Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Verknüpfungen auf USB-Sticks und SD-Karte

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 02.01.2012, 22:28   #1
katerine
 
Verknüpfungen auf USB-Sticks und SD-Karte - Standard

Verknüpfungen auf USB-Sticks und SD-Karte



Hallo, ich habe wie schon ein paar andere Hilfesuchende das Problem, dass in angeschlossenen USB-Sticks und SD Karten sowie der externen Festplatte nur Verknüpfungen angezeigt werden.

Ich habe mit avast einen Scan durchgeführt, zu dem ich den Logfile nicht finde. Dabei wurde folgende Datei gelöscht: C:\Users\Katharina\AppData\Roaming\Qsomoc.exe (Win32:VBLoader [Trj])

Nach eurer Anleitung aus dem Forum habe ich dann mit Malwarebytes, diesmal mit der externen Festplatte, einen Scan durchgeführt und die 2 infizierten Dateien gelöscht:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.02.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Katharina :: KATHARINASPC [Administrator]

Schutz: Aktiviert

02.01.2012 18:01:56
mbam-log-2012-01-02 (18-01-56).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 391232
Laufzeit: 53 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
F:\RECYCLER\e26f5077.exe (Trojan.Inject) -> Erfolgreich gelöscht und in Quarantäne gestellt.
F:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx (Worm.Conficker) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Dann habe ich mit dem Online ESET Scanner gesucht:
Code:
ATTFilter
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=1bc92d30135d2c49b6aeb498208c022b
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-02 07:19:16
# local_time=2012-01-02 08:19:16 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 201 77157282 0 0
# compatibility_mode=8192 67108863 100 0 275 275 0 0
# scanned=209209
# found=1
# cleaned=0
# scan_time=4566
C:\Users\Katharina\Downloads\SoftonicDownloader_fuer_nikon-capture-nx.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
         
Könnt ihr mir bitte helfen, wie ich weiter vorgehen soll und was dann mit den infizierten Sticks und Karten passiert oder kann ich das in den anderen Beiträgen nachschauen?
Danke
Katharina

Alt 03.01.2012, 21:38   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verknüpfungen auf USB-Sticks und SD-Karte - Standard

Verknüpfungen auf USB-Sticks und SD-Karte



Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

Zitat:
C:\Users\Katharina\Downloads\SoftonicDownloader_fuer_nikon-capture-nx.exe
Irgendwie hab ich den Eindruck es ist ein Volkssport geworden sich sämtlichen Kram von Softonic zu laden. Lass die Finger von dieser Seite. Da ist immer irgendein Müll wie Toolbars oder der sinnlose Softonic Downloader drin. Warum lädst du die Software nicht von der Seite des Herstellers oder notfalls bei chip.de?
__________________

__________________

Alt 04.01.2012, 17:31   #3
katerine
 
Verknüpfungen auf USB-Sticks und SD-Karte - Standard

Verknüpfungen auf USB-Sticks und SD-Karte



Hallo Arne, vielen Dank für deine Antwort. Nein, ich habe Malwarebytes ganz neu installiert und nur einmal durchlaufen lassen.
Wahrscheinlich habe ich Softsonic geladen, weil ich keine Ahnung habe. Da hab ich wieder was gelernt :-) Am besten das Ding löschen, oder?
Katharina
__________________

Alt 04.01.2012, 18:48   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verknüpfungen auf USB-Sticks und SD-Karte - Standard

Verknüpfungen auf USB-Sticks und SD-Karte



Mach bitte ein OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.01.2012, 21:18   #5
katerine
 
Verknüpfungen auf USB-Sticks und SD-Karte - Standard

Verknüpfungen auf USB-Sticks und SD-Karte



Danke, hier das OTL logfile


OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 04.01.2012 21:03:05 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Katharina\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 60,26% Memory free
7,83 Gb Paging File | 6,04 Gb Available in Paging File | 77,14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 254,37 Gb Total Space | 202,10 Gb Free Space | 79,45% Space Free | Partition Type: NTFS
Drive D: | 316,80 Gb Total Space | 310,47 Gb Free Space | 98,00% Space Free | Partition Type: NTFS
 
Computer Name: KATHARINASPC | User Name: Katharina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.02 18:20:13 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Katharina\Desktop\OTL.exe
PRC - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.12.24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.11.28 19:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\Avast\AvastUI.exe
PRC - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Avast\AvastSvc.exe
PRC - [2011.09.02 01:42:06 | 024,183,152 | ---- | M] (Dropbox, Inc.) -- C:\Users\Katharina\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011.08.31 14:33:32 | 001,545,856 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
PRC - [2011.07.21 21:16:58 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2011.05.10 19:47:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.02.23 21:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe
PRC - [2011.01.25 19:32:28 | 000,166,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2010.11.15 18:42:12 | 000,305,792 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2010.10.07 22:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2010.09.24 00:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2010.08.17 22:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2010.07.10 06:45:00 | 000,984,400 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
PRC - [2009.12.15 18:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009.11.02 22:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009.06.19 18:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009.06.19 18:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009.06.16 01:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2008.12.23 01:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2008.08.14 05:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.10.28 11:28:55 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll
MOD - [2011.10.26 17:34:11 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll
MOD - [2011.10.26 17:34:01 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll
MOD - [2011.10.26 17:33:53 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011.10.26 17:32:57 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011.10.26 17:32:43 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011.10.26 17:32:30 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011.10.26 17:32:27 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011.10.22 19:57:47 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011.10.22 19:57:40 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.08.31 14:33:32 | 000,208,384 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\alvupdt.dll
MOD - [2011.02.19 05:23:39 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2011.02.19 05:23:39 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll
MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.09.24 00:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2009.11.02 22:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009.11.02 22:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011.05.02 22:27:50 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011.05.02 22:13:54 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011.05.02 22:10:26 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011.03.04 00:57:58 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2010.04.17 00:07:42 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2007.11.28 15:51:42 | 001,039,872 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxdncoms.exe -- (lxdn_device)
SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.05.10 19:47:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.15 18:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009.06.16 01:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.11.28 18:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011.11.28 18:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011.11.28 18:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011.11.28 18:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011.11.28 18:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011.11.28 18:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011.05.10 19:47:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011.05.01 22:33:06 | 008,593,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.27 01:57:12 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.01.13 12:58:30 | 000,413,800 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.12.13 22:12:40 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010.11.20 14:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.14 17:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010.09.22 02:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010.09.13 11:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.08.03 19:43:14 | 000,290,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010.04.17 00:07:28 | 000,013,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009.10.05 02:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.07.20 10:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.05.24 01:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2010.07.26 21:57:20 | 000,017,024 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.03 01:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.suggest.enabled: false
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.12.12 19:42:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2011.10.05 15:52:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firejump@firejump.net: C:\Users\Katharina\AppData\Roaming\Mozilla\Firefox\Profiles\xa4gk336.default\extensions\firejump@firejump.net [2011.11.25 19:26:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.12.12 19:42:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2011.10.05 15:52:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins
 
