Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Live Security Platinum entfernen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 11.08.2012, 18:48   #16
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Live Security Platinum entfernen - Standard

Live Security Platinum entfernen



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
ATTFilter
:OTL
FF - user.js - File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-4112322236-3011114634-1874071500-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKU\S-1-5-21-4112322236-3011114634-1874071500-1000..\Run: [Pyixix] C:\Users\Saiken\AppData\Roaming\Haxe\itnef.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\S-1-5-21-4112322236-3011114634-1874071500-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
:Files
C:\ProgramData\7067855903044CBBA1635619F875F002
C:\Users\Saiken\AppData\Roaming\Ruepu
C:\Users\Saiken\AppData\Roaming\Haxe
C:\Users\Saiken\AppData\Roaming\Asyp
C:\Users\Saiken\AppData\LocalLow\Sun\Java\Deployment\cache
C:\Program Files (x86)\Common Files\Spigot
C:\Program Files (x86)\pdfforge Toolbar
C:\Windows\Installer\{f02db07d-0321-17b8-1df1-89547b553cef}\U
C:\Windows\Installer\{f02db07d-0321-17b8-1df1-89547b553cef}\l
C:\Windows\Installer\{f02db07d-0321-17b8-1df1-89547b553cef}\n
C:\Windows\Installer\{f02db07d-0321-17b8-1df1-89547b553cef}\@
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 12.08.2012, 10:51   #17
Saiken
 
Live Security Platinum entfernen - Standard

Live Security Platinum entfernen



Code:
ATTFilter
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4112322236-3011114634-1874071500-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4112322236-3011114634-1874071500-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Pyixix deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4112322236-3011114634-1874071500-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HideSCAHealth deleted successfully.
========== FILES ==========
C:\ProgramData\7067855903044CBBA1635619F875F002 folder moved successfully.
C:\Users\Saiken\AppData\Roaming\Ruepu folder moved successfully.
C:\Users\Saiken\AppData\Roaming\Haxe folder moved successfully.
C:\Users\Saiken\AppData\Roaming\Asyp folder moved successfully.
C:\Users\Saiken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Saiken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Saiken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Saiken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Saiken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Saiken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Saiken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Saiken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Saiken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Saiken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Saiken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Saiken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Saiken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Saiken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Saiken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Saiken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Saiken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Saiken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Saiken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Saiken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Saiken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Saiken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Saiken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Saiken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Saiken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Saiken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Saiken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Saiken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Saiken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Saiken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Saiken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Saiken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Saiken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Saiken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Saiken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Saiken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Saiken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Saiken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Saiken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Saiken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Saiken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Saiken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Saiken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Saiken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Saiken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Saiken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Saiken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Saiken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Saiken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Saiken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Saiken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Saiken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Saiken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Saiken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Saiken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Saiken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Saiken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Saiken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Saiken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Saiken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Saiken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Saiken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Saiken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Saiken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Saiken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Saiken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Saiken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Saiken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Saiken\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
File\Folder C:\Program Files (x86)\Common Files\Spigot not found.
File\Folder C:\Program Files (x86)\pdfforge Toolbar not found.
C:\Windows\Installer\{f02db07d-0321-17b8-1df1-89547b553cef}\U folder moved successfully.
C:\Windows\Installer\{f02db07d-0321-17b8-1df1-89547b553cef}\L folder moved successfully.
File\Folder C:\Windows\Installer\{f02db07d-0321-17b8-1df1-89547b553cef}\n not found.
C:\Windows\Installer\{f02db07d-0321-17b8-1df1-89547b553cef}\@ moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Saiken
->Temp folder emptied: 234756063 bytes
->Temporary Internet Files folder emptied: 210085676 bytes
->FireFox cache emptied: 68020994 bytes
->Google Chrome cache emptied: 6714827 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 1268 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 5228 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 94643107 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 62366516 bytes
RecycleBin emptied: 91379092 bytes
 
Total Files Cleaned = 732,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Public
 
User: Saiken
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.56.0 log created on 08122012_114344

Files\Folders moved on Reboot...
C:\Users\Saiken\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\Saiken\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...
         
__________________


Alt 12.08.2012, 14:03   #18
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Live Security Platinum entfernen - Standard

