code:

ATTFilter

2012-06-10 00:07:40    Scan_Objects$0006         starting   1%         
; --- Settings ---
; Action on detect:    Disinfect automatically
; Scan objects:        All objects
; Try disinfect:    No
; Try delete:        No
; Try delete container:    No
; Exclude by mask:    No
; Include by mask:    No
; Objects to scan:    
;     "/media"    Enable=Yes    Recursive=Yes
; ------------------
2012-06-10 00:07:40    Scan_Objects$0006         running    1%         
2012-06-10 01:15:28    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch1.zip//sbRecovery.reg    password protected
2012-06-10 01:15:28    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch1.zip//sbRecovery.ini    password protected
2012-06-10 01:15:28    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/FunWebProducts.zip//sbRecovery.ini    password protected
2012-06-10 01:15:28    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/FunWebProducts1.zip//sbRecovery.ini    password protected
2012-06-10 01:15:28    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/FunWebProducts2.zip//sbRecovery.reg    password protected
2012-06-10 01:15:28    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/FunWebProducts2.zip//sbRecovery.ini    password protected
2012-06-10 01:15:28    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/FunWebProducts3.zip//sbRecovery.ini    password protected
2012-06-10 01:15:28    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/FunWebProducts4.zip//sbRecovery.ini    password protected
2012-06-10 01:15:28    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/FunWebProducts5.zip//sbRecovery.reg    password protected
2012-06-10 01:15:28    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/FunWebProducts5.zip//sbRecovery.ini    password protected
2012-06-10 01:15:28    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch.zip//sbRecovery.reg    password protected
2012-06-10 01:15:28    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch.zip//sbRecovery.ini    password protected
2012-06-10 01:15:28    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch10.zip//sbRecovery.reg    password protected
2012-06-10 01:15:28    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch10.zip//sbRecovery.ini    password protected
2012-06-10 01:15:28    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch11.zip//sbRecovery.reg    password protected
2012-06-10 01:15:28    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch11.zip//sbRecovery.ini    password protected
2012-06-10 01:15:29    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch12.zip//sbRecovery.reg    password protected
2012-06-10 01:15:29    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch12.zip//sbRecovery.ini    password protected
2012-06-10 01:15:29    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch2.zip//sbRecovery.reg    password protected
2012-06-10 01:15:29    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch2.zip//sbRecovery.ini    password protected
2012-06-10 01:15:29    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch3.zip//sbRecovery.reg    password protected
2012-06-10 01:15:29    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch3.zip//sbRecovery.ini    password protected
2012-06-10 01:15:29    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch4.zip//sbRecovery.reg    password protected
2012-06-10 01:15:29    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch4.zip//sbRecovery.ini    password protected
2012-06-10 01:15:29    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch5.zip//sbRecovery.reg    password protected
2012-06-10 01:15:29    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch5.zip//sbRecovery.ini    password protected
2012-06-10 01:15:29    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch6.zip//sbRecovery.reg    password protected
2012-06-10 01:15:29    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch6.zip//sbRecovery.ini    password protected
2012-06-10 01:15:29    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch7.zip//sbRecovery.reg    password protected
2012-06-10 01:15:29    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch7.zip//sbRecovery.ini    password protected
2012-06-10 01:15:29    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch8.zip//sbRecovery.reg    password protected
2012-06-10 01:15:29    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch8.zip//sbRecovery.ini    password protected
2012-06-10 01:15:29    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch9.zip//sbRecovery.reg    password protected
2012-06-10 01:15:29    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch9.zip//sbRecovery.ini    password protected
2012-06-10 02:07:02    /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/autocorrect.pxp//phrases.pxp    password protected
2012-06-10 02:07:02    /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/clipboard.pxp//phrases.pxp    password protected
2012-06-10 02:07:02    /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/clipboard.pxp.bak//phrases.pxp    password protected
2012-06-10 02:07:02    /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/lastused.pxp//phrases.pxp    password protected
2012-06-10 02:07:02    /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/lastused.pxp.bak//phrases.pxp    password protected
2012-06-10 02:07:02    /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/phrases.pxp//phrases.pxp    password protected
2012-06-10 02:07:02    /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/phrases.pxp.bak//phrases.pxp    password protected
2012-06-10 02:07:02    /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/words.pal//words.pal    password protected
2012-06-10 03:43:10    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/31/44bc4adf-4a8465f7//Dot.class    detected    Exploit.Java.CVE-2011-3544.mm
2012-06-10 03:43:10    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/31/44bc4adf-4a8465f7//Dot.class    skipped
2012-06-10 03:43:11    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/34/76a555a2-7625db3e//a/Help.class    detected    Exploit.Java.CVE-2011-3544.mb
2012-06-10 03:43:11    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/34/76a555a2-7625db3e//a/Help.class    skipped
2012-06-10 03:43:11    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/34/76a555a2-7625db3e//a/Test.class    detected    Exploit.Java.CVE-2011-3544.mb
2012-06-10 03:43:11    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/34/76a555a2-7625db3e//a/Test.class    skipped
2012-06-10 03:43:23    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/51/5c4abab3-34eb095a//s_a.class    detected    Exploit.Java.CVE-2011-3544.mc
2012-06-10 03:43:23    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/51/5c4abab3-34eb095a//s_a.class    skipped
2012-06-10 03:43:23    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/51/5c4abab3-34eb095a//Inc.class    detected    Exploit.Java.CVE-2011-3544.ma
2012-06-10 03:43:23    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/51/5c4abab3-34eb095a//Inc.class    skipped
2012-06-10 03:43:23    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/51/5c4abab3-34eb095a//s_b.class    detected    Exploit.Java.CVE-2011-3544.md
2012-06-10 03:43:23    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/51/5c4abab3-34eb095a//s_b.class    skipped
2012-06-10 03:43:27    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/56/c63d6b8-175fdffe//ta/ta.class    detected    Exploit.Java.CVE-2012-0507.iz
2012-06-10 03:43:27    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/56/c63d6b8-175fdffe//ta/ta.class    skipped
2012-06-10 03:43:27    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/56/c63d6b8-175fdffe//ta/L.class    detected    Exploit.Java.CVE-2012-0507.in
2012-06-10 03:43:27    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/56/c63d6b8-175fdffe//ta/L.class    skipped
2012-06-10 03:43:28    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/58/7e5d3dba-2469828c//Dot.class    detected    Exploit.Java.CVE-2011-3544.mm
2012-06-10 03:43:28    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/58/7e5d3dba-2469828c//Dot.class    skipped
2012-06-10 03:43:28    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/59/4ca9867b-52cf019c//a/a.class    detected    Exploit.Java.CVE-2011-3544.mu
2012-06-10 03:43:28    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/59/4ca9867b-52cf019c//a/a.class    skipped
2012-06-10 03:43:29    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/63/361edabf-51abc6d4//a/Help.class    detected    Exploit.Java.CVE-2011-3544.mb
2012-06-10 03:43:29    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/63/361edabf-51abc6d4//a/Help.class    skipped
2012-06-10 03:43:29    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/63/361edabf-51abc6d4//a/Test.class    detected    Exploit.Java.CVE-2011-3544.mb
2012-06-10 03:43:29    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/63/361edabf-51abc6d4//a/Test.class    skipped
2012-06-10 03:43:34    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/19/623b013-4eccfb3f//a/Help.class    detected    Exploit.Java.CVE-2011-3544.lt
2012-06-10 03:43:34    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/19/623b013-4eccfb3f//a/Help.class    skipped
2012-06-10 03:43:34    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/19/623b013-4eccfb3f//a/Test.class    detected    Exploit.Java.CVE-2011-3544.lt
2012-06-10 03:43:34    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/19/623b013-4eccfb3f//a/Test.class    skipped
2012-06-10 04:32:00    /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/autocorrect.pxp//phrases.pxp    password protected
2012-06-10 04:32:03    /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/clipboard.pxp.bak//phrases.pxp    password protected
2012-06-10 04:32:03    /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/clipboard.pxp//phrases.pxp    password protected
2012-06-10 04:32:04    /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/lastused.pxp//phrases.pxp    password protected
2012-06-10 04:32:04    /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/lastused.pxp.bak//phrases.pxp    password protected
2012-06-10 04:32:04    /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/phrases.pxp//phrases.pxp    password protected
2012-06-10 04:32:04    /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/phrases.pxp.bak//phrases.pxp    password protected
2012-06-10 04:32:04    /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/words.pal//words.pal    password protected
2012-06-10 07:00:53    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch1.zip//sbRecovery.reg    password protected
2012-06-10 07:00:57    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch1.zip//sbRecovery.ini    password protected
2012-06-10 07:00:57    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/FunWebProducts.zip//sbRecovery.ini    password protected
2012-06-10 07:00:57    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/FunWebProducts1.zip//sbRecovery.ini    password protected
2012-06-10 07:00:57    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/FunWebProducts2.zip//sbRecovery.reg    password protected
2012-06-10 07:00:57    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/FunWebProducts2.zip//sbRecovery.ini    password protected
2012-06-10 07:00:57    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/FunWebProducts3.zip//sbRecovery.ini    password protected
2012-06-10 07:00:57    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/FunWebProducts4.zip//sbRecovery.ini    password protected
2012-06-10 07:00:57    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/FunWebProducts5.zip//sbRecovery.reg    password protected
2012-06-10 07:00:57    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/FunWebProducts5.zip//sbRecovery.ini    password protected
2012-06-10 07:00:57    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch.zip//sbRecovery.reg    password protected
2012-06-10 07:00:57    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch.zip//sbRecovery.ini    password protected
2012-06-10 07:00:57    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch10.zip//sbRecovery.reg    password protected
2012-06-10 07:00:57    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch10.zip//sbRecovery.ini    password protected
2012-06-10 07:00:57    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch11.zip//sbRecovery.reg    password protected
2012-06-10 07:00:57    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch11.zip//sbRecovery.ini    password protected
2012-06-10 07:00:57    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch12.zip//sbRecovery.reg    password protected
2012-06-10 07:00:57    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch12.zip//sbRecovery.ini    password protected
2012-06-10 07:00:58    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch2.zip//sbRecovery.reg    password protected
2012-06-10 07:00:58    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch2.zip//sbRecovery.ini    password protected
2012-06-10 07:00:58    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch3.zip//sbRecovery.reg    password protected
2012-06-10 07:00:58    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch3.zip//sbRecovery.ini    password protected
2012-06-10 07:00:58    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch4.zip//sbRecovery.reg    password protected
2012-06-10 07:00:58    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch4.zip//sbRecovery.ini    password protected
2012-06-10 07:00:58    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch5.zip//sbRecovery.reg    password protected
2012-06-10 07:00:58    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch5.zip//sbRecovery.ini    password protected
2012-06-10 07:00:58    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch6.zip//sbRecovery.reg    password protected
2012-06-10 07:00:58    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch6.zip//sbRecovery.ini    password protected
2012-06-10 07:00:58    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch7.zip//sbRecovery.reg    password protected
2012-06-10 07:00:58    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch7.zip//sbRecovery.ini    password protected
2012-06-10 07:00:58    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch8.zip//sbRecovery.reg    password protected
2012-06-10 07:00:58    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch8.zip//sbRecovery.ini    password protected
2012-06-10 07:00:58    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch9.zip//sbRecovery.reg    password protected
2012-06-10 07:00:58    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch9.zip//sbRecovery.ini    password protected
2012-06-10 07:31:12    /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/autocorrect.pxp//phrases.pxp    password protected
2012-06-10 07:31:12    /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/clipboard.pxp//phrases.pxp    password protected
2012-06-10 07:31:12    /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/clipboard.pxp.bak//phrases.pxp    password protected
2012-06-10 07:31:12    /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/lastused.pxp//phrases.pxp    password protected
2012-06-10 07:31:12    /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/lastused.pxp.bak//phrases.pxp    password protected
2012-06-10 07:31:12    /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/phrases.pxp//phrases.pxp    password protected
2012-06-10 07:31:12    /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/phrases.pxp.bak//phrases.pxp    password protected
2012-06-10 07:31:12    /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/words.pal//words.pal    password protected
2012-06-10 08:53:53    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/31/44bc4adf-4a8465f7//Dot.class    detected    Exploit.Java.CVE-2011-3544.mm
2012-06-10 08:53:53    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/31/44bc4adf-4a8465f7//Dot.class    skipped
2012-06-10 08:53:55    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/34/76a555a2-7625db3e//a/Help.class    detected    Exploit.Java.CVE-2011-3544.mb
2012-06-10 08:53:55    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/34/76a555a2-7625db3e//a/Help.class    skipped
2012-06-10 08:53:56    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/34/76a555a2-7625db3e//a/Test.class    detected    Exploit.Java.CVE-2011-3544.mb
2012-06-10 08:53:56    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/34/76a555a2-7625db3e//a/Test.class    skipped
2012-06-10 08:54:07    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/51/5c4abab3-34eb095a//s_a.class    detected    Exploit.Java.CVE-2011-3544.mc
2012-06-10 08:54:07    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/51/5c4abab3-34eb095a//s_a.class    skipped
2012-06-10 08:54:07    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/51/5c4abab3-34eb095a//Inc.class    detected    Exploit.Java.CVE-2011-3544.ma
2012-06-10 08:54:07    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/51/5c4abab3-34eb095a//Inc.class    skipped
2012-06-10 08:54:07    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/51/5c4abab3-34eb095a//s_b.class    detected    Exploit.Java.CVE-2011-3544.md
2012-06-10 08:54:07    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/51/5c4abab3-34eb095a//s_b.class    skipped
2012-06-10 08:54:12    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/56/c63d6b8-175fdffe//ta/ta.class    detected    Exploit.Java.CVE-2012-0507.iz
2012-06-10 08:54:12    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/56/c63d6b8-175fdffe//ta/ta.class    skipped
2012-06-10 08:54:12    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/56/c63d6b8-175fdffe//ta/L.class    detected    Exploit.Java.CVE-2012-0507.in
2012-06-10 08:54:12    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/56/c63d6b8-175fdffe//ta/L.class    skipped
2012-06-10 08:54:12    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/58/7e5d3dba-2469828c//Dot.class    detected    Exploit.Java.CVE-2011-3544.mm
2012-06-10 08:54:12    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/58/7e5d3dba-2469828c//Dot.class    skipped
2012-06-10 08:54:13    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/59/4ca9867b-52cf019c//a/a.class    detected    Exploit.Java.CVE-2011-3544.mu
2012-06-10 08:54:13    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/59/4ca9867b-52cf019c//a/a.class    skipped
2012-06-10 08:54:14    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/63/361edabf-51abc6d4//a/Help.class    detected    Exploit.Java.CVE-2011-3544.mb
2012-06-10 08:54:14    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/63/361edabf-51abc6d4//a/Help.class    skipped
2012-06-10 08:54:14    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/63/361edabf-51abc6d4//a/Test.class    detected    Exploit.Java.CVE-2011-3544.mb
2012-06-10 08:54:14    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/63/361edabf-51abc6d4//a/Test.class    skipped
2012-06-10 08:54:19    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/19/623b013-4eccfb3f//a/Help.class    detected    Exploit.Java.CVE-2011-3544.lt
2012-06-10 08:54:19    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/19/623b013-4eccfb3f//a/Help.class    skipped
2012-06-10 08:54:19    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/19/623b013-4eccfb3f//a/Test.class    detected    Exploit.Java.CVE-2011-3544.lt
2012-06-10 08:54:19    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/19/623b013-4eccfb3f//a/Test.class    skipped
2012-06-10 09:40:01    /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/autocorrect.pxp//phrases.pxp    password protected
2012-06-10 09:40:01    /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/clipboard.pxp//phrases.pxp    password protected
2012-06-10 09:40:01    /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/clipboard.pxp.bak//phrases.pxp    password protected
2012-06-10 09:40:01    /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/lastused.pxp.bak//phrases.pxp    password protected
2012-06-10 09:40:01    /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/lastused.pxp//phrases.pxp    password protected
2012-06-10 09:40:01    /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/phrases.pxp//phrases.pxp    password protected
2012-06-10 09:40:01    /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/phrases.pxp.bak//phrases.pxp    password protected
2012-06-10 09:40:01    /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/words.pal//words.pal    password protected
2012-06-10 13:00:03    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch1.zip//sbRecovery.reg    password protected
2012-06-10 13:00:03    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch1.zip//sbRecovery.ini    password protected
2012-06-10 13:00:03    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/FunWebProducts.zip//sbRecovery.ini    password protected
2012-06-10 13:00:03    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/FunWebProducts1.zip//sbRecovery.ini    password protected
2012-06-10 13:00:03    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/FunWebProducts2.zip//sbRecovery.reg    password protected
2012-06-10 13:00:03    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/FunWebProducts2.zip//sbRecovery.ini    password protected
2012-06-10 13:00:03    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/FunWebProducts3.zip//sbRecovery.ini    password protected
2012-06-10 13:00:03    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/FunWebProducts4.zip//sbRecovery.ini    password protected
2012-06-10 13:00:03    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/FunWebProducts5.zip//sbRecovery.reg    password protected
2012-06-10 13:00:03    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/FunWebProducts5.zip//sbRecovery.ini    password protected
2012-06-10 13:00:03    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch.zip//sbRecovery.reg    password protected
2012-06-10 13:00:03    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch.zip//sbRecovery.ini    password protected
2012-06-10 13:00:03    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch10.zip//sbRecovery.reg    password protected
2012-06-10 13:00:03    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch10.zip//sbRecovery.ini    password protected
2012-06-10 13:00:03    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch11.zip//sbRecovery.reg    password protected
2012-06-10 13:00:03    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch11.zip//sbRecovery.ini    password protected
2012-06-10 13:00:03    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch12.zip//sbRecovery.reg    password protected
2012-06-10 13:00:03    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch12.zip//sbRecovery.ini    password protected
2012-06-10 13:00:03    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch2.zip//sbRecovery.reg    password protected
2012-06-10 13:00:03    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch2.zip//sbRecovery.ini    password protected
2012-06-10 13:00:03    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch3.zip//sbRecovery.reg    password protected
2012-06-10 13:00:03    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch3.zip//sbRecovery.ini    password protected
2012-06-10 13:00:03    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch4.zip//sbRecovery.reg    password protected
2012-06-10 13:00:03    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch4.zip//sbRecovery.ini    password protected
2012-06-10 13:00:03    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch5.zip//sbRecovery.reg    password protected
2012-06-10 13:00:03    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch5.zip//sbRecovery.ini    password protected
2012-06-10 13:00:03    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch6.zip//sbRecovery.reg    password protected
2012-06-10 13:00:03    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch6.zip//sbRecovery.ini    password protected
2012-06-10 13:00:03    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch7.zip//sbRecovery.reg    password protected
2012-06-10 13:00:03    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch7.zip//sbRecovery.ini    password protected
2012-06-10 13:00:03    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch8.zip//sbRecovery.reg    password protected
2012-06-10 13:00:03    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch8.zip//sbRecovery.ini    password protected
2012-06-10 13:00:03    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch9.zip//sbRecovery.reg    password protected
2012-06-10 13:00:03    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch9.zip//sbRecovery.ini    password protected
2012-06-10 13:35:38    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch1.zip//sbRecovery.reg    password protected
2012-06-10 13:35:38    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch1.zip//sbRecovery.ini    password protected
2012-06-10 13:35:38    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/FunWebProducts.zip//sbRecovery.ini    password protected
2012-06-10 13:35:38    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/FunWebProducts1.zip//sbRecovery.ini    password protected
2012-06-10 13:35:38    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/FunWebProducts2.zip//sbRecovery.reg    password protected
2012-06-10 13:35:38    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/FunWebProducts2.zip//sbRecovery.ini    password protected
2012-06-10 13:35:38    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/FunWebProducts3.zip//sbRecovery.ini    password protected
2012-06-10 13:35:38    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/FunWebProducts4.zip//sbRecovery.ini    password protected
2012-06-10 13:35:39    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/FunWebProducts5.zip//sbRecovery.reg    password protected
2012-06-10 13:35:39    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/FunWebProducts5.zip//sbRecovery.ini    password protected
2012-06-10 13:35:39    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch.zip//sbRecovery.reg    password protected
2012-06-10 13:35:39    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch.zip//sbRecovery.ini    password protected
2012-06-10 13:35:39    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch10.zip//sbRecovery.reg    password protected
2012-06-10 13:35:39    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch10.zip//sbRecovery.ini    password protected
2012-06-10 13:35:39    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch11.zip//sbRecovery.reg    password protected
2012-06-10 13:35:39    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch11.zip//sbRecovery.ini    password protected
2012-06-10 13:35:39    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch12.zip//sbRecovery.reg    password protected
2012-06-10 13:35:39    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch12.zip//sbRecovery.ini    password protected
2012-06-10 13:35:39    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch2.zip//sbRecovery.reg    password protected
2012-06-10 13:35:39    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch2.zip//sbRecovery.ini    password protected
2012-06-10 13:35:39    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch3.zip//sbRecovery.reg    password protected
2012-06-10 13:35:39    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch3.zip//sbRecovery.ini    password protected
2012-06-10 13:35:39    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch4.zip//sbRecovery.reg    password protected
2012-06-10 13:35:39    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch4.zip//sbRecovery.ini    password protected
2012-06-10 13:35:39    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch5.zip//sbRecovery.reg    password protected
2012-06-10 13:35:39    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch5.zip//sbRecovery.ini    password protected
2012-06-10 13:35:39    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch6.zip//sbRecovery.reg    password protected
2012-06-10 13:35:39    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch6.zip//sbRecovery.ini    password protected
2012-06-10 13:35:39    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch7.zip//sbRecovery.reg    password protected
2012-06-10 13:35:39    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch7.zip//sbRecovery.ini    password protected
2012-06-10 13:35:39    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch8.zip//sbRecovery.reg    password protected
2012-06-10 13:35:39    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch8.zip//sbRecovery.ini    password protected
2012-06-10 13:35:39    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch9.zip//sbRecovery.reg    password protected
2012-06-10 13:35:39    /media/SIRIUS_ROOT/ProgramData/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch9.zip//sbRecovery.ini    password protected
2012-06-10 14:13:03    /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/clipboard.pxp.bak//phrases.pxp    password protected
2012-06-10 14:13:03    /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/autocorrect.pxp//phrases.pxp    password protected
2012-06-10 14:13:03    /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/clipboard.pxp//phrases.pxp    password protected
2012-06-10 14:13:03    /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/lastused.pxp//phrases.pxp    password protected
2012-06-10 14:13:03    /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/lastused.pxp.bak//phrases.pxp    password protected
2012-06-10 14:13:03    /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/phrases.pxp//phrases.pxp    password protected
2012-06-10 14:13:03    /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/phrases.pxp.bak//phrases.pxp    password protected
2012-06-10 14:13:03    /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/words.pal//words.pal    password protected
2012-06-10 15:35:57    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/31/44bc4adf-4a8465f7//Dot.class    detected    Exploit.Java.CVE-2011-3544.mm
2012-06-10 15:35:57    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/31/44bc4adf-4a8465f7//Dot.class    skipped
2012-06-10 15:36:00    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/34/76a555a2-7625db3e//a/Help.class    detected    Exploit.Java.CVE-2011-3544.mb
2012-06-10 15:36:00    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/34/76a555a2-7625db3e//a/Help.class    skipped
2012-06-10 15:36:00    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/34/76a555a2-7625db3e//a/Test.class    detected    Exploit.Java.CVE-2011-3544.mb
2012-06-10 15:36:00    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/34/76a555a2-7625db3e//a/Test.class    skipped
2012-06-10 15:36:12    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/51/5c4abab3-34eb095a//s_a.class    detected    Exploit.Java.CVE-2011-3544.mc
2012-06-10 15:36:12    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/51/5c4abab3-34eb095a//s_a.class    skipped
2012-06-10 15:36:12    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/51/5c4abab3-34eb095a//Inc.class    detected    Exploit.Java.CVE-2011-3544.ma
2012-06-10 15:36:12    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/51/5c4abab3-34eb095a//Inc.class    skipped
2012-06-10 15:36:12    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/51/5c4abab3-34eb095a//s_b.class    detected    Exploit.Java.CVE-2011-3544.md
2012-06-10 15:36:12    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/51/5c4abab3-34eb095a//s_b.class    skipped
2012-06-10 15:36:16    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/56/c63d6b8-175fdffe//ta/ta.class    detected    Exploit.Java.CVE-2012-0507.iz
2012-06-10 15:36:16    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/56/c63d6b8-175fdffe//ta/ta.class    skipped
2012-06-10 15:36:16    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/56/c63d6b8-175fdffe//ta/L.class    detected    Exploit.Java.CVE-2012-0507.in
2012-06-10 15:36:16    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/56/c63d6b8-175fdffe//ta/L.class    skipped
2012-06-10 15:36:17    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/58/7e5d3dba-2469828c//Dot.class    detected    Exploit.Java.CVE-2011-3544.mm
2012-06-10 15:36:17    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/58/7e5d3dba-2469828c//Dot.class    skipped
2012-06-10 15:36:17    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/59/4ca9867b-52cf019c//a/a.class    detected    Exploit.Java.CVE-2011-3544.mu
2012-06-10 15:36:17    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/59/4ca9867b-52cf019c//a/a.class    skipped
2012-06-10 15:36:19    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/63/361edabf-51abc6d4//a/Help.class    detected    Exploit.Java.CVE-2011-3544.mb
2012-06-10 15:36:19    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/63/361edabf-51abc6d4//a/Help.class    skipped
2012-06-10 15:36:19    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/63/361edabf-51abc6d4//a/Test.class    detected    Exploit.Java.CVE-2011-3544.mb
2012-06-10 15:36:19    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/63/361edabf-51abc6d4//a/Test.class    skipped
2012-06-10 15:36:24    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/19/623b013-4eccfb3f//a/Help.class    detected    Exploit.Java.CVE-2011-3544.lt
2012-06-10 15:36:24    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/19/623b013-4eccfb3f//a/Help.class    skipped
2012-06-10 15:36:24    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/19/623b013-4eccfb3f//a/Test.class    detected    Exploit.Java.CVE-2011-3544.lt
2012-06-10 15:36:24    /media/SIRIUS_ROOT/Users/(Username)/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/19/623b013-4eccfb3f//a/Test.class    skipped
2012-06-10 16:22:41    /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/autocorrect.pxp//phrases.pxp    password protected
2012-06-10 16:22:41    /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/clipboard.pxp//phrases.pxp    password protected
2012-06-10 16:22:41    /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/clipboard.pxp.bak//phrases.pxp    password protected
2012-06-10 16:22:42    /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/lastused.pxp//phrases.pxp    password protected
2012-06-10 16:22:42    /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/lastused.pxp.bak//phrases.pxp    password protected
2012-06-10 16:22:42    /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/phrases.pxp//phrases.pxp    password protected
2012-06-10 16:22:42    /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/phrases.pxp.bak//phrases.pxp    password protected
2012-06-10 16:22:42    /media/SIRIUS_ROOT/Users/(Username)/Documents/PhraseExpress/words.pal//words.pal    password protected

Eine OTL.txt und Extras.txt habe ich auch schon, die liegen als Anhang bei.