[2011.10.05 15:39:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Katharina\AppData\Roaming\mozilla\Extensions
[2011.11.25 19:26:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Katharina\AppData\Roaming\mozilla\Firefox\Profiles\xa4gk336.default\extensions
[2011.11.25 19:26:22 | 000,000,000 | ---D | M] (FireJump) -- C:\Users\Katharina\AppData\Roaming\mozilla\Firefox\Profiles\xa4gk336.default\extensions\firejump@firejump.net
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avast] C:\Program Files\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
O4 - HKCU..\Run: [Qsomoc] C:\Users\Katharina\AppData\Roaming\Qsomoc.exe File not found
O4 - Startup: C:\Users\Katharina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Katharina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15EE4021-E18C-4ACA-8A91-ADF31DFE9F03}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F093774E-D3BC-48DC-BDEF-37F4E1726298}: DhcpNameServer = 10.5.0.1
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) -C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{09dd7a82-210b-11e1-bd2c-14dae95b123f}\Shell - "" = AutoRun
O33 - MountPoints2\{09dd7a82-210b-11e1-bd2c-14dae95b123f}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{09dd7a8f-210b-11e1-bd2c-14dae95b123f}\Shell - "" = AutoRun
O33 - MountPoints2\{09dd7a8f-210b-11e1-bd2c-14dae95b123f}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{8c456a52-262e-11e1-bfc2-14dae95b123f}\Shell - "" = AutoRun
O33 - MountPoints2\{8c456a52-262e-11e1-bfc2-14dae95b123f}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
MsConfig:64bit - StartUpReg: ASUS Screen Saver Protector - hkey= - key= - C:\Windows\AsScrPro.exe (ASUS)
MsConfig:64bit - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.04 18:29:11 | 000,000,000 | ---D | C] -- C:\Users\Katharina\Documents\Rezepte
[2012.01.02 18:59:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.01.02 18:20:04 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Katharina\Desktop\OTL.exe
[2012.01.02 18:06:57 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Katharina\Desktop\esetsmartinstaller_enu.exe
[2012.01.02 18:00:07 | 000,000,000 | ---D | C] -- C:\Users\Katharina\AppData\Roaming\Malwarebytes
[2012.01.02 18:00:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.01.02 18:00:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.01.02 18:00:00 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.01.02 18:00:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.12.20 21:08:35 | 000,304,472 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011.12.20 21:08:35 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011.12.20 21:08:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011.12.20 21:08:34 | 000,042,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011.12.20 21:08:33 | 000,591,192 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011.12.20 21:08:33 | 000,058,712 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011.12.20 21:08:32 | 000,256,960 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011.12.20 21:08:32 | 000,066,904 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011.12.20 21:08:17 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011.12.20 21:08:17 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011.12.20 21:08:11 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011.12.20 21:08:11 | 000,000,000 | ---D | C] -- C:\Program Files\Avast
[2011.12.14 10:00:59 | 000,000,000 | ---D | C] -- C:\Users\Katharina\Desktop\stick
[2011.12.12 19:27:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobile Partner
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.04 21:01:00 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.04 21:01:00 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.04 20:58:09 | 001,529,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.01.04 20:58:09 | 000,665,578 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.01.04 20:58:09 | 000,627,420 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.01.04 20:58:09 | 000,133,758 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.01.04 20:58:09 | 000,110,140 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.01.04 20:53:49 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2012.01.04 20:53:48 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.04 20:53:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.04 20:53:25 | 3151,835,136 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.04 18:50:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.02 18:58:30 | 000,002,080 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2012.01.02 18:58:23 | 000,001,307 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2012.01.02 18:20:13 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Katharina\Desktop\OTL.exe
[2012.01.02 18:07:08 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Katharina\Desktop\esetsmartinstaller_enu.exe
[2012.01.02 18:00:01 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2011.12.31 17:35:13 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011.12.20 21:08:36 | 000,001,640 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011.12.17 14:10:48 | 000,414,272 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2012.01.02 18:00:01 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2011.12.20 21:08:36 | 000,001,640 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011.12.20 21:08:32 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011.10.24 13:19:54 | 000,000,022 | ---- | C] () -- C:\Program Files\zipnew.dat
[2011.10.24 13:19:54 | 000,000,020 | ---- | C] () -- C:\Program Files\rarnew.dat
[2011.10.24 13:19:36 | 001,163,264 | ---- | C] () -- C:\Program Files\WinRAR.exe
[2011.10.24 13:19:36 | 000,417,792 | ---- | C] () -- C:\Program Files\Rar.exe
[2011.10.24 13:19:36 | 000,312,149 | ---- | C] () -- C:\Program Files\WinRAR.chm
[2011.10.24 13:19:36 | 000,276,992 | ---- | C] () -- C:\Program Files\UnRAR.exe
[2011.10.24 13:19:36 | 000,164,864 | ---- | C] () -- C:\Program Files\RarExt.dll
[2011.10.24 13:19:36 | 000,140,288 | ---- | C] () -- C:\Program Files\RarExt32.dll
[2011.10.24 13:19:36 | 000,135,814 | ---- | C] () -- C:\Program Files\Default64.SFX
[2011.10.24 13:19:36 | 000,132,608 | ---- | C] () -- C:\Program Files\Uninstall.exe
[2011.10.24 13:19:36 | 000,106,118 | ---- | C] () -- C:\Program Files\Zip64.SFX
[2011.10.24 13:19:36 | 000,102,864 | ---- | C] () -- C:\Program Files\WinCon64.SFX
[2011.10.24 13:19:36 | 000,100,726 | ---- | C] () -- C:\Program Files\winrar.lng
[2011.10.24 13:19:36 | 000,099,840 | ---- | C] () -- C:\Program Files\Default.SFX
[2011.10.24 13:19:36 | 000,079,872 | ---- | C] () -- C:\Program Files\Zip.SFX
[2011.10.24 13:19:36 | 000,073,728 | ---- | C] () -- C:\Program Files\WinCon.SFX
[2011.10.24 13:19:36 | 000,038,092 | ---- | C] () -- C:\Program Files\rar.lng
[2011.10.24 13:19:36 | 000,008,084 | ---- | C] () -- C:\Program Files\uninstall.lng
[2011.10.24 13:19:36 | 000,003,973 | ---- | C] () -- C:\Program Files\Order.htm
[2011.10.24 13:19:36 | 000,003,584 | ---- | C] () -- C:\Program Files\rarext.lng
[2011.10.24 13:19:36 | 000,001,422 | ---- | C] () -- C:\Program Files\Descript.ion
[2011.10.24 13:19:36 | 000,001,400 | ---- | C] () -- C:\Program Files\RarFiles.lst
[2011.10.24 13:19:36 | 000,000,700 | ---- | C] () -- C:\Program Files\Uninstall.lst
[2011.10.24 13:19:36 | 000,000,622 | ---- | C] () -- C:\Program Files\File_Id.diz
[2011.10.22 20:00:05 | 000,000,268 | RH-- | C] () -- C:\Users\Katharina\AppData\Roaming\Woodwinds
[2011.10.22 20:00:05 | 000,000,268 | RH-- | C] () -- C:\ProgramData\designjet
[2011.10.22 20:00:05 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLck.DAT
[2011.10.22 20:00:05 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Devices
[2011.10.22 20:00:03 | 000,000,268 | RH-- | C] () -- C:\Users\Katharina\AppData\Roaming\Work - Home
[2011.10.22 20:00:03 | 000,000,268 | RH-- | C] () -- C:\ProgramData\deskjet
[2011.10.22 20:00:03 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Dictionaries
[2011.10.22 19:56:23 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT
[2011.10.06 08:59:17 | 008,618,760 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.05.31 08:01:37 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.05.31 08:01:35 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.05.31 08:01:33 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.04.13 03:48:48 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2009.07.29 06:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009.07.23 19:49:04 | 000,782,336 | ---- | C] () -- C:\Windows\SysWow64\lxdndrs.dll
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009.05.14 13:46:40 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxdncaps.dll
[2009.02.26 07:50:32 | 000,000,176 | ---- | C] () -- C:\Windows\explorer.exe.config
[2007.10.02 14:51:10 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxdncnv4.dll
 
========== LOP Check ==========
 
[2011.10.05 15:38:25 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\ASUS WebStorage
[2011.10.20 17:05:00 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\DesktopIconForAmazon
[2012.01.04 20:54:31 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\Dropbox
[2011.10.06 14:48:02 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\FreePDF
[2011.10.22 20:00:07 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\Nikon
[2011.10.05 15:03:41 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\Nuance
[2011.11.26 00:25:29 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\SoftGrid Client
[2011.10.05 15:53:00 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\Thunderbird
[2011.10.06 09:00:24 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\TP
[2011.10.05 15:03:39 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\Zeon
[2011.10.10 08:39:30 | 000,029,656 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.10.05 15:22:41 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\Adobe
[2011.11.25 21:23:16 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\Apple Computer
[2011.10.05 15:38:25 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\ASUS WebStorage
[2011.11.26 00:08:06 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\CyberLink
[2011.10.20 17:05:00 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\DesktopIconForAmazon
[2012.01.04 20:54:31 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\Dropbox
[2011.10.05 15:03:42 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\FLEXnet
[2011.10.06 14:48:02 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\FreePDF
[2011.10.05 14:54:35 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\Identities
[2011.10.05 14:53:45 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\Intel
[2011.10.05 15:22:42 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\Macromedia
[2012.01.02 18:00:07 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\Malwarebytes
[2009.07.14 08:44:38 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\Media Center Programs
[2011.12.14 18:28:55 | 000,000,000 | --SD | M] -- C:\Users\Katharina\AppData\Roaming\Microsoft
[2011.10.05 15:39:13 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\Mozilla
[2011.10.22 20:00:07 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\Nikon
[2011.10.05 15:03:41 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\Nuance
[2012.01.02 23:07:09 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\Skype
[2011.11.26 00:25:29 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\SoftGrid Client
[2011.10.05 15:53:00 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\Thunderbird
[2011.10.06 09:00:24 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\TP
[2011.10.24 13:19:59 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\WinRAR
[2011.10.05 15:03:39 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\Zeon
 
< %APPDATA%\*.exe /s >
[2011.10.20 17:04:59 | 000,753,664 | ---- | M] (Microsoft) -- C:\Users\Katharina\AppData\Roaming\DesktopIconForAmazon\IconForAmazon.exe
[2011.09.02 01:42:06 | 024,183,152 | ---- | M] (Dropbox, Inc.) -- C:\Users\Katharina\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2011.09.02 01:42:12 | 000,174,784 | ---- | M] (Dropbox, Inc.) -- C:\Users\Katharina\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2011.10.22 19:57:48 | 000,057,344 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Katharina\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2010.09.13 11:24:26 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\eSupport\eDriver\Software\Other\Intel\IRST\iaStor.sys
[2010.09.13 11:24:26 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\Windows\SysNative\drivers\iaStor.sys
[2010.09.13 11:24:26 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_2b0c50dc63f09dae\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 14:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 13:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 14:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 13:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 14:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 02:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll
 