Live Security Platinum entfernen



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
__________________

Alt 12.08.2012, 18:26   #19
Saiken
 
Live Security Platinum entfernen - Standard

Live Security Platinum entfernen



Code:
ATTFilter
19:17:10.0171 4568	TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
19:17:10.0354 4568	============================================================
19:17:10.0354 4568	Current date / time: 2012/08/12 19:17:10.0354
19:17:10.0355 4568	SystemInfo:
19:17:10.0355 4568	
19:17:10.0355 4568	OS Version: 6.1.7601 ServicePack: 1.0
19:17:10.0355 4568	Product type: Workstation
19:17:10.0355 4568	ComputerName: SAIKENS-BABY
19:17:10.0355 4568	UserName: Saiken
19:17:10.0355 4568	Windows directory: C:\windows
19:17:10.0356 4568	System windows directory: C:\windows
19:17:10.0356 4568	Running under WOW64
19:17:10.0356 4568	Processor architecture: Intel x64
19:17:10.0356 4568	Number of processors: 3
19:17:10.0356 4568	Page size: 0x1000
19:17:10.0356 4568	Boot type: Normal boot
19:17:10.0356 4568	============================================================
19:17:12.0164 4568	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:17:12.0168 4568	============================================================
19:17:12.0168 4568	\Device\Harddisk0\DR0:
19:17:12.0168 4568	MBR partitions:
19:17:12.0168 4568	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
19:17:12.0168 4568	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x34BA1000
19:17:12.0199 4568	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x34C06000, BlocksNum 0x39FD800
19:17:12.0199 4568	============================================================
19:17:12.0235 4568	C: <-> \Device\Harddisk0\DR0\Partition1
19:17:12.0281 4568	D: <-> \Device\Harddisk0\DR0\Partition2
19:17:12.0282 4568	============================================================
19:17:12.0282 4568	Initialize success
19:17:12.0282 4568	============================================================
19:19:36.0741 4056	============================================================
19:19:36.0741 4056	Scan started
19:19:36.0741 4056	Mode: Manual; SigCheck; TDLFS; 
19:19:36.0741 4056	============================================================
19:19:37.0599 4056	1394ohci        (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
19:19:37.0740 4056	1394ohci - ok
19:19:37.0771 4056	acedrv05        (056faaff049ca7237194065423307189) C:\windows\system32\drivers\acedrv05.sys
19:19:37.0802 4056	acedrv05 ( UnsignedFile.Multi.Generic ) - warning
19:19:37.0802 4056	acedrv05 - detected UnsignedFile.Multi.Generic (1)
19:19:37.0849 4056	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
19:19:37.0896 4056	ACPI - ok
19:19:37.0927 4056	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
19:19:38.0036 4056	AcpiPmi - ok
19:19:38.0067 4056	ACPIVPC         (dc201246a14cb3b274df59faf539ab07) C:\windows\system32\DRIVERS\AcpiVpc.sys
19:19:38.0099 4056	ACPIVPC - ok
19:19:38.0239 4056	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:19:38.0270 4056	AdobeARMservice - ok
19:19:38.0473 4056	AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:19:38.0504 4056	AdobeFlashPlayerUpdateSvc - ok
19:19:38.0582 4056	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
19:19:38.0629 4056	adp94xx - ok
19:19:38.0691 4056	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
19:19:38.0738 4056	adpahci - ok
19:19:38.0785 4056	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
19:19:38.0816 4056	adpu320 - ok
19:19:38.0847 4056	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
19:19:39.0019 4056	AeLookupSvc - ok
19:19:39.0113 4056	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
19:19:39.0222 4056	AFD - ok
19:19:39.0315 4056	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
19:19:39.0347 4056	agp440 - ok
19:19:39.0659 4056	ALG             (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
19:19:39.0705 4056	ALG - ok
19:19:39.0752 4056	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
19:19:39.0783 4056	aliide - ok
19:19:39.0846 4056	AMD External Events Utility (b4143cb1dd16ae73c6177c72f33450a6) C:\windows\system32\atiesrxx.exe
19:19:39.0908 4056	AMD External Events Utility - ok
19:19:39.0924 4056	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
19:19:39.0955 4056	amdide - ok
19:19:40.0002 4056	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
19:19:40.0080 4056	AmdK8 - ok
19:19:40.0595 4056	amdkmdag        (d1d06810bf7e21f5763eb06cb7e7262b) C:\windows\system32\DRIVERS\atipmdag.sys
19:19:40.0829 4056	amdkmdag - ok
19:19:41.0000 4056	amdkmdap        (6ba71d6616b56816e57394d77dd1bb6f) C:\windows\system32\DRIVERS\atikmpag.sys
19:19:41.0063 4056	amdkmdap - ok
19:19:41.0125 4056	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
19:19:41.0172 4056	AmdPPM - ok
19:19:41.0234 4056	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
19:19:41.0265 4056	amdsata - ok
19:19:41.0312 4056	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
19:19:41.0343 4056	amdsbs - ok
19:19:41.0359 4056	amdxata         (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
19:19:41.0390 4056	amdxata - ok
19:19:41.0453 4056	AppID           (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
19:19:41.0655 4056	AppID - ok
19:19:41.0687 4056	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
19:19:41.0796 4056	AppIDSvc - ok
19:19:41.0874 4056	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
19:19:41.0952 4056	Appinfo - ok
19:19:41.0999 4056	arc             (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
19:19:42.0014 4056	arc - ok
19:19:42.0045 4056	arcsas          (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
19:19:42.0061 4056	arcsas - ok
19:19:42.0092 4056	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
19:19:42.0155 4056	AsyncMac - ok
19:19:42.0170 4056	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
19:19:42.0201 4056	atapi - ok
19:19:42.0248 4056	AtiPcie         (c07a040d6b5a42dd41ee386cf90974c8) C:\windows\system32\DRIVERS\AtiPcie.sys
19:19:42.0248 4056	AtiPcie - ok
19:19:42.0357 4056	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
19:19:42.0482 4056	AudioEndpointBuilder - ok
19:19:42.0498 4056	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
19:19:42.0545 4056	AudioSrv - ok
19:19:42.0623 4056	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
19:19:42.0685 4056	AxInstSV - ok
19:19:42.0763 4056	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
19:19:42.0810 4056	b06bdrv - ok
19:19:42.0857 4056	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
19:19:42.0935 4056	b57nd60a - ok
19:19:43.0044 4056	BBSvc           (01a24b415926bb5f772dbe12459d97de) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
19:19:43.0075 4056	BBSvc - ok
19:19:43.0137 4056	BBUpdate        (785de7abda13309d6065305542829e76) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
19:19:43.0169 4056	BBUpdate - ok
19:19:43.0434 4056	BCM43XX         (5b5c36b2ec500462a715db6bcbaf5da7) C:\windows\system32\DRIVERS\bcmwl664.sys
19:19:43.0481 4056	BCM43XX - ok
19:19:43.0621 4056	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
19:19:43.0652 4056	BDESVC - ok
19:19:43.0715 4056	Beep            (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
19:19:43.0824 4056	Beep - ok
19:19:43.0855 4056	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
19:19:43.0902 4056	blbdrive - ok
19:19:43.0964 4056	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
19:19:43.0995 4056	bowser - ok
19:19:44.0027 4056	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
19:19:44.0151 4056	BrFiltLo - ok
19:19:44.0167 4056	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
19:19:44.0198 4056	BrFiltUp - ok
19:19:44.0245 4056	Bridge0         (34f786535f9245e4028c57b28248c9d8) C:\windows\system32\drivers\WDBridge.sys
19:19:44.0261 4056	Bridge0 - ok
19:19:44.0323 4056	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
19:19:44.0432 4056	Browser - ok
19:19:44.0463 4056	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
19:19:44.0510 4056	Brserid - ok
19:19:44.0526 4056	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
19:19:44.0557 4056	BrSerWdm - ok
19:19:44.0573 4056	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
19:19:44.0619 4056	BrUsbMdm - ok
19:19:44.0635 4056	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
19:19:44.0666 4056	BrUsbSer - ok
19:19:44.0838 4056	BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys
19:19:44.0916 4056	BthEnum - ok
19:19:44.0931 4056	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
19:19:44.0978 4056	BTHMODEM - ok
19:19:45.0009 4056	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
19:19:45.0056 4056	BthPan - ok
19:19:45.0134 4056	BTHPORT         (64c198198501f7560ee41d8d1efa7952) C:\windows\System32\Drivers\BTHport.sys
19:19:45.0197 4056	BTHPORT - ok
19:19:45.0228 4056	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
19:19:45.0321 4056	bthserv - ok
19:19:45.0368 4056	BTHUSB          (f188b7394d81010767b6df3178519a37) C:\windows\System32\Drivers\BTHUSB.sys
19:19:45.0399 4056	BTHUSB - ok
19:19:45.0431 4056	cdfs            (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
19:19:45.0509 4056	cdfs - ok
19:19:45.0555 4056	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\drivers\cdrom.sys
19:19:45.0618 4056	cdrom - ok
19:19:45.0696 4056	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
19:19:45.0805 4056	CertPropSvc - ok
19:19:45.0836 4056	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
19:19:45.0914 4056	circlass - ok
19:19:45.0977 4056	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
19:19:46.0008 4056	CLFS - ok
19:19:46.0086 4056	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:19:46.0117 4056	clr_optimization_v2.0.50727_32 - ok
19:19:46.0148 4056	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:19:46.0179 4056	clr_optimization_v2.0.50727_64 - ok
19:19:46.0257 4056	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:19:46.0289 4056	clr_optimization_v4.0.30319_32 - ok
19:19:46.0320 4056	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:19:46.0351 4056	clr_optimization_v4.0.30319_64 - ok
19:19:46.0398 4056	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
19:19:46.0429 4056	CmBatt - ok
19:19:46.0476 4056	cmdide          (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
19:19:46.0491 4056	cmdide - ok
19:19:46.0569 4056	CNG             (9ac4f97c2d3e93367e2148ea940cd2cd) C:\windows\system32\Drivers\cng.sys
19:19:46.0632 4056	CNG - ok
19:19:46.0663 4056	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