Und jetzt lasse ich mich überraschen. Die Walkthroughs bei den anderen waren ja faszinierend detailliert, ich bin gespannt und - soweit es der Anlass hergibt - freue mich darauf, dazuzulernen.

Danke und viele Grüße,

Bangalorean (der nicht in Bangalore leb)

... und weil's so schön ist, hier noch das Logfile von Malwarebytes Anti Malware. Die drei "Fundsachen" habe ich löschen lassen, sie befinden sich noch in der Quarantäne.

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org
 
Datenbank Version: v2012.06.11.04
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
(Username) :: SIRIUS [Administrator]
 
Schutz: Aktiviert
 
11.06.2012 15:26:37
mbam-log-2012-06-11 (15-31-45).txt
 
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 264288
Laufzeit: 4 Minute(n), 29 Sekunde(n)
 
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
 
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungsschlüssel: 3
HKCR\CLSID\{EFF39A40-C163-4d5d-B073-52FBB55C646A} (Trojan.Agent) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EFF39A40-C163-4D5D-B073-52FBB55C646A} (Trojan.Agent) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
 
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
 
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
 
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
 
Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)
 
(Ende)

cosinus · 13.06.2012, 10:47

Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

Bangalorean · 13.06.2012, 12:11

Hallo Arne,

zuallererst: Vielen, vielen Dank dass Du Dich mit der Sache beschäftigst, ich muss zugeben, ich hatte schon gar nicht mehr daran geglaubt und konsequenterweise wohl ein paar Dummheiten gemacht:

Ich habe inzwischen den defogger wieder abgestellt und die verdächtigen Files von Hand entfernt (genau genommen habe ich den kompletten Java-Class-Cache gelöscht). Ich bitte vielmals um Entschuldigung.

Weniger dumm finde ich: Die externe Platte läuft gerade nebenan am Laptop durch die vier Virenscanner der Desinfec't 2012 (bisher befundlos, nur Kaspersky stürzt mit Speichermangel ab - der Laptop ist etwas älter...).

Ich fange also noch einmal ganz von vorne an:

externe Festplatte zurück an den Desktop
Microsoft's Patches von dieser Woche installieren, oder?
defogger an.
Malwarebytes laufen lassen. Dabei bleibt mein "resident" Virenscanner von Eset an (oder?)
Eset online scanner laden und installieren, danach Netzwerkverbindung trennen, danach "resident" Virenscanner abschalten (oder?)
Eset online scanner laufen lassen
"resident" Scanner wieder einschalten
Netzwerkverbindung wieder herstellen
Logfiles von Malwarebytes und Eset online hier posten.

Ich persönlich bin nach wie vor über den Laptop im Forum erreichbar, falls eines der "oder?"s oben falsch gewesen sein sollte. Der Malwarebytes-Scan wird sowieso ein wenig dauern, vermute ich. Sobald das alles durch ist, melde ich mich hier mit den Logfiles wieder.
Nochmal herzlichen Dank !!!

Guten morgen, Arne, Guten morgen allerseits!

Ohne große Worte, auf geht's:
Ich habe zwei "alte" Malwarebytes-Logfiles: Hier ist das von Montag, die drei Registry-Keys habe ich bei Malwarebytes in die Quarantäne gesteckt, und da sind sie auch noch. Es war ein Quick-Scan mit eingeschaltetem defogger (d.h. abgeschalteten Dateisystem-Treibern)

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.11.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
(***) :: SIRIUS [Administrator]

Schutz: Aktiviert

11.06.2012 15:26:37
mbam-log-2012-06-11 (15-31-45).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 264288
Laufzeit: 4 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 3
HKCR\CLSID\{EFF39A40-C163-4d5d-B073-52FBB55C646A} (Trojan.Agent) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EFF39A40-C163-4D5D-B073-52FBB55C646A} (Trojan.Agent) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Ein vollständiger Scan lief gerade, als ich Deinen Post fand. Dabei war die USB-Festplatte nicht angeschlossen und der defogger war aus. Außerdem hatte ich vergessen, Malwarebytes zu aktualisieren.

Ich habe den Scan dann abgebrochen. Hier ist das Logfile zum abgebrochenen Scan:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.12.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
(***) :: SIRIUS [Administrator]

Schutz: Aktiviert

13.06.2012 10:25:16
mbam-log-2012-06-13 (10-25-16).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 575883
Laufzeit: 2 Stunde(n), 21 Minute(n), 53 Sekunde(n) [Abgebrochen]

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Das hier sind die Malwarebytes-Scan-Ergebnisse für die internen Festplatten mit einem Scan nach Deinen Anweisungen (defogger an).

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.13.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
(***) :: SIRIUS [Administrator]

Schutz: Aktiviert

13.06.2012 14:33:06
mbam-log-2012-06-13 (14-33-06).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 1061015
Laufzeit: 3 Stunde(n), 12 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

... und weil er die USB-Festplatte aus irgendwelchen Gründen nicht mitgenommen hatte, ist hier ein separates Scan-Log für die USB-Platte (defogger immer noch an, vollständiger Scan):

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.13.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
(***) :: SIRIUS [Administrator]

Schutz: Aktiviert

13.06.2012 18:16:21
mbam-log-2012-06-13 (18-16-21).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 302891
Laufzeit: 26 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Last but not least, das Log vom ESet-Online-Scanner. Ich habe den Online-Scanner mehrfach abgebrochen und neu gestartet, weil ich mir nicht sicher war, ob er ohne Netzverbindung klarkommt und der Scanner für eine der ersten Dateien fast 10 Minuten bei niedrigem CPU-Verbrauch gebraucht hat, bis das nächste Lebenszeichen kam.

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=6d4d091060c5f144a9446dee2c9f732b
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-13 06:02:40
# local_time=2012-06-13 08:02:40 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 31407672 91240235 0 0
# compatibility_mode=8204 39157181 100 73 17857 8486375 0 0
# scanned=100
# found=0
# cleaned=0
# scan_time=174
# nod_component=V3 Build:0x30000000
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=6d4d091060c5f144a9446dee2c9f732b
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-13 06:14:53
# local_time=2012-06-13 08:14:53 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 31407893 91240456 0 0
# compatibility_mode=8204 39157181 100 73 69 8486596 0 0
# scanned=100
# found=0
# cleaned=0
# scan_time=687
# nod_component=V3 Build:0x30000000
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=6d4d091060c5f144a9446dee2c9f732b
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-14 01:22:30
# local_time=2012-06-14 03:22:30 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 31408629 91241192 0 0
# compatibility_mode=8204 39157181 100 73 805 8487332 0 0
# scanned=906383
# found=1
# cleaned=0
# scan_time=25608
# nod_component=V3 Build:0x30000000
C:\Users\(***)\AppData\Local\Temp\jar_cache1939122487030792993.tmp	Java/Exploit.Blacole.AN trojan (unable to clean)	00000000000000000000000000000000	I

... und jetzt bin ich gespannt, wie es weiter geht. Vielen Dank für Dein Engagement!

Viele Grüße!

cosinus · 18.06.2012, 10:18

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Bangalorean · 18.06.2012, 16:43

Na dann los: Der defogger war nach wie vor an, allerdings hatte ich die Anwendung für den Scan beendet, ebenso wie den Browser. Den Virenscanner hatte ich nur abgeschaltet.

Hier ist die OTL.txt. Eine "Extras.txt" wurde scheinbar nicht angelegt.

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 18.06.2012 16:51:03 - Run 2
OTL by OldTimer - Version 3.2.48.0     Folder = C:\Users\(***)\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 5,41 Gb Available Physical Memory | 67,57% Memory free
16,00 Gb Paging File | 13,48 Gb Available in Paging File | 84,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298,09 Gb Total Space | 38,51 Gb Free Space | 12,92% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 372,06 Gb Free Space | 39,94% Space Free | Partition Type: NTFS
Drive L: | 465,63 Gb Total Space | 354,26 Gb Free Space | 76,08% Space Free | Partition Type: NTFS
Drive N: | 938,74 Gb Total Space | 901,14 Gb Free Space | 95,99% Space Free | Partition Type: NTFS
 
Computer Name: SIRIUS | User Name: (***) | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.10 19:33:20 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\(***)\Desktop\OTL.exe
PRC - [2012.05.09 09:47:54 | 001,014,112 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.03.07 15:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Programme\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2012.02.23 13:45:31 | 000,690,352 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) -- C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.11.08 12:54:25 | 000,554,160 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) -- C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe
PRC - [2011.10.01 12:43:40 | 000,336,896 | ---- | M] (AVM Berlin) -- C:\Users\(***)\AppData\Local\Apps\2.0\XLX82QWE.PKP\HPRQLD2A.2BO\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe
PRC - [2011.08.03 13:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.08.03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.03.29 15:33:08 | 000,598,312 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010.07.22 18:07:05 | 000,814,344 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe
PRC - [2010.02.01 11:38:24 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\Input Director\InputDirectorSessionHelper.exe
PRC - [2010.02.01 11:37:54 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Input Director\IDWinService.exe
PRC - [2009.09.23 14:38:18 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007.07.09 00:44:16 | 000,501,760 | ---- | M] () -- C:\Program Files (x86)\SPEEDLINK Wheel Mouse\ACQTMAPP.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.09 22:17:58 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012.05.09 22:17:05 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll
MOD - [2012.05.09 22:16:53 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.05.09 22:16:48 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.09 22:16:44 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.09 22:16:43 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.09 22:16:32 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012.04.24 00:35:09 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2012.03.22 00:32:36 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012.03.16 15:42:58 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
MOD - [2012.03.16 15:42:56 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
MOD - [2012.02.11 01:31:41 | 005,283,840 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
MOD - [2012.02.11 01:31:40 | 004,218,880 | ---- | M] () -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
MOD - [2011.10.01 12:43:30 | 000,368,640 | ---- | M] () -- C:\Users\(***)\AppData\Local\Apps\2.0\XLX82QWE.PKP\HPRQLD2A.2BO\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\managedupnp.DLL
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 03:58:05 | 000,970,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
MOD - [2009.07.14 19:58:23 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2009.07.14 19:58:23 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll
MOD - [2007.07.11 12:27:24 | 000,400,896 | ---- | M] () -- C:\Program Files (x86)\SPEEDLINK Wheel Mouse\ACQDEVCL.DLL
MOD - [2007.07.09 00:44:16 | 000,501,760 | ---- | M] () -- C:\Program Files (x86)\SPEEDLINK Wheel Mouse\ACQTMAPP.exe
MOD - [2007.06.24 15:14:52 | 000,029,696 | ---- | M] () -- C:\Program Files (x86)\SPEEDLINK Wheel Mouse\ACQTMDLL.DLL
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.11.24 01:53:54 | 005,556,520 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2012.06.06 15:45:16 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.03.07 15:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Programme\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.02.23 13:45:31 | 000,690,352 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto | Running] -- C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 8.0 OnlineUpdate)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.12.14 19:21:52 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.11.08 12:54:25 | 000,554,160 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto | Running] -- C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 7.0 OnlineUpdate)
SRV - [2011.08.03 13:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.08.03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.06.12 22:16:08 | 000,080,256 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ezGOSvc.dll -- (ezGOSvc)
SRV - [2011.03.29 15:33:08 | 000,598,312 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
SRV - [2010.11.16 02:32:14 | 000,343,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010.07.22 18:07:05 | 000,814,344 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.10.0)
SRV - [2010.06.25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010.04.02 21:34:12 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.01 11:37:54 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Input Director\IDWinService.exe -- (InputDirector)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.11.24 01:53:58 | 000,127,784 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\WTouch\WTouchService.exe -- (WTouchService)
SRV - [2009.09.23 14:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.02.08 05:15:36 | 000,013,824 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Input Director\IDVistaService.exe -- (IDVistaService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.22 14:26:10 | 000,147,288 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.14 08:40:04 | 000,137,144 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2012.03.14 08:40:02 | 000,209,768 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2012.03.14 08:40:02 | 000,148,528 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.11.21 13:03:00 | 000,199,752 | ---- | M] (1&1 Mail & Media GmbH) [File_System | System | Running] -- C:\Windows\SysNative\drivers\uiwbrdr.SYS -- (uiwbrdr)
DRV:64bit: - [2011.10.01 12:43:36 | 000,116,096 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avmaudio.sys -- (avmaudio)
DRV:64bit: - [2011.08.19 17:01:33 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2011.07.01 11:46:40 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.08.06 13:48:54 | 000,021,968 | ---- | M] (Licensed for Gebhard Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\DRHARD64.sys -- (DRHARD64)
DRV:64bit: - [2010.06.25 19:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010.06.16 21:15:56 | 000,096,768 | ---- | M] (Zoom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zmr16usbaudio.sys -- (ZOOM_R16MTR)
DRV:64bit: - [2010.04.17 22:02:15 | 000,698,376 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mod7700.sys -- (mod7700)
DRV:64bit: - [2010.04.17 22:02:15 | 000,024,200 | ---- | M] (DiBcom S.A.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\modrc.sys -- (MODRC)
DRV:64bit: - [2010.04.16 16:22:04 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2009.11.05 11:48:16 | 000,655,424 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emBDA64.sys -- (USB28xxBGA)
DRV:64bit: - [2009.11.05 11:48:16 | 000,624,448 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emOEM64.sys -- (USB28xxOEM)
DRV:64bit: - [2009.08.28 00:06:34 | 000,018,216 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2009.08.24 09:14:30 | 000,054,784 | ---- | M] (AzureWave Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\azvusb.sys -- (azvusb)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:00:13 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dot4Scan.sys -- (Dot4Scan)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.20 20:54:06 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2009.05.18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007.05.31 11:22:08 | 000,175,880 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiHF51A.sys -- (SaiHF51A)
DRV:64bit: - [2007.05.31 11:22:08 | 000,034,432 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiUF51A.sys -- (SaiUF51A)
DRV:64bit: - [2007.05.14 17:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2007.04.23 15:44:12 | 001,533,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\camdrv42.sys -- (camdrv42)
DRV:64bit: - [2007.02.16 20:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2006.11.16 15:58:46 | 000,031,248 | ---- | M] (SIA Syncrosoft) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\synUSB64.sys -- (SynasUSB)
DRV:64bit: - [2005.09.24 00:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2011.08.19 17:01:33 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010.08.06 13:48:54 | 000,021,968 | ---- | M] (Licensed for Gebhard Software) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\DRHARD64.sys -- (DRHARD64)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007.08.02 11:35:46 | 000,028,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ACRUSBTM.SYS -- (ACRUSBTM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3760890407-145060311-2719059191-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
IE - HKU\S-1-5-21-3760890407-145060311-2719059191-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
IE - HKU\S-1-5-21-3760890407-145060311-2719059191-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3760890407-145060311-2719059191-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3760890407-145060311-2719059191-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3760890407-145060311-2719059191-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 81 A2 F1 98 08 5B CA 01  [binary data]
IE - HKU\S-1-5-21-3760890407-145060311-2719059191-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3760890407-145060311-2719059191-1001\..\SearchScopes,DefaultScope = {FC5B11C2-26A9-444D-9AA9-D657B68B6071}
IE - HKU\S-1-5-21-3760890407-145060311-2719059191-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3760890407-145060311-2719059191-1001\..\SearchScopes\{9380CA6A-3318-4661-A64A-C6D7EE90E8FC}: "URL" = hxxp://suche.web.de/search/web/?su={searchTerms}
IE - HKU\S-1-5-21-3760890407-145060311-2719059191-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
IE - HKU\S-1-5-21-3760890407-145060311-2719059191-1001\..\SearchScopes\{FC5B11C2-26A9-444D-9AA9-D657B68B6071}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-3760890407-145060311-2719059191-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3760890407-145060311-2719059191-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@sony.com/eBookLibrary: C:\Program Files (x86)\Sony\Reader\Data\bin\npebldetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\(***)\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\(***)\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\(***)\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\(***)\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\(***)\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2012.06.05 13:49:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.06 15:45:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.19 09:48:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.05.19 09:48:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012.06.05 13:49:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\(***)\AppData\Roaming\5059
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.06 15:45:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.19 09:48:42 | 000,000,000 | ---D | M]
 
[2011.03.31 19:08:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\(***)\AppData\Roaming\mozilla\Extensions
[2009.12.08 22:38:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\(***)\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.03.31 19:08:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\(***)\AppData\Roaming\mozilla\Extensions\{847441a0-668c-4f1e-857f-7fb5fabebdb9}
[2012.06.02 19:26:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\(***)\AppData\Roaming\mozilla\Firefox\Profiles\blewa984.default\extensions
[2010.04.28 12:17:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\(***)\AppData\Roaming\mozilla\Firefox\Profiles\blewa984.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.01.16 21:36:57 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Users\(***)\AppData\Roaming\mozilla\Firefox\Profiles\blewa984.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2010.12.15 08:52:05 | 000,000,000 | ---D | M] (Niche Watch Tool) -- C:\Users\(***)\AppData\Roaming\mozilla\Firefox\Profiles\blewa984.default\extensions\{5c1a272d-6af9-4229-b821-11703c6b5ccf}
[2012.03.23 18:23:52 | 000,000,000 | ---D | M] (Selenium IDE) -- C:\Users\(***)\AppData\Roaming\mozilla\Firefox\Profiles\blewa984.default\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}
[2012.03.30 14:01:41 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\(***)\AppData\Roaming\mozilla\Firefox\Profiles\blewa984.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009.11.01 19:46:07 | 000,000,000 | ---D | M] (hideBad) -- C:\Users\(***)\AppData\Roaming\mozilla\Firefox\Profiles\blewa984.default\extensions\{be7e016e-4aea-4690-b59f-094890f69cce}
[2010.12.14 01:17:52 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Users\(***)\AppData\Roaming\mozilla\Firefox\Profiles\blewa984.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
[2010.03.25 21:55:44 | 000,000,000 | ---D | M] (Ctrl-Tab) -- C:\Users\(***)\AppData\Roaming\mozilla\Firefox\Profiles\blewa984.default\extensions\ctrl-tab@design-noir.de
[2012.01.05 15:20:04 | 000,000,000 | ---D | M] (Springpad Extension) -- C:\Users\(***)\AppData\Roaming\mozilla\Firefox\Profiles\blewa984.default\extensions\ext@sprng.me
[2012.05.15 00:04:24 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Users\(***)\AppData\Roaming\mozilla\Firefox\Profiles\blewa984.default\extensions\fb_add_on@avm.de
[2012.04.03 23:57:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.04.23 09:19:30 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.06.06 15:45:17 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.05.12 16:42:04 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll
[2010.05.12 16:43:54 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2010.05.12 16:42:52 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2010.05.12 16:42:32 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2012.03.14 09:11:47 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.05.12 17:22:36 | 000,423,328 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2010.05.12 16:43:56 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\(***)\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\(***)\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\(***)\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\(***)\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\(***)\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\(***)\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\(***)\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Reader Library (Enabled) = C:\Program Files (x86)\Sony\Reader\Data\bin\npebldetectmoz.dll
CHR - plugin:  Wacom Dynamic Link Library (Enabled) = C:\Program Files (x86)\TabletPlugins\npwacom.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\(***)\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: HootSuite Hootlet = C:\Users\(***)\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjgfdlplhmndoonmofmflcbiohgbkifn\1.5_0\
CHR - Extension: trunk.ly favorite = C:\Users\(***)\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmgfkgdojgojfgdnojldcnpojocgipim\0.19_0\
CHR - Extension: Cortex = C:\Users\(***)\AppData\Local\Google\Chrome\User Data\Default\Extensions\decglnkhpfoocpafihfbeodhgofefaoc\1.6.7_0\
CHR - Extension: Antworten und Mehr f\u00FCr Google+ = C:\Users\(***)\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgmhgfecnmeljhchgcjlfldjiepcfpea\1.52_0\
CHR - Extension: Instachrome = C:\Users\(***)\AppData\Local\Google\Chrome\User Data\Default\Extensions\fldildgghjoohccppflaohodcnmlacpb\1.5.7.1_0\
CHR - Extension: Toggl = C:\Users\(***)\AppData\Local\Google\Chrome\User Data\Default\Extensions\idlodjlnhgndgamohpahdopfchaepgfl\1_0\
CHR - Extension: Disconnect = C:\Users\(***)\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\3.4.0_0\
CHR - Extension: HootSuite = C:\Users\(***)\AppData\Local\Google\Chrome\User Data\Default\Extensions\kneloppijbcidgidihgdjnooihjcdbij\5.244_0\
CHR - Extension: Keyword Eye = C:\Users\(***)\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpecgnnihjbhfanlonlcpifjcdhpfhjm\1.1_0\
CHR - Extension: G+me f\u00FCr Google Plus\u2122 = C:\Users\(***)\AppData\Local\Google\Chrome\User Data\Default\Extensions\oacdcllhgpddmlnhajiacfakhlilbicp\6.0.3_0\
CHR - Extension: Do Share = C:\Users\(***)\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglhhmnmdocfhmhlekfdecokagmbchnf\2.1.4_0\
 