<           >

< End of report >
         
--- --- ---


Alt 04.01.2012, 22:08   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verknüpfungen auf USB-Sticks und SD-Karte - Standard

Verknüpfungen auf USB-Sticks und SD-Karte



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
O4 - HKCU..\Run: [Qsomoc] C:\Users\Katharina\AppData\Roaming\Qsomoc.exe File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{09dd7a82-210b-11e1-bd2c-14dae95b123f}\Shell - "" = AutoRun
O33 - MountPoints2\{09dd7a82-210b-11e1-bd2c-14dae95b123f}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{09dd7a8f-210b-11e1-bd2c-14dae95b123f}\Shell - "" = AutoRun
O33 - MountPoints2\{09dd7a8f-210b-11e1-bd2c-14dae95b123f}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{8c456a52-262e-11e1-bfc2-14dae95b123f}\Shell - "" = AutoRun
O33 - MountPoints2\{8c456a52-262e-11e1-bfc2-14dae95b123f}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe
:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
--> Verknüpfungen auf USB-Sticks und SD-Karte

Alt 05.01.2012, 08:32   #7
katerine
 
Verknüpfungen auf USB-Sticks und SD-Karte - Standard

Verknüpfungen auf USB-Sticks und SD-Karte



Code:
ATTFilter
 All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Qsomoc deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09dd7a82-210b-11e1-bd2c-14dae95b123f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09dd7a82-210b-11e1-bd2c-14dae95b123f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09dd7a82-210b-11e1-bd2c-14dae95b123f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09dd7a82-210b-11e1-bd2c-14dae95b123f}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09dd7a8f-210b-11e1-bd2c-14dae95b123f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09dd7a8f-210b-11e1-bd2c-14dae95b123f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09dd7a8f-210b-11e1-bd2c-14dae95b123f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09dd7a8f-210b-11e1-bd2c-14dae95b123f}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c456a52-262e-11e1-bfc2-14dae95b123f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8c456a52-262e-11e1-bfc2-14dae95b123f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c456a52-262e-11e1-bfc2-14dae95b123f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8c456a52-262e-11e1-bfc2-14dae95b123f}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
File H:\AutoRun.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Katharina
->Temp folder emptied: 202662116 bytes
->Temporary Internet Files folder emptied: 45245465 bytes
->FireFox cache emptied: 929519090 bytes
->Flash cache emptied: 6004 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 220279149 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67765 bytes
RecycleBin emptied: 20405382 bytes
 
Total Files Cleaned = 1.352,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 01042012_231026

Files\Folders moved on Reboot...
C:\Users\Katharina\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Katharina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\24BBWCXD\background_button_green_full[2].png moved successfully.

Registry entries deleted on Reboot...
         
Vielen Dank!
Könntest du mir bitte noch sagen, wie ich jetzt mit den sticks, sd-karte und der externen festplatte vorgehen soll und kannst du avast als Virenscanner empfehlen?

Katharina

Alt 05.01.2012, 10:47   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verknüpfungen auf USB-Sticks und SD-Karte - Standard

Verknüpfungen auf USB-Sticks und SD-Karte



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.01.2012, 15:53   #9
katerine
 
Verknüpfungen auf USB-Sticks und SD-Karte - Standard

Verknüpfungen auf USB-Sticks und SD-Karte



soweit ich das beurteilen kann, sieht es gut aus.
die externe Festplatte hatte ich beim scan auch mit dran und es werden auch keine verknüpfungen mehr angezeigt.
aber was mache ich jetzt mit den sd karten und usb-sticks?