19:19:46.0694 4056	Compbatt - ok
19:19:46.0741 4056	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
19:19:46.0788 4056	CompositeBus - ok
19:19:46.0819 4056	COMSysApp - ok
19:19:46.0835 4056	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
19:19:46.0866 4056	crcdisk - ok
19:19:46.0944 4056	CryptSvc        (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll
19:19:47.0006 4056	CryptSvc - ok
19:19:47.0193 4056	cvhsvc          (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
19:19:47.0240 4056	cvhsvc - ok
19:19:47.0303 4056	dc3d            (7af9dac504fbd047cbc3e64ae52c92bf) C:\windows\system32\DRIVERS\dc3d.sys
19:19:47.0381 4056	dc3d - ok
19:19:47.0490 4056	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
19:19:47.0599 4056	DcomLaunch - ok
19:19:47.0630 4056	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
19:19:47.0708 4056	defragsvc - ok
19:19:47.0755 4056	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
19:19:47.0817 4056	DfsC - ok
19:19:47.0895 4056	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
19:19:47.0989 4056	Dhcp - ok
19:19:48.0020 4056	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
19:19:48.0083 4056	discache - ok
19:19:48.0129 4056	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
19:19:48.0161 4056	Disk - ok
19:19:48.0223 4056	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
19:19:48.0270 4056	Dnscache - ok
19:19:48.0317 4056	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
19:19:48.0426 4056	dot3svc - ok
19:19:48.0504 4056	Dot4            (b42ed0320c6e41102fde0005154849bb) C:\windows\system32\DRIVERS\Dot4.sys
19:19:48.0551 4056	Dot4 - ok
19:19:48.0597 4056	Dot4Print       (e9f5969233c5d89f3c35e3a66a52a361) C:\windows\system32\DRIVERS\Dot4Prt.sys
19:19:48.0660 4056	Dot4Print - ok
19:19:48.0691 4056	dot4usb         (fd05a02b0370bc3000f402e543ca5814) C:\windows\system32\DRIVERS\dot4usb.sys
19:19:48.0738 4056	dot4usb - ok
19:19:48.0785 4056	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
19:19:48.0878 4056	DPS - ok
19:19:48.0894 4056	drmkaud         (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
19:19:48.0941 4056	drmkaud - ok
19:19:49.0065 4056	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
19:19:49.0112 4056	DXGKrnl - ok
19:19:49.0143 4056	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
19:19:49.0206 4056	EapHost - ok
19:19:49.0487 4056	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
19:19:49.0611 4056	ebdrv - ok
19:19:49.0721 4056	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
19:19:49.0783 4056	EFS - ok
19:19:49.0955 4056	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
19:19:50.0017 4056	ehRecvr - ok
19:19:50.0048 4056	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
19:19:50.0079 4056	ehSched - ok
19:19:50.0189 4056	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
19:19:50.0235 4056	elxstor - ok
19:19:50.0251 4056	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
19:19:50.0282 4056	ErrDev - ok
19:19:50.0329 4056	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
19:19:50.0407 4056	EventSystem - ok
19:19:50.0438 4056	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
19:19:50.0532 4056	exfat - ok
19:19:50.0563 4056	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
19:19:50.0641 4056	fastfat - ok
19:19:50.0750 4056	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
19:19:50.0813 4056	Fax - ok
19:19:50.0859 4056	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
19:19:50.0891 4056	fdc - ok
19:19:50.0922 4056	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
19:19:51.0000 4056	fdPHost - ok
19:19:51.0015 4056	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
19:19:51.0078 4056	FDResPub - ok
19:19:51.0093 4056	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
19:19:51.0109 4056	FileInfo - ok
19:19:51.0125 4056	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
19:19:51.0171 4056	Filetrace - ok
19:19:51.0203 4056	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
19:19:51.0218 4056	flpydisk - ok
19:19:51.0281 4056	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
19:19:51.0327 4056	FltMgr - ok
19:19:51.0452 4056	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
19:19:51.0530 4056	FontCache - ok
19:19:51.0639 4056	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:19:51.0655 4056	FontCache3.0.0.0 - ok
19:19:51.0702 4056	FsDepends       (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
19:19:51.0733 4056	FsDepends - ok
19:19:51.0780 4056	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
19:19:51.0795 4056	Fs_Rec - ok
19:19:51.0873 4056	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
19:19:51.0920 4056	fvevol - ok
19:19:51.0936 4056	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
19:19:51.0967 4056	gagp30kx - ok
19:19:52.0061 4056	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
19:19:52.0170 4056	gpsvc - ok
19:19:52.0232 4056	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:19:52.0263 4056	gupdate - ok
19:19:52.0279 4056	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:19:52.0310 4056	gupdatem - ok
19:19:52.0388 4056	gusvc           (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
19:19:52.0419 4056	gusvc - ok
19:19:52.0435 4056	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
19:19:52.0466 4056	hcw85cir - ok
19:19:52.0544 4056	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
19:19:52.0607 4056	HdAudAddService - ok
19:19:52.0653 4056	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
19:19:52.0700 4056	HDAudBus - ok
19:19:52.0747 4056	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
19:19:52.0778 4056	HidBatt - ok
19:19:52.0809 4056	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
19:19:52.0841 4056	HidBth - ok
19:19:52.0872 4056	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
19:19:52.0919 4056	HidIr - ok
19:19:52.0950 4056	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll
19:19:53.0059 4056	hidserv - ok
19:19:53.0121 4056	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
19:19:53.0153 4056	HidUsb - ok
19:19:53.0199 4056	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
19:19:53.0309 4056	hkmsvc - ok
19:19:53.0355 4056	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
19:19:53.0402 4056	HomeGroupListener - ok
19:19:53.0449 4056	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
19:19:53.0496 4056	HomeGroupProvider - ok
19:19:53.0667 4056	hpqcxs08        (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
19:19:53.0699 4056	hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
19:19:53.0699 4056	hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
19:19:53.0761 4056	hpqddsvc        (75cc8c5146a3fb76221a7606628778d5) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
19:19:53.0777 4056	hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
19:19:53.0777 4056	hpqddsvc - detected UnsignedFile.Multi.Generic (1)
19:19:53.0823 4056	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
19:19:53.0855 4056	HpSAMD - ok
19:19:53.0964 4056	HPSLPSVC        (f37882f128efacefe353e0bae2766909) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
19:19:54.0026 4056	HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
19:19:54.0026 4056	HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
19:19:54.0135 4056	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
19:19:54.0245 4056	HTTP - ok
19:19:54.0276 4056	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
19:19:54.0307 4056	hwpolicy - ok
19:19:54.0369 4056	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
19:19:54.0401 4056	i8042prt - ok
19:19:54.0479 4056	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
19:19:54.0525 4056	iaStorV - ok
19:19:54.0713 4056	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:19:54.0759 4056	idsvc - ok
19:19:55.0181 4056	igfx            (a87261ef1546325b559374f5689cf5bc) C:\windows\system32\DRIVERS\igdkmd64.sys
19:19:55.0399 4056	igfx - ok
19:19:55.0539 4056	IGRS            (d951d20153e51928f9db2227d6ff5c7a) C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe
19:19:55.0571 4056	IGRS - ok
19:19:55.0695 4056	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
19:19:55.0727 4056	iirsp - ok
19:19:55.0851 4056	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
19:19:55.0992 4056	IKEEXT - ok
19:19:56.0226 4056	IntcAzAudAddService (526e482afb586cb1cdd687869decf686) C:\windows\system32\drivers\RTKVHD64.sys
19:19:56.0288 4056	IntcAzAudAddService - ok
19:19:56.0397 4056	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
19:19:56.0429 4056	intelide - ok
19:19:56.0475 4056	intelppm        (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
19:19:56.0507 4056	intelppm - ok
19:19:56.0538 4056	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
19:19:56.0616 4056	IPBusEnum - ok
19:19:56.0678 4056	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
19:19:56.0756 4056	IpFilterDriver - ok
19:19:56.0787 4056	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
19:19:56.0850 4056	IPMIDRV - ok
19:19:56.0928 4056	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
19:19:56.0990 4056	IPNAT - ok
19:19:57.0021 4056	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
19:19:57.0115 4056	IRENUM - ok
19:19:57.0131 4056	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
19:19:57.0146 4056	isapnp - ok
19:19:57.0193 4056	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
19:19:57.0240 4056	iScsiPrt - ok
19:19:57.0302 4056	k57nd60a        (7dbafe10c1b777305c80bea42fbda710) C:\windows\system32\DRIVERS\k57nd60a.sys
19:19:57.0333 4056	k57nd60a - ok
19:19:57.0380 4056	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
19:19:57.0411 4056	kbdclass - ok
19:19:57.0458 4056	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\DRIVERS\kbdhid.sys
19:19:57.0505 4056	kbdhid - ok
19:19:57.0552 4056	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:19:57.0567 4056	KeyIso - ok
19:19:57.0630 4056	KSecDD          (97a7070aea4c058b6418519e869a63b4) C:\windows\system32\Drivers\ksecdd.sys
19:19:57.0645 4056	KSecDD - ok
19:19:57.0708 4056	KSecPkg         (26c43a7c2862447ec59deda188d1da07) C:\windows\system32\Drivers\ksecpkg.sys
19:19:57.0739 4056	KSecPkg - ok
19:19:57.0770 4056	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
19:19:57.0848 4056	ksthunk - ok
19:19:57.0911 4056	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
19:19:58.0004 4056	KtmRm - ok
19:19:58.0067 4056	L1C             (55480b9c63f3f91a8ebbadcbf28fe581) C:\windows\system32\DRIVERS\L1C62x64.sys
19:19:58.0082 4056	L1C - ok