O1 HOSTS File: ([2012.01.04 18:52:55 | 000,440,010 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	123fporn.info
O1 - Hosts: 15127 more lines...
O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Deaktivierungs-Add-on für Browser von Google Analytics) - {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} - C:\Program Files (x86)\Google\Google Analytics Opt-Out\gaoptout.dll (Google, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [ProfilerU] C:\Programme\Saitek\SD6\Software\ProfilerU.exe (Saitek)
O4:64bit: - HKLM..\Run: [SaiMfd] C:\Programme\Saitek\SD6\Software\SaiMfd.exe (Saitek)
O4 - HKLM..\Run: [ACQTMOUSE] C:\Program Files (x86)\SPEEDLINK Wheel Mouse\ACQTMAPP.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKU\S-1-5-21-3760890407-145060311-2719059191-1001..\Run: [AVMUSBFernanschluss] C:\Users\(***)\AppData\Local\Apps\2.0\XLX82QWE.PKP\HPRQLD2A.2BO\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe (AVM Berlin)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3760890407-145060311-2719059191-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\(***)\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3760890407-145060311-2719059191-1001\..Trusted Domains: deutschepost.de ([internetmarke] https in Trusted sites)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?40118.6503240741 (Update Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ECE83CE6-3E5B-4FFB-90BD-DF1CC0D7619B}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Reg Error: Value error.
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.mjpg - pvmjpg30.dll File not found
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.13 12:52:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.06.13 12:51:38 | 002,322,184 | ---- | C] (ESET) -- C:\Users\(***)\Desktop\esetsmartinstaller_enu.exe
[2012.06.13 09:16:40 | 000,000,000 | ---D | C] -- C:\Users\(***)\AppData\Local\Macromedia
[2012.06.11 15:25:48 | 000,000,000 | ---D | C] -- C:\Users\(***)\AppData\Roaming\Malwarebytes
[2012.06.11 15:25:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.11 15:25:42 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.11 15:25:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.11 15:25:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.10 19:33:20 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\(***)\Desktop\OTL.exe
[2012.06.05 13:49:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2012.06.05 13:49:00 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2012.06.05 13:49:00 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.06.01 00:10:16 | 000,000,000 | ---D | C] -- C:\Users\(***)\iMapping
[2012.06.01 00:10:15 | 000,000,000 | ---D | C] -- C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iMapping
[2012.05.24 14:56:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Users\(***)\AppData\Roaming\*.tmp files -> C:\Users\(***)\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.18 16:29:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3760890407-145060311-2719059191-1001UA.job
[2012.06.18 16:05:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.18 14:39:01 | 000,001,138 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3760890407-145060311-2719059191-1001UA.job
[2012.06.18 09:29:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3760890407-145060311-2719059191-1001Core.job
[2012.06.18 08:39:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3760890407-145060311-2719059191-1001Core.job
[2012.06.17 23:05:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.15 03:04:07 | 000,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.15 03:04:07 | 000,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.13 14:13:53 | 000,000,000 | ---- | M] () -- C:\Users\(***)\defogger_reenable
[2012.06.13 14:05:19 | 000,452,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.13 14:05:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.13 14:04:44 | 2147,033,087 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.13 13:55:29 | 001,642,296 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.13 13:55:29 | 000,699,752 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.13 13:55:29 | 000,655,070 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.13 13:55:29 | 000,148,988 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.13 13:55:29 | 000,121,942 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.13 12:51:38 | 002,322,184 | ---- | M] (ESET) -- C:\Users\(***)\Desktop\esetsmartinstaller_enu.exe
[2012.06.13 09:20:50 | 000,001,303 | ---- | M] () -- C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2012.06.13 00:39:10 | 000,012,333 | ---- | M] () -- C:\Users\(***)\.bash_history
[2012.06.12 06:26:30 | 000,002,407 | ---- | M] () -- C:\Users\(***)\Desktop\Google Chrome.lnk
[2012.06.11 15:25:43 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.10 22:55:01 | 000,044,361 | ---- | M] () -- C:\Users\(***)\Desktop\Bangalorean.zip
[2012.06.10 19:33:20 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\(***)\Desktop\OTL.exe
[2012.06.09 16:42:12 | 000,000,600 | ---- | M] () -- C:\Users\(***)\AppData\Local\PUTTY.RND
[2012.06.05 18:23:33 | 001,091,159 | ---- | M] () -- C:\Users\(***)\Documents\(***).pdf
[2012.06.01 00:10:15 | 000,002,032 | ---- | M] () -- C:\Users\(***)\Desktop\iMapping.lnk
[2012.05.24 14:56:13 | 000,001,087 | ---- | M] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Users\(***)\AppData\Roaming\*.tmp files -> C:\Users\(***)\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.13 14:13:53 | 000,000,000 | ---- | C] () -- C:\Users\(***)\defogger_reenable
[2012.06.11 15:25:43 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.10 22:55:00 | 000,044,361 | ---- | C] () -- C:\Users\(***)\Desktop\Bangalorean.zip
[2012.06.05 18:23:29 | 001,091,159 | ---- | C] () -- C:\Users\(***)\Documents\(***).pdf
[2012.06.01 00:10:15 | 000,002,032 | ---- | C] () -- C:\Users\(***)\Desktop\iMapping.lnk
[2012.05.24 14:56:13 | 000,001,087 | ---- | C] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2012.05.15 09:28:08 | 000,038,447 | ---- | C] () -- C:\Users\(***)\AppData\Roaming\Comma Separated Values (Windows).ADR
[2012.04.17 15:58:12 | 000,138,608 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvmc100.dll
[2012.04.17 15:58:10 | 000,074,608 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvm100.dll
[2012.04.17 15:58:08 | 000,309,616 | ---- | C] () -- C:\Windows\SysWow64\LxDNT100.dll
[2012.04.09 22:12:44 | 000,001,153 | ---- | C] () -- C:\Users\(***)\AppData\Roaming\.ptbt1
[2012.02.27 11:41:52 | 000,202,240 | ---- | C] () -- C:\Windows\SysWow64\LXPrnUtil10.dll
[2011.12.14 18:15:24 | 000,000,018 | ---- | C] () -- C:\Users\(***)\AppData\Roaming\blckdom.res
[2011.08.03 03:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.06.16 08:43:53 | 000,080,256 | ---- | C] () -- C:\Windows\SysWow64\ezGOSvc.dll
[2011.06.13 19:00:20 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\drivers\ACRUSBTM.SYS
[2011.06.10 21:15:43 | 001,598,198 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.04.01 21:44:18 | 000,002,892 | ---- | C] () -- C:\Windows\SysWow64\audcon.sys
[2011.01.29 13:34:16 | 000,000,435 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010.10.21 15:18:46 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\dnt27VC8.dll
[2010.10.21 15:16:58 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\dntvmc27VC8.dll
[2010.10.21 15:16:34 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dntvm27VC8.dll
[2010.10.11 17:06:05 | 000,000,530 | ---- | C] () -- C:\Windows\SysWow64\tx151ic.ini
[2010.08.22 13:25:15 | 000,012,693 | ---- | C] () -- C:\Windows\scunin.dat
[2010.06.25 19:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
 
========== LOP Check ==========
 
[2012.01.12 14:23:21 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\4Team
[2011.12.17 12:26:18 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\AceBIT
[2009.12.05 00:52:35 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Amazon
[2010.12.29 23:55:21 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Artisteer
[2009.11.03 00:44:24 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\ASCOMP Software
[2012.03.19 18:41:15 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Audacity
[2010.11.21 13:33:50 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Avery
[2011.09.27 21:35:16 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\BeautyPilot
[2012.04.01 23:07:46 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\BitTorrent
[2009.11.03 20:05:29 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\BlogBridge
[2011.06.11 00:47:14 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\calibre
[2010.05.02 22:43:16 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\com.livebrush.2205ABAA7E8202CDC1251B1FA1E879364B7BAB52.1
[2010.05.26 22:34:18 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\com.seesmic.desktop.client.D89F32799270693BEF34AAA36E9B2632B59240FA.1
[2010.12.02 22:12:42 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\DataDesign
[2012.03.28 17:49:46 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\de.ebuero.air.0BA3C9D95ACADB00E530F4D1E731D855F807BD7D.1
[2009.11.02 08:39:40 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\de.makesoft.twhirl.0EA062BC275E7ED1E6EC3762EFFD73C7158ADF33.1
[2010.06.19 15:43:02 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\DesktopWebAnalytics.FB5198EFD7978A66B6BD7109FD84E1C1DE681503.1
[2012.05.13 17:19:06 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\DigitalVolcano
[2012.06.13 14:09:58 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Dropbox
[2010.04.18 10:34:05 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\e-on software
[2011.02.27 17:35:13 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\EarMaster
[2010.02.20 13:46:05 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\ePaperPress
[2012.05.06 16:01:07 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\FileZilla
[2011.11.11 16:08:16 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\FRITZ!
[2011.10.01 15:51:10 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\FRITZ!fax für FRITZ!Box
[2012.01.27 13:52:14 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\GetRightToGo
[2012.01.01 04:45:03 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\go
[2012.05.06 15:51:43 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\gtk-2.0
[2011.06.18 12:48:14 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\HandBrake
[2011.03.31 19:08:54 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Haufe Mediengruppe
[2010.09.26 19:19:27 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\HDRsoft
[2009.11.05 21:50:58 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Helios
[2009.12.19 15:04:38 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\ICAClient
[2012.01.22 14:38:54 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\ICQ
[2012.01.27 13:54:32 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\iJoysoft
[2009.11.02 22:44:40 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\IrfanView
[2012.05.13 17:19:01 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\IsolatedStorage
[2011.07.03 16:11:06 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\jAlbum
[2011.01.05 23:11:48 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\julitec
[2011.12.14 18:14:02 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\kock
[2011.03.31 00:47:54 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Lexware
[2012.06.09 00:09:50 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\MediaMonkey
[2012.04.19 23:11:19 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\MysteryStudio
[2012.04.02 22:48:43 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\NinjaOA
[2011.11.08 18:33:41 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\OpenCandy
[2010.10.15 22:51:03 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Opera
[2010.05.16 13:48:06 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\orgAnice Software GmbH
[2012.03.23 14:50:29 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\PDF Software
[2012.06.05 16:31:58 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\PhonerLite
[2011.12.05 09:27:19 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\PhraseExpress
[2011.11.09 12:38:17 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\PR-Gateway
[2012.05.07 12:02:21 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\QuteCom
[2010.02.24 15:08:10 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\RawTherapee
[2010.01.05 16:33:38 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Scribus
[2010.02.11 08:59:11 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Softland
[2009.11.02 09:34:23 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\SoftMaker
[2011.04.02 10:02:34 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Steinberg
[2010.01.20 08:48:42 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Subversion
[2010.04.17 19:09:34 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\TerraTec
[2011.08.20 10:50:57 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\ThumbsPlus
[2009.12.08 22:38:07 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Thunderbird
[2011.09.12 23:03:47 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Tropico 3
[2011.12.16 16:53:45 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\TuneUpMedia
[2011.12.14 18:36:44 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\UAs
[2012.04.24 22:47:09 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Ubisoft
[2011.09.17 17:34:15 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Viewer2
[2011.01.26 00:03:21 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\w.bloggar
[2010.05.02 00:24:28 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Wacom
[2010.05.02 00:24:30 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
[2010.11.15 10:18:02 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\WEB.DE
[2010.05.02 00:16:28 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\WTouch
[2011.03.03 01:52:14 | 000,000,000 | -HSD | M] -- C:\Users\(***)\AppData\Roaming\wyUpdate AU
[2011.12.14 18:37:28 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\xmldm
[2010.11.28 00:27:43 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Wacom
[2010.11.28 00:25:48 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\WTouch
[2012.06.18 08:39:00 | 000,001,116 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3760890407-145060311-2719059191-1001Core.job
[2012.06.18 14:39:01 | 000,001,138 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3760890407-145060311-2719059191-1001UA.job
[2011.04.20 20:11:55 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.01.12 14:23:21 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\4Team
[2009.12.20 23:12:41 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\ABBYY
[2011.12.17 12:26:18 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\AceBIT
[2012.01.22 14:21:36 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Adobe
[2009.12.05 00:52:35 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Amazon
[2012.03.17 13:55:48 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Apple Computer
[2009.12.13 01:03:33 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\AppleTV&More
[2010.12.29 23:55:21 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Artisteer
[2009.11.03 00:44:24 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\ASCOMP Software
[2012.03.19 18:41:15 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Audacity
[2010.11.21 13:33:50 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Avery
[2011.06.21 07:21:34 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\AVS4YOU
[2011.09.27 21:35:16 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\BeautyPilot
[2012.04.01 23:07:46 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\BitTorrent
[2009.11.03 20:05:29 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\BlogBridge
[2011.06.11 00:47:14 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\calibre
[2010.05.02 22:43:16 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\com.livebrush.2205ABAA7E8202CDC1251B1FA1E879364B7BAB52.1
[2010.05.26 22:34:18 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\com.seesmic.desktop.client.D89F32799270693BEF34AAA36E9B2632B59240FA.1
[2010.12.02 22:12:42 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\DataDesign
[2012.03.28 17:49:46 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\de.ebuero.air.0BA3C9D95ACADB00E530F4D1E731D855F807BD7D.1
[2009.11.02 08:39:40 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\de.makesoft.twhirl.0EA062BC275E7ED1E6EC3762EFFD73C7158ADF33.1
[2010.06.19 15:43:02 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\DesktopWebAnalytics.FB5198EFD7978A66B6BD7109FD84E1C1DE681503.1
[2012.05.13 17:19:06 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\DigitalVolcano
[2010.04.28 15:40:33 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\DivX
[2012.06.13 14:09:58 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Dropbox
[2010.04.18 10:34:05 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\e-on software
[2011.02.27 17:35:13 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\EarMaster
[2010.02.20 13:46:05 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\ePaperPress
[2012.05.06 16:01:07 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\FileZilla
[2011.11.11 16:08:16 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\FRITZ!
[2011.10.01 15:51:10 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\FRITZ!fax für FRITZ!Box
[2012.01.27 13:52:14 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\GetRightToGo
[2012.01.01 04:45:03 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\go
[2012.05.06 15:51:43 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\gtk-2.0
[2011.06.18 12:48:14 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\HandBrake
[2011.03.31 19:08:54 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Haufe Mediengruppe
[2010.09.26 19:19:27 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\HDRsoft
[2009.11.05 21:50:58 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Helios
[2012.01.22 14:25:50 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Help
[2009.12.19 15:04:38 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\ICAClient
[2012.01.22 14:38:54 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\ICQ
[2009.11.01 16:43:32 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Identities
[2012.01.27 13:54:32 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\iJoysoft
[2010.12.02 22:06:00 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\InstallShield
[2009.11.02 22:44:40 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\IrfanView
[2012.05.13 17:19:01 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\IsolatedStorage
[2011.07.03 16:11:06 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\jAlbum
[2011.01.05 23:11:48 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\julitec
[2011.12.14 18:14:02 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\kock
[2011.03.31 00:47:54 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Lexware
[2012.01.22 14:29:39 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Macromedia
[2012.06.11 15:25:48 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Malwarebytes
[2012.01.22 18:57:58 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Media Center Programs
[2012.01.22 14:30:39 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Media Player Classic
[2012.06.09 00:09:50 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\MediaMonkey
[2012.05.16 13:51:20 | 000,000,000 | --SD | M] -- C:\Users\(***)\AppData\Roaming\Microsoft
[2012.06.17 13:27:31 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Mozilla
[2012.04.19 23:11:19 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\MysteryStudio
[2011.04.20 20:45:45 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Nero
[2012.04.02 22:48:43 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\NinjaOA
[2011.10.22 00:23:56 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\NVIDIA
[2011.11.08 18:33:41 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\OpenCandy
[2010.10.15 22:51:03 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Opera
[2010.05.16 13:48:06 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\orgAnice Software GmbH
[2012.03.23 14:50:29 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\PDF Software
[2012.06.05 16:31:58 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\PhonerLite
[2011.12.05 09:27:19 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\PhraseExpress
[2011.11.09 12:38:17 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\PR-Gateway
[2012.05.07 12:02:21 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\QuteCom
[2010.02.24 15:08:10 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\RawTherapee
[2010.01.05 16:33:38 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Scribus
[2012.06.04 23:28:06 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Skype
[2011.11.18 09:08:24 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\skypePM
[2010.02.11 08:59:11 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Softland
[2009.11.02 09:34:23 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\SoftMaker
[2011.04.02 10:02:34 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Steinberg
[2010.01.20 08:48:42 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Subversion
[2009.11.01 23:03:01 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Talkback
[2010.04.17 19:09:34 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\TerraTec
[2011.08.20 10:50:57 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\ThumbsPlus
[2009.12.08 22:38:07 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Thunderbird
[2011.06.08 23:20:06 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\TortoiseSVN
[2011.09.12 23:03:47 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Tropico 3
[2011.12.16 16:53:45 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\TuneUpMedia
[2011.12.14 18:36:44 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\UAs
[2012.04.24 22:47:09 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Ubisoft
[2011.09.17 17:34:15 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Viewer2
[2011.01.26 00:03:21 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\w.bloggar
[2010.05.02 00:24:28 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Wacom
[2010.05.02 00:24:30 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
[2010.11.15 10:18:02 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\WEB.DE
[2012.06.13 14:09:27 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\WTablet
[2010.05.02 00:16:28 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\WTouch
[2011.03.03 01:52:14 | 000,000,000 | -HSD | M] -- C:\Users\(***)\AppData\Roaming\wyUpdate AU
[2011.12.14 18:37:28 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\xmldm
 
< %APPDATA%\*.exe /s >
[2011.12.18 14:24:49 | 000,284,160 | ---- | M] () -- C:\Users\(***)\AppData\Roaming\AceBIT\ASEOPS 8\Temp\tidy_de.exe
[2011.12.18 14:24:49 | 000,282,624 | ---- | M] () -- C:\Users\(***)\AppData\Roaming\AceBIT\ASEOPS 8\Temp\tidy_en.exe
[2009.12.29 14:17:06 | 003,014,000 | ---- | M] (ASCOMP Software GmbH                                        ) -- C:\Users\(***)\AppData\Roaming\ASCOMP Software\HDD-Booster\hddboost.exe
[2012.02.15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\(***)\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.02.15 01:03:44 | 000,174,752 | ---- | M] (Dropbox, Inc.) -- C:\Users\(***)\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2012.04.02 08:03:14 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\(***)\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2007.07.17 07:23:00 | 003,553,680 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\(***)\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\connectaddin6x5\connectaddin6x5.exe
[2010.05.29 21:38:08 | 000,117,427 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\(***)\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\digitaleditions\digitaleditions.exe
[2010.12.04 00:08:35 | 000,004,710 | R--- | M] () -- C:\Users\(***)\AppData\Roaming\Microsoft\Installer\{4C9E7EA5-9A3F-4C54-9038-EBB4CF25C29D}\ARPPRODUCTICON.exe
[2011.07.14 00:27:10 | 000,137,750 | R--- | M] () -- C:\Users\(***)\AppData\Roaming\Microsoft\Installer\{5D5509EA-B85A-411E-AB75-59069A411876}\_02506422F3D2BE4CA37487.exe
[2011.07.14 00:27:10 | 000,137,750 | R--- | M] () -- C:\Users\(***)\AppData\Roaming\Microsoft\Installer\{5D5509EA-B85A-411E-AB75-59069A411876}\_267C690D0AFBAADCB8FC6B.exe
[2011.07.14 00:27:10 | 000,010,134 | R--- | M] () -- C:\Users\(***)\AppData\Roaming\Microsoft\Installer\{5D5509EA-B85A-411E-AB75-59069A411876}\_4F0256E95A66B02112203A.exe
[2011.07.14 00:27:10 | 000,137,750 | R--- | M] () -- C:\Users\(***)\AppData\Roaming\Microsoft\Installer\{5D5509EA-B85A-411E-AB75-59069A411876}\_853F67D554F05449430E7E.exe
[2009.11.29 19:44:47 | 000,029,926 | R--- | M] () -- C:\Users\(***)\AppData\Roaming\Microsoft\Installer\{6DE721A5-5E89-4D74-994C-652BB3C0672E}\ARPPRODUCTICON.exe
[2012.04.17 19:42:39 | 000,031,232 | R--- | M] () -- C:\Users\(***)\AppData\Roaming\Microsoft\Installer\{8505C641-422E-4E3C-B6B0-0F070E289FDD}\Icon8505C6411.exe
[2011.08.10 00:21:30 | 028,982,144 | ---- | M] (TuneUp Media, Inc.) -- C:\Users\(***)\AppData\Roaming\OpenCandy\30B3F734FEE94F99877E9994E73B89B4\TuneUpInst-2.2.1-cmp218.exe
[2012.06.05 16:29:48 | 004,873,272 | ---- | M] (Heiko Sommerfeldt                                           ) -- C:\Users\(***)\AppData\Roaming\PhonerLite\PhonerLiteSetup.exe
[2007.11.28 13:03:40 | 000,523,776 | ---- | M] () -- C:\Users\(***)\AppData\Roaming\SoftMaker\smun3250.exe
 
< %SYSTEMDRIVE%\*.exe >
[2004.03.10 23:16:33 | 000,077,824 | ---- | M] (Moodlogic) -- C:\catgen.exe
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 48 bytes -> C:\Windows:E4421082D031DC8B

< End of report >

--- --- ---

cosinus · 18.06.2012, 20:54

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:

ATTFilter

:OTL
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
IE - HKU\S-1-5-21-3760890407-145060311-2719059191-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
IE - HKU\S-1-5-21-3760890407-145060311-2719059191-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
IE - HKU\S-1-5-21-3760890407-145060311-2719059191-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3760890407-145060311-2719059191-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3760890407-145060311-2719059191-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3760890407-145060311-2719059191-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 81 A2 F1 98 08 5B CA 01  [binary data]
IE - HKU\S-1-5-21-3760890407-145060311-2719059191-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3760890407-145060311-2719059191-1001\..\SearchScopes,DefaultScope = {FC5B11C2-26A9-444D-9AA9-D657B68B6071}
IE - HKU\S-1-5-21-3760890407-145060311-2719059191-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3760890407-145060311-2719059191-1001\..\SearchScopes\{9380CA6A-3318-4661-A64A-C6D7EE90E8FC}: "URL" = http://suche.web.de/search/web/?su={searchTerms}
IE - HKU\S-1-5-21-3760890407-145060311-2719059191-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
FF - user.js - File not found
[2010.04.28 12:17:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\(***)\AppData\Roaming\mozilla\Firefox\Profiles\blewa984.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3760890407-145060311-2719059191-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
[2011.12.14 18:37:28 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\xmldm
[2011.12.14 18:14:02 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\kock
[2011.12.14 18:36:44 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\UAs
[2004.03.10 23:16:33 | 000,077,824 | ---- | M] (Moodlogic) -- C:\catgen.exe
@Alternate Data Stream - 48 bytes -> C:\Windows:E4421082D031DC8B
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Bangalorean · 18.06.2012, 21:45

OK, weiter geht's. Hier ist das Logfile nach dem OTL-Fix, nach Neustart:

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKU\S-1-5-21-3760890407-145060311-2719059191-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-3760890407-145060311-2719059191-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-21-3760890407-145060311-2719059191-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-3760890407-145060311-2719059191-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-3760890407-145060311-2719059191-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-3760890407-145060311-2719059191-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
HKU\S-1-5-21-3760890407-145060311-2719059191-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
HKEY_USERS\S-1-5-21-3760890407-145060311-2719059191-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3760890407-145060311-2719059191-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3760890407-145060311-2719059191-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9380CA6A-3318-4661-A64A-C6D7EE90E8FC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9380CA6A-3318-4661-A64A-C6D7EE90E8FC}\ not found.
Registry key HKEY_USERS\S-1-5-21-3760890407-145060311-2719059191-1001\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
C:\Users\(***)\AppData\Roaming\mozilla\Firefox\Profiles\blewa984.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences folder moved successfully.
C:\Users\(***)\AppData\Roaming\mozilla\Firefox\Profiles\blewa984.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults folder moved successfully.
C:\Users\(***)\AppData\Roaming\mozilla\Firefox\Profiles\blewa984.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome folder moved successfully.
C:\Users\(***)\AppData\Roaming\mozilla\Firefox\Profiles\blewa984.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} folder moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3760890407-145060311-2719059191-1005\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLinkedConnections deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\SoftwareSASGeneration deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L\ not found.
File L:\LaunchU3.exe -a not found.
C:\Users\(***)\AppData\Roaming\xmldm folder moved successfully.
C:\Users\(***)\AppData\Roaming\kock folder moved successfully.
C:\Users\(***)\AppData\Roaming\UAs folder moved successfully.
C:\catgen.exe moved successfully.
ADS C:\Windows:E4421082D031DC8B deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: (***)
->Temp folder emptied: 4200640459 bytes
->Temporary Internet Files folder emptied: 357706362 bytes
->Java cache emptied: 122806 bytes
->FireFox cache emptied: 815435857 bytes
->Google Chrome cache emptied: 375436427 bytes
->Apple Safari cache emptied: 4140032 bytes
->Opera cache emptied: 7087512 bytes
->Flash cache emptied: 4022430 bytes
 
User: (****)
->Temp folder emptied: 35300 bytes
->Temporary Internet Files folder emptied: 6845366 bytes
->Flash cache emptied: 56504 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 2035712 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1321786703 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 102360 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 736 bytes
RecycleBin emptied: 643231284 bytes
 
Total Files Cleaned = 7.380,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: AppData
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: (***)
->Flash cache emptied: 0 bytes
 
User: (****)
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.48.0 log created on 06182012_222521

Files\Folders moved on Reboot...
C:\Users\(***)\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Vielen, vielen Dank!

Ich vermute, jetzt kommt noch irgendein Scan-Lauf, um so gut es geht sicherzustellen, dass alles geklappt hat. Stimmt's?

Bangalorean

cosinus · 18.06.2012, 21:54

Ja so ungefähr

Wir müssen auch noch auf Rootkits prüfen und zB den MBR abklopfen

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Bangalorean · 18.06.2012, 22:23

Hallo Arne,

meinst Du mit "normaler Modus" das Gegenteil vom Admin Modus?
d.h. die Benutzerkontensteuerung fragt, ob ich TDSS als Admin ausführen will.
Ja oder nein?

Danke!
Josef

Hier ist das Log vom TDSSKiller.