Danke

Code:
ATTFilter
 15:47:30.0757 0764	TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
15:47:30.0976 0764	============================================================
15:47:30.0976 0764	Current date / time: 2012/01/06 15:47:30.0976
15:47:30.0976 0764	SystemInfo:
15:47:30.0976 0764	
15:47:30.0976 0764	OS Version: 6.1.7601 ServicePack: 1.0
15:47:30.0976 0764	Product type: Workstation
15:47:30.0976 0764	ComputerName: KATHARINASPC
15:47:30.0976 0764	UserName: Katharina
15:47:30.0976 0764	Windows directory: C:\Windows
15:47:30.0976 0764	System windows directory: C:\Windows
15:47:30.0976 0764	Running under WOW64
15:47:30.0976 0764	Processor architecture: Intel x64
15:47:30.0976 0764	Number of processors: 4
15:47:30.0976 0764	Page size: 0x1000
15:47:30.0976 0764	Boot type: Normal boot
15:47:30.0976 0764	============================================================
15:47:31.0475 0764	Initialize success
15:48:58.0441 4428	============================================================
15:48:58.0441 4428	Scan started
15:48:58.0441 4428	Mode: Manual; SigCheck; TDLFS; 
15:48:58.0441 4428	============================================================
15:48:58.0831 4428	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:48:58.0925 4428	1394ohci - ok
15:48:58.0987 4428	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:48:59.0003 4428	ACPI - ok
15:48:59.0049 4428	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:48:59.0112 4428	AcpiPmi - ok
15:48:59.0159 4428	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
15:48:59.0174 4428	adp94xx - ok
15:48:59.0237 4428	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
15:48:59.0252 4428	adpahci - ok
15:48:59.0299 4428	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
15:48:59.0315 4428	adpu320 - ok
15:48:59.0408 4428	AFD             (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
15:48:59.0471 4428	AFD - ok
15:48:59.0549 4428	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:48:59.0564 4428	agp440 - ok
15:48:59.0595 4428	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:48:59.0611 4428	aliide - ok
15:48:59.0627 4428	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:48:59.0642 4428	amdide - ok
15:48:59.0642 4428	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
15:48:59.0689 4428	AmdK8 - ok
15:48:59.0705 4428	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
15:48:59.0720 4428	AmdPPM - ok
15:48:59.0783 4428	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:48:59.0798 4428	amdsata - ok
15:48:59.0814 4428	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
15:48:59.0829 4428	amdsbs - ok
15:48:59.0845 4428	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:48:59.0861 4428	amdxata - ok
15:48:59.0892 4428	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:48:59.0939 4428	AppID - ok
15:48:59.0954 4428	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
15:48:59.0970 4428	arc - ok
15:48:59.0985 4428	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
15:48:59.0985 4428	arcsas - ok
15:49:00.0063 4428	ASMMAP64        (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
15:49:00.0110 4428	ASMMAP64 - ok
15:49:00.0141 4428	aswFsBlk        (ce6d8bcc4787704ea4feeb92b0d0caf8) C:\Windows\system32\drivers\aswFsBlk.sys
15:49:00.0157 4428	aswFsBlk - ok
15:49:00.0204 4428	aswMonFlt       (0debeb2e3fbd0bf5343125cce617f105) C:\Windows\system32\drivers\aswMonFlt.sys
15:49:00.0219 4428	aswMonFlt - ok
15:49:00.0219 4428	aswRdr          (952edc2e81f85d1781958d4128bf59f8) C:\Windows\system32\drivers\aswRdr.sys
15:49:00.0235 4428	aswRdr - ok
15:49:00.0266 4428	aswSnx          (dd383e2ac941c545a85ab72503da6c12) C:\Windows\system32\drivers\aswSnx.sys
15:49:00.0282 4428	aswSnx - ok
15:49:00.0282 4428	aswSP           (ef5403fb8b2dcb791ec365fdf6040a4a) C:\Windows\system32\drivers\aswSP.sys
15:49:00.0297 4428	aswSP - ok
15:49:00.0313 4428	aswTdi          (34165da5c6b30c0f9d61246bf8a28040) C:\Windows\system32\drivers\aswTdi.sys
15:49:00.0313 4428	aswTdi - ok
15:49:00.0344 4428	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:49:00.0375 4428	AsyncMac - ok
15:49:00.0422 4428	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:49:00.0438 4428	atapi - ok
15:49:00.0485 4428	athr            (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
15:49:00.0563 4428	athr - ok
15:49:00.0641 4428	ATKWMIACPIIO    (1f7238a37389ed92e9d8eee975cabd54) C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
15:49:00.0656 4428	ATKWMIACPIIO - ok
15:49:00.0765 4428	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
15:49:00.0797 4428	b06bdrv - ok
15:49:00.0843 4428	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:49:00.0890 4428	b57nd60a - ok
15:49:00.0921 4428	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:49:00.0953 4428	Beep - ok
15:49:01.0015 4428	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:49:01.0046 4428	blbdrive - ok
15:49:01.0093 4428	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:49:01.0140 4428	bowser - ok
15:49:01.0171 4428	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
15:49:01.0202 4428	BrFiltLo - ok
15:49:01.0202 4428	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
15:49:01.0249 4428	BrFiltUp - ok
15:49:01.0280 4428	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:49:01.0311 4428	Brserid - ok
15:49:01.0327 4428	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:49:01.0358 4428	BrSerWdm - ok
15:49:01.0389 4428	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:49:01.0421 4428	BrUsbMdm - ok
15:49:01.0421 4428	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:49:01.0452 4428	BrUsbSer - ok
15:49:01.0514 4428	BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
15:49:01.0545 4428	BthEnum - ok
15:49:01.0577 4428	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
15:49:01.0623 4428	BTHMODEM - ok
15:49:01.0639 4428	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
15:49:01.0686 4428	BthPan - ok
15:49:01.0748 4428	BTHPORT         (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
15:49:01.0779 4428	BTHPORT - ok
15:49:01.0811 4428	BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
15:49:01.0857 4428	BTHUSB - ok
15:49:01.0904 4428	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:49:01.0967 4428	cdfs - ok
15:49:01.0998 4428	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
15:49:02.0045 4428	cdrom - ok
15:49:02.0091 4428	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
15:49:02.0138 4428	circlass - ok
15:49:02.0169 4428	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:49:02.0185 4428	CLFS - ok
15:49:02.0247 4428	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:49:02.0279 4428	CmBatt - ok
15:49:02.0294 4428	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:49:02.0310 4428	cmdide - ok
15:49:02.0325 4428	CNG             (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
15:49:02.0341 4428	CNG - ok
15:49:02.0357 4428	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
15:49:02.0372 4428	Compbatt - ok
15:49:02.0388 4428	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
15:49:02.0435 4428	CompositeBus - ok
15:49:02.0466 4428	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
15:49:02.0481 4428	crcdisk - ok
15:49:02.0528 4428	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:49:02.0559 4428	DfsC - ok
15:49:02.0575 4428	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:49:02.0606 4428	discache - ok
15:49:02.0637 4428	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
15:49:02.0653 4428	Disk - ok
15:49:02.0684 4428	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:49:02.0715 4428	drmkaud - ok
15:49:02.0747 4428	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:49:02.0762 4428	DXGKrnl - ok
15:49:02.0856 4428	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
15:49:02.0949 4428	ebdrv - ok
15:49:02.0996 4428	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
15:49:03.0012 4428	elxstor - ok
15:49:03.0027 4428	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:49:03.0059 4428	ErrDev - ok
15:49:03.0121 4428	ETD             (5b042aa9cebdab5b61e747ddcebff51b) C:\Windows\system32\DRIVERS\ETD.sys
15:49:03.0137 4428	ETD - ok
15:49:03.0168 4428	ewusbnet - ok
15:49:03.0230 4428	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:49:03.0261 4428	exfat - ok
15:49:03.0293 4428	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:49:03.0355 4428	fastfat - ok
15:49:03.0371 4428	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
15:49:03.0386 4428	fdc - ok
15:49:03.0402 4428	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:49:03.0402 4428	FileInfo - ok
15:49:03.0417 4428	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:49:03.0480 4428	Filetrace - ok
15:49:03.0480 4428	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
15:49:03.0511 4428	flpydisk - ok
15:49:03.0527 4428	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:49:03.0527 4428	FltMgr - ok
15:49:03.0558 4428	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:49:03.0573 4428	FsDepends - ok
15:49:03.0589 4428	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
15:49:03.0589 4428	Fs_Rec - ok
15:49:03.0636 4428	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:49:03.0651 4428	fvevol - ok
15:49:03.0667 4428	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
15:49:03.0683 4428	gagp30kx - ok
15:49:03.0714 4428	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:49:03.0729 4428	GEARAspiWDM - ok
15:49:03.0776 4428	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:49:03.0792 4428	hcw85cir - ok
15:49:03.0823 4428	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:49:03.0854 4428	HdAudAddService - ok
15:49:03.0901 4428	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:49:03.0917 4428	HDAudBus - ok
15:49:03.0932 4428	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
15:49:03.0963 4428	HidBatt - ok
15:49:03.0963 4428	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
15:49:03.0995 4428	HidBth - ok
15:49:04.0010 4428	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
15:49:04.0057 4428	HidIr - ok
15:49:04.0104 4428	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:49:04.0135 4428	HidUsb - ok
15:49:04.0166 4428	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:49:04.0182 4428	HpSAMD - ok
15:49:04.0197 4428	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:49:04.0244 4428	HTTP - ok
15:49:04.0275 4428	hwdatacard - ok
15:49:04.0291 4428	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:49:04.0307 4428	hwpolicy - ok
15:49:04.0322 4428	hwusbdev - ok
15:49:04.0338 4428	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
15:49:04.0353 4428	i8042prt - ok
15:49:04.0385 4428	iaStor          (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\DRIVERS\iaStor.sys
15:49:04.0400 4428	iaStor - ok
15:49:04.0431 4428	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:49:04.0447 4428	iaStorV - ok
15:49:04.0681 4428	igfx            (efe5a0af39a8e179624117c521f1e012) C:\Windows\system32\DRIVERS\igdkmd64.sys
15:49:04.0962 4428	igfx - ok
15:49:05.0087 4428	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
15:49:05.0102 4428	iirsp - ok
15:49:05.0227 4428	IntcAzAudAddService (9f573c952961f444f400489e81eca381) C:\Windows\system32\drivers\RTKVHD64.sys
15:49:05.0289 4428	IntcAzAudAddService - ok
15:49:05.0399 4428	IntcDAud        (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
15:49:05.0430 4428	IntcDAud - ok
15:49:05.0477 4428	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:49:05.0477 4428	intelide - ok
15:49:05.0523 4428	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:49:05.0555 4428	intelppm - ok
15:49:05.0601 4428	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:49:05.0633 4428	IpFilterDriver - ok
15:49:05.0648 4428	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:49:05.0679 4428	IPMIDRV - ok
15:49:05.0711 4428	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:49:05.0757 4428	IPNAT - ok
15:49:05.0789 4428	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:49:05.0820 4428	IRENUM - ok
15:49:05.0835 4428	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:49:05.0851 4428	isapnp - ok
15:49:05.0867 4428	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:49:05.0882 4428	iScsiPrt - ok
15:49:05.0913 4428	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:49:05.0913 4428	kbdclass - ok
15:49:05.0960 4428	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
15:49:05.0991 4428	kbdhid - ok
15:49:06.0038 4428	kbfiltr         (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
15:49:06.0038 4428	kbfiltr - ok
15:49:06.0116 4428	KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
15:49:06.0132 4428	KSecDD - ok
15:49:06.0132 4428	KSecPkg         (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
15:49:06.0147 4428	KSecPkg - ok
15:49:06.0163 4428	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:49:06.0210 4428	ksthunk - ok
15:49:06.0335 4428	L1C             (033b4aed2c5519072c0d81e00804d003) C:\Windows\system32\DRIVERS\L1C62x64.sys
15:49:06.0350 4428	L1C - ok
15:49:06.0475 4428	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:49:06.0522 4428	lltdio - ok
15:49:06.0662 4428	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
15:49:06.0678 4428	LSI_FC - ok
15:49:06.0709 4428	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
15:49:06.0725 4428	LSI_SAS - ok
15:49:06.0740 4428	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
15:49:06.0740 4428	LSI_SAS2 - ok
15:49:06.0756 4428	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
15:49:06.0771 4428	LSI_SCSI - ok
15:49:06.0803 4428	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:49:06.0834 4428	luafv - ok
15:49:06.0990 4428	MBAMProtector   (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
15:49:07.0005 4428	MBAMProtector - ok
15:49:07.0068 4428	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
15:49:07.0099 4428	megasas - ok
15:49:07.0099 4428	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
15:49:07.0115 4428	MegaSR - ok
15:49:07.0177 4428	MEIx64          (1c6e73fc46b509eff9d0086aa37132df) C:\Windows\system32\DRIVERS\HECIx64.sys
15:49:07.0193 4428	MEIx64 - ok
15:49:07.0349 4428	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:49:07.0395 4428	Modem - ok
15:49:07.0427 4428	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:49:07.0442 4428	monitor - ok
15:49:07.0536 4428	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:49:07.0551 4428	mouclass - ok
15:49:07.0598 4428	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:49:07.0629 4428	mouhid - ok
15:49:07.0645 4428	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:49:07.0645 4428	mountmgr - ok
15:49:07.0676 4428	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:49:07.0676 4428	mpio - ok
15:49:07.0692 4428	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:49:07.0754 4428	mpsdrv - ok
15:49:07.0832 4428	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:49:07.0879 4428	MRxDAV - ok
15:49:07.0926 4428	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:49:07.0973 4428	mrxsmb - ok