19:19:58.0176 4056	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll
19:19:58.0269 4056	LanmanServer - ok
19:19:58.0316 4056	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
19:19:58.0410 4056	LanmanWorkstation - ok
19:19:58.0535 4056	Lenovo ReadyComm AppSvc (7fcb3ec66361f157bcd5b5c33ce2ac16) C:\Program Files\Lenovo\ReadyComm\AppSvc.exe
19:19:58.0566 4056	Lenovo ReadyComm AppSvc - ok
19:19:58.0613 4056	Lenovo ReadyComm ConnSvc (5287074e79e4ba82510886f684dc5f72) C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe
19:19:58.0644 4056	Lenovo ReadyComm ConnSvc - ok
19:19:58.0737 4056	lgmcbus         (13424eaf5c4cb5bab7a2d283cb4904fd) C:\windows\system32\DRIVERS\lgmcbus.sys
19:19:58.0753 4056	lgmcbus - ok
19:19:58.0800 4056	lgmcmdfl        (d4bba6bd8d44baffe8b6ee4036e79248) C:\windows\system32\DRIVERS\lgmcmdfl.sys
19:19:58.0815 4056	lgmcmdfl - ok
19:19:58.0847 4056	lgmcmdm         (2241984e3c04fd7c43d57d89d379a6d8) C:\windows\system32\DRIVERS\lgmcmdm.sys
19:19:58.0878 4056	lgmcmdm - ok
19:19:58.0893 4056	lgmcmgmt        (44b32ad57019853a86faaf310b58c818) C:\windows\system32\DRIVERS\lgmcmgmt.sys
19:19:58.0909 4056	lgmcmgmt - ok
19:19:58.0940 4056	lgmcnd5         (a6c32671fe8d2a34c9cb136765a57d51) C:\windows\system32\DRIVERS\lgmcnd5.sys
19:19:58.0956 4056	lgmcnd5 - ok
19:19:58.0987 4056	lgmcobex        (a12586fad733a117faeee17081d267bb) C:\windows\system32\DRIVERS\lgmcobex.sys
19:19:59.0018 4056	lgmcobex - ok
19:19:59.0034 4056	lgmcunic        (0adf858b34be72daf81d9a2cc46f7fdb) C:\windows\system32\DRIVERS\lgmcunic.sys
19:19:59.0049 4056	lgmcunic - ok
19:19:59.0112 4056	LHDmgr          (be166935083f9c38edfdc21b9a7a679b) C:\windows\system32\DRIVERS\LhdX64.sys
19:19:59.0143 4056	LHDmgr - ok
19:19:59.0174 4056	lltdio          (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
19:19:59.0268 4056	lltdio - ok
19:19:59.0346 4056	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
19:19:59.0439 4056	lltdsvc - ok
19:19:59.0455 4056	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
19:19:59.0502 4056	lmhosts - ok
19:19:59.0549 4056	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
19:19:59.0564 4056	LSI_FC - ok
19:19:59.0580 4056	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
19:19:59.0595 4056	LSI_SAS - ok
19:19:59.0627 4056	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
19:19:59.0642 4056	LSI_SAS2 - ok
19:19:59.0642 4056	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
19:19:59.0658 4056	LSI_SCSI - ok
19:19:59.0673 4056	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
19:19:59.0736 4056	luafv - ok
19:19:59.0767 4056	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
19:19:59.0814 4056	Mcx2Svc - ok
19:19:59.0829 4056	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
19:19:59.0845 4056	megasas - ok
19:19:59.0907 4056	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
19:19:59.0939 4056	MegaSR - ok
19:19:59.0970 4056	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
19:20:00.0079 4056	MMCSS - ok
19:20:00.0095 4056	Modem           (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
19:20:00.0141 4056	Modem - ok
19:20:00.0173 4056	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
19:20:00.0204 4056	monitor - ok
19:20:00.0235 4056	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
19:20:00.0266 4056	mouclass - ok
19:20:00.0313 4056	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
19:20:00.0344 4056	mouhid - ok
19:20:00.0407 4056	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
19:20:00.0438 4056	mountmgr - ok
19:20:00.0547 4056	MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:20:00.0563 4056	MozillaMaintenance - ok
19:20:00.0656 4056	MpFilter        (94c66ededcdb6a126880472f9a704d8e) C:\windows\system32\DRIVERS\MpFilter.sys
19:20:00.0687 4056	MpFilter - ok
19:20:00.0734 4056	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
19:20:00.0765 4056	mpio - ok
19:20:00.0797 4056	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
19:20:00.0890 4056	mpsdrv - ok
19:20:00.0937 4056	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
19:20:00.0984 4056	MRxDAV - ok
19:20:01.0031 4056	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
19:20:01.0109 4056	mrxsmb - ok
19:20:01.0171 4056	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
19:20:01.0218 4056	mrxsmb10 - ok
19:20:01.0233 4056	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
19:20:01.0265 4056	mrxsmb20 - ok
19:20:01.0296 4056	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
19:20:01.0311 4056	msahci - ok
19:20:01.0343 4056	msdsm           (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
19:20:01.0389 4056	msdsm - ok
19:20:01.0421 4056	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
19:20:01.0467 4056	MSDTC - ok
19:20:01.0514 4056	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
19:20:01.0577 4056	Msfs - ok
19:20:01.0592 4056	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
19:20:01.0655 4056	mshidkmdf - ok
19:20:01.0686 4056	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
19:20:01.0701 4056	msisadrv - ok
19:20:01.0748 4056	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
19:20:01.0826 4056	MSiSCSI - ok
19:20:01.0826 4056	msiserver - ok
19:20:01.0873 4056	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
19:20:01.0920 4056	MSKSSRV - ok
19:20:02.0013 4056	MsMpSvc         (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
19:20:02.0029 4056	MsMpSvc - ok
19:20:02.0076 4056	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
19:20:02.0138 4056	MSPCLOCK - ok
19:20:02.0154 4056	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
19:20:02.0247 4056	MSPQM - ok
19:20:02.0310 4056	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
19:20:02.0357 4056	MsRPC - ok
19:20:02.0388 4056	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
19:20:02.0419 4056	mssmbios - ok
19:20:02.0450 4056	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
19:20:02.0544 4056	MSTEE - ok
19:20:02.0559 4056	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
19:20:02.0575 4056	MTConfig - ok
19:20:02.0622 4056	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
19:20:02.0637 4056	Mup - ok
19:20:02.0731 4056	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
19:20:02.0856 4056	napagent - ok
19:20:02.0918 4056	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
19:20:02.0965 4056	NativeWifiP - ok
19:20:03.0121 4056	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
19:20:03.0168 4056	NDIS - ok
19:20:03.0215 4056	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
19:20:03.0293 4056	NdisCap - ok
19:20:03.0324 4056	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
19:20:03.0371 4056	NdisTapi - ok
19:20:03.0417 4056	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
19:20:03.0511 4056	Ndisuio - ok
19:20:03.0558 4056	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
19:20:03.0636 4056	NdisWan - ok
19:20:03.0683 4056	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
19:20:03.0776 4056	NDProxy - ok
19:20:03.0870 4056	Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
19:20:03.0885 4056	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
19:20:03.0885 4056	Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
19:20:03.0932 4056	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
19:20:04.0010 4056	NetBIOS - ok
19:20:04.0073 4056	NetBT           (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
19:20:04.0182 4056	NetBT - ok
19:20:04.0213 4056	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:20:04.0244 4056	Netlogon - ok
19:20:04.0307 4056	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
19:20:04.0416 4056	Netman - ok
19:20:04.0463 4056	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
19:20:04.0525 4056	netprofm - ok
19:20:04.0587 4056	NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:20:04.0619 4056	NetTcpPortSharing - ok
19:20:05.0087 4056	netw5v64        (64428dfdaf6e88366cb51f45a79c5f69) C:\windows\system32\DRIVERS\netw5v64.sys
19:20:05.0305 4056	netw5v64 - ok
19:20:05.0461 4056	nfrd960         (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
19:20:05.0492 4056	nfrd960 - ok
19:20:05.0555 4056	NisDrv          (91b4e0273d2f6c24ef845f2b41311289) C:\windows\system32\DRIVERS\NisDrvWFP.sys
19:20:05.0586 4056	NisDrv - ok
19:20:05.0633 4056	NisSrv - ok
19:20:05.0726 4056	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
19:20:05.0820 4056	NlaSvc - ok
19:20:05.0851 4056	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
19:20:05.0913 4056	Npfs - ok
19:20:05.0929 4056	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
19:20:06.0007 4056	nsi - ok
19:20:06.0038 4056	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
19:20:06.0116 4056	nsiproxy - ok
19:20:06.0288 4056	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
19:20:06.0381 4056	Ntfs - ok
19:20:06.0553 4056	NuidFltr        (317020d31f1696334679b9d0416eb62e) C:\windows\system32\DRIVERS\NuidFltr.sys
19:20:06.0569 4056	NuidFltr - ok
19:20:06.0600 4056	Null            (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
19:20:06.0662 4056	Null - ok
19:20:06.0709 4056	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
19:20:06.0740 4056	nvraid - ok
19:20:06.0771 4056	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
19:20:06.0803 4056	nvstor - ok
19:20:06.0834 4056	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
19:20:06.0865 4056	nv_agp - ok
19:20:06.0896 4056	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
19:20:06.0943 4056	ohci1394 - ok
19:20:07.0037 4056	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:20:07.0052 4056	ose - ok
19:20:07.0442 4056	osppsvc         (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:20:07.0645 4056	osppsvc - ok
19:20:07.0770 4056	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
19:20:07.0817 4056	p2pimsvc - ok
19:20:07.0863 4056	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
19:20:07.0910 4056	p2psvc - ok
19:20:07.0973 4056	Parport         (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
19:20:08.0004 4056	Parport - ok
19:20:08.0051 4056	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
19:20:08.0082 4056	partmgr - ok
19:20:08.0129 4056	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
19:20:08.0175 4056	PcaSvc - ok
19:20:08.0222 4056	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
19:20:08.0253 4056	pci - ok
19:20:08.0269 4056	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
19:20:08.0285 4056	pciide - ok
19:20:08.0316 4056	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
19:20:08.0363 4056	pcmcia - ok