Code:

ATTFilter

23:53:15.0756 3492	TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
23:53:15.0912 3492	============================================================
23:53:15.0912 3492	Current date / time: 2012/06/18 23:53:15.0912
23:53:15.0912 3492	SystemInfo:
23:53:15.0912 3492	
23:53:15.0912 3492	OS Version: 6.1.7601 ServicePack: 1.0
23:53:15.0912 3492	Product type: Workstation
23:53:15.0912 3492	ComputerName: SIRIUS
23:53:15.0912 3492	UserName: (***)
23:53:15.0912 3492	Windows directory: C:\Windows
23:53:15.0912 3492	System windows directory: C:\Windows
23:53:15.0912 3492	Running under WOW64
23:53:15.0912 3492	Processor architecture: Intel x64
23:53:15.0912 3492	Number of processors: 2
23:53:15.0912 3492	Page size: 0x1000
23:53:15.0912 3492	Boot type: Normal boot
23:53:15.0912 3492	============================================================
23:53:16.0567 3492	Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:53:16.0567 3492	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:53:16.0567 3492	Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:53:22.0770 3492	============================================================
23:53:22.0770 3492	\Device\Harddisk1\DR1:
23:53:22.0770 3492	MBR partitions:
23:53:22.0770 3492	\Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
23:53:22.0770 3492	\Device\Harddisk0\DR0:
23:53:22.0770 3492	GPT partitions:
23:53:22.0772 3492	\Device\Harddisk0\DR0\Partition0: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {B47BB0D5-BBC4-46F3-A7F0-ECF8CC0BCDAD}, Name: Microsoft reserved partition, StartLBA 0x22, BlocksNum 0x40000
23:53:22.0772 3492	\Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {6B5596DD-494A-41E4-B3B6-FDFFB75C3619}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0x3A345000
23:53:22.0772 3492	MBR partitions:
23:53:22.0772 3492	\Device\Harddisk2\DR2:
23:53:24.0710 3492	MBR partitions:
23:53:24.0710 3492	\Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x747059C1
23:53:24.0710 3492	============================================================
23:53:24.0803 3492	C: <-> \Device\Harddisk1\DR1\Partition0
23:53:24.0913 3492	E: <-> \Device\Harddisk2\DR2\Partition0
23:53:24.0913 3492	L: <-> \Device\Harddisk0\DR0\Partition1
23:53:24.0913 3492	============================================================
23:53:24.0913 3492	Initialize success
23:53:24.0913 3492	============================================================
23:53:52.0797 4612	============================================================
23:53:52.0797 4612	Scan started
23:53:52.0797 4612	Mode: Manual; SigCheck; TDLFS; 
23:53:52.0797 4612	============================================================
23:53:53.0795 4612	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
23:53:53.0889 4612	1394ohci - ok
23:53:54.0076 4612	ABBYY.Licensing.FineReader.Professional.10.0 (309e130e78baf666d65395d950f30885) C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe
23:53:54.0091 4612	ABBYY.Licensing.FineReader.Professional.10.0 - ok
23:53:54.0169 4612	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
23:53:54.0185 4612	ACPI - ok
23:53:54.0232 4612	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
23:53:54.0325 4612	AcpiPmi - ok
23:53:54.0357 4612	ACRUSBTM - ok
23:53:54.0450 4612	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:53:54.0466 4612	AdobeARMservice - ok
23:53:54.0544 4612	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
23:53:54.0575 4612	adp94xx - ok
23:53:54.0606 4612	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
23:53:54.0622 4612	adpahci - ok
23:53:54.0653 4612	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
23:53:54.0653 4612	adpu320 - ok
23:53:54.0715 4612	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
23:53:54.0856 4612	AeLookupSvc - ok
23:53:54.0949 4612	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
23:53:55.0012 4612	AFD - ok
23:53:55.0059 4612	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
23:53:55.0059 4612	agp440 - ok
23:53:55.0090 4612	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
23:53:55.0152 4612	ALG - ok
23:53:55.0199 4612	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
23:53:55.0199 4612	aliide - ok
23:53:55.0215 4612	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
23:53:55.0230 4612	amdide - ok
23:53:55.0293 4612	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
23:53:55.0324 4612	AmdK8 - ok
23:53:55.0324 4612	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
23:53:55.0355 4612	AmdPPM - ok
23:53:55.0433 4612	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
23:53:55.0449 4612	amdsata - ok
23:53:55.0464 4612	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
23:53:55.0480 4612	amdsbs - ok
23:53:55.0527 4612	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
23:53:55.0527 4612	amdxata - ok
23:53:55.0589 4612	AnyDVD          (2c4a05fcef72ef614dcd11d0872498c9) C:\Windows\system32\Drivers\AnyDVD.sys
23:53:55.0620 4612	AnyDVD - ok
23:53:55.0683 4612	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
23:53:55.0839 4612	AppID - ok
23:53:55.0870 4612	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
23:53:55.0948 4612	AppIDSvc - ok
23:53:56.0010 4612	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
23:53:56.0057 4612	Appinfo - ok
23:53:56.0244 4612	Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:53:56.0260 4612	Apple Mobile Device - ok
23:53:56.0307 4612	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
23:53:56.0307 4612	arc - ok
23:53:56.0322 4612	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
23:53:56.0338 4612	arcsas - ok
23:53:56.0556 4612	aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:53:56.0587 4612	aspnet_state - ok
23:53:56.0619 4612	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:53:56.0681 4612	AsyncMac - ok
23:53:56.0712 4612	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
23:53:56.0728 4612	atapi - ok
23:53:56.0806 4612	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:53:56.0868 4612	AudioEndpointBuilder - ok
23:53:56.0884 4612	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:53:56.0915 4612	AudioSrv - ok
23:53:56.0993 4612	avmaudio        (bd39d7cfd9d6a73396b618113a8e8d57) C:\Windows\system32\DRIVERS\avmaudio.sys
23:53:57.0055 4612	avmaudio - ok
23:53:57.0118 4612	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
23:53:57.0196 4612	AxInstSV - ok
23:53:57.0258 4612	azvusb          (9f4320ba8e7ce2342517b182a2f2c0e6) C:\Windows\system32\DRIVERS\azvusb.sys
23:53:57.0305 4612	azvusb - ok
23:53:57.0367 4612	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
23:53:57.0414 4612	b06bdrv - ok
23:53:57.0508 4612	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:53:57.0555 4612	b57nd60a - ok
23:53:57.0633 4612	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
23:53:57.0648 4612	BDESVC - ok
23:53:57.0679 4612	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:53:57.0742 4612	Beep - ok
23:53:57.0820 4612	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
23:53:57.0867 4612	BFE - ok
23:53:57.0946 4612	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
23:53:58.0008 4612	BITS - ok
23:53:58.0086 4612	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
23:53:58.0117 4612	blbdrive - ok
23:53:58.0289 4612	Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
23:53:58.0304 4612	Bonjour Service - ok
23:53:58.0351 4612	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
23:53:58.0414 4612	bowser - ok
23:53:58.0460 4612	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:53:58.0492 4612	BrFiltLo - ok
23:53:58.0507 4612	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:53:58.0523 4612	BrFiltUp - ok
23:53:58.0570 4612	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
23:53:58.0632 4612	Browser - ok
23:53:58.0663 4612	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:53:58.0741 4612	Brserid - ok
23:53:58.0741 4612	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:53:58.0788 4612	BrSerWdm - ok
23:53:58.0804 4612	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:53:58.0835 4612	BrUsbMdm - ok
23:53:58.0850 4612	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:53:58.0897 4612	BrUsbSer - ok
23:53:58.0913 4612	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
23:53:58.0944 4612	BTHMODEM - ok
23:53:59.0006 4612	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
23:53:59.0053 4612	bthserv - ok
23:53:59.0178 4612	camdrv42        (19c8e65dc74d8240c3c8be0f8751b17e) C:\Windows\system32\DRIVERS\camdrv42.sys
23:53:59.0240 4612	camdrv42 - ok
23:53:59.0412 4612	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:53:59.0443 4612	cdfs - ok
23:53:59.0506 4612	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
23:53:59.0537 4612	cdrom - ok
23:53:59.0599 4612	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:53:59.0662 4612	CertPropSvc - ok
23:53:59.0693 4612	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
23:53:59.0724 4612	circlass - ok
23:53:59.0771 4612	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:53:59.0786 4612	CLFS - ok
23:53:59.0896 4612	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:53:59.0911 4612	clr_optimization_v2.0.50727_32 - ok
23:53:59.0942 4612	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:53:59.0958 4612	clr_optimization_v2.0.50727_64 - ok
23:54:00.0036 4612	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:54:00.0114 4612	clr_optimization_v4.0.30319_32 - ok
23:54:00.0161 4612	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:54:00.0192 4612	clr_optimization_v4.0.30319_64 - ok
23:54:00.0270 4612	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
23:54:00.0286 4612	CmBatt - ok
23:54:00.0332 4612	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
23:54:00.0348 4612	cmdide - ok
23:54:00.0410 4612	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
23:54:00.0426 4612	CNG - ok
23:54:00.0457 4612	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
23:54:00.0473 4612	Compbatt - ok
23:54:00.0520 4612	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
23:54:00.0551 4612	CompositeBus - ok
23:54:00.0551 4612	COMSysApp - ok
23:54:00.0566 4612	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
23:54:00.0582 4612	crcdisk - ok
23:54:00.0644 4612	CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
23:54:00.0691 4612	CryptSvc - ok
23:54:00.0769 4612	ctxusbm         (ba8e5b2291c01ef71ca80e25f0c79d55) C:\Windows\system32\DRIVERS\ctxusbm.sys
23:54:00.0769 4612	ctxusbm - ok
23:54:00.0847 4612	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
23:54:00.0910 4612	DcomLaunch - ok
23:54:00.0956 4612	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
23:54:01.0003 4612	defragsvc - ok
23:54:01.0066 4612	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
23:54:01.0128 4612	DfsC - ok
23:54:01.0190 4612	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
23:54:01.0222 4612	Dhcp - ok
23:54:01.0268 4612	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:54:01.0331 4612	discache - ok
23:54:01.0378 4612	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
23:54:01.0393 4612	Disk - ok
23:54:01.0409 4612	DlinkUDSMBus - ok
23:54:01.0471 4612	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
23:54:01.0534 4612	Dnscache - ok
23:54:01.0596 4612	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
23:54:01.0690 4612	dot3svc - ok
23:54:01.0736 4612	Dot4            (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
23:54:01.0768 4612	Dot4 - ok
23:54:01.0846 4612	Dot4Print       (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
23:54:01.0861 4612	Dot4Print - ok
23:54:01.0908 4612	Dot4Scan        (488669cd1cd3bdcfdd9a5fda72209069) C:\Windows\system32\DRIVERS\Dot4Scan.sys
23:54:01.0939 4612	Dot4Scan - ok
23:54:01.0986 4612	dot4usb         (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
23:54:02.0017 4612	dot4usb - ok
23:54:02.0064 4612	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
23:54:02.0111 4612	DPS - ok
23:54:02.0142 4612	DRHARD - ok
23:54:02.0220 4612	DRHARD64        (d62d1103d49f115b2ff765e638aab36e) C:\Windows\system32\drivers\DRHARD64.sys
23:54:02.0236 4612	DRHARD64 - ok
23:54:02.0251 4612	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:54:02.0282 4612	drmkaud - ok
23:54:02.0376 4612	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
23:54:02.0392 4612	DXGKrnl - ok
23:54:02.0470 4612	eamonm          (d00eae9c735a7dee8049e50d73d25434) C:\Windows\system32\DRIVERS\eamonm.sys
23:54:02.0470 4612	eamonm - ok
23:54:02.0516 4612	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
23:54:02.0579 4612	EapHost - ok
23:54:02.0735 4612	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
23:54:02.0813 4612	ebdrv - ok
23:54:02.0953 4612	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
23:54:03.0016 4612	EFS - ok
23:54:03.0125 4612	ehdrv           (e5edde3c8158dd0cbc5812f201dcded0) C:\Windows\system32\DRIVERS\ehdrv.sys
23:54:03.0140 4612	ehdrv - ok
23:54:03.0218 4612	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
23:54:03.0250 4612	ehRecvr - ok
23:54:03.0312 4612	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
23:54:03.0343 4612	ehSched - ok
23:54:03.0546 4612	ekrn            (ad4faade819e0da9933bea7c01d2c763) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
23:54:03.0562 4612	ekrn - ok
23:54:03.0733 4612	ElbyCDIO        (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
23:54:03.0749 4612	ElbyCDIO - ok
23:54:03.0811 4612	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
23:54:03.0842 4612	elxstor - ok
23:54:03.0889 4612	epfwwfpr        (3ebb7fd3c605262b942868a1d840f4f1) C:\Windows\system32\DRIVERS\epfwwfpr.sys
23:54:03.0905 4612	epfwwfpr - ok
23:54:03.0936 4612	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
23:54:03.0967 4612	ErrDev - ok
23:54:04.0045 4612	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
23:54:04.0092 4612	EventSystem - ok
23:54:04.0108 4612	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:54:04.0170 4612	exfat - ok
23:54:04.0326 4612	ezGOSvc         (bc680dc833672e54db07f5f39d259b03) C:\Windows\SysWOW64\ezGOSvc.dll
23:54:04.0342 4612	ezGOSvc - ok
23:54:04.0357 4612	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:54:04.0420 4612	fastfat - ok
23:54:04.0513 4612	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
23:54:04.0560 4612	Fax - ok
23:54:04.0560 4612	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
23:54:04.0576 4612	fdc - ok
23:54:04.0622 4612	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
23:54:04.0685 4612	fdPHost - ok
23:54:04.0716 4612	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
23:54:04.0763 4612	FDResPub - ok
23:54:04.0794 4612	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:54:04.0794 4612	FileInfo - ok
23:54:04.0810 4612	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:54:04.0872 4612	Filetrace - ok
23:54:04.0903 4612	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
23:54:04.0919 4612	flpydisk - ok
23:54:04.0966 4612	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
23:54:04.0981 4612	FltMgr - ok
23:54:05.0075 4612	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
23:54:05.0153 4612	FontCache - ok
23:54:05.0309 4612	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:54:05.0324 4612	FontCache3.0.0.0 - ok
23:54:05.0418 4612	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:54:05.0434 4612	FsDepends - ok
23:54:05.0480 4612	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
23:54:05.0480 4612	Fs_Rec - ok
23:54:05.0543 4612	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:54:05.0558 4612	fvevol - ok
23:54:05.0590 4612	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:54:05.0605 4612	gagp30kx - ok
23:54:05.0652 4612	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:54:05.0668 4612	GEARAspiWDM - ok
23:54:05.0730 4612	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
23:54:05.0792 4612	gpsvc - ok
23:54:05.0964 4612	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:54:05.0980 4612	gupdate - ok
23:54:06.0011 4612	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:54:06.0011 4612	gupdatem - ok
23:54:06.0042 4612	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:54:06.0058 4612	hcw85cir - ok
23:54:06.0136 4612	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
23:54:06.0151 4612	HdAudAddService - ok
23:54:06.0214 4612	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
23:54:06.0260 4612	HDAudBus - ok
23:54:06.0276 4612	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
23:54:06.0307 4612	HidBatt - ok
23:54:06.0323 4612	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
23:54:06.0370 4612	HidBth - ok
23:54:06.0385 4612	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
23:54:06.0432 4612	HidIr - ok
23:54:06.0463 4612	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
23:54:06.0510 4612	hidserv - ok
23:54:06.0572 4612	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
23:54:06.0588 4612	HidUsb - ok
23:54:06.0635 4612	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
23:54:06.0682 4612	hkmsvc - ok
23:54:06.0744 4612	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
23:54:06.0775 4612	HomeGroupListener - ok
23:54:06.0838 4612	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
23:54:06.0853 4612	HomeGroupProvider - ok
23:54:06.0931 4612	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
23:54:06.0947 4612	HpSAMD - ok
23:54:07.0025 4612	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
23:54:07.0087 4612	HTTP - ok
23:54:07.0118 4612	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
23:54:07.0134 4612	hwpolicy - ok
23:54:07.0181 4612	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
23:54:07.0196 4612	i8042prt - ok
23:54:07.0259 4612	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
23:54:07.0274 4612	iaStorV - ok
23:54:07.0446 4612	IDriverT        (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
23:54:07.0477 4612	IDriverT ( UnsignedFile.Multi.Generic ) - warning
23:54:07.0477 4612	IDriverT - detected UnsignedFile.Multi.Generic (1)
23:54:07.0618 4612	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:54:07.0649 4612	idsvc - ok
23:54:07.0742 4612	IDVistaService  (704c3164cf06a67886c305ea3677510b) C:\Program Files (x86)\Input Director\IDVistaService.exe
23:54:07.0758 4612	IDVistaService ( UnsignedFile.Multi.Generic ) - warning
23:54:07.0758 4612	IDVistaService - detected UnsignedFile.Multi.Generic (1)
23:54:07.0945 4612	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
23:54:07.0945 4612	iirsp - ok
23:54:08.0023 4612	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
23:54:08.0117 4612	IKEEXT - ok
23:54:08.0148 4612	InputDirector   (fb7f9fad063ae5269a6147e3a48acd03) C:\Program Files (x86)\Input Director\IDWinService.exe
23:54:08.0164 4612	InputDirector ( UnsignedFile.Multi.Generic ) - warning
23:54:08.0164 4612	InputDirector - detected UnsignedFile.Multi.Generic (1)
23:54:08.0210 4612	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
23:54:08.0210 4612	intelide - ok
23:54:08.0242 4612	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:54:08.0273 4612	intelppm - ok
23:54:08.0304 4612	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
23:54:08.0366 4612	IPBusEnum - ok
23:54:08.0398 4612	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:54:08.0429 4612	IpFilterDriver - ok
23:54:08.0507 4612	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
23:54:08.0554 4612	iphlpsvc - ok
23:54:08.0600 4612	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
23:54:08.0600 4612	IPMIDRV - ok
23:54:08.0616 4612	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:54:08.0678 4612	IPNAT - ok
23:54:08.0866 4612	iPod Service    (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
23:54:08.0881 4612	iPod Service - ok
23:54:08.0912 4612	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:54:08.0944 4612	IRENUM - ok
23:54:08.0975 4612	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
23:54:08.0990 4612	isapnp - ok
23:54:09.0006 4612	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
23:54:09.0022 4612	iScsiPrt - ok
23:54:09.0053 4612	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
23:54:09.0068 4612	kbdclass - ok
23:54:09.0131 4612	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
23:54:09.0131 4612	kbdhid - ok
23:54:09.0178 4612	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:54:09.0193 4612	KeyIso - ok
23:54:09.0209 4612	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
23:54:09.0209 4612	KSecDD - ok
23:54:09.0224 4612	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
23:54:09.0240 4612	KSecPkg - ok
23:54:09.0240 4612	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:54:09.0302 4612	ksthunk - ok
23:54:09.0334 4612	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
23:54:09.0396 4612	KtmRm - ok
23:54:09.0443 4612	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
23:54:09.0490 4612	LanmanServer - ok
23:54:09.0536 4612	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
23:54:09.0583 4612	LanmanWorkstation - ok
23:54:09.0614 4612	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:54:09.0677 4612	lltdio - ok
23:54:09.0724 4612	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
23:54:09.0770 4612	lltdsvc - ok
23:54:09.0802 4612	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
23:54:09.0833 4612	lmhosts - ok
23:54:09.0895 4612	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:54:09.0895 4612	LSI_FC - ok
23:54:09.0926 4612	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:54:09.0926 4612	LSI_SAS - ok
23:54:09.0942 4612	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:54:09.0958 4612	LSI_SAS2 - ok
23:54:09.0973 4612	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:54:09.0989 4612	LSI_SCSI - ok
23:54:10.0020 4612	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:54:10.0051 4612	luafv - ok
23:54:10.0114 4612	MarvinBus       (024da28053d57e9e32bee52600576bbb) C:\Windows\system32\DRIVERS\MarvinBus64.sys
23:54:10.0145 4612	MarvinBus - ok
23:54:10.0301 4612	MatSvc          (17f118a3123a566a538341a62e4d8d35) C:\Program Files\Microsoft Fix it Center\Matsvc.exe
23:54:10.0316 4612	MatSvc - ok
23:54:10.0410 4612	MBAMProtector   (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
23:54:10.0426 4612	MBAMProtector - ok
23:54:10.0519 4612	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
23:54:10.0535 4612	MBAMService - ok
23:54:10.0582 4612	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
23:54:10.0613 4612	Mcx2Svc - ok
23:54:10.0660 4612	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
23:54:10.0660 4612	megasas - ok
23:54:10.0691 4612	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
23:54:10.0706 4612	MegaSR - ok
23:54:10.0769 4612	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:54:10.0816 4612	MMCSS - ok
23:54:10.0878 4612	mod7700         (7ab7e3009b17e13c5bafc57ec5724ccf) C:\Windows\system32\DRIVERS\mod7700.sys
23:54:10.0894 4612	mod7700 - ok
23:54:10.0909 4612	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:54:10.0956 4612	Modem - ok
23:54:11.0003 4612	MODRC           (7071044fbcb23b47177e866a4f2ee802) C:\Windows\system32\DRIVERS\modrc.sys
23:54:11.0018 4612	MODRC - ok
23:54:11.0065 4612	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:54:11.0096 4612	monitor - ok
23:54:11.0174 4612	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
23:54:11.0174 4612	mouclass - ok
23:54:11.0252 4612	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:54:11.0268 4612	mouhid - ok
23:54:11.0315 4612	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
23:54:11.0315 4612	mountmgr - ok
23:54:11.0440 4612	MozillaMaintenance (6380ff81dd4d78b23398752d2f46ea43) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:54:11.0455 4612	MozillaMaintenance - ok
23:54:11.0502 4612	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
23:54:11.0502 4612	mpio - ok
23:54:11.0533 4612	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:54:11.0564 4612	mpsdrv - ok
23:54:11.0658 4612	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
23:54:11.0720 4612	MpsSvc - ok
23:54:11.0767 4612	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
23:54:11.0798 4612	MRxDAV - ok
23:54:11.0830 4612	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:54:11.0892 4612	mrxsmb - ok
23:54:11.0954 4612	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:54:12.0001 4612	mrxsmb10 - ok
23:54:12.0048 4612	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:54:12.0048 4612	mrxsmb20 - ok
23:54:12.0110 4612	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
23:54:12.0110 4612	msahci - ok
23:54:12.0157 4612	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
23:54:12.0173 4612	msdsm - ok
23:54:12.0220 4612	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
23:54:12.0235 4612	MSDTC - ok
23:54:12.0282 4612	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:54:12.0329 4612	Msfs - ok
23:54:12.0329 4612	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:54:12.0376 4612	mshidkmdf - ok
23:54:12.0407 4612	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
23:54:12.0422 4612	msisadrv - ok
23:54:12.0485 4612	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
23:54:12.0516 4612	MSiSCSI - ok
23:54:12.0532 4612	msiserver - ok
23:54:12.0547 4612	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:54:12.0610 4612	MSKSSRV - ok
23:54:12.0641 4612	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:54:12.0688 4612	MSPCLOCK - ok
23:54:12.0719 4612	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:54:12.0781 4612	MSPQM - ok
23:54:12.0828 4612	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
23:54:12.0844 4612	MsRPC - ok
23:54:12.0859 4612	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
23:54:12.0875 4612	mssmbios - ok
23:54:12.0875 4612	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:54:12.0937 4612	MSTEE - ok
23:54:12.0953 4612	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
23:54:12.0968 4612	MTConfig - ok
23:54:12.0984 4612	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:54:13.0000 4612	Mup - ok
23:54:13.0078 4612	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
23:54:13.0124 4612	napagent - ok
23:54:13.0171 4612	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:54:13.0218 4612	NativeWifiP - ok
23:54:13.0452 4612	NAUpdate        (13aa2130f2a104dd775ead0f0ee5417b) C:\Program Files (x86)\Nero\Update\NASvc.exe
23:54:13.0468 4612	NAUpdate - ok
23:54:13.0530 4612	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
23:54:13.0561 4612	NDIS - ok
23:54:13.0577 4612	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:54:13.0624 4612	NdisCap - ok
23:54:13.0639 4612	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:54:13.0702 4612	NdisTapi - ok
23:54:13.0733 4612	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
23:54:13.0795 4612	Ndisuio - ok
23:54:13.0842 4612	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
23:54:13.0889 4612	NdisWan - ok
23:54:13.0936 4612	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
23:54:13.0982 4612	NDProxy - ok
23:54:14.0170 4612	Nero BackItUp Scheduler 4.0 (7d2633295eb6ff2b938185874884059d) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
23:54:14.0201 4612	Nero BackItUp Scheduler 4.0 - ok
23:54:14.0263 4612	Net Driver HPZ12 (dc6530a291d4bdf6df399f1f128e7f8f) C:\Windows\system32\HPZinw12.dll
23:54:14.0279 4612	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
23:54:14.0279 4612	Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
23:54:14.0341 4612	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:54:14.0404 4612	NetBIOS - ok
23:54:14.0450 4612	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
23:54:14.0497 4612	NetBT - ok
23:54:14.0528 4612	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:54:14.0544 4612	Netlogon - ok
23:54:14.0606 4612	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
23:54:14.0653 4612	Netman - ok
23:54:14.0778 4612	NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:54:14.0778 4612	NetMsmqActivator - ok
23:54:14.0794 4612	NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:54:14.0794 4612	NetPipeActivator - ok
23:54:14.0825 4612	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
23:54:14.0887 4612	netprofm - ok
23:54:14.0887 4612	NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:54:14.0903 4612	NetTcpActivator - ok
23:54:14.0903 4612	NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:54:14.0918 4612	NetTcpPortSharing - ok
23:54:15.0028 4612	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
23:54:15.0043 4612	nfrd960 - ok
23:54:15.0106 4612	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
23:54:15.0152 4612	NlaSvc - ok
23:54:15.0215 4612	NPF             (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys
23:54:15.0230 4612	NPF - ok
23:54:15.0246 4612	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:54:15.0277 4612	Npfs - ok
23:54:15.0324 4612	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
23:54:15.0386 4612	nsi - ok
23:54:15.0418 4612	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:54:15.0464 4612	nsiproxy - ok
23:54:15.0574 4612	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
23:54:15.0620 4612	Ntfs - ok
23:54:15.0776 4612	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:54:15.0839 4612	Null - ok
23:54:16.0447 4612	nvlddmkm        (9c1996dd3c0469bc8933321f15709f5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:54:16.0634 4612	nvlddmkm - ok
23:54:16.0744 4612	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
23:54:16.0759 4612	nvraid - ok
23:54:16.0806 4612	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
23:54:16.0822 4612	nvstor - ok
23:54:16.0915 4612	nvsvc           (34e5498528bb3d5a951f889f8756ad26) C:\Windows\system32\nvvsvc.exe
23:54:16.0931 4612	nvsvc - ok
23:54:17.0134 4612	nvUpdatusService (4e5c5d88eb0a8d21824d5a3eb7327e69) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
23:54:17.0165 4612	nvUpdatusService - ok
23:54:17.0305 4612	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
23:54:17.0321 4612	nv_agp - ok
23:54:17.0368 4612	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
23:54:17.0383 4612	ohci1394 - ok
23:54:17.0492 4612	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:54:17.0508 4612	ose - ok
23:54:17.0804 4612	osppsvc         (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:54:17.0882 4612	osppsvc - ok
23:54:18.0023 4612	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:54:18.0070 4612	p2pimsvc - ok
23:54:18.0132 4612	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
23:54:18.0148 4612	p2psvc - ok
23:54:18.0210 4612	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
23:54:18.0241 4612	Parport - ok
23:54:18.0288 4612	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
23:54:18.0288 4612	partmgr - ok
23:54:18.0319 4612	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
23:54:18.0350 4612	PcaSvc - ok
23:54:18.0366 4612	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
23:54:18.0382 4612	pci - ok
23:54:18.0413 4612	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
23:54:18.0413 4612	pciide - ok
23:54:18.0444 4612	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
23:54:18.0460 4612	pcmcia - ok
23:54:18.0475 4612	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:54:18.0491 4612	pcw - ok
23:54:18.0522 4612	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:54:18.0584 4612	PEAUTH - ok
23:54:18.0694 4612	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
23:54:18.0725 4612	PerfHost - ok
23:54:18.0881 4612	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
23:54:18.0943 4612	pla - ok
23:54:19.0037 4612	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
23:54:19.0052 4612	PlugPlay - ok
23:54:19.0130 4612	Pml Driver HPZ12 (71f62c51dfdfbc04c83c5c64b2b8058e) C:\Windows\system32\HPZipm12.dll
23:54:19.0146 4612	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
23:54:19.0146 4612	Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
23:54:19.0193 4612	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
23:54:19.0224 4612	PNRPAutoReg - ok
23:54:19.0271 4612	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:54:19.0286 4612	PNRPsvc - ok
23:54:19.0349 4612	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
23:54:19.0411 4612	PolicyAgent - ok
23:54:19.0458 4612	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
23:54:19.0520 4612	Power - ok
23:54:19.0630 4612	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
23:54:19.0661 4612	PptpMiniport - ok
23:54:19.0708 4612	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
23:54:19.0739 4612	Processor - ok
23:54:19.0817 4612	ProfSvc         (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
23:54:19.0879 4612	ProfSvc - ok
23:54:19.0910 4612	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:54:19.0926 4612	ProtectedStorage - ok
23:54:19.0988 4612	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
23:54:20.0035 4612	Psched - ok
23:54:20.0113 4612	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
23:54:20.0160 4612	ql2300 - ok
23:54:20.0332 4612	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
23:54:20.0347 4612	ql40xx - ok
23:54:20.0394 4612	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
23:54:20.0425 4612	QWAVE - ok
23:54:20.0441 4612	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:54:20.0472 4612	QWAVEdrv - ok
23:54:20.0488 4612	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:54:20.0534 4612	RasAcd - ok
23:54:20.0597 4612	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:54:20.0644 4612	RasAgileVpn - ok
23:54:20.0675 4612	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
23:54:20.0722 4612	RasAuto - ok
23:54:20.0768 4612	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:54:20.0815 4612	Rasl2tp - ok
23:54:20.0831 4612	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
23:54:20.0878 4612	RasMan - ok
23:54:20.0924 4612	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:54:21.0018 4612	RasPppoe - ok
23:54:21.0080 4612	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:54:21.0127 4612	RasSstp - ok
23:54:21.0190 4612	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
23:54:21.0221 4612	rdbss - ok
23:54:21.0236 4612	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
23:54:21.0268 4612	rdpbus - ok
23:54:21.0299 4612	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:54:21.0330 4612	RDPCDD - ok
23:54:21.0346 4612	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:54:21.0408 4612	RDPENCDD - ok
23:54:21.0408 4612	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:54:21.0439 4612	RDPREFMP - ok
23:54:21.0486 4612	RDPWD           (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
23:54:21.0517 4612	RDPWD - ok
23:54:21.0564 4612	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
23:54:21.0580 4612	rdyboost - ok
23:54:21.0642 4612	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
23:54:21.0689 4612	RemoteAccess - ok
23:54:21.0736 4612	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
23:54:21.0798 4612	RemoteRegistry - ok
23:54:21.0829 4612	RimUsb          (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
23:54:21.0876 4612	RimUsb - ok
23:54:21.0970 4612	rpcapd          (b60f58f175de20a6739194e85b035178) C:\Program Files (x86)\WinPcap\rpcapd.exe
23:54:21.0985 4612	rpcapd - ok
23:54:22.0048 4612	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
23:54:22.0094 4612	RpcEptMapper - ok
23:54:22.0110 4612	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
23:54:22.0141 4612	RpcLocator - ok
23:54:22.0204 4612	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
23:54:22.0235 4612	RpcSs - ok
23:54:22.0297 4612	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:54:22.0328 4612	rspndr - ok
23:54:22.0375 4612	RTL8167         (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
23:54:22.0391 4612	RTL8167 - ok
23:54:22.0453 4612	SaiHF51A        (6571f3e998dbfed96b2e00902657b7dd) C:\Windows\system32\DRIVERS\SaiHF51A.sys
23:54:22.0469 4612	SaiHF51A - ok
23:54:22.0531 4612	SaiUF51A        (eabba7b9299a07bcc36c8f814c2a2bc5) C:\Windows\system32\DRIVERS\SaiUF51A.sys
23:54:22.0578 4612	SaiUF51A - ok
23:54:22.0609 4612	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:54:22.0625 4612	SamSs - ok
23:54:22.0672 4612	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
23:54:22.0687 4612	sbp2port - ok
23:54:22.0843 4612	SBSDWSCService  (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
23:54:22.0874 4612	SBSDWSCService - ok
23:54:22.0921 4612	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
23:54:22.0968 4612	SCardSvr - ok
23:54:23.0062 4612	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
23:54:23.0124 4612	scfilter - ok
23:54:23.0218 4612	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
23:54:23.0264 4612	Schedule - ok
23:54:23.0327 4612	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:54:23.0358 4612	SCPolicySvc - ok
23:54:23.0405 4612	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
23:54:23.0452 4612	SDRSVC - ok
23:54:23.0514 4612	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:54:23.0561 4612	secdrv - ok
23:54:23.0608 4612	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
23:54:23.0654 4612	seclogon - ok
23:54:23.0686 4612	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
23:54:23.0748 4612	SENS - ok
23:54:23.0748 4612	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
23:54:23.0795 4612	SensrSvc - ok
23:54:23.0826 4612	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
23:54:23.0842 4612	Serenum - ok
23:54:23.0857 4612	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
23:54:23.0888 4612	Serial - ok
23:54:23.0935 4612	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
23:54:23.0935 4612	sermouse - ok
23:54:23.0998 4612	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
23:54:24.0044 4612	SessionEnv - ok
23:54:24.0091 4612	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
23:54:24.0122 4612	sffdisk - ok
23:54:24.0138 4612	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
23:54:24.0154 4612	sffp_mmc - ok
23:54:24.0169 4612	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
23:54:24.0200 4612	sffp_sd - ok
23:54:24.0216 4612	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
23:54:24.0247 4612	sfloppy - ok
23:54:24.0310 4612	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
23:54:24.0372 4612	SharedAccess - ok
23:54:24.0434 4612	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
23:54:24.0466 4612	ShellHWDetection - ok
23:54:24.0497 4612	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:54:24.0497 4612	SiSRaid2 - ok
23:54:24.0528 4612	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
23:54:24.0528 4612	SiSRaid4 - ok
23:54:24.0637 4612	SkypeUpdate     (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
23:54:24.0653 4612	SkypeUpdate - ok
23:54:24.0684 4612	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:54:24.0715 4612	Smb - ok
23:54:24.0778 4612	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
23:54:24.0809 4612	SNMPTRAP - ok
23:54:24.0887 4612	Sony SCSI Helper Service (3bb48f7e33c2b76184ddf233000c09cd) C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
23:54:24.0918 4612	Sony SCSI Helper Service ( UnsignedFile.Multi.Generic ) - warning
23:54:24.0918 4612	Sony SCSI Helper Service - detected UnsignedFile.Multi.Generic (1)
23:54:24.0934 4612	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:54:24.0949 4612	spldr - ok
23:54:25.0027 4612	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
23:54:25.0058 4612	Spooler - ok
23:54:25.0246 4612	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
23:54:25.0339 4612	sppsvc - ok
23:54:25.0464 4612	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
23:54:25.0511 4612	sppuinotify - ok
23:54:25.0620 4612	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
23:54:25.0667 4612	srv - ok
23:54:25.0729 4612	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
23:54:25.0776 4612	srv2 - ok
23:54:25.0807 4612	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
23:54:25.0854 4612	srvnet - ok
23:54:25.0901 4612	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
23:54:25.0948 4612	SSDPSRV - ok
23:54:25.0979 4612	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
23:54:26.0010 4612	SstpSvc - ok
23:54:26.0182 4612	StarMoney 7.0 OnlineUpdate (e8606bf6be3b7481d95f1dd2e4f3fcba) C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe
23:54:26.0197 4612	StarMoney 7.0 OnlineUpdate - ok
23:54:26.0369 4612	StarMoney 8.0 OnlineUpdate (7e784dc5c7ce2c6f3c392ad320f5f2c0) C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe
23:54:26.0400 4612	StarMoney 8.0 OnlineUpdate - ok
23:54:26.0431 4612	Steam Client Service - ok
23:54:26.0540 4612	Stereo Service  (9bf7e58d9113ce15cf4f1e1b18ceff83) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
23:54:26.0556 4612	Stereo Service - ok
23:54:26.0743 4612	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
23:54:26.0759 4612	stexstor - ok
23:54:26.0837 4612	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
23:54:26.0884 4612	stisvc - ok
23:54:26.0930 4612	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
23:54:26.0930 4612	swenum - ok
23:54:26.0993 4612	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
23:54:27.0055 4612	swprv - ok
23:54:27.0118 4612	SynasUSB        (512231ba47975f3f1a67b11f271bb49d) C:\Windows\system32\drivers\SynUSB64.sys
23:54:27.0133 4612	SynasUSB - ok
23:54:27.0242 4612	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
23:54:27.0289 4612	SysMain - ok
23:54:27.0445 4612	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
23:54:27.0476 4612	TabletInputService - ok
23:54:27.0788 4612	TabletServicePen (b5b736216ff7c71d320bf493825752a1) C:\Windows\system32\Pen_Tablet.exe
23:54:27.0898 4612	TabletServicePen - ok
23:54:28.0022 4612	tap0901         (f0b9d3ed88e56d3cd713dff21e42aaf0) C:\Windows\system32\DRIVERS\tap0901.sys
23:54:28.0038 4612	tap0901 - ok
23:54:28.0069 4612	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
23:54:28.0132 4612	TapiSrv - ok
23:54:28.0147 4612	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
23:54:28.0210 4612	TBS - ok
23:54:28.0334 4612	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
23:54:28.0381 4612	Tcpip - ok
23:54:28.0506 4612	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
23:54:28.0537 4612	TCPIP6 - ok
23:54:28.0615 4612	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
23:54:28.0662 4612	tcpipreg - ok
23:54:28.0693 4612	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:54:28.0740 4612	TDPIPE - ok
23:54:28.0787 4612	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
23:54:28.0818 4612	TDTCP - ok
23:54:28.0880 4612	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
23:54:28.0943 4612	tdx - ok
23:54:28.0974 4612	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
23:54:28.0990 4612	TermDD - ok
23:54:29.0068 4612	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
23:54:29.0130 4612	TermService - ok
23:54:29.0161 4612	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
23:54:29.0192 4612	Themes - ok
23:54:29.0239 4612	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:54:29.0270 4612	THREADORDER - ok
23:54:29.0286 4612	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
23:54:29.0348 4612	TrkWks - ok
23:54:29.0426 4612	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
23:54:29.0489 4612	TrustedInstaller - ok
23:54:29.0520 4612	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:54:29.0551 4612	tssecsrv - ok
23:54:29.0629 4612	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
23:54:29.0676 4612	TsUsbFlt - ok
23:54:29.0754 4612	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
23:54:29.0801 4612	tunnel - ok
23:54:29.0848 4612	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
23:54:29.0863 4612	uagp35 - ok
23:54:29.0910 4612	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
23:54:29.0957 4612	udfs - ok
23:54:29.0988 4612	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
23:54:30.0019 4612	UI0Detect - ok
23:54:30.0066 4612	uiwbrdr         (795a7905a23bac7205fbd3004c415ff8) C:\Windows\system32\DRIVERS\uiwbrdr.sys
23:54:30.0082 4612	uiwbrdr - ok
23:54:30.0144 4612	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
23:54:30.0160 4612	uliagpkx - ok
23:54:30.0206 4612	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
23:54:30.0222 4612	umbus - ok
23:54:30.0238 4612	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
23:54:30.0238 4612	UmPass - ok
23:54:30.0284 4612	UnlockerDriver5 - ok
23:54:30.0316 4612	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
23:54:30.0378 4612	upnphost - ok
23:54:30.0440 4612	USB28xxBGA      (189c5eea2b204055e4bc8cf62eebff11) C:\Windows\system32\DRIVERS\emBDA64.sys
23:54:30.0456 4612	USB28xxBGA - ok
23:54:30.0487 4612	USB28xxOEM      (2b124cc557fefdd1ac8a585522441afc) C:\Windows\system32\DRIVERS\emOEM64.sys
23:54:30.0518 4612	USB28xxOEM - ok
23:54:30.0565 4612	USBAAPL64       (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
23:54:30.0612 4612	USBAAPL64 - ok
23:54:30.0674 4612	usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
23:54:30.0690 4612	usbaudio - ok
23:54:30.0737 4612	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
23:54:30.0799 4612	usbccgp - ok
23:54:30.0815 4612	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
23:54:30.0830 4612	usbcir - ok
23:54:30.0877 4612	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
23:54:30.0908 4612	usbehci - ok
23:54:30.0955 4612	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
23:54:30.0971 4612	usbhub - ok
23:54:30.0986 4612	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
23:54:31.0018 4612	usbohci - ok
23:54:31.0049 4612	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
23:54:31.0080 4612	usbprint - ok
23:54:31.0127 4612	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:54:31.0189 4612	USBSTOR - ok
23:54:31.0205 4612	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
23:54:31.0236 4612	usbuhci - ok
23:54:31.0267 4612	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
23:54:31.0330 4612	UxSms - ok
23:54:31.0361 4612	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:54:31.0376 4612	VaultSvc - ok
23:54:31.0423 4612	VBoxDrv         (ba20a718e25228b9d69d72e4f19edeb5) C:\Windows\system32\DRIVERS\VBoxDrv.sys
23:54:31.0439 4612	VBoxDrv - ok
23:54:31.0501 4612	VBoxNetAdp      (48630b4530c80aaf3dde9633e4291d8c) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
23:54:31.0517 4612	VBoxNetAdp - ok
23:54:31.0564 4612	VBoxNetFlt      (8b86a00d13e2dcbfe320061f3435faff) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
23:54:31.0579 4612	VBoxNetFlt - ok
23:54:31.0626 4612	VBoxUSBMon      (cec73cea22b7258c0a8f2354dc49d25c) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
23:54:31.0642 4612	VBoxUSBMon - ok
23:54:31.0704 4612	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
23:54:31.0720 4612	vdrvroot - ok
23:54:31.0782 4612	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
23:54:31.0813 4612	vds - ok
23:54:31.0876 4612	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:54:31.0891 4612	vga - ok
23:54:31.0907 4612	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:54:31.0954 4612	VgaSave - ok
23:54:32.0000 4612	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
23:54:32.0016 4612	vhdmp - ok
23:54:32.0047 4612	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
23:54:32.0063 4612	viaide - ok
23:54:32.0078 4612	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
23:54:32.0094 4612	volmgr - ok
23:54:32.0172 4612	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
23:54:32.0188 4612	volmgrx - ok
23:54:32.0250 4612	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
23:54:32.0266 4612	volsnap - ok
23:54:32.0297 4612	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
23:54:32.0312 4612	vsmraid - ok
23:54:32.0422 4612	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
23:54:32.0500 4612	VSS - ok
23:54:32.0656 4612	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
23:54:32.0687 4612	vwifibus - ok
23:54:32.0734 4612	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
23:54:32.0796 4612	W32Time - ok
23:54:32.0827 4612	wacmoumonitor   (6b6718dc4b4597ec10f4f8c614282ee1) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
23:54:32.0843 4612	wacmoumonitor - ok
23:54:32.0890 4612	wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys
23:54:32.0905 4612	wacommousefilter - ok
23:54:32.0921 4612	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
23:54:32.0952 4612	WacomPen - ok
23:54:33.0014 4612	wacomvhid       (26b430e7c5f598fe7353e3bc4b261321) C:\Windows\system32\DRIVERS\wacomvhid.sys
23:54:33.0030 4612	wacomvhid - ok
23:54:33.0092 4612	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:54:33.0139 4612	WANARP - ok
23:54:33.0155 4612	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:54:33.0186 4612	Wanarpv6 - ok
23:54:33.0280 4612	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
23:54:33.0326 4612	wbengine - ok
23:54:33.0498 4612	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
23:54:33.0514 4612	WbioSrvc - ok
23:54:33.0576 4612	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
23:54:33.0623 4612	wcncsvc - ok
23:54:33.0654 4612	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
23:54:33.0685 4612	WcsPlugInService - ok
23:54:33.0763 4612	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
23:54:33.0779 4612	Wd - ok
23:54:33.0826 4612	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:54:33.0841 4612	Wdf01000 - ok
23:54:33.0872 4612	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:54:33.0919 4612	WdiServiceHost - ok
23:54:33.0919 4612	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:54:33.0935 4612	WdiSystemHost - ok
23:54:33.0997 4612	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
23:54:34.0044 4612	WebClient - ok
23:54:34.0075 4612	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
23:54:34.0122 4612	Wecsvc - ok
23:54:34.0138 4612	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
23:54:34.0184 4612	wercplsupport - ok
23:54:34.0200 4612	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
23:54:34.0231 4612	WerSvc - ok
23:54:34.0340 4612	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:54:34.0372 4612	WfpLwf - ok
23:54:34.0387 4612	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:54:34.0403 4612	WIMMount - ok
23:54:34.0465 4612	WinDefend - ok
23:54:34.0481 4612	WinHttpAutoProxySvc - ok
23:54:34.0559 4612	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
23:54:34.0606 4612	Winmgmt - ok
23:54:34.0715 4612	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
23:54:34.0777 4612	WinRM - ok
23:54:34.0918 4612	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
23:54:34.0949 4612	WinUsb - ok
23:54:35.0027 4612	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
23:54:35.0058 4612	Wlansvc - ok
23:54:35.0214 4612	wlidsvc         (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:54:35.0261 4612	wlidsvc - ok
23:54:35.0354 4612	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
23:54:35.0354 4612	WmiAcpi - ok
23:54:35.0448 4612	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
23:54:35.0495 4612	wmiApSrv - ok
23:54:35.0526 4612	WMPNetworkSvc - ok
23:54:35.0542 4612	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
23:54:35.0557 4612	WPCSvc - ok
23:54:35.0604 4612	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
23:54:35.0620 4612	WPDBusEnum - ok
23:54:35.0666 4612	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:54:35.0713 4612	ws2ifsl - ok
23:54:35.0713 4612	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
23:54:35.0744 4612	wscsvc - ok
23:54:35.0760 4612	WSearch - ok
23:54:35.0885 4612	WTouchService   (a2cc9a9bc30c6141ff99d85a4e26d7a7) C:\Program Files\WTouch\WTouchService.exe
23:54:35.0885 4612	WTouchService - ok
23:54:36.0025 4612	wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
23:54:36.0119 4612	wuauserv - ok
23:54:36.0290 4612	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
23:54:36.0353 4612	WudfPf - ok
23:54:36.0400 4612	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:54:36.0431 4612	WUDFRd - ok
23:54:36.0478 4612	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
23:54:36.0509 4612	wudfsvc - ok
23:54:36.0556 4612	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
23:54:36.0602 4612	WwanSvc - ok
23:54:36.0680 4612	ZOOM_R16MTR     (ee1afbad9d66a722e3b2b64577f44119) C:\Windows\system32\Drivers\zmr16usbaudio.sys
23:54:36.0696 4612	ZOOM_R16MTR - ok
23:54:36.0712 4612	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
23:54:36.0992 4612	\Device\Harddisk1\DR1 - ok
23:54:36.0992 4612	MBR (0x1B8)     (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk0\DR0
23:54:37.0070 4612	\Device\Harddisk0\DR0 - ok
23:54:37.0070 4612	MBR (0x1B8)     (739b36f7a373fc81121d831231b6d311) \Device\Harddisk2\DR2
23:54:37.0461 4612	\Device\Harddisk2\DR2 - ok
23:54:37.0461 4612	Boot (0x1200)   (d2316ff34bfa834fb9b062a3e3e78563) \Device\Harddisk1\DR1\Partition0
23:54:37.0461 4612	\Device\Harddisk1\DR1\Partition0 - ok
23:54:37.0477 4612	Boot (0x1200)   (b1e27aa018409de6bfd73f8afb883a65) \Device\Harddisk0\DR0\Partition0
23:54:37.0477 4612	\Device\Harddisk0\DR0\Partition0 - ok
23:54:37.0477 4612	Boot (0x1200)   (a0c416bbabd56eace03bb9a5c7a2d356) \Device\Harddisk0\DR0\Partition1
23:54:37.0477 4612	\Device\Harddisk0\DR0\Partition1 - ok
23:54:37.0477 4612	Boot (0x1200)   (7e70df8c904c80a0d8aebd1842226e38) \Device\Harddisk2\DR2\Partition0
23:54:37.0477 4612	\Device\Harddisk2\DR2\Partition0 - ok
23:54:37.0493 4612	============================================================
23:54:37.0493 4612	Scan finished
23:54:37.0493 4612	============================================================
23:54:37.0493 4740	Detected object count: 6
23:54:37.0493 4740	Actual detected object count: 6
23:54:58.0194 4740	IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
23:54:58.0194 4740	IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:54:58.0194 4740	IDVistaService ( UnsignedFile.Multi.Generic ) - skipped by user
23:54:58.0194 4740	IDVistaService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:54:58.0194 4740	InputDirector ( UnsignedFile.Multi.Generic ) - skipped by user
23:54:58.0194 4740	InputDirector ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:54:58.0194 4740	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
23:54:58.0194 4740	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:54:58.0194 4740	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
23:54:58.0194 4740	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:54:58.0194 4740	Sony SCSI Helper Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:54:58.0194 4740	Sony SCSI Helper Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:55:15.0448 3592	Deinitialize success