15:49:08.0004 4428	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:49:08.0019 4428	mrxsmb10 - ok
15:49:08.0035 4428	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:49:08.0066 4428	mrxsmb20 - ok
15:49:08.0129 4428	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:49:08.0129 4428	msahci - ok
15:49:08.0160 4428	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:49:08.0175 4428	msdsm - ok
15:49:08.0191 4428	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:49:08.0238 4428	Msfs - ok
15:49:08.0331 4428	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:49:08.0363 4428	mshidkmdf - ok
15:49:08.0394 4428	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:49:08.0394 4428	msisadrv - ok
15:49:08.0441 4428	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:49:08.0456 4428	MSKSSRV - ok
15:49:08.0472 4428	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:49:08.0503 4428	MSPCLOCK - ok
15:49:08.0519 4428	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:49:08.0565 4428	MSPQM - ok
15:49:08.0597 4428	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:49:08.0612 4428	MsRPC - ok
15:49:08.0628 4428	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
15:49:08.0628 4428	mssmbios - ok
15:49:08.0675 4428	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:49:08.0721 4428	MSTEE - ok
15:49:08.0799 4428	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
15:49:08.0846 4428	MTConfig - ok
15:49:08.0893 4428	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:49:08.0909 4428	Mup - ok
15:49:08.0971 4428	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:49:09.0018 4428	NativeWifiP - ok
15:49:09.0158 4428	NDIS            (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
15:49:09.0189 4428	NDIS - ok
15:49:09.0252 4428	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:49:09.0299 4428	NdisCap - ok
15:49:09.0330 4428	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:49:09.0361 4428	NdisTapi - ok
15:49:09.0377 4428	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:49:09.0408 4428	Ndisuio - ok
15:49:09.0423 4428	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:49:09.0470 4428	NdisWan - ok
15:49:09.0486 4428	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:49:09.0533 4428	NDProxy - ok
15:49:09.0611 4428	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:49:09.0673 4428	NetBIOS - ok
15:49:09.0704 4428	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:49:09.0751 4428	NetBT - ok
15:49:10.0016 4428	NETwNs64        (ac69618de5bcce8747c9ab0aae1003c1) C:\Windows\system32\DRIVERS\NETwNs64.sys
15:49:10.0235 4428	NETwNs64 - ok
15:49:10.0281 4428	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
15:49:10.0297 4428	nfrd960 - ok
15:49:10.0328 4428	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:49:10.0375 4428	Npfs - ok
15:49:10.0391 4428	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:49:10.0422 4428	nsiproxy - ok
15:49:10.0484 4428	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:49:10.0562 4428	Ntfs - ok
15:49:10.0593 4428	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:49:10.0671 4428	Null - ok
15:49:11.0046 4428	nvlddmkm        (07ca1d99512ee5ef99e954a13f3bffa8) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:49:11.0373 4428	nvlddmkm - ok
15:49:11.0436 4428	nvpciflt        (a8db9ebd9887a9820dbc1878f0301ee7) C:\Windows\system32\DRIVERS\nvpciflt.sys
15:49:11.0436 4428	nvpciflt - ok
15:49:11.0498 4428	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:49:11.0514 4428	nvraid - ok
15:49:11.0545 4428	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:49:11.0561 4428	nvstor - ok
15:49:11.0639 4428	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:49:11.0654 4428	nv_agp - ok
15:49:11.0779 4428	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:49:11.0826 4428	ohci1394 - ok
15:49:12.0029 4428	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
15:49:12.0060 4428	Parport - ok
15:49:12.0231 4428	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
15:49:12.0247 4428	partmgr - ok
15:49:12.0294 4428	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:49:12.0309 4428	pci - ok
15:49:12.0481 4428	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:49:12.0497 4428	pciide - ok
15:49:12.0653 4428	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
15:49:12.0668 4428	pcmcia - ok
15:49:12.0762 4428	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:49:12.0777 4428	pcw - ok
15:49:12.0809 4428	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:49:12.0855 4428	PEAUTH - ok
15:49:13.0105 4428	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:49:13.0136 4428	PptpMiniport - ok
15:49:13.0245 4428	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
15:49:13.0292 4428	Processor - ok
15:49:13.0433 4428	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:49:13.0479 4428	Psched - ok
15:49:13.0635 4428	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
15:49:13.0698 4428	ql2300 - ok
15:49:13.0807 4428	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
15:49:13.0823 4428	ql40xx - ok
15:49:13.0854 4428	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:49:13.0901 4428	QWAVEdrv - ok
15:49:14.0088 4428	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:49:14.0150 4428	RasAcd - ok
15:49:14.0322 4428	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:49:14.0384 4428	RasAgileVpn - ok
15:49:14.0447 4428	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:49:14.0493 4428	Rasl2tp - ok
15:49:14.0587 4428	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:49:14.0649 4428	RasPppoe - ok
15:49:14.0837 4428	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:49:14.0883 4428	RasSstp - ok
15:49:15.0055 4428	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:49:15.0086 4428	rdbss - ok
15:49:15.0164 4428	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
15:49:15.0211 4428	rdpbus - ok
15:49:15.0351 4428	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:49:15.0398 4428	RDPCDD - ok
15:49:15.0429 4428	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:49:15.0476 4428	RDPENCDD - ok
15:49:15.0492 4428	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:49:15.0539 4428	RDPREFMP - ok
15:49:15.0695 4428	RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
15:49:15.0757 4428	RDPWD - ok
15:49:15.0929 4428	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:49:15.0944 4428	rdyboost - ok
15:49:16.0147 4428	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
15:49:16.0178 4428	RFCOMM - ok
15:49:16.0272 4428	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:49:16.0303 4428	rspndr - ok
15:49:16.0412 4428	RSUSBVSTOR      (e57fac2cdb73f06586ed2ed310b80932) C:\Windows\system32\Drivers\RtsUVStor.sys
15:49:16.0428 4428	RSUSBVSTOR - ok
15:49:16.0537 4428	RTL8167         (6d3c7e7d82d3dc92dc2a8b0df9f20f8a) C:\Windows\system32\DRIVERS\Rt64win7.sys
15:49:16.0568 4428	RTL8167 - ok
15:49:16.0615 4428	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:49:16.0631 4428	sbp2port - ok
15:49:16.0677 4428	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:49:16.0709 4428	scfilter - ok
15:49:16.0833 4428	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:49:16.0880 4428	secdrv - ok
15:49:17.0052 4428	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
15:49:17.0083 4428	Serenum - ok
15:49:17.0130 4428	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
15:49:17.0177 4428	Serial - ok
15:49:17.0317 4428	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
15:49:17.0348 4428	sermouse - ok
15:49:17.0411 4428	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:49:17.0457 4428	sffdisk - ok
15:49:17.0598 4428	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:49:17.0613 4428	sffp_mmc - ok
15:49:17.0645 4428	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:49:17.0691 4428	sffp_sd - ok
15:49:17.0738 4428	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
15:49:17.0769 4428	sfloppy - ok
15:49:17.0957 4428	SiSGbeLH        (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
15:49:17.0972 4428	SiSGbeLH - ok
15:49:18.0003 4428	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
15:49:18.0003 4428	SiSRaid2 - ok
15:49:18.0035 4428	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
15:49:18.0050 4428	SiSRaid4 - ok
15:49:18.0097 4428	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:49:18.0128 4428	Smb - ok
15:49:18.0284 4428	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:49:18.0300 4428	spldr - ok
15:49:18.0362 4428	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:49:18.0393 4428	srv - ok
15:49:18.0549 4428	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:49:18.0565 4428	srv2 - ok
15:49:18.0627 4428	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:49:18.0659 4428	srvnet - ok
15:49:18.0830 4428	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
15:49:18.0846 4428	stexstor - ok
15:49:18.0908 4428	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
15:49:18.0924 4428	swenum - ok
15:49:19.0033 4428	Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
15:49:19.0095 4428	Tcpip - ok
15:49:19.0283 4428	TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
15:49:19.0314 4428	TCPIP6 - ok
15:49:19.0392 4428	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:49:19.0439 4428	tcpipreg - ok
15:49:19.0485 4428	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:49:19.0517 4428	TDPIPE - ok
15:49:19.0532 4428	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
15:49:19.0563 4428	TDTCP - ok
15:49:19.0595 4428	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:49:19.0641 4428	tdx - ok
15:49:19.0641 4428	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
15:49:19.0657 4428	TermDD - ok
15:49:19.0673 4428	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:49:19.0719 4428	tssecsrv - ok
15:49:19.0891 4428	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:49:19.0938 4428	TsUsbFlt - ok
15:49:20.0016 4428	TsUsbGD         (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
15:49:20.0047 4428	TsUsbGD - ok
15:49:20.0203 4428	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:49:20.0250 4428	tunnel - ok
15:49:20.0421 4428	TurboB          (b355581a9da34c92e2dbafa410d2f829) C:\Windows\system32\DRIVERS\TurboB.sys
15:49:20.0421 4428	TurboB - ok
15:49:20.0499 4428	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
15:49:20.0515 4428	uagp35 - ok
15:49:20.0562 4428	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:49:20.0624 4428	udfs - ok
15:49:20.0780 4428	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:49:20.0796 4428	uliagpkx - ok
15:49:20.0843 4428	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
15:49:20.0874 4428	umbus - ok
15:49:20.0967 4428	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
15:49:20.0999 4428	UmPass - ok
15:49:21.0139 4428	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:49:21.0155 4428	usbccgp - ok
15:49:21.0233 4428	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:49:21.0279 4428	usbcir - ok
15:49:21.0482 4428	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
15:49:21.0513 4428	usbehci - ok
15:49:21.0654 4428	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:49:21.0685 4428	usbhub - ok
15:49:21.0794 4428	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
15:49:21.0872 4428	usbohci - ok
15:49:22.0028 4428	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:49:22.0106 4428	usbprint - ok
15:49:22.0309 4428	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
15:49:22.0340 4428	usbscan - ok
15:49:22.0496 4428	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:49:22.0637 4428	USBSTOR - ok
15:49:22.0808 4428	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
15:49:22.0839 4428	usbuhci - ok
15:49:23.0011 4428	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
15:49:23.0042 4428	usbvideo - ok
15:49:23.0198 4428	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:49:23.0198 4428	vdrvroot - ok
15:49:23.0323 4428	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:49:23.0354 4428	vga - ok
15:49:23.0510 4428	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:49:23.0526 4428	VgaSave - ok
15:49:23.0666 4428	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:49:23.0682 4428	vhdmp - ok
15:49:23.0697 4428	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:49:23.0697 4428	viaide - ok
15:49:23.0744 4428	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:49:23.0744 4428	volmgr - ok
15:49:23.0760 4428	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:49:23.0775 4428	volmgrx - ok
15:49:23.0791 4428	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:49:23.0807 4428	volsnap - ok
15:49:23.0838 4428	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
15:49:23.0853 4428	vsmraid - ok
15:49:23.0869 4428	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:49:23.0931 4428	vwifibus - ok
15:49:23.0947 4428	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:49:23.0994 4428	vwififlt - ok
15:49:24.0025 4428	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
15:49:24.0056 4428	vwifimp - ok
15:49:24.0119 4428	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
15:49:24.0134 4428	WacomPen - ok
15:49:24.0181 4428	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:49:24.0212 4428	WANARP - ok
15:49:24.0212 4428	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:49:24.0243 4428	Wanarpv6 - ok
15:49:24.0275 4428	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
15:49:24.0275 4428	Wd - ok
15:49:24.0290 4428	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:49:24.0321 4428	Wdf01000 - ok
15:49:24.0337 4428	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:49:24.0368 4428	WfpLwf - ok
15:49:24.0431 4428	WimFltr         (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
15:49:24.0446 4428	WimFltr - ok
15:49:24.0477 4428	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:49:24.0493 4428	WIMMount - ok
15:49:24.0555 4428	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:49:24.0587 4428	WmiAcpi - ok
15:49:24.0602 4428	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:49:24.0633 4428	ws2ifsl - ok
15:49:24.0665 4428	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:49:24.0696 4428	WudfPf - ok
15:49:24.0727 4428	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:49:24.0774 4428	WUDFRd - ok
15:49:24.0821 4428	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:49:25.0772 4428	\Device\Harddisk0\DR0 - ok
15:49:25.0803 4428	Boot (0x1200)   (036ae82573c64f4c9ff9a578b94959c4) \Device\Harddisk0\DR0\Partition0
15:49:25.0803 4428	\Device\Harddisk0\DR0\Partition0 - ok
15:49:25.0819 4428	Boot (0x1200)   (305eebfd98350ee9b4ed68f549ef2d4e) \Device\Harddisk0\DR0\Partition1
15:49:25.0819 4428	\Device\Harddisk0\DR0\Partition1 - ok
15:49:25.0819 4428	============================================================
15:49:25.0819 4428	Scan finished
15:49:25.0819 4428	============================================================
15:49:25.0835 2696	Detected object count: 0
15:49:25.0835 2696	Actual detected object count: 0
         