19:20:08.0394 4056	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
19:20:08.0409 4056	pcw - ok
19:20:08.0487 4056	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
19:20:08.0565 4056	PEAUTH - ok
19:20:08.0643 4056	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
19:20:08.0690 4056	PerfHost - ok
19:20:08.0846 4056	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
19:20:08.0987 4056	pla - ok
19:20:09.0065 4056	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
19:20:09.0096 4056	PlugPlay - ok
19:20:09.0205 4056	Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
19:20:09.0221 4056	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
19:20:09.0221 4056	Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
19:20:09.0252 4056	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
19:20:09.0299 4056	PNRPAutoReg - ok
19:20:09.0361 4056	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
19:20:09.0392 4056	PNRPsvc - ok
19:20:09.0486 4056	Point64         (4f0878fd62d5f7444c5f1c4c66d9d293) C:\windows\system32\DRIVERS\point64.sys
19:20:09.0501 4056	Point64 - ok
19:20:09.0595 4056	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
19:20:09.0704 4056	PolicyAgent - ok
19:20:09.0735 4056	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
19:20:09.0798 4056	Power - ok
19:20:09.0845 4056	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
19:20:09.0907 4056	PptpMiniport - ok
19:20:09.0938 4056	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
19:20:09.0985 4056	Processor - ok
19:20:10.0047 4056	ProfSvc         (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll
19:20:10.0110 4056	ProfSvc - ok
19:20:10.0141 4056	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:20:10.0172 4056	ProtectedStorage - ok
19:20:10.0250 4056	Psched          (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
19:20:10.0344 4056	Psched - ok
19:20:10.0344 4056	PS_MDP - ok
19:20:10.0500 4056	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
19:20:10.0593 4056	ql2300 - ok
19:20:10.0718 4056	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
19:20:10.0749 4056	ql40xx - ok
19:20:10.0796 4056	QWAVE           (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
19:20:10.0843 4056	QWAVE - ok
19:20:10.0874 4056	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
19:20:10.0937 4056	QWAVEdrv - ok
19:20:10.0952 4056	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
19:20:11.0061 4056	RasAcd - ok
19:20:11.0108 4056	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
19:20:11.0171 4056	RasAgileVpn - ok
19:20:11.0202 4056	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
19:20:11.0280 4056	RasAuto - ok
19:20:11.0327 4056	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
19:20:11.0420 4056	Rasl2tp - ok
19:20:11.0498 4056	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
19:20:11.0576 4056	RasMan - ok
19:20:11.0607 4056	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
19:20:11.0670 4056	RasPppoe - ok
19:20:11.0685 4056	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
19:20:11.0748 4056	RasSstp - ok
19:20:11.0810 4056	rdbss           (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
19:20:11.0919 4056	rdbss - ok
19:20:11.0935 4056	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
19:20:11.0966 4056	rdpbus - ok
19:20:11.0982 4056	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
19:20:12.0029 4056	RDPCDD - ok
19:20:12.0044 4056	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
19:20:12.0122 4056	RDPENCDD - ok
19:20:12.0138 4056	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
19:20:12.0185 4056	RDPREFMP - ok
19:20:12.0231 4056	RDPWD           (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys
19:20:12.0294 4056	RDPWD - ok
19:20:12.0356 4056	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
19:20:12.0387 4056	rdyboost - ok
19:20:12.0403 4056	ReadyComm.DirectRouter - ok
19:20:12.0450 4056	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
19:20:12.0543 4056	RemoteAccess - ok
19:20:12.0575 4056	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
19:20:12.0668 4056	RemoteRegistry - ok
19:20:12.0715 4056	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
19:20:12.0762 4056	RFCOMM - ok
19:20:12.0809 4056	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
19:20:12.0902 4056	RpcEptMapper - ok
19:20:12.0933 4056	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
19:20:12.0980 4056	RpcLocator - ok
19:20:13.0043 4056	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
19:20:13.0121 4056	RpcSs - ok
19:20:13.0152 4056	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
19:20:13.0245 4056	rspndr - ok
19:20:13.0308 4056	RSUSBSTOR       (5aab4808e8ccae8c2ecda5b791260616) C:\windows\system32\Drivers\RtsUStor.sys
19:20:13.0323 4056	RSUSBSTOR - ok
19:20:13.0370 4056	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:20:13.0401 4056	SamSs - ok
19:20:13.0433 4056	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
19:20:13.0464 4056	sbp2port - ok
19:20:13.0495 4056	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
19:20:13.0573 4056	SCardSvr - ok
19:20:13.0620 4056	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
19:20:13.0698 4056	scfilter - ok
19:20:13.0838 4056	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
19:20:13.0963 4056	Schedule - ok
19:20:14.0010 4056	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
19:20:14.0057 4056	SCPolicySvc - ok
19:20:14.0103 4056	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
19:20:14.0135 4056	SDRSVC - ok
19:20:14.0197 4056	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
19:20:14.0275 4056	secdrv - ok
19:20:14.0306 4056	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
19:20:14.0400 4056	seclogon - ok
19:20:14.0431 4056	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
19:20:14.0509 4056	SENS - ok
19:20:14.0525 4056	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
19:20:14.0556 4056	SensrSvc - ok
19:20:14.0571 4056	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
19:20:14.0587 4056	Serenum - ok
19:20:14.0634 4056	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
19:20:14.0681 4056	Serial - ok
19:20:14.0712 4056	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
19:20:14.0774 4056	sermouse - ok
19:20:14.0837 4056	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
19:20:14.0915 4056	SessionEnv - ok
19:20:14.0946 4056	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
19:20:14.0993 4056	sffdisk - ok
19:20:15.0008 4056	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
19:20:15.0055 4056	sffp_mmc - ok
19:20:15.0071 4056	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
19:20:15.0086 4056	sffp_sd - ok
19:20:15.0117 4056	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
19:20:15.0164 4056	sfloppy - ok
19:20:15.0289 4056	Sftfs           (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys
19:20:15.0320 4056	Sftfs - ok
19:20:15.0429 4056	sftlist         (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
19:20:15.0476 4056	sftlist - ok
19:20:15.0539 4056	Sftplay         (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys
19:20:15.0570 4056	Sftplay - ok
19:20:15.0585 4056	Sftredir        (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys
19:20:15.0601 4056	Sftredir - ok
19:20:15.0601 4056	Sftvol          (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys
19:20:15.0617 4056	Sftvol - ok
19:20:15.0648 4056	sftvsa          (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
19:20:15.0663 4056	sftvsa - ok
19:20:15.0741 4056	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
19:20:15.0819 4056	ShellHWDetection - ok
19:20:15.0851 4056	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
19:20:15.0882 4056	SiSRaid2 - ok
19:20:15.0897 4056	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
19:20:15.0913 4056	SiSRaid4 - ok
19:20:15.0991 4056	SkypeUpdate     (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe
19:20:16.0007 4056	SkypeUpdate - ok
19:20:16.0053 4056	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
19:20:16.0131 4056	Smb - ok
19:20:16.0178 4056	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
19:20:16.0225 4056	SNMPTRAP - ok
19:20:16.0256 4056	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
19:20:16.0272 4056	spldr - ok
19:20:16.0365 4056	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
19:20:16.0443 4056	Spooler - ok
19:20:16.0755 4056	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
19:20:16.0896 4056	sppsvc - ok
19:20:17.0005 4056	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
19:20:17.0083 4056	sppuinotify - ok
19:20:17.0145 4056	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
19:20:17.0192 4056	srv - ok
19:20:17.0239 4056	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
19:20:17.0270 4056	srv2 - ok
19:20:17.0301 4056	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
19:20:17.0333 4056	srvnet - ok
19:20:17.0379 4056	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
19:20:17.0442 4056	SSDPSRV - ok
19:20:17.0457 4056	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
19:20:17.0489 4056	SstpSvc - ok
19:20:17.0520 4056	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
19:20:17.0520 4056	stexstor - ok
19:20:17.0613 4056	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
19:20:17.0676 4056	stisvc - ok
19:20:17.0707 4056	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
19:20:17.0738 4056	swenum - ok
19:20:17.0801 4056	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
19:20:17.0910 4056	swprv - ok
19:20:17.0972 4056	SynTP           (e5d73228176c9f69072d1f91ced83484) C:\windows\system32\DRIVERS\SynTP.sys
19:20:18.0003 4056	SynTP - ok
19:20:18.0175 4056	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
19:20:18.0253 4056	SysMain - ok
19:20:18.0425 4056	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
19:20:18.0471 4056	TabletInputService - ok
19:20:18.0534 4056	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
19:20:18.0627 4056	TapiSrv - ok
19:20:18.0643 4056	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
19:20:18.0705 4056	TBS - ok
19:20:18.0924 4056	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
19:20:19.0002 4056	Tcpip - ok
19:20:19.0314 4056	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
19:20:19.0361 4056	TCPIP6 - ok
19:20:19.0501 4056	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
19:20:19.0595 4056	tcpipreg - ok
19:20:19.0641 4056	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
19:20:19.0673 4056	TDPIPE - ok