Hier sind die Hinweise, die ich wenigstens ungefähr zuordnen kann:

IDVistaService und InputDirector gehören wohl zu InputDirector hxxp://www.inputdirector.com/ - das Programm ist absichtlich installiert, ob es sich einen Virus o.ä. eingefangen hat, kann ich nicht beurteilen.
Sony SCSI Helper Service könnte zu dem fest eingebauten Speicherkarten-Leser gehören (der liest auch Sony MemorySticks), zu meinem Sony PRS 505 eBook-Reader oder zur PSP. Sonst kann ich mich nicht erinnern, Sony-Geräte angeschlossen zu haben (Kamera, Handy usw. sind andere Marken)

Die anderen vier Fundsachen haben sich bei mir nicht vorgestellt.

Ich bin gespannt, wie es weitergeht.

Viele Grüße,

Bangalorean

cosinus · 19.06.2012, 07:50

Nein der normale Modus ist der normale Startmodus und wenn du wo willst das Gegenteil vom Abgesicherten Modus

Zitat:

Boot type: Normal boot

Hast du schon richtig gemacht

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Bangalorean · 19.06.2012, 09:24

Danke für den Hinweis zum "normalen" Modus :-) - ich habe dann gemerkt, dass ich TDSSkiller gar nicht starten kann, ohne admin zu sein... Naja, es war ja schon spät gestern.