Alt 06.01.2012, 16:06   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verknüpfungen auf USB-Sticks und SD-Karte - Standard

Verknüpfungen auf USB-Sticks und SD-Karte



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.01.2012, 18:26   #11
katerine
 
Verknüpfungen auf USB-Sticks und SD-Karte - Standard

Verknüpfungen auf USB-Sticks und SD-Karte



Combofix Logfile:
Code:
ATTFilter
ComboFix 12-01-06.01 - Katharina 06.01.2012  18:17:04.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4008.2445 [GMT 1:00]
ausgeführt von:: c:\users\Katharina\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Uninstall.exe
c:\programdata\FullRemove.exe
c:\programdata\Roaming
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-12-06 bis 2012-01-06  ))))))))))))))))))))))))))))))
.
.
2012-01-06 17:20 . 2012-01-06 17:20	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-01-06 17:20 . 2012-01-06 17:20	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-01-06 17:08 . 2012-01-06 17:08	69000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{D0ABBB01-42F2-4609-934E-33D6FCEDAA15}\offreg.dll
2012-01-06 14:46 . 2011-11-21 11:40	8822856	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{D0ABBB01-42F2-4609-934E-33D6FCEDAA15}\mpengine.dll
2012-01-04 22:10 . 2012-01-04 22:10	--------	d-----w-	C:\_OTL
2012-01-02 17:59 . 2012-01-02 17:59	--------	d-----w-	c:\program files (x86)\ESET
2012-01-02 17:00 . 2012-01-02 17:00	--------	d-----w-	c:\users\Katharina\AppData\Roaming\Malwarebytes
2012-01-02 17:00 . 2012-01-02 17:00	--------	d-----w-	c:\programdata\Malwarebytes
2012-01-02 17:00 . 2012-01-02 17:00	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-02 17:00 . 2011-12-10 14:24	23152	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-12-20 20:08 . 2011-11-28 17:53	304472	----a-w-	c:\windows\system32\drivers\aswSP.sys
2011-12-20 20:08 . 2011-11-28 17:51	24408	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2011-12-20 20:08 . 2011-11-28 17:52	42328	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2011-12-20 20:08 . 2011-11-28 17:54	591192	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2011-12-20 20:08 . 2011-11-28 17:52	58712	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2011-12-20 20:08 . 2011-11-28 18:01	256960	----a-w-	c:\windows\system32\aswBoot.exe
2011-12-20 20:08 . 2011-11-28 17:52	66904	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2011-12-20 20:08 . 2011-11-28 18:01	41184	----a-w-	c:\windows\avastSS.scr
2011-12-20 20:08 . 2011-11-28 18:01	199816	----a-w-	c:\windows\SysWow64\aswBoot.exe
2011-12-20 20:08 . 2012-01-04 19:53	--------	d-----w-	c:\program files\Avast
2011-12-20 20:08 . 2011-12-20 20:08	--------	d-----w-	c:\programdata\AVAST Software
2011-12-17 08:36 . 2011-10-26 05:21	43520	----a-w-	c:\windows\system32\csrsrv.dll
2011-12-17 08:36 . 2011-11-24 04:52	3145216	----a-w-	c:\windows\system32\win32k.sys
2011-12-17 08:36 . 2011-11-05 05:32	2048	----a-w-	c:\windows\system32\tzres.dll
2011-12-17 08:36 . 2011-11-05 04:26	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2011-12-17 08:35 . 2011-10-15 06:31	723456	----a-w-	c:\windows\system32\EncDec.dll
2011-12-17 08:35 . 2011-10-15 05:38	534528	----a-w-	c:\windows\SysWow64\EncDec.dll
2011-12-12 18:27 . 2011-12-27 08:47	--------	d-----w-	c:\program files (x86)\Mobile Partner
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-06 17:06 . 2011-10-05 13:54	45056	----a-w-	c:\windows\system32\acovcnt.exe
2011-11-15 13:29 . 2011-10-05 14:16	270720	------w-	c:\windows\system32\MpSigStub.exe
2011-10-22 18:57 . 2011-10-22 18:57	57344	----a-r-	c:\users\Katharina\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2011-05-30 17:06 . 2011-10-24 12:19	99840	----a-w-	c:\program files\Default.SFX
2011-05-30 17:06 . 2011-10-24 12:19	79872	----a-w-	c:\program files\Zip.SFX
2011-05-30 17:06 . 2011-10-24 12:19	73728	----a-w-	c:\program files\WinCon.SFX
2011-05-30 17:06 . 2011-10-24 12:19	135814	----a-w-	c:\program files\Default64.SFX
2011-05-30 17:06 . 2011-10-24 12:19	106118	----a-w-	c:\program files\Zip64.SFX
2011-05-30 17:06 . 2011-10-24 12:19	102864	----a-w-	c:\program files\WinCon64.SFX
2011-05-28 20:05 . 2011-10-24 12:19	164864	----a-w-	c:\program files\RarExt.dll
2011-05-28 20:04 . 2011-10-24 12:19	140288	----a-w-	c:\program files\RarExt32.dll
2011-05-28 20:03 . 2011-10-24 12:19	276992	----a-w-	c:\program files\UnRAR.exe
2011-05-28 20:03 . 2011-10-24 12:19	417792	----a-w-	c:\program files\Rar.exe
2011-05-28 20:03 . 2011-10-24 12:19	1163264	----a-w-	c:\program files\WinRAR.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Katharina\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Katharina\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Katharina\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-13 2018032]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472]
"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2011-02-23 371200]
"Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-12 421736]
"avast"="c:\program files\Avast\avastUI.exe" [2011-11-28 3744552]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
c:\users\Katharina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Katharina\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-9-2 24183152]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2011-7-21 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 135664]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 135664]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-10 2009704]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 02:33]
.
2012-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 02:33]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01	134384	----a-w-	c:\program files\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2010-09-02 08:41	220160	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2010-09-02 08:41	220160	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Katharina\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Katharina\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Katharina\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Katharina\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-10 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-10 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-10 418328]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-05-17 2226280]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Katharina\AppData\Roaming\Mozilla\Firefox\Profiles\xa4gk336.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-01-06  18:23:11
ComboFix-quarantined-files.txt  2012-01-06 17:23
.
Vor Suchlauf: 10 Verzeichnis(se), 217.635.430.400 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 217.124.511.744 Bytes frei
.
- - End Of File - - 3C208E37E3F46562E4EA2708081BDC0B
         