19:20:19.0719 4056	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
19:20:19.0766 4056	TDTCP - ok
19:20:19.0813 4056	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
19:20:19.0891 4056	tdx - ok
19:20:19.0922 4056	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
19:20:19.0938 4056	TermDD - ok
19:20:20.0000 4056	TermService     (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
19:20:20.0063 4056	TermService - ok
19:20:20.0078 4056	Themes          (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
19:20:20.0109 4056	Themes - ok
19:20:20.0156 4056	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
19:20:20.0234 4056	THREADORDER - ok
19:20:20.0265 4056	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
19:20:20.0312 4056	TrkWks - ok
19:20:20.0406 4056	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
19:20:20.0484 4056	TrustedInstaller - ok
19:20:20.0531 4056	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
19:20:20.0640 4056	tssecsrv - ok
19:20:20.0702 4056	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
19:20:20.0749 4056	TsUsbFlt - ok
19:20:20.0843 4056	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
19:20:20.0905 4056	tunnel - ok
19:20:20.0921 4056	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
19:20:20.0936 4056	uagp35 - ok
19:20:21.0014 4056	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
19:20:21.0092 4056	udfs - ok
19:20:21.0123 4056	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
19:20:21.0155 4056	UI0Detect - ok
19:20:21.0170 4056	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
19:20:21.0186 4056	uliagpkx - ok
19:20:21.0217 4056	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys
19:20:21.0248 4056	umbus - ok
19:20:21.0279 4056	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
19:20:21.0326 4056	UmPass - ok
19:20:21.0373 4056	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
19:20:21.0451 4056	upnphost - ok
19:20:21.0482 4056	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
19:20:21.0545 4056	usbccgp - ok
19:20:21.0576 4056	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
19:20:21.0623 4056	usbcir - ok
19:20:21.0654 4056	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
19:20:21.0685 4056	usbehci - ok
19:20:21.0747 4056	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
19:20:21.0794 4056	usbhub - ok
19:20:21.0825 4056	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\DRIVERS\usbohci.sys
19:20:21.0857 4056	usbohci - ok
19:20:21.0888 4056	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
19:20:21.0935 4056	usbprint - ok
19:20:21.0981 4056	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
19:20:22.0013 4056	usbscan - ok
19:20:22.0059 4056	usbsmi          (310abd644511cbeee16814095759d670) C:\windows\system32\DRIVERS\SMIksdrv.sys
19:20:22.0106 4056	usbsmi - ok
19:20:22.0137 4056	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
19:20:22.0184 4056	USBSTOR - ok
19:20:22.0215 4056	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
19:20:22.0231 4056	usbuhci - ok
19:20:22.0278 4056	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys
19:20:22.0325 4056	usbvideo - ok
19:20:22.0356 4056	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
19:20:22.0449 4056	UxSms - ok
19:20:22.0481 4056	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:20:22.0512 4056	VaultSvc - ok
19:20:22.0559 4056	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
19:20:22.0590 4056	vdrvroot - ok
19:20:22.0668 4056	vds             (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
19:20:22.0746 4056	vds - ok
19:20:22.0777 4056	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
19:20:22.0824 4056	vga - ok
19:20:22.0839 4056	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
19:20:22.0886 4056	VgaSave - ok
19:20:22.0933 4056	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
19:20:22.0964 4056	vhdmp - ok
19:20:22.0995 4056	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
19:20:23.0027 4056	viaide - ok
19:20:23.0058 4056	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
19:20:23.0089 4056	volmgr - ok
19:20:23.0167 4056	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
19:20:23.0214 4056	volmgrx - ok
19:20:23.0245 4056	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
19:20:23.0261 4056	volsnap - ok
19:20:23.0292 4056	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
19:20:23.0323 4056	vsmraid - ok
19:20:23.0479 4056	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
19:20:23.0588 4056	VSS - ok
19:20:23.0713 4056	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
19:20:23.0760 4056	vwifibus - ok
19:20:23.0791 4056	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
19:20:23.0807 4056	vwififlt - ok
19:20:23.0853 4056	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
19:20:23.0869 4056	vwifimp - ok
19:20:23.0916 4056	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
19:20:23.0963 4056	W32Time - ok
19:20:23.0994 4056	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
19:20:24.0025 4056	WacomPen - ok
19:20:24.0087 4056	WANARP          (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
19:20:24.0165 4056	WANARP - ok
19:20:24.0181 4056	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
19:20:24.0228 4056	Wanarpv6 - ok
19:20:24.0399 4056	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
19:20:24.0446 4056	wbengine - ok
19:20:24.0571 4056	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
19:20:24.0618 4056	WbioSrvc - ok
19:20:24.0696 4056	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
19:20:24.0774 4056	wcncsvc - ok
19:20:24.0805 4056	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
19:20:24.0836 4056	WcsPlugInService - ok
19:20:24.0867 4056	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
19:20:24.0883 4056	Wd - ok
19:20:24.0961 4056	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
19:20:25.0008 4056	Wdf01000 - ok
19:20:25.0023 4056	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
19:20:25.0148 4056	WdiServiceHost - ok
19:20:25.0148 4056	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
19:20:25.0195 4056	WdiSystemHost - ok
19:20:25.0226 4056	wdmirror        (2a444acf7dd446505bcc801f8f6ae5fd) C:\windows\system32\DRIVERS\WDMirror.sys
19:20:25.0257 4056	wdmirror - ok
19:20:25.0320 4056	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
19:20:25.0382 4056	WebClient - ok
19:20:25.0429 4056	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
19:20:25.0538 4056	Wecsvc - ok
19:20:25.0569 4056	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
19:20:25.0694 4056	wercplsupport - ok
19:20:25.0725 4056	WerSvc          (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
19:20:25.0835 4056	WerSvc - ok
19:20:25.0881 4056	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
19:20:25.0944 4056	WfpLwf - ok
19:20:25.0975 4056	WimFltr         (b14ef15bd757fa488f9c970eee9c0d35) C:\windows\system32\DRIVERS\wimfltr.sys
19:20:25.0991 4056	WimFltr - ok
19:20:26.0006 4056	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
19:20:26.0022 4056	WIMMount - ok
19:20:26.0022 4056	WinHttpAutoProxySvc - ok
19:20:26.0100 4056	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
19:20:26.0178 4056	Winmgmt - ok
19:20:26.0396 4056	WinRM           (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
19:20:26.0505 4056	WinRM - ok
19:20:26.0677 4056	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
19:20:26.0724 4056	WinUsb - ok
19:20:26.0802 4056	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
19:20:26.0864 4056	Wlansvc - ok
19:20:26.0895 4056	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
19:20:26.0911 4056	WmiAcpi - ok
19:20:26.0989 4056	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
19:20:27.0005 4056	wmiApSrv - ok
19:20:27.0051 4056	WMPNetworkSvc - ok
19:20:27.0067 4056	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
19:20:27.0083 4056	WPCSvc - ok
19:20:27.0145 4056	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
19:20:27.0161 4056	WPDBusEnum - ok
19:20:27.0192 4056	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
19:20:27.0254 4056	ws2ifsl - ok
19:20:27.0254 4056	WSearch - ok
19:20:27.0301 4056	wsvd            (83575c43b2bfe9ab0661a7f957e843c0) C:\windows\system32\DRIVERS\wsvd.sys
19:20:27.0301 4056	wsvd - ok
19:20:27.0363 4056	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
19:20:27.0441 4056	WudfPf - ok
19:20:27.0473 4056	WUDFRd          (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
19:20:27.0535 4056	WUDFRd - ok
19:20:27.0597 4056	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
19:20:27.0660 4056	wudfsvc - ok
19:20:27.0707 4056	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
19:20:27.0753 4056	WwanSvc - ok
19:20:27.0847 4056	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:20:28.0159 4056	\Device\Harddisk0\DR0 - ok
19:20:28.0159 4056	Boot (0x1200)   (50225db88c3c859640d4e5af49f9209a) \Device\Harddisk0\DR0\Partition0
19:20:28.0159 4056	\Device\Harddisk0\DR0\Partition0 - ok
19:20:28.0206 4056	Boot (0x1200)   (a474c2aed0c96350ec0b0aedbc2d297a) \Device\Harddisk0\DR0\Partition1
19:20:28.0206 4056	\Device\Harddisk0\DR0\Partition1 - ok
19:20:28.0237 4056	Boot (0x1200)   (b667af1ddab9be8f6c9418bfcb8af9b1) \Device\Harddisk0\DR0\Partition2
19:20:28.0237 4056	\Device\Harddisk0\DR0\Partition2 - ok
19:20:28.0237 4056	============================================================
19:20:28.0237 4056	Scan finished
19:20:28.0237 4056	============================================================
19:20:28.0268 4624	Detected object count: 6
19:20:28.0268 4624	Actual detected object count: 6
19:22:15.0518 4624	acedrv05 ( UnsignedFile.Multi.Generic ) - skipped by user
19:22:15.0518 4624	acedrv05 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:22:15.0518 4624	hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
19:22:15.0518 4624	hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:22:15.0518 4624	hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:22:15.0518 4624	hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:22:15.0518 4624	HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
19:22:15.0518 4624	HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:22:15.0534 4624	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:22:15.0534 4624	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:22:15.0534 4624	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:22:15.0534 4624	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 13.08.2012, 15:29   #20
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Live Security Platinum entfernen - Standard