Hier ist also das Logfile zu ComboFix:

Code:

ATTFilter

ComboFix 12-06-16.02 - (***) 19.06.2012   9:29.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8191.6303 [GMT 2:00]
ausgeführt von:: c:\users\(***)\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\(***)\AppData\Roaming\AcroIEHelpe.txt
c:\users\(***)\AppData\Roaming\srvblck2.tmp
c:\users\(***)\Documents\Readiris.DUS
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-05-19 bis 2012-06-19  ))))))))))))))))))))))))))))))
.
.
2012-06-19 07:41 . 2012-06-19 07:41	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-06-18 20:25 . 2012-06-18 20:25	--------	d-----w-	C:\_OTL
2012-06-13 11:44 . 2012-05-18 01:51	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-06-13 11:44 . 2012-05-17 22:24	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-06-13 11:44 . 2012-05-18 02:51	174200	----a-w-	c:\program files\Internet Explorer\sqmapi.dll
2012-06-13 11:44 . 2012-05-18 01:57	548864	----a-w-	c:\program files\Internet Explorer\ieproxy.dll
2012-06-13 11:44 . 2012-05-17 23:21	140920	----a-w-	c:\program files (x86)\Internet Explorer\sqmapi.dll
2012-06-13 11:44 . 2012-05-17 22:31	194560	----a-w-	c:\program files (x86)\Internet Explorer\ieproxy.dll
2012-06-13 11:42 . 2012-05-04 11:00	366592	----a-w-	c:\windows\system32\qdvd.dll
2012-06-13 11:42 . 2012-05-04 09:59	514560	----a-w-	c:\windows\SysWow64\qdvd.dll
2012-06-13 10:52 . 2012-06-13 10:52	--------	d-----w-	c:\program files (x86)\ESET
2012-06-13 07:16 . 2012-06-13 07:16	--------	d-----w-	c:\users\(***)\AppData\Local\Macromedia
2012-06-13 07:16 . 2012-05-15 01:32	3146752	----a-w-	c:\windows\system32\win32k.sys
2012-06-13 07:16 . 2012-04-26 05:41	77312	----a-w-	c:\windows\system32\rdpwsx.dll
2012-06-13 07:16 . 2012-04-26 05:41	149504	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-06-13 07:16 . 2012-04-26 05:34	9216	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-06-13 07:16 . 2012-04-28 03:55	210944	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-06-13 07:16 . 2012-05-04 11:06	5559664	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-06-13 07:15 . 2012-05-04 10:03	3913072	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-06-13 07:15 . 2012-05-04 10:03	3968368	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-06-13 07:15 . 2012-05-01 05:40	209920	----a-w-	c:\windows\system32\profsvc.dll
2012-06-13 07:15 . 2012-04-07 12:31	3216384	----a-w-	c:\windows\system32\msi.dll
2012-06-13 07:15 . 2012-04-07 11:26	2342400	----a-w-	c:\windows\SysWow64\msi.dll
2012-06-13 07:15 . 2012-04-24 05:37	1462272	----a-w-	c:\windows\system32\crypt32.dll
2012-06-13 07:15 . 2012-04-24 04:36	1158656	----a-w-	c:\windows\SysWow64\crypt32.dll
2012-06-13 07:15 . 2012-04-24 05:37	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2012-06-13 07:15 . 2012-04-24 05:37	140288	----a-w-	c:\windows\system32\cryptnet.dll
2012-06-13 07:15 . 2012-04-24 04:36	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2012-06-13 07:15 . 2012-04-24 04:36	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2012-06-11 13:25 . 2012-06-11 13:25	--------	d-----w-	c:\users\(***)\AppData\Roaming\Malwarebytes
2012-06-11 13:25 . 2012-06-11 13:25	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-11 13:25 . 2012-06-11 13:25	--------	d-----w-	c:\programdata\Malwarebytes
2012-06-11 13:25 . 2012-04-04 13:56	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-06-06 13:45 . 2012-06-06 13:45	770384	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-06 13:45 . 2012-06-06 13:45	421200	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-05 11:49 . 2012-06-05 11:49	--------	d-----w-	c:\program files\ESET
2012-05-31 22:10 . 2012-05-31 22:10	--------	d-----w-	c:\users\(***)\iMapping
2012-05-30 16:39 . 2012-05-30 16:39	163048	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-24 12:56 . 2012-05-22 12:26	224088	----a-w-	c:\windows\system32\drivers\VBoxDrv.sys
2012-05-24 12:56 . 2012-05-22 12:26	130904	----a-w-	c:\windows\system32\drivers\VBoxUSBMon.sys
2012-05-22 12:26 . 2012-05-22 12:26	147288	----a-w-	c:\windows\system32\drivers\VBoxNetAdp.sys
2012-05-22 12:25 . 2012-05-22 12:25	320856	----a-w-	c:\windows\system32\VBoxNetFltNobj.dll
2012-05-22 12:25 . 2012-05-22 12:25	166232	----a-w-	c:\windows\system32\drivers\VBoxNetFlt.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-13 07:01 . 2012-04-03 22:01	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-13 07:01 . 2011-05-28 08:21	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-14 19:23 . 2009-12-11 11:11	2300696	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-05-14 19:23 . 2010-05-28 01:47	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-05-09 20:48 . 2012-05-09 20:48	8769696	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-18 18:56 . 2012-04-18 18:56	94208	----a-w-	c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-18 18:56 . 2012-04-18 18:56	69632	----a-w-	c:\windows\SysWow64\QuickTime.qts
2012-04-17 17:42 . 2012-04-17 17:42	31232	----a-r-	c:\users\(***)\AppData\Roaming\Microsoft\Installer\{8505C641-422E-4E3C-B6B0-0F070E289FDD}\Icon8505C6411.exe
2012-04-17 13:58 . 2012-04-17 13:58	138608	----a-w-	c:\windows\SysWow64\LxDNTvmc100.dll
2012-04-17 13:58 . 2012-04-17 13:58	74608	----a-w-	c:\windows\SysWow64\LxDNTvm100.dll
2012-04-17 13:58 . 2012-04-17 13:58	309616	----a-w-	c:\windows\SysWow64\LxDNT100.dll
2012-03-30 11:35 . 2012-05-09 04:47	1918320	----a-w-	c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\(***)\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\(***)\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\(***)\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVMUSBFernanschluss"="c:\users\(***)\AppData\Local\Apps\2.0\XLX82QWE.PKP\HPRQLD2A.2BO\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe" [2011-10-01 147456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2011-04-08 1406248]
"ACQTMOUSE"="c:\program files (x86)\SPEEDLINK Wheel Mouse\ACQTMAPP.exe" [2007-07-08 501760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"LexwareInfoService"="c:\program files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2011-07-31 189808]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\(***)\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\(***)\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-5-9 1014112]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Nach Updates suchen.lnk.disabled [2010-4-18 2484]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Reader Library Launcher"=c:\program files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" /startup
"Bonus.SSR.FR10"="c:\program files (x86)\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" /autorun
"BambooCore"=c:\program files (x86)\Bamboo Dock\BambooCore.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-25 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R2 StarMoney 7.0 OnlineUpdate;StarMoney 7.0 OnlineUpdate;c:\program files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe [2011-11-08 554160]
R2 StarMoney 8.0 OnlineUpdate;StarMoney 8.0 OnlineUpdate;c:\program files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe [2012-02-23 690352]
R3 camdrv42;Philips SPC 900NC PC Camera;c:\windows\system32\DRIVERS\camdrv42.sys [x]
R3 DRHARD;DRHARD;c:\windows\system32\DRIVERS\DRHARD.SYS [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-25 136176]
R3 IDVistaService;Input Director Vista Service;c:\program files (x86)\Input Director\IDVistaService.exe [2009-02-08 13824]
R3 MatSvc;Microsoft Fix it Supportcenter;c:\program files\Microsoft Fix it Center\Matsvc.exe [2010-11-16 343856]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-06 113120]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SaiHF51A;SaiHF51A;c:\windows\system32\DRIVERS\SaiHF51A.sys [x]
R3 SaiUF51A;SaiUF51A;c:\windows\system32\DRIVERS\SaiUF51A.sys [x]
R3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynUSB64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
R3 ZOOM_R16MTR;ZOOM R16_R24 Audio Interface;c:\windows\system32\Drivers\zmr16usbaudio.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 uiwbrdr;uiwbrdr;c:\windows\system32\DRIVERS\uiwbrdr.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [2010-07-22 814344]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 DRHARD64;DRHARD64;c:\windows\system32\drivers\DRHARD64.sys [2010-08-06 21968]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-03-07 913144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 ezGOSvc;Easybits GO Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 InputDirector;Input Director Service;c:\program files (x86)\Input Director\IDWinService.exe [2010-02-01 36864]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-03-29 598312]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [x]
S2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2009-11-23 127784]
S3 avmaudio;AVM Audio;c:\windows\system32\DRIVERS\avmaudio.sys [x]
S3 azvusb;Virtual USB Hub;c:\windows\system32\DRIVERS\azvusb.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MODRC;PCTV Infrared Receiver;c:\windows\system32\DRIVERS\modrc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3760890407-145060311-2719059191-1001Core.job
- c:\users\(***)\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-07 06:34]
.
2012-06-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3760890407-145060311-2719059191-1001UA.job
- c:\users\(***)\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-07 06:34]
.
2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-25 21:48]
.
2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-25 21:48]
.
2012-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3760890407-145060311-2719059191-1001Core.job
- c:\users\(***)\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-09 19:58]
.
2012-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3760890407-145060311-2719059191-1001UA.job
- c:\users\(***)\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-09 19:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\(***)\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\(***)\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\(***)\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\(***)\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2009-06-03 357888]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2009-06-03 194560]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-03-07 4081008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezGOSvc
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = 
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: deutschepost.de\internetmarke
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\(***)\AppData\Roaming\Mozilla\Firefox\Profiles\blewa984.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.tvtv.de/tvtv/index.vm?lang=de
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{C5994560-53D9-4125-87C9-F193FC689CB2} - (no file)
ShellIconOverlayIdentifiers-{C5994561-53D9-4125-87C9-F193FC689CB2} - (no file)
ShellIconOverlayIdentifiers-{C5994562-53D9-4125-87C9-F193FC689CB2} - (no file)
ShellIconOverlayIdentifiers-{C5994563-53D9-4125-87C9-F193FC689CB2} - (no file)
ShellIconOverlayIdentifiers-{C5994564-53D9-4125-87C9-F193FC689CB2} - (no file)
ShellIconOverlayIdentifiers-{C5994565-53D9-4125-87C9-F193FC689CB2} - (no file)
ShellIconOverlayIdentifiers-{C5994566-53D9-4125-87C9-F193FC689CB2} - (no file)
ShellIconOverlayIdentifiers-{C5994567-53D9-4125-87C9-F193FC689CB2} - (no file)
ShellIconOverlayIdentifiers-{C5994568-53D9-4125-87C9-F193FC689CB2} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-DDR (Professional) Recovery - c:\windows\UnDeployV.exe
AddRemove-DDR (Professional) Recovery - Demo - c:\windows\UnDeployV.exe
AddRemove-FRITZ! 2.0 - c:\windows\IsUn0407.exe
AddRemove-PI14087_HPR_ErfExist - c:\windows\IsUn0407.exe
AddRemove-4267777364.d.seesmic.com - c:\program files (x86)\Microsoft Silverlight\4.0.50826.0\Silverlight.Configuration.exe
AddRemove-Adobe Acrobat Connect Add-in - c:\users\(***)\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\connectaddin6x5\connectaddin6x5.exe
AddRemove-ThumbsPlus - c:\users\(***)\AppData\Local\{6217DD66-5859-4D12-8112-F910BABBD2AA}\ThumbsPlus8setup.exe
AddRemove-{AD1FE8DD-0A6A-46E7-9B5F-8A70DD75CA93} - c:\users\(***)\AppData\Local\{6217DD66-5859-4D12-8112-F910BABBD2AA}\ThumbsPlus8setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3760890407-145060311-2719059191-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{58E30D20-A49B-C319-5E73-4388DB477D4B}*]
"namgeocfjjgddjkicebbepkinaac"=hex:6b,61,62,6b,69,64,6f,63,6a,69,69,68,6c,6d,
   64,6a,68,6f,6e,70,63,6f,00,00
"oachipbjdagmhaaicdlponopjachhh"=hex:6b,61,62,6b,69,64,6f,63,6a,69,69,68,6c,6d,
   64,6a,68,6f,6e,70,63,6f,00,00
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Input Director\InputDirectorSessionHelper.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-19  09:58:12 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-19 07:58
.
Vor Suchlauf: 15 Verzeichnis(se), 52.238.999.552 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 52.090.314.752 Bytes frei
.
- - End Of File - - 58AE84D8757F8B66EEFD4D93AAFE273C

Da sind etliche Einträge dabei, die mich beunruhigen. Bin ich froh, dass ich einen erfahrenen und hilfsbereiten TB-Such-Tiger zur Seite stehen habe ,-)

Bis bald,

Bangalorean

cosinus · 19.06.2012, 11:26

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Bangalorean · 19.06.2012, 23:31

So, die nächste Logfile-Sammlung ist fertig. Das hat alles in allem länger gedauert als erwartet.

Erst einmal Gmer. Ich bin mir nicht sicher, ob GMER sauber beendet wurde, hier sind die Logfile-Schnippsel, die ich bekommen habe:

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-19 19:07:57
Windows 6.1.7601 Service Pack 1 
Running: ykdd1yfj.exe


---- Registry - GMER 1.0.15 ----

Reg  HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{58E30D20-A49B-C319-5E73-4388DB477D4B}                                 
Reg  HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{58E30D20-A49B-C319-5E73-4388DB477D4B}@namgeocfjjgddjkicebbepkinaac    0x6B 0x61 0x62 0x6B ...
Reg  HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{58E30D20-A49B-C319-5E73-4388DB477D4B}@oachipbjdagmhaaicdlponopjachhh  0x6B 0x61 0x62 0x6B ...

---- EOF - GMER 1.0.15 ----

--- --- ---

Dann geht's weiter mit OSAM:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 20:02:27 on 19.06.2012

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit
Default Browser: Mozilla Corporation Firefox 13.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"FacebookUpdateTaskUserS-1-5-21-3760890407-145060311-2719059191-1001Core.job" - "Facebook Inc." - C:\Users\(***)\AppData\Local\Facebook\Update\FacebookUpdate.exe
"FacebookUpdateTaskUserS-1-5-21-3760890407-145060311-2719059191-1001UA.job" - "Facebook Inc." - C:\Users\(***)\AppData\Local\Facebook\Update\FacebookUpdate.exe
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-3760890407-145060311-2719059191-1001Core.job" - "Google Inc." - C:\Users\(***)\AppData\Local\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-3760890407-145060311-2719059191-1001UA.job" - "Google Inc." - C:\Users\(***)\AppData\Local\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl
"PenTablet.cpl" - "Wacom Technology, Corp." - C:\Windows\system32\PenTablet.cpl
"zmr16ctrlpanel.cpl" - "Zoom Corporation." - C:\Windows\system32\zmr16ctrlpanel.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\MLCFG32.CPL
"QuickTime" - "Apple Inc." - C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ACRUSBTM" (ACRUSBTM) - ? - C:\Windows\system32\drivers\ACRUSBTM.SYS  (File not found)
"AnyDVD" (AnyDVD) - "SlySoft, Inc." - C:\Windows\System32\Drivers\AnyDVD.sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"Cinergy HTC USB XS Capture service" (USB28xxBGA) - "eMPIA Technology, Inc." - C:\Windows\System32\DRIVERS\emBDA64.sys
"Cinergy HTC USB XS OEM service" (USB28xxOEM) - "eMPIA Technology, Inc." - C:\Windows\System32\DRIVERS\emOEM64.sys
"Citrix USB Monitor Driver" (ctxusbm) - "Citrix Systems, Inc." - C:\Windows\System32\DRIVERS\ctxusbm.sys
"DRHARD" (DRHARD) - ? - C:\Windows\system32\DRIVERS\DRHARD.SYS  (File not found)
"DRHARD64" (DRHARD64) - "Licensed for Gebhard Software" - C:\Windows\system32\drivers\DRHARD64.sys
"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"NetGroup Packet Filter Driver" (NPF) - "CACE Technologies, Inc." - C:\Windows\System32\drivers\npf.sys
"Philips SPC 900NC PC Camera" (camdrv42) - ? - C:\Windows\System32\DRIVERS\camdrv42.sys  (File signed by Microsoft | File found, but it contains no detailed information)
"SynasUSB" (SynasUSB) - "SIA Syncrosoft" - C:\Windows\System32\drivers\SynUSB64.sys
"uiwbrdr" (uiwbrdr) - "1&1 Mail & Media GmbH" - C:\Windows\System32\DRIVERS\uiwbrdr.sys

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{C9E60ED7-FEAE-477b-B6A6-7D62103A0C6B} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files (x86)\Common Files\Nero\SMC\NeroDigitalExt.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
{CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
{807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{79BC0345-1015-11D2-A299-006008312725} "///FAST project settings" - ? - C:\Program Files (x86)\Pinnacle\Studio 14\Programs\BlueShellExt.dll  (File found, but it contains no detailed information)
{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL
{B089FE88-FB52-11D3-BDF1-0050DA34150D} "ESET Smart Security - Context Menu Shell Extension" - "ESET" - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\shellExt.dll
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\MLSHEXT.DLL
{C9E60ED7-FEAE-477b-B6A6-7D62103A0C6B} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files (x86)\Common Files\Nero\SMC\NeroDigitalExt.dll
{1CA6BBC9-E9FA-4021-822B-075DF1837B63} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Program Files (x86)\Common Files\Nero\SMC\NeroDigitalExt.dll
{4FBFFA8D-F390-471a-AE46-FEB93623AD63} "NeroDigitalInfoHandler Class" - "Nero AG" - C:\Program Files (x86)\Common Files\Nero\SMC\NeroDigitalExt.dll
{846083A4-BFC6-4447-985C-6578B466A7D7} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Program Files (x86)\Common Files\Nero\SMC\NeroDigitalExt.dll
{EDCC595A-F0EE-4d81-B554-D5D01C7AFB87} "NeroDigitalThumbnailHandler Class" - "Nero AG" - C:\Program Files (x86)\Common Files\Nero\SMC\NeroDigitalExt.dll
{F764812A-132C-4013-9960-5CBBEB408A0E} "NeroShellExt Class" - "Nero AG" - C:\Program Files (x86)\Common Files\Nero\NeroShellExt\NeroShellExt.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\OLKFSTUB.DLL
{42368EF3-D9FE-4bc4-9FD5-01903EB21F53} "ShellContextMenuHandler Class" - "1&1 Mail & Media GmbH" - C:\Program Files (x86)\WEB.DE\WEB.DE SmartDrive Manager\SHNDLERS.DLL
{6956CAC6-5674-42C0-A698-77B3F3C9C352} "ShellIconOverlayHandler Class" - "1&1 Mail & Media GmbH" - C:\Program Files (x86)\WEB.DE\WEB.DE SmartDrive Manager\SHNDLERS.DLL

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
ITBar7Height64 "ITBar7Height64" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{9F1C11AA-197B-4942-BA54-47A8489BB47F} "Update Class" - "Microsoft Corporation" - C:\Windows\SysWow64\iuctl.dll / hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?40118.6503240741
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101" - ? - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204  (File not found)
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
{FFFDC614-B694-4AE6-AB38-5D6374584B52} "OneNote Lin&ked Notes" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
{48E73304-E1D6-4330-914C-F5F514E3486C} "Send to OneNote" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{75EF13CE-B59E-41ba-8A5A-A944031BD8B4} "Deaktivierungs-Add-on für Browser von Google Analytics" - "Google, Inc." - C:\Program Files (x86)\Google\Google Analytics Opt-Out\gaoptout.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -   (File not found | COM-object registry key not found)

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Security Packages" - "Microsoft Corporation" - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Dropbox.lnk" - "Dropbox, Inc." - C:\Users\(***)\AppData\Roaming\Dropbox\bin\Dropbox.exe  (Shortcut exists | File exists)
"EvernoteClipper.lnk" - "Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041" - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe  (Shortcut exists | File exists)
"OneNote 2010 Screen Clipper and Launcher.lnk" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE  (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Nach Updates suchen.lnk.disabled" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Nach Updates suchen.lnk.disabled
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"AVMUSBFernanschluss" - "AVM Berlin" - "C:\Users\(***)\AppData\Local\Apps\2.0\XLX82QWE.PKP\HPRQLD2A.2BO\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"ACQTMOUSE" - ? - "C:\Program Files (x86)\SPEEDLINK Wheel Mouse\ACQTMAPP.exe"
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"AppleSyncNotifier" - "Apple Inc." - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
"APSDaemon" - "Apple Inc." - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"iTunesHelper" - "Apple Inc." - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"LexwareInfoService" - "Haufe-Lexware GmbH & Co. KG" - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"NBAgent" - "Nero AG" - "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
"QuickTime Task" - "Apple Inc." - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[Network Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----
"WEB.DE SmartDrive" - "1&1 Mail & Media GmbH" - C:\Windows\System32\uiwbnp.dll

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"FRITZ!fax Color Port Monitor" - ? - C:\Windows\system32\FritzColorPort64.dll  (File found, but it contains no detailed information)
"FRITZ!fax Port Monitor" - ? - C:\Windows\system32\FritzPort64.dll  (File found, but it contains no detailed information)
"HP Universal Print Monitor" - "Hewlett-Packard" - C:\Windows\system32\HPMPW081.DLL
"HPPMOPJL" - "Hewlett-Packard Company" - C:\Windows\system32\hppmopjl.dll
"novaPDF Lite Desktop 7 Monitor" - "Softland" - C:\Windows\system32\novamnl7.dll
"WEB.DE Fax Monitor" - "WEB.DE GmbH" - C:\Windows\system32\UIWEBMON.DLL

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%ProgramFiles%\Microsoft Fix it Center\MatsRes.dll,-9000" (MatSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft Fix it Center\Matsvc.exe
"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll  (File not found)
"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"  (File not found)
"@C:\Program Files (x86)\Nero\Update\NASvc.exe,-200" (NAUpdate) - "Nero AG" - C:\Program Files (x86)\Nero\Update\NASvc.exe
"ABBYY FineReader 10 PE Licensing Service" (ABBYY.Licensing.FineReader.Professional.10.0) - "ABBYY" - C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Easybits GO Services for Windows" (ezGOSvc) - ? - C:\Windows\SysWOW64\ezGOSvc.dll  (File found, but it contains no detailed information)
"ESET Service" (ekrn) - "ESET" - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"Input Director Service" (InputDirector) - ? - C:\Program Files (x86)\Input Director\IDWinService.exe  (File found, but it contains no detailed information)
"Input Director Vista Service" (IDVistaService) - ? - C:\Program Files (x86)\Input Director\IDVistaService.exe  (File found, but it contains no detailed information)
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"Nero BackItUp Scheduler 4.0" (Nero BackItUp Scheduler 4.0) - "Nero AG" - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
"NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll
"Remote Packet Capture Protocol v.0 (experimental)" (rpcapd) - "CACE Technologies, Inc." - C:\Program Files (x86)\WinPcap\rpcapd.exe
"SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files (x86)\Skype\Updater\Updater.exe
"Sony SCSI Helper Service" (Sony SCSI Helper Service) - "Sony Corporation" - C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
"StarMoney 7.0 OnlineUpdate" (StarMoney 7.0 OnlineUpdate) - "Star Finanz - Software Entwicklung und Vertriebs GmbH" - C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe
"StarMoney 8.0 OnlineUpdate" (StarMoney 8.0 OnlineUpdate) - "Star Finanz - Software Entwicklung und Vertriebs GmbH" - C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
"TabletServicePen" (TabletServicePen) - "Wacom Technology, Corp." - C:\Windows\system32\Pen_Tablet.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
"WTouch Service" (WTouchService) - "Wacom Technology, Corp." - C:\Program Files\WTouch\WTouchService.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files (x86)\Bonjour\mdnsNSP.dll
"WindowsLive Local NSP" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
[/code]

Und last but not least, ASWMBR:

Code:

ATTFilter

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-19 20:04:12
-----------------------------
20:04:12.982    OS Version: Windows x64 6.1.7601 Service Pack 1
20:04:12.982    Number of processors: 2 586 0x4303
20:04:12.982    ComputerName: SIRIUS  UserName: (***)
20:04:13.858    Initialize success
20:04:55.468    AVAST engine defs: 12061900
20:05:10.157    Disk 0  \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
20:05:10.157    Disk 0 Vendor: WDC_WD5000AADS-00S9B0 01.00A01 Size: 476940MB BusType: 3
20:05:10.173    Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0
20:05:10.173    Disk 1 Vendor: SAMSUNG_HD321KJ CP100-10 Size: 305245MB BusType: 3
20:05:10.189    Disk 1 MBR read successfully
20:05:10.189    Disk 1 MBR scan
20:05:10.204    Disk 1 Windows 7 default MBR code
20:05:10.204    Disk 1 Partition 1 80 (A) 07    HPFS/NTFS NTFS       305243 MB offset 2048
20:05:10.235    Disk 1 scanning C:\Windows\system32\drivers
20:05:25.944    Service scanning
20:06:01.304    Modules scanning
20:06:01.304    Disk 1 trace - called modules:
20:06:01.319    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys 
20:06:01.335    1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8007999060]
20:06:01.335    3 CLASSPNP.SYS[fffff8800196343f] -> nt!IofCallDriver -> [0xfffffa80075a5580]
20:06:01.335    5 ACPI.sys[fffff88000f307a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80075a2060]
20:06:05.206    AVAST engine scan C:\Windows
20:06:12.327    AVAST engine scan C:\Windows\system32
20:10:12.611    AVAST engine scan C:\Windows\system32\drivers
20:10:33.398    AVAST engine scan C:\Users\(***)
21:58:18.843    AVAST engine scan C:\ProgramData
22:23:15.549    Scan finished successfully
00:25:47.981    Disk 1 MBR has been saved successfully to "C:\Users\(***)\Desktop\MBR.dat"
00:25:47.996    The log file has been saved successfully to "C:\Users\(***)\Desktop\aswMBR.txt"

und jetzt bin ich, wieder einmal, gespannt.

Viele Grüße,
Bangalorean

cosinus · 20.06.2012, 09:09

Wegen desinfec't spricht dich evtl nochmal W_Dackel an

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Bangalorean · 20.06.2012, 23:41

Endspurt.

Hier ist das Log zu MalWareBytes (ich könnte schwören, dass ich das schon gepostet habe... hmmm... ich werde alt... hoffentlich :-))
Also... ich hoffe, ich habe die richtige Log-Datei erwischt.

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.20.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
(***) :: SIRIUS [Administrator]

Schutz: Aktiviert

20.06.2012 10:39:49
mbam-log-2012-06-20 (10-39-49).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 1080244
Laufzeit: 3 Stunde(n), 32 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Hier ist das SUPERAntiSpyware Log. Frage: Soll ich die "Fundstücke" in die Quarantäne stecken? Und wem kann ich Screenshots zukommen lassen, es gibt eine neue Software-Version und die Beschreibung passt nicht mehr richtig.