--- --- ---

Alt 06.01.2012, 19:34   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verknüpfungen auf USB-Sticks und SD-Karte - Standard

Verknüpfungen auf USB-Sticks und SD-Karte



Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 07.01.2012, 13:56   #13
katerine
 
Verknüpfungen auf USB-Sticks und SD-Karte - Standard

Verknüpfungen auf USB-Sticks und SD-Karte



Code:
ATTFilter
 aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-07 13:30:57
-----------------------------
13:30:57.268    OS Version: Windows x64 6.1.7601 Service Pack 1
13:30:57.268    Number of processors: 4 586 0x2A07
13:30:57.268    ComputerName: KATHARINASPC  UserName: Katharina
13:30:58.282    Initialize success
13:30:58.687    AVAST engine defs: 12010700
13:31:09.125    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:31:09.140    Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 3
13:31:09.140    Disk 0 MBR read successfully
13:31:09.156    Disk 0 MBR scan
13:31:09.156    Disk 0 Windows 7 default MBR code
13:31:09.156    Disk 0 Partition 1 00     1C Hidd FAT32 LBA MSDOS5.0    25600 MB offset 2048
13:31:09.172    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       260473 MB offset 52430848
13:31:09.172    Disk 0 Partition - 00     0F Extended LBA            324406 MB offset 585879552
13:31:09.203    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       324405 MB offset 585881600
13:31:09.218    Service scanning
13:31:10.607    Modules scanning
13:31:10.607    Disk 0 trace - called modules:
13:31:10.622    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 
13:31:11.137    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80050e3060]
13:31:11.137    3 CLASSPNP.SYS[fffff88001ba443f] -> nt!IofCallDriver -> [0xfffffa8004ac1ac0]
13:31:11.153    5 ACPI.sys[fffff88000eeb7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004ac5050]
13:31:11.792    AVAST engine scan C:\Windows
13:31:13.976    AVAST engine scan C:\Windows\system32
13:31:52.540    AVAST engine scan C:\Windows\system32\drivers
13:31:57.298    AVAST engine scan C:\Users\Katharina
13:33:33.472    AVAST engine scan C:\ProgramData
13:34:07.464    Scan finished successfully
13:55:16.512    Disk 0 MBR has been saved successfully to "C:\Users\Katharina\Desktop\MBR.dat"
13:55:16.512    The log file has been saved successfully to "C:\Users\Katharina\Desktop\logaswMBR.txt"
         

Alt 07.01.2012, 16:01   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verknüpfungen auf USB-Sticks und SD-Karte - Standard

Verknüpfungen auf USB-Sticks und SD-Karte



Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 11.01.2012, 08:33   #15
katerine
 
Verknüpfungen auf USB-Sticks und SD-Karte - Standard

Verknüpfungen auf USB-Sticks und SD-Karte



Hallo Arne,
hier die drei Logs: Super Anti Spyware scheint noch was gefunden zu haben.
Wenn man nun ein infiziertes Gerät aus Versehen wieder angesteckt hat, ist der PC automatisch wieder infiziert oder erst, wenn man die Verknüpfung angeklickt hat?

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.08.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Katharina :: KATHARINASPC [Administrator]

Schutz: Aktiviert

08.01.2012 19:35:37
mbam-log-2012-01-08 (19-35-37).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 353867
Laufzeit: 41 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 01/08/2012 at 11:00 PM

Application Version : 5.0.1142

Core Rules Database Version : 8112
Trace Rules Database Version: 5924

Scan type       : Complete Scan
Total Scan Time : 01:51:38

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator

Memory items scanned      : 715
Memory threats detected   : 0
Registry items scanned    : 74529
Registry threats detected : 0
File items scanned        : 145934
File threats detected     : 416