Live Security Platinum entfernen



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 13.08.2012, 17:49   #21
Saiken
 
Live Security Platinum entfernen - Standard

Live Security Platinum entfernen



Code:
ATTFilter
ComboFix 12-08-13.01 - Saiken 13.08.2012  18:29:22.1.3 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4091.2901 [GMT 2:00]
ausgeführt von:: c:\users\Saiken\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
c:\windows\s.bat
.
Infizierte Kopie von c:\windows\system32\Services.exe wurde gefunden und desinfiziert 
Kopie von - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe wurde wiederhergestellt 
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-07-13 bis 2012-08-13  ))))))))))))))))))))))))))))))
.
.
2012-08-13 16:35 . 2012-08-13 16:35	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-08-12 09:43 . 2012-08-12 09:43	--------	d-----w-	C:\_OTL
2012-08-08 13:01 . 2012-08-08 13:01	328704	----a-w-	c:\windows\system32\services.exe.212D4E11F79A68F9
2012-08-08 12:56 . 2012-08-08 12:56	328704	----a-w-	c:\windows\system32\services.exe.1147DF87B3DA07B6
2012-08-08 12:51 . 2012-08-08 12:51	328704	----a-w-	c:\windows\system32\services.exe.B2755E72D36F7078
2012-08-08 12:46 . 2012-08-08 12:46	328704	----a-w-	c:\windows\system32\services.exe.1A059BB5E95C4011
2012-08-08 12:42 . 2012-08-08 12:42	328704	----a-w-	c:\windows\system32\services.exe.C5409BB5759BB947
2012-08-08 12:39 . 2012-08-08 12:39	328704	----a-w-	c:\windows\system32\services.exe.DFA9D2B7AB653F73
2012-08-08 12:34 . 2012-08-08 12:34	328704	----a-w-	c:\windows\system32\services.exe.0215EFF9D4F84EB6
2012-08-08 12:31 . 2012-08-08 12:31	328704	----a-w-	c:\windows\system32\services.exe.206A278CC5E583AD
2012-08-07 08:44 . 2012-08-07 08:44	328704	----a-w-	c:\windows\system32\services.exe.A3D262AB47EEBA0A
2012-08-07 08:39 . 2012-08-07 08:39	328704	----a-w-	c:\windows\system32\services.exe.EC84C971B8644A86
2012-08-07 08:34 . 2012-08-07 08:34	328704	----a-w-	c:\windows\system32\services.exe.062D37AF81671C1C
2012-08-07 08:30 . 2012-08-07 08:30	328704	----a-w-	c:\windows\system32\services.exe.4B2C3EBD93FB49F6
2012-08-07 08:25 . 2012-08-07 08:25	328704	----a-w-	c:\windows\system32\services.exe.4C292954DF4E1D80
2012-08-07 08:19 . 2012-08-07 08:19	328704	----a-w-	c:\windows\system32\services.exe.64EEE9B93A79940E
2012-08-07 08:14 . 2012-08-07 08:14	328704	----a-w-	c:\windows\system32\services.exe.640D6A0E8043E2D9
2012-08-07 08:09 . 2012-08-07 08:09	328704	----a-w-	c:\windows\system32\services.exe.D35855B12B28076F
2012-08-07 08:05 . 2012-08-07 08:05	328704	----a-w-	c:\windows\system32\services.exe.DFBB93E6946068A9
2012-08-07 07:59 . 2012-02-09 12:17	927800	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-08-07 07:59 . 2012-02-09 12:17	927800	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D90FF509-9C94-4684-8A89-B3472440D2FB}\gapaengine.dll
2012-08-07 07:59 . 2012-07-16 00:40	9133488	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9C92AB6E-7C2D-4BEF-9803-74D949867CCA}\mpengine.dll
2012-08-07 07:56 . 2012-08-08 13:06	--------	d-----w-	c:\program files (x86)\Microsoft Security Client
2012-08-07 07:56 . 2012-08-08 13:06	--------	d-----w-	c:\program files\Microsoft Security Client
2012-07-31 07:49 . 2012-07-31 07:49	--------	d-----w-	c:\program files (x86)\ESET
2012-07-22 11:36 . 2012-07-22 11:36	--------	d-----w-	c:\program files (x86)\GUMF45C.tmp
2012-07-22 11:36 . 2012-07-22 11:36	4024320	----a-w-	c:\program files (x86)\GUTF49B.tmp
2012-07-18 17:39 . 2012-07-18 17:39	--------	d-----w-	c:\users\Saiken\AppData\Roaming\Malwarebytes
2012-07-18 17:38 . 2012-07-18 17:38	--------	d-----w-	c:\programdata\Malwarebytes
2012-07-18 17:38 . 2012-07-03 11:46	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-07-18 17:38 . 2012-07-18 19:57	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-08 13:13 . 2012-05-06 10:32	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-08 13:13 . 2011-05-22 11:09	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 01:03 . 2012-01-10 09:08	59701280	----a-w-	c:\windows\system32\MRT.exe
2012-06-12 03:08 . 2012-07-12 01:08	3148800	----a-w-	c:\windows\system32\win32k.sys
2012-06-09 05:43 . 2012-07-11 06:40	14172672	----a-w-	c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 06:40	2004480	----a-w-	c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 06:40	1881600	----a-w-	c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 06:40	1133568	----a-w-	c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 06:40	1390080	----a-w-	c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 06:40	1236992	----a-w-	c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 06:40	805376	----a-w-	c:\windows\SysWow64\cdosys.dll
2012-06-05 05:30 . 2012-06-05 05:30	476960	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2012-06-05 05:30 . 2011-05-11 15:50	472864	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-06-02 22:19 . 2012-06-23 14:44	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-23 14:45	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-23 14:45	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-23 14:45	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-23 14:44	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-23 14:45	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-23 14:44	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-23 14:44	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-23 14:44	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-02 12:49 . 2012-07-12 01:01	17807360	----a-w-	c:\windows\system32\mshtml.dll
2012-06-02 12:17 . 2012-07-12 01:01	10924032	----a-w-	c:\windows\system32\ieframe.dll
2012-06-02 12:12 . 2012-07-12 01:01	2311680	----a-w-	c:\windows\system32\jscript9.dll
2012-06-02 12:05 . 2012-07-12 01:01	1346048	----a-w-	c:\windows\system32\urlmon.dll
2012-06-02 12:05 . 2012-07-12 01:01	1392128	----a-w-	c:\windows\system32\wininet.dll
2012-06-02 12:04 . 2012-07-12 01:01	1494528	----a-w-	c:\windows\system32\inetcpl.cpl
2012-06-02 12:04 . 2012-07-12 01:01	237056	----a-w-	c:\windows\system32\url.dll
2012-06-02 12:03 . 2012-07-12 01:01	85504	----a-w-	c:\windows\system32\jsproxy.dll
2012-06-02 12:01 . 2012-07-12 01:01	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-06-02 12:00 . 2012-07-12 01:01	818688	----a-w-	c:\windows\system32\jscript.dll
2012-06-02 11:59 . 2012-07-12 01:01	2144768	----a-w-	c:\windows\system32\iertutil.dll
2012-06-02 11:57 . 2012-07-12 01:01	96768	----a-w-	c:\windows\system32\mshtmled.dll
2012-06-02 11:57 . 2012-07-12 01:01	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-06-02 11:54 . 2012-07-12 01:01	248320	----a-w-	c:\windows\system32\ieui.dll
2012-06-02 08:33 . 2012-07-12 01:01	1800192	----a-w-	c:\windows\SysWow64\jscript9.dll
2012-06-02 08:25 . 2012-07-12 01:01	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2012-06-02 08:25 . 2012-07-12 01:01	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20 . 2012-07-12 01:01	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16 . 2012-07-12 01:01	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50 . 2012-07-11 06:40	458704	----a-w-	c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 06:40	95600	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-11 06:40	151920	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-11 06:40	340992	----a-w-	c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 06:40	307200	----a-w-	c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 06:40	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 06:40	225280	----a-w-	c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 06:40	219136	----a-w-	c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 06:40	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2012-05-31 04:04 . 2012-07-13 07:43	9013136	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{E1A9F4AE-6F26-43AE-8247-DAEAE9846343}\mpengine.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Saiken\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Saiken\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Saiken\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-02 98304]
"UCam_Menu"="c:\program files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"YouCam Mirror Tray icon"="c:\program files (x86)\Lenovo\YouCam\YouCamTray.exe" [2010-03-02 171104]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WLStart"="c:\program files (x86)\Windows Live\Installer\wlstart.exe" [2009-07-26 786760]
.
c:\users\Saiken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Saiken\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-11 136176]
R2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-08 250056]
R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [2009-07-16 79376]
R3 dc3d;Microsoft-Hardware – Geräteerkennungstreiber;c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-11 136176]
R3 IGRS;IGRS;c:\program files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-07-14 38152]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 270848]
R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [2009-08-14 509192]
R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [2009-09-22 579400]
R3 lgmcbus;LGE Mobile driver (WDM);c:\windows\system32\DRIVERS\lgmcbus.sys [2008-01-09 109056]
R3 lgmcmdfl;LGE Mobile USB WMC Modem Filter;c:\windows\system32\DRIVERS\lgmcmdfl.sys [2008-01-09 18944]
R3 lgmcmdm;LGE Mobile USB WMC Modem Driver;c:\windows\system32\DRIVERS\lgmcmdm.sys [2008-01-09 146432]
R3 lgmcmgmt;LGE Mobile USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\lgmcmgmt.sys [2008-01-09 130048]
R3 lgmcnd5;LGE Mobile USB WMC Ethernet ELDA (NDIS);c:\windows\system32\DRIVERS\lgmcnd5.sys [2008-01-09 33792]
R3 lgmcobex;LGE Mobile USB WMC OBEX Interface;c:\windows\system32\DRIVERS\lgmcobex.sys [2008-01-09 124928]
R3 lgmcunic;LGE Mobile USB WMC Ethernet ELDA (WDM);c:\windows\system32\DRIVERS\lgmcunic.sys [2008-01-09 144384]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-26 113120]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-03-12 242720]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [2010-01-15 39008]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-03 202752]
S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2009-10-19 28176]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-03-03 6402560]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-03-03 188928]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-02-22 75304]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbsmi;Lenovo EasyCamera;c:\windows\system32\DRIVERS\SMIksdrv.sys [2010-04-20 200704]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [2009-07-16 11280]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
IgrsSvcs	REG_MULTI_SZ   	ReadyComm.DirectRouter PS_MDP
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 13:13]
.
2012-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-11 09:32]
.
2012-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-11 09:32]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Saiken\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Saiken\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Saiken\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Saiken\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-27 10775584]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-04-27 2040352]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\utility.exe" [2010-04-12 4462496]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2010-03-18 7056800]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube Download - c:\users\Saiken\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Saiken\AppData\Roaming\Mozilla\Firefox\Profiles\8gcostlq.default\
FF - prefs.js: browser.startup.homepage - web.de
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-VeriFaceManager - c:\program files (x86)\Lenovo\VeriFace\PManage.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Acrobat 5.0 - c:\windows\ISUN0407.EXE
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-08-13  18:43:07 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-08-13 16:43
.
Vor Suchlauf: 8 Verzeichnis(se), 219.583.639.552 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 219.459.702.784 Bytes frei
.
- - End Of File - - 0A636F6F132F11164028E967E724860B
         

Alt 13.08.2012, 19:10   #22
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Live Security Platinum entfernen - Standard

Live Security Platinum entfernen



Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
ATTFilter
File::
c:\windows\system32\services.exe.212D4E11F79A68F9
c:\windows\system32\services.exe.1147DF87B3DA07B6
c:\windows\system32\services.exe.B2755E72D36F7078
c:\windows\system32\services.exe.1A059BB5E95C4011
c:\windows\system32\services.exe.C5409BB5759BB947
c:\windows\system32\services.exe.DFA9D2B7AB653F73
c:\windows\system32\services.exe.0215EFF9D4F84EB6
c:\windows\system32\services.exe.206A278CC5E583AD
c:\windows\system32\services.exe.A3D262AB47EEBA0A
c:\windows\system32\services.exe.EC84C971B8644A86
c:\windows\system32\services.exe.062D37AF81671C1C
c:\windows\system32\services.exe.4B2C3EBD93FB49F6
c:\windows\system32\services.exe.4C292954DF4E1D80
c:\windows\system32\services.exe.64EEE9B93A79940E
c:\windows\system32\services.exe.640D6A0E8043E2D9
c:\windows\system32\services.exe.D35855B12B28076F
c:\windows\system32\services.exe.DFBB93E6946068A9
c:\program files (x86)\GUMF45C.tmp
c:\program files (x86)\GUTF49B.tmp
         
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.