Code:

ATTFilter

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 06/20/2012 at 11:11 PM

Application Version : 5.1.1002

Core Rules Database Version : 8763
Trace Rules Database Version: 6575

Scan type       : Complete Scan
Total Scan Time : 08:30:13

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator

Memory items scanned      : 720
Memory threats detected   : 0
Registry items scanned    : 73505
Registry threats detected : 0
File items scanned        : 639934
File threats detected     : 1149

Adware.Tracking Cookie
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@247realmedia[1].txt [ /247realmedia ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@a2.adserver01[1].txt [ /a2.adserver01 ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@account.live[2].txt [ /account.live ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@ad-mngt[1].txt [ /ad-mngt ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@ad.71i[1].txt [ /ad.71i ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@ad.adnet[2].txt [ /ad.adnet ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@ad.bauerverlag[1].txt [ /ad.bauerverlag ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@ad.labpixies[2].txt [ /ad.labpixies ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@ad.salebroker[2].txt [ /ad.salebroker ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@ad.zanox[2].txt [ /ad.zanox ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@adbrite[1].txt [ /adbrite ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@adfarm1.adition[2].txt [ /adfarm1.adition ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@adopt.euroclick[1].txt [ /adopt.euroclick ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@adopt.specificclick[2].txt [ /adopt.specificclick ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@ads.ad4game[2].txt [ /ads.ad4game ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@ads.admediate[1].txt [ /ads.admediate ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@ads.mediaflite[1].txt [ /ads.mediaflite ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@ads.mininova[1].txt [ /ads.mininova ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@ads.ookla[2].txt [ /ads.ookla ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@ads.planetactive[1].txt [ /ads.planetactive ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@ads.quartermedia[1].txt [ /ads.quartermedia ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@ads.sun[2].txt [ /ads.sun ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@ads.us.e-planning[1].txt [ /ads.us.e-planning ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@adserv.controllingportal[2].txt [ /adserv.controllingportal ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@adserver.71i[1].txt [ /adserver.71i ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@adserver.easyad[1].txt [ /adserver.easyad ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@adserver.konradin[1].txt [ /adserver.konradin ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@adserver.trojaner-info[1].txt [ /adserver.trojaner-info ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@adsrv.admediate[1].txt [ /adsrv.admediate ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@adultfriendfinder[1].txt [ /adultfriendfinder ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@advertising[2].txt [ /advertising ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@as1.falkag[1].txt [ /as1.falkag ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@atdmt[1].txt [ /atdmt ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@autoscout24.112.2o7[1].txt [ /autoscout24.112.2o7 ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@axelspringer.122.2o7[1].txt [ /axelspringer.122.2o7 ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@banner.testberichte[1].txt [ /banner.testberichte ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@bravenet[2].txt [ /bravenet ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@c.gigcount[1].txt [ /c.gigcount ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@chitika[2].txt [ /chitika ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@clickandbuy[1].txt [ /clickandbuy ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@collective-media[1].txt [ /collective-media ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@content.yieldmanager[2].txt [ /content.yieldmanager ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@count.spring[1].txt [ /count.spring ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@counter.msi.com[2].txt [ /counter.msi.com ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@cpx.mediascale[1].txt [ /cpx.mediascale ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@delivery.ads.coupling-media[1].txt [ /delivery.ads.coupling-media ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@deutschepostag.112.2o7[1].txt [ /deutschepostag.112.2o7 ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@dmtracker[1].txt [ /dmtracker ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@e-2dj6wjlyamcpmgo.stats.esomniture[2].txt [ /e-2dj6wjlyamcpmgo.stats.esomniture ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@edge.ru4[2].txt [ /edge.ru4 ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@efashionsolutions.122.2o7[1].txt [ /efashionsolutions.122.2o7 ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@euros4click[2].txt [ /euros4click ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@faq.kochmedia[2].txt [ /faq.kochmedia ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@gcc-08.googleadservices[1].txt [ /gcc-08.googleadservices ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@gtb1.acecounter[1].txt [ /gtb1.acecounter ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@hbxtracking.sueddeutsche[1].txt [ /hbxtracking.sueddeutsche ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@hearstmagazines.112.2o7[1].txt [ /hearstmagazines.112.2o7 ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@hmt.connexpromotions[2].txt [ /hmt.connexpromotions ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@im.banner.t-online[1].txt [ /im.banner.t-online ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@imrworldwide[2].txt [ /imrworldwide ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@indextools[2].txt [ /indextools ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@insightexpressai[1].txt [ /insightexpressai ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@kabelbw.112.2o7[1].txt [ /kabelbw.112.2o7 ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@kddi.122.2o7[1].txt [ /kddi.122.2o7 ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@komtrack[1].txt [ /komtrack ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@kontera[2].txt [ /kontera ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@m1.webstats.motigo[2].txt [ /m1.webstats.motigo ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@media6degrees[1].txt [ /media6degrees ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@mediametrics.mpsa[2].txt [ /mediametrics.mpsa ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@microsoftinternetexplorer.112.2o7[1].txt [ /microsoftinternetexplorer.112.2o7 ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@microsoftoffice.112.2o7[1].txt [ /microsoftoffice.112.2o7 ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@microsoftsto.112.2o7[1].txt [ /microsoftsto.112.2o7 ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@msnaccountservices.112.2o7[2].txt [ /msnaccountservices.112.2o7 ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@msnportal.112.2o7[1].txt [ /msnportal.112.2o7 ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@myfamily.112.2o7[1].txt [ /myfamily.112.2o7 ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@opodo.122.2o7[1].txt [ /opodo.122.2o7 ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@overture[1].txt [ /overture ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@partners.webmasterplan[2].txt [ /partners.webmasterplan ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@paypal.112.2o7[1].txt [ /paypal.112.2o7 ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@perf.overture[1].txt [ /perf.overture ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@philips.112.2o7[1].txt [ /philips.112.2o7 ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@pinnaclesystems.122.2o7[2].txt [ /pinnaclesystems.122.2o7 ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@questionmarket[3].txt [ /questionmarket ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@realmedia[1].txt [ /realmedia ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@revsci[2].txt [ /revsci ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@richmedia.yahoo[1].txt [ /richmedia.yahoo ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@rotator.adjuggler[1].txt [ /rotator.adjuggler ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@s3.trafficmaxx[2].txt [ /s3.trafficmaxx ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@schuhfinder[1].txt [ /schuhfinder ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@server.iad.liveperson[1].txt [ /server.iad.liveperson ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@smartadserver[2].txt [ /smartadserver ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@specificclick[2].txt [ /specificclick ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@spylog[2].txt [ /spylog ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@stats.bmw[1].txt [ /stats.bmw ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@stats.lukeredpath.co[1].txt [ /stats.lukeredpath.co ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@stats.paypal[2].txt [ /stats.paypal ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@stats.searchtrack[1].txt [ /stats.searchtrack ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@statsweb.bnpparibas[2].txt [ /statsweb.bnpparibas ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@support.kochmedia[1].txt [ /support.kochmedia ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@te.kontera[2].txt [ /te.kontera ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@tele2de.112.2o7[1].txt [ /tele2de.112.2o7 ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@track.webtrekk[1].txt [ /track.webtrekk ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@track.webtrekk[2].txt [ /track.webtrekk ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@track.webtrekk[3].txt [ /track.webtrekk ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@tracking.mindshare[2].txt [ /tracking.mindshare ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@tracking.mlsat02[1].txt [ /tracking.mlsat02 ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@tracking.quisma[1].txt [ /tracking.quisma ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@traffictrack[2].txt [ /traffictrack ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@tribalfusion[2].txt [ /tribalfusion ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@tripod[1].txt [ /tripod ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@truition.122.2o7[1].txt [ /truition.122.2o7 ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@tvtv.122.2o7[1].txt [ /tvtv.122.2o7 ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@unicreditgroup.122.2o7[1].txt [ /unicreditgroup.122.2o7 ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@videoegg.adbureau[2].txt [ /videoegg.adbureau ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@vodafonegroup.122.2o7[1].txt [ /vodafonegroup.122.2o7 ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@weborama[2].txt [ /weborama ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@windowsmedia[2].txt [ /windowsmedia ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@winzip.122.2o7[1].txt [ /winzip.122.2o7 ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@ww251.smartadserver[1].txt [ /ww251.smartadserver ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@www.etracker[1].txt [ /www.etracker ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@www.googleadservices[3].txt [ /www.googleadservices ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@www.w3counter[1].txt [ /www.w3counter ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@xiti[1].txt [ /xiti ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@youporn[2].txt [ /youporn ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@zanox-affiliate[1].txt [ /zanox-affiliate ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@zanox[2].txt [ /zanox ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@zbox.zanox[2].txt [ /zbox.zanox ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\O2DEIP2B.txt [ /2o7.net ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\XYKCML7Q.txt [ /eas.apm.emediate.eu ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@de.sitestat[3].txt [ /de.sitestat.com ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\73UVAZQJ.txt [ /ad2.adfarm1.adition.com ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\FOIX8POJ.txt [ /ad.yieldmanager.com ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\O8KJ27PR.txt [ /invitemedia.com ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\UJ8MHUB9.txt [ /adtech.de ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\0WMAB5BH.txt [ /go.easybitsmedia.com ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\KQO436L7.txt [ /bs.serving-sys.com ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\PXPW63W6.txt [ /serving-sys.com ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@de.sitestat[1].txt [ /de.sitestat.com ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@de.sitestat[2].txt [ /de.sitestat.com ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@de.sitestat[5].txt [ /de.sitestat.com ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\PIJVOUOO.txt [ /advertising.counterpath.com ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\G039KI2Y.txt [ /track.adform.net ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\6QHFQXZ4.txt [ /webmasterplan.com ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Y0OP7L3U.txt [ /amazon-adsystem.com ]
	C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Cookies\QN7T494C.txt [ /adform.net ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@eu.battle[2].txt [ Cookie:(***)@eu.battle.net/account ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@admax.quisma[2].txt [ Cookie:(***)@admax.quisma.com/tracking/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\(***)@www.latextop50[1].txt [ Cookie:(***)@www.latextop50.com/php/toplist/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@2o7[1].txt [ Cookie:(***)@2o7.net/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@tribalfusion[2].txt [ Cookie:(***)@tribalfusion.com/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@indextools[2].txt [ Cookie:(***)@indextools.com/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@microsoftoffice.112.2o7[1].txt [ Cookie:(***)@microsoftoffice.112.2o7.net/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@rotator.adjuggler[1].txt [ Cookie:(***)@rotator.adjuggler.com/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@edge.ru4[2].txt [ Cookie:(***)@edge.ru4.com/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@eas.apm.emediate[1].txt [ Cookie:(***)@eas.apm.emediate.eu/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@truition.122.2o7[1].txt [ Cookie:(***)@truition.122.2o7.net/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\I20EB5KF.txt [ Cookie:(***)@ad3.adfarm1.adition.com/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@track.webtrekk[3].txt [ Cookie:(***)@track.webtrekk.de/445541762785972/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@traffictrack[2].txt [ Cookie:(***)@traffictrack.de/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@opodo.122.2o7[1].txt [ Cookie:(***)@opodo.122.2o7.net/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@overture[1].txt [ Cookie:(***)@overture.com/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@hmt.connexpromotions[2].txt [ Cookie:(***)@hmt.connexpromotions.de/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@partners.webmasterplan[2].txt [ Cookie:(***)@partners.webmasterplan.com/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@perf.overture[1].txt [ Cookie:(***)@perf.overture.com/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@de.sitestat[3].txt [ Cookie:(***)@de.sitestat.com/sueddeutsche/sueddeutsche/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@adserver.trojaner-info[1].txt [ Cookie:(***)@adserver.trojaner-info.de/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@zedo[1].txt [ Cookie:(***)@zedo.com/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@adbrite[1].txt [ Cookie:(***)@adbrite.com/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@advertising[2].txt [ Cookie:(***)@advertising.com/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@server.iad.liveperson[1].txt [ Cookie:(***)@server.iad.liveperson.net/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@adopt.specificclick[2].txt [ Cookie:(***)@adopt.specificclick.net/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@counter.msi.com[2].txt [ Cookie:(***)@counter.msi.com.tw/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@sextracker[2].txt [ Cookie:(***)@sextracker.com/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@statse.webtrendslive[2].txt [ Cookie:(***)@statse.webtrendslive.com/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@stats.bmw[1].txt [ Cookie:(***)@stats.bmw.de/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@adserver.konradin[1].txt [ Cookie:(***)@adserver.konradin.de/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@www.etracker[1].txt [ Cookie:(***)@www.etracker.de/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@myfamily.112.2o7[1].txt [ Cookie:(***)@myfamily.112.2o7.net/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@ads.admediate[1].txt [ Cookie:(***)@ads.admediate.com/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@schuhfinder[1].txt [ Cookie:(***)@schuhfinder.de/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@realmedia[1].txt [ Cookie:(***)@realmedia.com/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@stats.searchtrack[1].txt [ Cookie:(***)@stats.searchtrack.net/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@adopt.euroclick[1].txt [ Cookie:(***)@adopt.euroclick.com/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@ad.yieldmanager[2].txt [ Cookie:(***)@ad.yieldmanager.com/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@komtrack[1].txt [ Cookie:(***)@komtrack.com/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@clickandbuy[1].txt [ Cookie:(***)@clickandbuy.com/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@spylog[2].txt [ Cookie:(***)@spylog.com/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@adtech[3].txt [ Cookie:(***)@adtech.de/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@mediametrics.mpsa[2].txt [ Cookie:(***)@mediametrics.mpsa.com/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@msnportal.112.2o7[1].txt [ Cookie:(***)@msnportal.112.2o7.net/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@apmebf[1].txt [ Cookie:(***)@apmebf.com/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@questionmarket[3].txt [ Cookie:(***)@questionmarket.com/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@mediaplex[2].txt [ Cookie:(***)@mediaplex.com/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@count.spring[1].txt [ Cookie:(***)@count.spring.de/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@bs.serving-sys[2].txt [ Cookie:(***)@bs.serving-sys.com/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@microsoftinternetexplorer.112.2o7[1].txt [ Cookie:(***)@microsoftinternetexplorer.112.2o7.net/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\MZW25M33.txt [ Cookie:(***)@adfarm1.adition.com/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@paypal.112.2o7[1].txt [ Cookie:(***)@paypal.112.2o7.net/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@s3.trafficmaxx[2].txt [ Cookie:(***)@s3.trafficmaxx.de/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@ad.adnet[2].txt [ Cookie:(***)@ad.adnet.de/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@counter11.sextracker[1].txt [ Cookie:(***)@counter11.sextracker.com/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@msnaccountservices.112.2o7[2].txt [ Cookie:(***)@msnaccountservices.112.2o7.net/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@revsci[2].txt [ Cookie:(***)@revsci.net/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@www.latextop50[1].txt [ Cookie:(***)@www.latextop50.com/php/toplist/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@statsweb.bnpparibas[2].txt [ Cookie:(***)@statsweb.bnpparibas.com/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@fastclick[2].txt [ Cookie:(***)@fastclick.net/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@faq.kochmedia[2].txt [ Cookie:(***)@faq.kochmedia.com/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\2P9PNGZT.txt [ Cookie:(***)@atdmt.com/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@weborama[2].txt [ Cookie:(***)@weborama.fr/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@stats.paypal[2].txt [ Cookie:(***)@stats.paypal.com/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@track.webtrekk[1].txt [ Cookie:(***)@track.webtrekk.de/565556556123999/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@zanox[1].txt [ Cookie:(***)@zanox.com/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@ad.zanox[2].txt [ Cookie:(***)@ad.zanox.com/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@media.adrevolver[1].txt [ Cookie:(***)@media.adrevolver.com/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@ads.mediaflite[1].txt [ Cookie:(***)@ads.mediaflite.de/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@dmtracker[1].txt [ Cookie:(***)@dmtracker.com/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@track.webtrekk[2].txt [ Cookie:(***)@track.webtrekk.de/717271728474897/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@cpx.mediascale[1].txt [ Cookie:(***)@cpx.mediascale.de/cpx/action/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@te.kontera[2].txt [ Cookie:(***)@te.kontera.com/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@media.expedia[2].txt [ Cookie:(***)@media.expedia.com/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@bluestreak[1].txt [ Cookie:(***)@bluestreak.com/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@kontera[2].txt [ Cookie:(***)@kontera.com/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@stats.lukeredpath.co[1].txt [ Cookie:(***)@stats.lukeredpath.co.uk/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@microsoftsto.112.2o7[1].txt [ Cookie:(***)@microsoftsto.112.2o7.net/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@clickbank[1].txt [ Cookie:(***)@clickbank.net/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@deutschepostag.112.2o7[1].txt [ Cookie:(***)@deutschepostag.112.2o7.net/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@tracking.mlsat02[1].txt [ Cookie:(***)@tracking.mlsat02.de/tmobile/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@support.kochmedia[1].txt [ Cookie:(***)@support.kochmedia.com/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@efashionsolutions.122.2o7[1].txt [ Cookie:(***)@efashionsolutions.122.2o7.net/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@delivery.ads.coupling-media[1].txt [ Cookie:(***)@delivery.ads.coupling-media.com/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@zbox.zanox[2].txt [ Cookie:(***)@zbox.zanox.com/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@autoscout24.112.2o7[1].txt [ Cookie:(***)@autoscout24.112.2o7.net/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@de.sitestat[1].txt [ Cookie:(***)@de.sitestat.com/lycos-de/de/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@webmasterplan[2].txt [ Cookie:(***)@webmasterplan.com/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@philips.112.2o7[1].txt [ Cookie:(***)@philips.112.2o7.net/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@adviva[2].txt [ Cookie:(***)@adviva.net/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@videoegg.adbureau[2].txt [ Cookie:(***)@videoegg.adbureau.net/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@casalemedia[1].txt [ Cookie:(***)@casalemedia.com/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@winzip.122.2o7[1].txt [ Cookie:(***)@winzip.122.2o7.net/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@content.yieldmanager[2].txt [ Cookie:(***)@content.yieldmanager.com/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@ww251.smartadserver[1].txt [ Cookie:(***)@ww251.smartadserver.com/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@247realmedia[1].txt [ Cookie:(***)@247realmedia.com/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@account.live[2].txt [ Cookie:(***)@account.live.com/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@de.sitestat[2].txt [ Cookie:(***)@de.sitestat.com/lycos-de/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@ehg-tvtv.hitbox[1].txt [ Cookie:(***)@ehg-tvtv.hitbox.com/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@tracking.quisma[1].txt [ Cookie:(***)@tracking.quisma.com/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@hbxtracking.sueddeutsche[1].txt [ Cookie:(***)@hbxtracking.sueddeutsche.de/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@kddi.122.2o7[1].txt [ Cookie:(***)@kddi.122.2o7.net/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@a2.adserver01[1].txt [ Cookie:(***)@a2.adserver01.de/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@pinnaclesystems.122.2o7[2].txt [ Cookie:(***)@pinnaclesystems.122.2o7.net/ ]
	C:\USERS\(***)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(***)@zanox-affiliate[1].txt [ Cookie:(***)@zanox-affiliate.de/ ]
	C:\USERS\(***)\Cookies\(***)@windowsmedia[2].txt [ Cookie:(***)@windowsmedia.com/ ]
	C:\USERS\(***)\Cookies\O2DEIP2B.txt [ Cookie:(***)@2o7.net/ ]
	C:\USERS\(***)\Cookies\(***)@indextools[2].txt [ Cookie:(***)@indextools.com/ ]
	C:\USERS\(***)\Cookies\XYKCML7Q.txt [ Cookie:(***)@eas.apm.emediate.eu/ ]
	C:\USERS\(***)\Cookies\(***)@edge.ru4[2].txt [ Cookie:(***)@edge.ru4.com/ ]
	C:\USERS\(***)\Cookies\(***)@ad.zanox[2].txt [ Cookie:(***)@ad.zanox.com/ ]
	C:\USERS\(***)\Cookies\(***)@ads.mediaflite[1].txt [ Cookie:(***)@ads.mediaflite.de/ ]
	C:\USERS\(***)\Cookies\(***)@hmt.connexpromotions[2].txt [ Cookie:(***)@hmt.connexpromotions.de/ ]
	C:\USERS\(***)\Cookies\(***)@perf.overture[1].txt [ Cookie:(***)@perf.overture.com/ ]
	C:\USERS\(***)\Cookies\(***)@de.sitestat[3].txt [ Cookie:(***)@de.sitestat.com/sueddeutsche/sueddeutsche/ ]
	C:\USERS\(***)\Cookies\(***)@adserver.trojaner-info[1].txt [ Cookie:(***)@adserver.trojaner-info.de/ ]
	C:\USERS\(***)\Cookies\(***)@cpx.mediascale[1].txt [ Cookie:(***)@cpx.mediascale.de/cpx/action/ ]
	C:\USERS\(***)\Cookies\(***)@adbrite[1].txt [ Cookie:(***)@adbrite.com/ ]
	C:\USERS\(***)\Cookies\(***)@advertising[2].txt [ Cookie:(***)@advertising.com/ ]
	C:\USERS\(***)\Cookies\(***)@adopt.specificclick[2].txt [ Cookie:(***)@adopt.specificclick.net/ ]
	C:\USERS\(***)\Cookies\(***)@counter.msi.com[2].txt [ Cookie:(***)@counter.msi.com.tw/ ]
	C:\USERS\(***)\Cookies\(***)@adserver.konradin[1].txt [ Cookie:(***)@adserver.konradin.de/ ]
	C:\USERS\(***)\Cookies\(***)@deutschepostag.112.2o7[1].txt [ Cookie:(***)@deutschepostag.112.2o7.net/ ]
	C:\USERS\(***)\Cookies\(***)@ads.admediate[1].txt [ Cookie:(***)@ads.admediate.com/ ]
	C:\USERS\(***)\Cookies\(***)@a2.adserver01[1].txt [ Cookie:(***)@a2.adserver01.de/ ]
	C:\USERS\(***)\Cookies\(***)@adopt.euroclick[1].txt [ Cookie:(***)@adopt.euroclick.com/ ]
	C:\USERS\(***)\Cookies\FOIX8POJ.txt [ Cookie:(***)@ad.yieldmanager.com/ ]
	C:\USERS\(***)\Cookies\(***)@clickandbuy[1].txt [ Cookie:(***)@clickandbuy.com/ ]
	C:\USERS\(***)\Cookies\(***)@delivery.ads.coupling-media[1].txt [ Cookie:(***)@delivery.ads.coupling-media.com/ ]
	C:\USERS\(***)\Cookies\UJ8MHUB9.txt [ Cookie:(***)@adtech.de/ ]
	C:\USERS\(***)\Cookies\(***)@mediametrics.mpsa[2].txt [ Cookie:(***)@mediametrics.mpsa.com/ ]
	C:\USERS\(***)\Cookies\(***)@autoscout24.112.2o7[1].txt [ Cookie:(***)@autoscout24.112.2o7.net/ ]
	C:\USERS\(***)\Cookies\(***)@msnportal.112.2o7[1].txt [ Cookie:(***)@msnportal.112.2o7.net/ ]
	C:\USERS\(***)\Cookies\(***)@questionmarket[3].txt [ Cookie:(***)@questionmarket.com/ ]
	C:\USERS\(***)\Cookies\0WMAB5BH.txt [ Cookie:(***)@go.easybitsmedia.com/ ]
	C:\USERS\(***)\Cookies\KQO436L7.txt [ Cookie:(***)@bs.serving-sys.com/ ]
	C:\USERS\(***)\Cookies\(***)@bravenet[2].txt [ Cookie:(***)@bravenet.com/ ]
	C:\USERS\(***)\Cookies\(***)@c.gigcount[1].txt [ Cookie:(***)@c.gigcount.com/ ]
	C:\USERS\(***)\Cookies\(***)@adfarm1.adition[2].txt [ Cookie:(***)@adfarm1.adition.com/ ]
	C:\USERS\(***)\Cookies\(***)@paypal.112.2o7[1].txt [ Cookie:(***)@paypal.112.2o7.net/ ]
	C:\USERS\(***)\Cookies\(***)@ad.adnet[2].txt [ Cookie:(***)@ad.adnet.de/ ]
	C:\USERS\(***)\Cookies\(***)@s3.trafficmaxx[2].txt [ Cookie:(***)@s3.trafficmaxx.de/ ]
	C:\USERS\(***)\Cookies\(***)@e-2dj6wjlyamcpmgo.stats.esomniture[2].txt [ Cookie:(***)@e-2dj6wjlyamcpmgo.stats.esomniture.com/ ]
	C:\USERS\(***)\Cookies\(***)@pinnaclesystems.122.2o7[2].txt [ Cookie:(***)@pinnaclesystems.122.2o7.net/ ]
	C:\USERS\(***)\Cookies\(***)@de.sitestat[1].txt [ Cookie:(***)@de.sitestat.com/is24-mail/is24-mail/ ]
	C:\USERS\(***)\Cookies\(***)@tripod[1].txt [ Cookie:(***)@tripod.com/ ]
	C:\USERS\(***)\Cookies\(***)@247realmedia[1].txt [ Cookie:(***)@247realmedia.com/ ]
	C:\USERS\(***)\Cookies\(***)@account.live[2].txt [ Cookie:(***)@account.live.com/ ]
	C:\USERS\(***)\Cookies\(***)@tracking.mindshare[2].txt [ Cookie:(***)@tracking.mindshare.de/ ]
	C:\USERS\(***)\Cookies\(***)@eu.battle[2].txt [ Cookie:(***)@eu.battle.net/account ]
	C:\USERS\(***)\Cookies\(***)@de.sitestat[2].txt [ Cookie:(***)@de.sitestat.com/lycos-de/ ]
	C:\USERS\(***)\Cookies\(***)@faq.kochmedia[2].txt [ Cookie:(***)@faq.kochmedia.com/ ]
	C:\USERS\(***)\Cookies\(***)@youporn[2].txt [ Cookie:(***)@youporn.com/ ]
	C:\USERS\(***)\Cookies\(***)@tracking.quisma[1].txt [ Cookie:(***)@tracking.quisma.com/ ]
	C:\USERS\(***)\Cookies\(***)@weborama[2].txt [ Cookie:(***)@weborama.fr/ ]
	C:\USERS\(***)\Cookies\(***)@tribalfusion[2].txt [ Cookie:(***)@tribalfusion.com/ ]
	C:\USERS\(***)\Cookies\(***)@microsoftoffice.112.2o7[1].txt [ Cookie:(***)@microsoftoffice.112.2o7.net/ ]
	C:\USERS\(***)\Cookies\(***)@rotator.adjuggler[1].txt [ Cookie:(***)@rotator.adjuggler.com/ ]
	C:\USERS\(***)\Cookies\(***)@truition.122.2o7[1].txt [ Cookie:(***)@truition.122.2o7.net/ ]
	C:\USERS\(***)\Cookies\(***)@track.webtrekk[3].txt [ Cookie:(***)@track.webtrekk.de/445541762785972/ ]
	C:\USERS\(***)\Cookies\(***)@traffictrack[2].txt [ Cookie:(***)@traffictrack.de/ ]
	C:\USERS\(***)\Cookies\(***)@dmtracker[1].txt [ Cookie:(***)@dmtracker.com/ ]
	C:\USERS\(***)\Cookies\(***)@opodo.122.2o7[1].txt [ Cookie:(***)@opodo.122.2o7.net/ ]
	C:\USERS\(***)\Cookies\(***)@overture[1].txt [ Cookie:(***)@overture.com/ ]
	C:\USERS\(***)\Cookies\(***)@partners.webmasterplan[2].txt [ Cookie:(***)@partners.webmasterplan.com/ ]
	C:\USERS\(***)\Cookies\(***)@te.kontera[2].txt [ Cookie:(***)@te.kontera.com/ ]
	C:\USERS\(***)\Cookies\(***)@track.webtrekk[2].txt [ Cookie:(***)@track.webtrekk.de/717271728474897/ ]
	C:\USERS\(***)\Cookies\(***)@kontera[2].txt [ Cookie:(***)@kontera.com/ ]
	C:\USERS\(***)\Cookies\(***)@server.iad.liveperson[1].txt [ Cookie:(***)@server.iad.liveperson.net/ ]
	C:\USERS\(***)\Cookies\(***)@microsoftsto.112.2o7[1].txt [ Cookie:(***)@microsoftsto.112.2o7.net/ ]
	C:\USERS\(***)\Cookies\(***)@stats.bmw[1].txt [ Cookie:(***)@stats.bmw.de/ ]
	C:\USERS\(***)\Cookies\(***)@www.etracker[1].txt [ Cookie:(***)@www.etracker.de/ ]
	C:\USERS\(***)\Cookies\(***)@kddi.122.2o7[1].txt [ Cookie:(***)@kddi.122.2o7.net/ ]
	C:\USERS\(***)\Cookies\(***)@myfamily.112.2o7[1].txt [ Cookie:(***)@myfamily.112.2o7.net/ ]
	C:\USERS\(***)\Cookies\(***)@realmedia[1].txt [ Cookie:(***)@realmedia.com/ ]
	C:\USERS\(***)\Cookies\(***)@stats.searchtrack[1].txt [ Cookie:(***)@stats.searchtrack.net/ ]
	C:\USERS\(***)\Cookies\(***)@tracking.mlsat02[1].txt [ Cookie:(***)@tracking.mlsat02.de/tmobile/ ]
	C:\USERS\(***)\Cookies\(***)@komtrack[1].txt [ Cookie:(***)@komtrack.com/ ]
	C:\USERS\(***)\Cookies\(***)@efashionsolutions.122.2o7[1].txt [ Cookie:(***)@efashionsolutions.122.2o7.net/ ]
	C:\USERS\(***)\Cookies\(***)@spylog[2].txt [ Cookie:(***)@spylog.com/ ]
	C:\USERS\(***)\Cookies\(***)@zbox.zanox[2].txt [ Cookie:(***)@zbox.zanox.com/ ]
	C:\USERS\(***)\Cookies\(***)@count.spring[1].txt [ Cookie:(***)@count.spring.de/ ]
	C:\USERS\(***)\Cookies\(***)@microsoftinternetexplorer.112.2o7[1].txt [ Cookie:(***)@microsoftinternetexplorer.112.2o7.net/ ]
	C:\USERS\(***)\Cookies\(***)@content.yieldmanager[2].txt [ Cookie:(***)@content.yieldmanager.com/ ]
	C:\USERS\(***)\Cookies\(***)@admax.quisma[2].txt [ Cookie:(***)@admax.quisma.com/tracking/ ]
	C:\USERS\(***)\Cookies\(***)@msnaccountservices.112.2o7[2].txt [ Cookie:(***)@msnaccountservices.112.2o7.net/ ]
	C:\USERS\(***)\Cookies\(***)@revsci[2].txt [ Cookie:(***)@revsci.net/ ]
	C:\USERS\(***)\Cookies\(***)@statsweb.bnpparibas[2].txt [ Cookie:(***)@statsweb.bnpparibas.com/ ]
	C:\USERS\(***)\Cookies\(***)@www.latextop50[1].txt [ Cookie:(***)@www.latextop50.com/php/toplist/ ]
	C:\USERS\(***)\Cookies\(***)@stats.paypal[2].txt [ Cookie:(***)@stats.paypal.com/ ]
	C:\USERS\(***)\Cookies\(***)@track.webtrekk[1].txt [ Cookie:(***)@track.webtrekk.de/565556556123999/ ]
	C:\USERS\(***)\Cookies\(***)@zanox[2].txt [ Cookie:(***)@zanox.com/ ]
	C:\USERS\(***)\Cookies\PIJVOUOO.txt [ Cookie:(***)@advertising.counterpath.com/ ]
	C:\USERS\(***)\Cookies\(***)@stats.lukeredpath.co[1].txt [ Cookie:(***)@stats.lukeredpath.co.uk/ ]
	C:\USERS\(***)\Cookies\(***)@schuhfinder[1].txt [ Cookie:(***)@schuhfinder.de/ ]
	C:\USERS\(***)\Cookies\(***)@support.kochmedia[1].txt [ Cookie:(***)@support.kochmedia.com/ ]
	C:\USERS\(***)\Cookies\6QHFQXZ4.txt [ Cookie:(***)@webmasterplan.com/ ]
	C:\USERS\(***)\Cookies\(***)@philips.112.2o7[1].txt [ Cookie:(***)@philips.112.2o7.net/ ]
	C:\USERS\(***)\Cookies\Y0OP7L3U.txt [ Cookie:(***)@amazon-adsystem.com/ ]
	C:\USERS\(***)\Cookies\QN7T494C.txt [ Cookie:(***)@adform.net/ ]
	C:\USERS\(***)\Cookies\(***)@videoegg.adbureau[2].txt [ Cookie:(***)@videoegg.adbureau.net/ ]
	C:\USERS\(***)\Cookies\(***)@winzip.122.2o7[1].txt [ Cookie:(***)@winzip.122.2o7.net/ ]
	C:\USERS\(***)\Cookies\(***)@ww251.smartadserver[1].txt [ Cookie:(***)@ww251.smartadserver.com/ ]
	C:\USERS\(***)\Cookies\(***)@hbxtracking.sueddeutsche[1].txt [ Cookie:(***)@hbxtracking.sueddeutsche.de/ ]
	C:\USERS\(***)\Cookies\(***)@vodafonegroup.122.2o7[1].txt [ Cookie:(***)@vodafonegroup.122.2o7.net/ ]
	C:\USERS\(***)\Cookies\(***)@zanox-affiliate[1].txt [ Cookie:(***)@zanox-affiliate.de/ ]
	C:\USERS\(****)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(****)@server.iad.liveperson[2].txt [ Cookie:(****)@server.iad.liveperson.net/ ]
	C:\USERS\(****)\AppData\Roaming\Microsoft\Windows\Cookies\Low\(****)@atdmt[1].txt [ Cookie:(****)@atdmt.com/ ]