Adware.Tracking Cookie
	C:\Users\Katharina\AppData\Roaming\Microsoft\Windows\Cookies\7GGLVG6J.txt [ /doubleclick.net ]
	C:\Users\Katharina\AppData\Roaming\Microsoft\Windows\Cookies\649KWCBS.txt [ /atdmt.com ]
	C:\Users\Katharina\AppData\Roaming\Microsoft\Windows\Cookies\HXLVEHBC.txt [ /c.atdmt.com ]
	C:\Users\Katharina\AppData\Roaming\Microsoft\Windows\Cookies\0176NXOF.txt [ /invitemedia.com ]
	C:\Users\Katharina\AppData\Roaming\Microsoft\Windows\Cookies\MZHNA09Q.txt [ /ad.yieldmanager.com ]
	C:\USERS\KATHARINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\katharina@adx.chip[1].txt [ Cookie:katharina@adx.chip.de/ ]
	C:\USERS\KATHARINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\katharina@specificclick[1].txt [ Cookie:katharina@specificclick.net/ ]
	C:\USERS\KATHARINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\katharina@zanox[1].txt [ Cookie:katharina@zanox.com/ ]
	C:\USERS\KATHARINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\katharina@doubleclick[1].txt [ Cookie:katharina@doubleclick.net/ ]
	C:\USERS\KATHARINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\TWTQS509.txt [ Cookie:katharina@atdmt.com/ ]
	C:\USERS\KATHARINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\katharina@tracking.mlsat02[1].txt [ Cookie:katharina@tracking.mlsat02.de/tmobile/ ]
	C:\USERS\KATHARINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\katharina@tradedoubler[1].txt [ Cookie:katharina@tradedoubler.com/ ]
	C:\USERS\KATHARINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\C1LIAR85.txt [ Cookie:katharina@c.atdmt.com/ ]
	C:\USERS\KATHARINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\katharina@ad.zanox[2].txt [ Cookie:katharina@ad.zanox.com/ ]
	C:\USERS\KATHARINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\katharina@apmebf[1].txt [ Cookie:katharina@apmebf.com/ ]
	C:\USERS\KATHARINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\katharina@serving-sys[2].txt [ Cookie:katharina@serving-sys.com/ ]
	C:\USERS\KATHARINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\katharina@bs.serving-sys[2].txt [ Cookie:katharina@bs.serving-sys.com/ ]
	C:\USERS\KATHARINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\katharina@questionmarket[1].txt [ Cookie:katharina@questionmarket.com/ ]
	C:\USERS\KATHARINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\katharina@statse.webtrendslive[1].txt [ Cookie:katharina@statse.webtrendslive.com/ ]
	C:\USERS\KATHARINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\katharina@traffictrack[1].txt [ Cookie:katharina@traffictrack.de/ ]
	C:\USERS\KATHARINA\Cookies\7GGLVG6J.txt [ Cookie:katharina@doubleclick.net/ ]
	C:\USERS\KATHARINA\Cookies\649KWCBS.txt [ Cookie:katharina@atdmt.com/ ]
	C:\USERS\KATHARINA\Cookies\HXLVEHBC.txt [ Cookie:katharina@c.atdmt.com/ ]
	C:\USERS\KATHARINA\Cookies\0176NXOF.txt [ Cookie:katharina@invitemedia.com/ ]
	C:\USERS\KATHARINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\KATHARINA@GOOGLEADS.G.DOUBLECLICK[2].TXT [ /GOOGLEADS.G.DOUBLECLICK ]
	C:\USERS\KATHARINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\KATHARINA@AD.AD-SRV[2].TXT [ /AD.AD-SRV ]
	.fastclick.net [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	www.zanox-affiliate.de [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.apmebf.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.xiti.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.overture.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	tracker.softgarden.de [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	wstat.wibiya.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.stats4free.de [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.stats4free.de [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.deutschepostag.112.2o7.net [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.specificclick.net [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.countomat.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	stat.kk-bits.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.overture.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.overture.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.content.yieldmanager.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.germanwings.112.2o7.net [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.ad.adnet.de [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.ad.adnet.de [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	stat.aldi.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	stat.aldi.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	tracking.weinwelt.at [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	tracking.weinwelt.at [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	secure.img-cdn.mediaplex.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.getclicky.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.static.getclicky.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	in.getclicky.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.ad.adnet.biz [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.amazon-adsystem.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.amazon-adsystem.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.googleads.g.doubleclick.net [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.bs.serving-sys.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.cewecolor.112.2o7.net [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	media.gan-online.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.worldhealthorganization.122.2o7.net [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.apmebf.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	mycounter.counterstation.de [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.c1.atdmt.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	tracking.quisma.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	tracking.quisma.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	tracking.quisma.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	tracking.quisma.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	ad1.dyntracker.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	s08.flagcounter.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.casalemedia.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.casalemedia.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.casalemedia.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.casalemedia.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.casalemedia.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	ad1.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.tracking.mindshare.de [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	www.discounto.de [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	www.active-tracking.de [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	www.active-tracking.de [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	www.active-tracking.de [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.ads.quartermedia.de [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.ads.quartermedia.de [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adxpose.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.ad.yieldmanager.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.ad.yieldmanager.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.ad.yieldmanager.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	www.tldadserv.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.ero-advertising.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	warez-load.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	toplisted.us [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	warez-load.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	warez-load.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	warez-load.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.warez-load.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.warez-load.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.warez-load.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.webstats4u.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	ads.adxvalue.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	ads.adxvalue.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	ads.adxvalue.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	ads.adxvalue.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	rts.pgmediaserve.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	rts.pgmediaserve.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	rts.pgmediaserve.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.eyewonder.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	media.campartner.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	media.campartner.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	media.campartner.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	media.campartner.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	track.webtrekk.net [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	track.webtrekk.net [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.counter.sexsuche.tv [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	counter2.sexmoney.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.statcounter.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adxvalue.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adxvalue.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adxvalue.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adxvalue.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	fr.sitestat.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	fr.sitestat.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	eas8.emediate.eu [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	fl01.ct2.comclick.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	fl01.ct2.comclick.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	fl01.ct2.comclick.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.www.burstnet.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	eas8.emediate.eu [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	www3.smartadserver.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	ww381.smartadserver.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	ads.horyzon-media.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	eas8.emediate.eu [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	eas8.emediate.eu [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.112.2o7.net [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.hertz.122.2o7.net [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.interclick.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.advertising.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.interclick.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.interclick.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.tribalfusion.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	s1.trafficmaxx.de [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	www.besucherstats.de [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.tracking.emion-gmbh.de [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	adt.traffictrack.de [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	adt.traffictrack.de [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	adt.traffictrack.de [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	adt.traffictrack.de [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.traffictrack.de [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.traffictrack.de [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.tto2.traffictrack.de [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.guj.122.2o7.net [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.ffindr.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.ffindr.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.ffindr.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	austria.ffindr.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	ffindr.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	track.adform.net [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.eyewonder.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	tracking.quisma.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	tracking.quisma.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.technoratimedia.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.technoratimedia.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.overture.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.clickfuse.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adviva.net [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	studivz.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.questionmarket.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.questionmarket.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.questionmarket.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.questionmarket.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	statse.webtrendslive.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	accounts.google.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.unitymedia.de [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.unitymedia.de [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.hightraffic.hugoboss.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.hightraffic.hugoboss.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.hightraffic.hugoboss.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	ad.zanox.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	track.adform.net [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adform.net [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	ad4.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	ad3.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	ad.zanox.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.traffictrack.de [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.zanox.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.zanox-affiliate.de [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.h.atdmt.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.h.atdmt.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.h.atdmt.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.h.atdmt.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.c.atdmt.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.c.atdmt.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.c.atdmt.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.c.atdmt.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	ad2.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	ww251.smartadserver.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.fastclick.net [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XA4GK336.DEFAULT\COOKIES.SQLITE ]

Trojan.Agent/Gen-SoftonicDownloader
	C:\USERS\KATHARINA\DOWNLOADS\SOFTONICDOWNLOADER_FUER_NIKON-CAPTURE-NX.EXE
         
Code:
ATTFilter
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=1bc92d30135d2c49b6aeb498208c022b
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-02 07:19:16
# local_time=2012-01-02 08:19:16 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 201 77157282 0 0
# compatibility_mode=8192 67108863 100 0 275 275 0 0
# scanned=209209
# found=1
# cleaned=0
# scan_time=4566
C:\Users\Katharina\Downloads\SoftonicDownloader_fuer_nikon-capture-nx.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=1bc92d30135d2c49b6aeb498208c022b
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-08 11:11:28
# local_time=2012-01-09 12:11:28 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 215 77690688 0 0
# compatibility_mode=8192 67108863 100 0 533681 533681 0 0
# scanned=166381
# found=0
# cleaned=0
# scan_time=3492
         

Antwort

Themen zu Verknüpfungen auf USB-Sticks und SD-Karte
administrator, anti-malware, appdata, autostart, avast, code, datei, datei gelöscht, dateien, dateien gelöscht, dateisystem, escan, explorer, festplatte, folge, forum, gelöscht, heuristiks/extra, heuristiks/shuriken, infizierte, karte, logfile, malwarebytes, online, problem, recycler, roaming, scan, trojan.inject, trojaner, variant, verknüpfungen, win32, win32/softonicdownloader.a, worm.conficker



Ähnliche Themen: Verknüpfungen auf USB-Sticks und SD-Karte


  1. Windows 8.1: Nur noch Verknüpfungen auf USB-Sticks
    Log-Analyse und Auswertung - 15.03.2015 (24)
  2. Win7/32bit - USB Stick und SD Karte beinhalten Verknüpfungen
    Log-Analyse und Auswertung - 24.06.2014 (5)
  3. Virus/Trojaner erstellt Verknüpfungen auf USB-Sticks
    Plagegeister aller Art und deren Bekämpfung - 20.06.2014 (21)
  4. Auf USB-Sticks werden nur Verknüpfungen angezeigt! Win7
    Plagegeister aller Art und deren Bekämpfung - 15.06.2014 (11)
  5. USB-Sticks kann Dateien und Ordner nur noch als Verknüpfungen abspeichern
    Log-Analyse und Auswertung - 02.06.2014 (18)
  6. USB-Sticks zeigen nur Verknüpfungen, Malwarebytes fand Objekte, die mit "PUP optional A(...)" infiziert sind
    Plagegeister aller Art und deren Bekämpfung - 10.03.2014 (9)
  7. USB-Sticks zeigen alle Dateien als Verknüpfungen an
    Log-Analyse und Auswertung - 07.02.2014 (19)
  8. Auf USB Sticks werden Ordner+Dateien nur als Verknüpfungen angezeigt
    Log-Analyse und Auswertung - 06.01.2014 (13)
  9. nur Verknüpfungen auf externer Festplatte und SD-Karte
    Plagegeister aller Art und deren Bekämpfung - 13.11.2013 (29)
  10. Nur Verknüpfungen auf USB-Sticks
    Log-Analyse und Auswertung - 26.10.2013 (27)
  11. WIN XP: ext. Festplatte u. SD Karte Ordner sind nur noch Verknüpfungen, Recycler
    Log-Analyse und Auswertung - 21.08.2013 (31)
  12. Ordner auf USB Sticks und Handy sind nur noch Verknüpfungen
    Log-Analyse und Auswertung - 23.04.2012 (3)
  13. Usb stick & sd karte zeigen nur noch verknüpfungen an (shortcut)
    Log-Analyse und Auswertung - 19.02.2012 (3)
  14. nur mehr Verknüpfungen bei externer Festplatte bzw. SD Karte
    Log-Analyse und Auswertung - 23.01.2012 (3)
  15. nur Verknüpfungen auf SD Karte
    Log-Analyse und Auswertung - 24.11.2011 (2)
  16. Nur Verknüpfungen bei USB-Sticks und Speicherkarten
    Plagegeister aller Art und deren Bekämpfung - 21.11.2011 (30)
  17. Virus: igfxcf32.exe - Verursachte dass bei 2 USB Sticks stat der Ordner nur noch Verknüpfungen...
    Log-Analyse und Auswertung - 16.08.2011 (1)

Zum Thema Verknüpfungen auf USB-Sticks und SD-Karte - Hallo, ich habe wie schon ein paar andere Hilfesuchende das Problem, dass in angeschlossenen USB-Sticks und SD Karten sowie der externen Festplatte nur Verknüpfungen angezeigt werden. Ich habe mit avast - Verknüpfungen auf USB-Sticks und SD-Karte...
Archiv
Du betrachtest: Verknüpfungen auf USB-Sticks und SD-Karte auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.