	.imrworldwide.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.imrworldwide.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.atdmt.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.collective-media.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.insightexpressai.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.insightexpressai.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.insightexpressai.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.insightexpressai.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.insightexpressai.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.insightexpressai.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.invitemedia.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.advertising.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.insightexpressai.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.insightexpressai.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.insightexpressai.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.insightexpressai.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.insightexpressai.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.insightexpressai.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ru4.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ru4.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.serving-sys.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.revsci.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.interclick.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.interclick.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.smartadserver.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adbrite.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	adserver.twitpic.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	in.getclicky.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adserver.adtechus.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.kontera.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.at.atwola.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.surveymonkey.122.2o7.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.overture.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adtech.de [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ads.pointroll.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.pointroll.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.247realmedia.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	track.effiliation.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.readwriteenterprise.disqus.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.xiti.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.2o7.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.2o7.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad.yieldmanager.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.2o7.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.allbritton.122.2o7.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.eyewonder.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.im.banner.t-online.de [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.kantarmedia.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	eas4.emediate.eu [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adxpose.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.paypal.112.2o7.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.112.2o7.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.2o7.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.insightexpressai.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.2o7.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.dmtracker.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ru4.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.insightexpressai.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.insightexpressai.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.insightexpressai.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.insightexpressai.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.2o7.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.s.clickability.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.guj.122.2o7.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.cmp.112.2o7.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.2o7.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.2o7.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.overture.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.2o7.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.insightexpressai.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.s.clickability.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.legolas-media.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.insightexpressai.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.insightexpressai.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.insightexpressai.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.insightexpressai.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.insightexpressai.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.insightexpressai.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.stats.complex.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.server.cpmstar.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.insightexpressai.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.insightexpressai.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.insightexpressai.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.insightexpressai.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.panthermedia.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.qnsr.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	www.qsstats.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	www.qsstats.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.insightexpressai.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.insightexpressai.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.insightexpressai.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.insightexpressai.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.insightexpressai.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	de.sitestat.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.atlanticmedia.122.2o7.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.twittercounter.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.2o7.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.spylog.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.usairways.112.2o7.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.2o7.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	fidelity.rotator.hadj7.adjuggler.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.mediadump.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.mediadump.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.nextag.de [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.nextag.de [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.kwikmedia.nero.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.a.revenuemax.de [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	eas.apm.emediate.eu [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.conrad.122.2o7.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.insightexpressai.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad.adserver01.de [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.p6.mediamolecule.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	de.sitestat.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.secmedia.de [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	auslieferung.commindo-media-ressourcen.de [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.2o7.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.clicksor.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ads.pointroll.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.pointroll.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ads.pointroll.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ads.pointroll.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ads.pointroll.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ads.pointroll.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ads.pointroll.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ads.pointroll.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.loyaltypartner.122.2o7.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.stats.twtmore.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.stats.twtmore.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.mm.chitika.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	dfb.stats.yum.de [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	s3.trafficmaxx.de [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.2o7.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	dc.tremormedia.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.bellglobemediapublishing.122.2o7.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	de.sitestat.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.getclicky.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.static.getclicky.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.stats.paypal.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.legolas-media.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	www8.addfreestats.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adlegend.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.kabelbw.112.2o7.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adserver.gs [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.cracked.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.cracked.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.cracked.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.cracked.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	adx.chip.de [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	fidelity.rotator.hadj7.adjuggler.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.clickfuse.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	auslieferung.commindo-media-ressourcen.de [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	track.webtrekk.de [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.harrenmedianetwork.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.bizrate.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.bizrate.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	www.bizrate.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.bizrate.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.bizrate.de [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.rambler.ru [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.yadro.ru [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.tns-counter.ru [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.openstat.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	netti.mtvmedia.fi [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	fi.sitestat.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	rotator.adjuggler.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	rotator.adjuggler.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	messagespace.advertserve.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	account.manning.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	stats.ilsemedia.nl [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.bt.ilsemedia.nl [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.accounts.google.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	tracking.klicktel.de [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	tracking.klicktel.de [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	banner.slashcam.de [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.histats.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.histats.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.realmedia.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.realmedia.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad.zanox.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.trackalyzer.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	accounts.youtube.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adbrite.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.unitymediaforum.de [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.unitymediaforum.de [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.unitymediaforum.de [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.unitymediaforum.de [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.2o7.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.eyewonder.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	www.zanox-affiliate.de [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.revsci.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.traffictrack.de [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.hightraffic.hugoboss.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.webmasterplan.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.amazon-adsystem.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.amazon-adsystem.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	tracking.dc-storm.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad.yieldmanager.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.trafficmp.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.trafficmp.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.interclick.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ru4.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.tuneupmedia.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adbrite.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adbrite.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.advertising.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.www.tuneupmedia.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.yieldmanager.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.c.atdmt.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad.yieldmanager.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.apmebf.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.mediaplex.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.invitemedia.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.invitemedia.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.invitemedia.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.invitemedia.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.invitemedia.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	stats.vertriebsassistent.de [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.apmebf.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.serving-sys.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.casalemedia.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.casalemedia.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad.yieldmanager.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	accounts.google.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	accounts.youtube.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	accounts.google.de [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ads.saymedia.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	pulse-analytics-beacon.reutersmedia.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.invitemedia.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad.yieldmanager.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	banners.webmasterplan.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.webmasterplan.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad.zanox.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad.zanox.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.tracking.mindshare.de [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.tracking.quisma.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.specificclick.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	track.adform.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	de.sitestat.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	de.sitestat.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad.yieldmanager.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.invitemedia.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.invitemedia.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	dg.specificclick.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	oasc11.247realmedia.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	www.loopinsight.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	www.loopinsight.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.saymedia.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	accounts.google.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.zedo.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.zedo.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.zedo.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.zedo.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.zedo.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.zedo.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.tacoda.at.atwola.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.tacoda.at.atwola.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.tacoda.at.atwola.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.at.atwola.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.tacoda.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.tacoda.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.invitemedia.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ar.atwola.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.zanox.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.weborama.fr [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.weborama.fr [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.weborama.fr [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	accounts.google.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.revsci.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.revsci.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.revsci.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.legolas-media.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.revsci.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.tracking.quisma.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.doubleclick.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	server.adformdsp.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adformdsp.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adform.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adform.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.revsci.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	track.adform.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adform.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	traffic.brand-wall.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	traffic.brand-wall.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad3.adfarm1.adition.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	adfarm1.adition.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	www4.smartadserver.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad1.adfarm1.adition.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.smartadserver.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.smartadserver.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.serving-sys.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.serving-sys.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.serving-sys.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.mediaplex.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.media6degrees.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.media6degrees.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.media6degrees.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.revsci.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.fastclick.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.media6degrees.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.media6degrees.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.zanox.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	www.usenext.de [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	eas4.emediate.eu [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ww251.smartadserver.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.smartadserver.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ww251.smartadserver.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.smartadserver.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.smartadserver.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.smartadserver.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adfarm1.adition.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad4.adfarm1.adition.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.at.atwola.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adfarm1.adition.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad2.adfarm1.adition.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adfarm1.adition.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	adserver.itsfogo.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.revsci.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.revsci.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.revsci.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.revsci.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	statse.webtrendslive.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.revsci.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad.yieldmanager.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	accounts.google.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	accounts.google.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.doubleclick.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adbrite.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.casalemedia.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.casalemedia.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.casalemedia.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.casalemedia.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.casalemedia.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.casalemedia.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.atdmt.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.c.atdmt.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.c.atdmt.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.msnbc.112.2o7.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.legolas-media.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.legolas-media.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.legolas-media.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.questionmarket.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.questionmarket.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	mediacdn.disqus.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.microsoftsto.112.2o7.net [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.serving-sys.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.advertising.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.advertising.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.statcounter.com [ C:\USERS\(***)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	imagesrv.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Z7TEXA8N ]
	C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@AS1.FALKAG[1].TXT [ /AS1.FALKAG ]
	C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@ADS.OOKLA[2].TXT [ /ADS.OOKLA ]
	C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@EHG-ESET.HITBOX[1].TXT [ /EHG-ESET.HITBOX ]
	C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@HEARSTMAGAZINES.112.2O7[1].TXT [ /HEARSTMAGAZINES.112.2O7 ]
	C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@ADS.AD4GAME[2].TXT [ /ADS.AD4GAME ]
	C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@IMRWORLDWIDE[2].TXT [ /IMRWORLDWIDE ]
	C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@TRADEDOUBLER[1].TXT [ /TRADEDOUBLER ]
	C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@ZANOX[2].TXT [ /ZANOX ]
	C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@AD.LABPIXIES[2].TXT [ /AD.LABPIXIES ]
	C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@TELE2DE.112.2O7[1].TXT [ /TELE2DE.112.2O7 ]
	C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@DOUBLECLICK[1].TXT [ /DOUBLECLICK ]
	C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@ADS.QUARTERMEDIA[1].TXT [ /ADS.QUARTERMEDIA ]
	C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@IM.BANNER.T-ONLINE[1].TXT [ /IM.BANNER.T-ONLINE ]
	C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@HITBOX[2].TXT [ /HITBOX ]
	C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@ADFARM1.ADITION[2].TXT [ /ADFARM1.ADITION ]
	C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@MEDIA6DEGREES[1].TXT [ /MEDIA6DEGREES ]
	C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@GCC-08.GOOGLEADSERVICES[1].TXT [ /GCC-08.GOOGLEADSERVICES ]
	C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@EUROS4CLICK[2].TXT [ /EUROS4CLICK ]
	C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@COLLECTIVE-MEDIA[1].TXT [ /COLLECTIVE-MEDIA ]
	C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@RICHMEDIA.YAHOO[1].TXT [ /RICHMEDIA.YAHOO ]
	C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@FASTCLICK[1].TXT [ /FASTCLICK ]
	C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@ADS.HEIAS[1].TXT [ /ADS.HEIAS ]
	C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@AD.BAUERVERLAG[1].TXT [ /AD.BAUERVERLAG ]
	C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@SPECIFICCLICK[2].TXT [ /SPECIFICCLICK ]
	C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@ADS.PLANETACTIVE[1].TXT [ /ADS.PLANETACTIVE ]
	C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@COUNTER.HITSLINK[1].TXT [ /COUNTER.HITSLINK ]
	C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@INSIGHTEXPRESSAI[1].TXT [ /INSIGHTEXPRESSAI ]
	C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@AD.SALEBROKER[2].TXT [ /AD.SALEBROKER ]
	C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@ADULTFRIENDFINDER[1].TXT [ /ADULTFRIENDFINDER ]
	C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@XITI[1].TXT [ /XITI ]
	C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@UNICREDITGROUP.122.2O7[1].TXT [ /UNICREDITGROUP.122.2O7 ]
	C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@CHITIKA[2].TXT [ /CHITIKA ]
	C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@ADSERVER.EASYAD[1].TXT [ /ADSERVER.EASYAD ]
	C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@AD-MNGT[1].TXT [ /AD-MNGT ]
	C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@ADS.SUN[2].TXT [ /ADS.SUN ]
	C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@ADSERV.CONTROLLINGPORTAL[2].TXT [ /ADSERV.CONTROLLINGPORTAL ]
	C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@SMARTADSERVER[2].TXT [ /SMARTADSERVER ]
	C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@AD.71I[1].TXT [ /AD.71I ]
	C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@VODAFONEGROUP.122.2O7[1].TXT [ /VODAFONEGROUP.122.2O7 ]
	C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@ADSRV.ADMEDIATE[1].TXT [ /ADSRV.ADMEDIATE ]
	C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@ADTECH[1].TXT [ /ADTECH ]
	C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@GTB1.ACECOUNTER[1].TXT [ /GTB1.ACECOUNTER ]
	C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@WWW.W3COUNTER[1].TXT [ /WWW.W3COUNTER ]
	C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@BANNER.TESTBERICHTE[1].TXT [ /BANNER.TESTBERICHTE ]
	C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@WWW.GOOGLEADSERVICES[3].TXT [ /WWW.GOOGLEADSERVICES ]
	C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@AXELSPRINGER.122.2O7[1].TXT [ /AXELSPRINGER.122.2O7 ]
	C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@TVTV.122.2O7[1].TXT [ /TVTV.122.2O7 ]
	C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@BURSTNET[1].TXT [ /BURSTNET ]
	C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@M1.WEBSTATS.MOTIGO[2].TXT [ /M1.WEBSTATS.MOTIGO ]
	C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@EHG-TECHTARGET.HITBOX[2].TXT [ /EHG-TECHTARGET.HITBOX ]
	C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@ADSERVER.71I[1].TXT [ /ADSERVER.71I ]
	C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@SERVING-SYS[1].TXT [ /SERVING-SYS ]
	C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@STATCOUNTER[2].TXT [ /STATCOUNTER ]
	C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@ADS.MININOVA[1].TXT [ /ADS.MININOVA ]
	C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@ADREVOLVER[1].TXT [ /ADREVOLVER ]
	C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@QUESTIONMARKET[2].TXT [ /QUESTIONMARKET ]
	C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@COUNTER9.SEXTRACKER[1].TXT [ /COUNTER9.SEXTRACKER ]
	C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@ADS.US.E-PLANNING[1].TXT [ /ADS.US.E-PLANNING ]
	C:\USERS\(***)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(***)@KABELBW.112.2O7[1].TXT [ /KABELBW.112.2O7 ]
	.tvtv.122.2o7.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.paypal.112.2o7.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.liveperson.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.specificclick.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.amazon-adsystem.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.amazon-adsystem.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.ads.pointroll.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.pointroll.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.adbrite.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.microsoftsto.112.2o7.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.eyewonder.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.xiti.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	wstat.wibiya.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.2mdn.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.kontera.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.legolas-media.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.eyewonder.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.getclicky.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.static.getclicky.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	in.getclicky.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.adserver.adtechus.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	tracking.quisma.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.ru4.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.ru4.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.guj.122.2o7.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.at.atwola.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.uk.at.atwola.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.traffictrack.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.traffictrack.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.tto2.traffictrack.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.conrad.122.2o7.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.atlanticmedia.122.2o7.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.deutschepostag.112.2o7.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.blogads.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.blogads.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.nextag.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.247realmedia.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.mediamonkey.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.mediamonkey.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.mediamonkey.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.usairways.112.2o7.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	ad.zanox.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	tracking.mixxt.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	landing.trafficz.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	landing.trafficz.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	landing.trafficz.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	landing.trafficz.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	landing.trafficz.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	www.findwerk.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	www.findwerk.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.nextag.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.opodo.122.2o7.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.a.revenuemax.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.sonyeurope.112.2o7.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.liveperson.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	ads.saymedia.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.atwola.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	ads.saymedia.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.technoratimedia.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.technoratimedia.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.yadro.ru [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	track.solocpm.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	track.solocpm.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	track.solocpm.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	track.solocpm.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	track.solocpm.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.ad.adnet.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.blogads.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	tracking.sim-technik.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	tracking.quisma.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	partners.webmasterplan.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.interclick.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.advertstream.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.ww35.pornbest.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	tracking.publicidees.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	tracking.publicidees.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	tracking.hostgator.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.clicksor.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.clicksor.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.kabelbw.112.2o7.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	s03.flagcounter.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	2.s03.flagcounter.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.shinystat.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.overture.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	www.rondostat.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	www.rondostat.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.xing.solution.weborama.fr [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.sdabocconi.solution.weborama.fr [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.sdabocconi.solution.weborama.fr [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.sdabocconi.solution.weborama.fr [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.sdabocconi.solution.weborama.fr [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.vogelservices.122.2o7.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.traffictrack.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	ad.adserver01.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	ebusiness.springer-business-media.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.quartermedia.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	track.adform.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	clicks.pangora.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	clicks.pangora.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.liveperson.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.s.clickability.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.s.clickability.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.tracking.percentmobile.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.adxpose.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.unitymediaforum.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.unitymediaforum.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.unitymediaforum.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.unitymediaforum.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	adserver.ip-phone-forum.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.socialmediaexaminer.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.www.socialmediaexaminer.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	www.socialmediaexaminer.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	www.socialmediaexaminer.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.libri.112.2o7.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.ad.adnet.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.legolas-media.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	server.adformdsp.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.adformdsp.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.adform.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.olympiaverlag.122.2o7.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	banner.lv.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.infoworldmediagroup.112.2o7.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.questionmarket.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.yieldmanager.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.tracking.mindshare.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	ads2.iweb.cortica.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	track71.solocpm.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	track71.solocpm.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	track71.solocpm.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	eas4.emediate.eu [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.clickfuse.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	dc.tremormedia.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.112.2o7.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.adbrite.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.adbrite.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	adserv.quality-channel.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	adserv.quality-channel.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.saymedia.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.ads.pointroll.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.pointroll.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.ads.pointroll.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.ads.pointroll.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.ads.pointroll.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.ads.pointroll.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.ads.pointroll.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.ads.pointroll.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.microsoftwindows.112.2o7.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	track.solocpm.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	track1.httptrack.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	track2.httptrack.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.tacoda.at.atwola.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.tacoda.at.atwola.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.tacoda.at.atwola.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	www.usenext.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	ad.dyntracker.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.zanox-affiliate.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.zanox.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	www.zanox-affiliate.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.lucidmedia.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	server.adform.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	server.adform.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.ad.adnet.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.ad.adnet.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	ad.zanox.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	accounts.google.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	accounts.google.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	adserv.quality-channel.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	www.visitortracklog.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	accounts.google.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	server.iad.liveperson.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.adbrite.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	auslieferung.commindo-media-ressourcen.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	s1.trafficmaxx.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.tribalfusion.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.pro-market.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.pro-market.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.pro-market.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.pro-market.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.pro-market.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.at.atwola.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.tacoda.at.atwola.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.tacoda.at.atwola.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.tacoda.at.atwola.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.tacoda.at.atwola.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.at.atwola.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.tacoda.at.atwola.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.tacoda.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.ar.atwola.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.legolas-media.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.legolas-media.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.legolas-media.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.legolas-media.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.kqv.112.2o7.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	stats.united-domains.de [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.questionmarket.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	eas4.emediate.eu [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	ad3.adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	eas4.emediate.eu [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	ww251.smartadserver.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.adform.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	ad4.adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	track.adform.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.adform.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	ad2.adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	ad1.adfarm1.adition.com [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\(***)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLEWA984.DEFAULT\COOKIES.SQLITE ]
	C:\USERS\(****)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(****)@SERVING-SYS[2].TXT [ /SERVING-SYS ]
	C:\USERS\(****)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(****)@MSNPORTAL.112.2O7[1].TXT [ /MSNPORTAL.112.2O7 ]
	C:\USERS\(****)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(****)@LIVEPERSON[1].TXT [ /LIVEPERSON ]
	C:\USERS\(****)\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\(****)@BS.SERVING-SYS[2].TXT [ /BS.SERVING-SYS ]

Heur.Agent/Gen-WhiteBox
	C:\USERS\(***)\DOWNLOADS\DUPLICATECLEANER_SETUP (2).EXE

Na dann los... herzlichen Dank wieder einmal und eine gute Nacht allerseits...

Viele Grüße,

Josef

Desinfec't 2012/Kaspersky findet Exploit.Java.CVE-2011-3544. und Exploit.Java.CVE-2012-0507.

Plagegeister aller Art und deren Bekämpfung: Desinfec't 2012/Kaspersky findet Exploit.Java.CVE-2011-3544. und Exploit.Java.CVE-2012-0507.