6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 15.08.2012, 08:14   #23
Saiken
 
Live Security Platinum entfernen - Standard

Live Security Platinum entfernen



Code:
ATTFilter
ComboFix 12-08-14.05 - Saiken 15.08.2012   8:58.2.3 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4091.2730 [GMT 2:00]
ausgeführt von:: c:\users\Saiken\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Saiken\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
FILE ::
"c:\program files (x86)\GUMF45C.tmp"
"c:\program files (x86)\GUTF49B.tmp"
"c:\windows\system32\services.exe.0215EFF9D4F84EB6"
"c:\windows\system32\services.exe.062D37AF81671C1C"
"c:\windows\system32\services.exe.1147DF87B3DA07B6"
"c:\windows\system32\services.exe.1A059BB5E95C4011"
"c:\windows\system32\services.exe.206A278CC5E583AD"
"c:\windows\system32\services.exe.212D4E11F79A68F9"
"c:\windows\system32\services.exe.4B2C3EBD93FB49F6"
"c:\windows\system32\services.exe.4C292954DF4E1D80"
"c:\windows\system32\services.exe.640D6A0E8043E2D9"
"c:\windows\system32\services.exe.64EEE9B93A79940E"
"c:\windows\system32\services.exe.A3D262AB47EEBA0A"
"c:\windows\system32\services.exe.B2755E72D36F7078"
"c:\windows\system32\services.exe.C5409BB5759BB947"
"c:\windows\system32\services.exe.D35855B12B28076F"
"c:\windows\system32\services.exe.DFA9D2B7AB653F73"
"c:\windows\system32\services.exe.DFBB93E6946068A9"
"c:\windows\system32\services.exe.EC84C971B8644A86"
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\GUTF49B.tmp
c:\windows\system32\services.exe.0215EFF9D4F84EB6
c:\windows\system32\services.exe.062D37AF81671C1C
c:\windows\system32\services.exe.1147DF87B3DA07B6
c:\windows\system32\services.exe.1A059BB5E95C4011
c:\windows\system32\services.exe.206A278CC5E583AD
c:\windows\system32\services.exe.212D4E11F79A68F9
c:\windows\system32\services.exe.4B2C3EBD93FB49F6
c:\windows\system32\services.exe.4C292954DF4E1D80
c:\windows\system32\services.exe.640D6A0E8043E2D9
c:\windows\system32\services.exe.64EEE9B93A79940E
c:\windows\system32\services.exe.A3D262AB47EEBA0A
c:\windows\system32\services.exe.B2755E72D36F7078
c:\windows\system32\services.exe.C5409BB5759BB947
c:\windows\system32\services.exe.D35855B12B28076F
c:\windows\system32\services.exe.DFA9D2B7AB653F73
c:\windows\system32\services.exe.DFBB93E6946068A9
c:\windows\system32\services.exe.EC84C971B8644A86
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-07-15 bis 2012-08-15  ))))))))))))))))))))))))))))))
.
.
2012-08-15 07:03 . 2012-08-15 07:03	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-08-12 09:43 . 2012-08-12 09:43	--------	d-----w-	C:\_OTL
2012-08-07 07:59 . 2012-02-09 12:17	927800	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-08-07 07:59 . 2012-02-09 12:17	927800	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D90FF509-9C94-4684-8A89-B3472440D2FB}\gapaengine.dll
2012-08-07 07:59 . 2012-07-16 00:40	9133488	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9C92AB6E-7C2D-4BEF-9803-74D949867CCA}\mpengine.dll
2012-08-07 07:56 . 2012-08-08 13:06	--------	d-----w-	c:\program files (x86)\Microsoft Security Client
2012-08-07 07:56 . 2012-08-08 13:06	--------	d-----w-	c:\program files\Microsoft Security Client
2012-07-31 07:49 . 2012-07-31 07:49	--------	d-----w-	c:\program files (x86)\ESET
2012-07-22 11:36 . 2012-07-22 11:36	--------	d-----w-	c:\program files (x86)\GUMF45C.tmp
2012-07-18 17:39 . 2012-07-18 17:39	--------	d-----w-	c:\users\Saiken\AppData\Roaming\Malwarebytes
2012-07-18 17:38 . 2012-07-18 17:38	--------	d-----w-	c:\programdata\Malwarebytes
2012-07-18 17:38 . 2012-07-03 11:46	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-07-18 17:38 . 2012-07-18 19:57	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-08 13:13 . 2012-05-06 10:32	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-08 13:13 . 2011-05-22 11:09	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 01:03 . 2012-01-10 09:08	59701280	----a-w-	c:\windows\system32\MRT.exe
2012-06-12 03:08 . 2012-07-12 01:08	3148800	----a-w-	c:\windows\system32\win32k.sys
2012-06-09 05:43 . 2012-07-11 06:40	14172672	----a-w-	c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 06:40	2004480	----a-w-	c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 06:40	1881600	----a-w-	c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 06:40	1133568	----a-w-	c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 06:40	1390080	----a-w-	c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 06:40	1236992	----a-w-	c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 06:40	805376	----a-w-	c:\windows\SysWow64\cdosys.dll
2012-06-05 05:30 . 2012-06-05 05:30	476960	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2012-06-05 05:30 . 2011-05-11 15:50	472864	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-06-02 22:19 . 2012-06-23 14:44	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-23 14:45	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-23 14:45	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-23 14:45	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-23 14:44	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-23 14:45	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-23 14:44	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-23 14:44	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-23 14:44	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-02 12:49 . 2012-07-12 01:01	17807360	----a-w-	c:\windows\system32\mshtml.dll
2012-06-02 12:17 . 2012-07-12 01:01	10924032	----a-w-	c:\windows\system32\ieframe.dll
2012-06-02 12:12 . 2012-07-12 01:01	2311680	----a-w-	c:\windows\system32\jscript9.dll
2012-06-02 12:05 . 2012-07-12 01:01	1346048	----a-w-	c:\windows\system32\urlmon.dll
2012-06-02 12:05 . 2012-07-12 01:01	1392128	----a-w-	c:\windows\system32\wininet.dll
2012-06-02 12:04 . 2012-07-12 01:01	1494528	----a-w-	c:\windows\system32\inetcpl.cpl
2012-06-02 12:04 . 2012-07-12 01:01	237056	----a-w-	c:\windows\system32\url.dll
2012-06-02 12:03 . 2012-07-12 01:01	85504	----a-w-	c:\windows\system32\jsproxy.dll
2012-06-02 12:01 . 2012-07-12 01:01	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-06-02 12:00 . 2012-07-12 01:01	818688	----a-w-	c:\windows\system32\jscript.dll
2012-06-02 11:59 . 2012-07-12 01:01	2144768	----a-w-	c:\windows\system32\iertutil.dll
2012-06-02 11:57 . 2012-07-12 01:01	96768	----a-w-	c:\windows\system32\mshtmled.dll
2012-06-02 11:57 . 2012-07-12 01:01	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-06-02 11:54 . 2012-07-12 01:01	248320	----a-w-	c:\windows\system32\ieui.dll
2012-06-02 08:33 . 2012-07-12 01:01	1800192	----a-w-	c:\windows\SysWow64\jscript9.dll
2012-06-02 08:25 . 2012-07-12 01:01	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2012-06-02 08:25 . 2012-07-12 01:01	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20 . 2012-07-12 01:01	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16 . 2012-07-12 01:01	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50 . 2012-07-11 06:40	458704	----a-w-	c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 06:40	95600	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-11 06:40	151920	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-11 06:40	340992	----a-w-	c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 06:40	307200	----a-w-	c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 06:40	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 06:40	225280	----a-w-	c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 06:40	219136	----a-w-	c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 06:40	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2012-05-31 04:04 . 2012-07-13 07:43	9013136	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{E1A9F4AE-6F26-43AE-8247-DAEAE9846343}\mpengine.dll
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-08-13_16.37.25   )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-13 16:49 . 2012-08-13 16:49	13330              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-08-13 16:35 . 2012-08-13 16:35	13330              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2010-06-22 04:19 . 2012-08-15 06:50	51512              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-15 06:50	49192              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-05-12 07:00 . 2012-08-15 06:50	20236              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4112322236-3011114634-1874071500-1000_UserData.bin
+ 2009-07-14 04:46 . 2012-08-13 16:42	96016              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2012-08-13 16:36 . 2012-08-13 16:36	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-15 06:48 . 2012-08-15 06:48	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-13 16:36 . 2012-08-13 16:36	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-15 06:48 . 2012-08-15 06:48	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-08-13 16:35	294356              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-13 16:49	294356              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-05-11 20:49 . 2012-08-13 16:35	2137812              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4112322236-3011114634-1874071500-1000-8192.dat
+ 2011-05-11 20:49 . 2012-08-13 16:49	2137812              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4112322236-3011114634-1874071500-1000-8192.dat
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Saiken\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Saiken\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Saiken\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-02 98304]
"UCam_Menu"="c:\program files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"YouCam Mirror Tray icon"="c:\program files (x86)\Lenovo\YouCam\YouCamTray.exe" [2010-03-02 171104]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WLStart"="c:\program files (x86)\Windows Live\Installer\wlstart.exe" [2009-07-26 786760]
.
c:\users\Saiken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Saiken\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-11 136176]
R2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-08 250056]
R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [2009-07-16 79376]
R3 dc3d;Microsoft-Hardware – Geräteerkennungstreiber;c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-11 136176]
R3 IGRS;IGRS;c:\program files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-07-14 38152]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 270848]
R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [2009-08-14 509192]
R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [2009-09-22 579400]
R3 lgmcbus;LGE Mobile driver (WDM);c:\windows\system32\DRIVERS\lgmcbus.sys [2008-01-09 109056]
R3 lgmcmdfl;LGE Mobile USB WMC Modem Filter;c:\windows\system32\DRIVERS\lgmcmdfl.sys [2008-01-09 18944]
R3 lgmcmdm;LGE Mobile USB WMC Modem Driver;c:\windows\system32\DRIVERS\lgmcmdm.sys [2008-01-09 146432]
R3 lgmcmgmt;LGE Mobile USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\lgmcmgmt.sys [2008-01-09 130048]
R3 lgmcnd5;LGE Mobile USB WMC Ethernet ELDA (NDIS);c:\windows\system32\DRIVERS\lgmcnd5.sys [2008-01-09 33792]
R3 lgmcobex;LGE Mobile USB WMC OBEX Interface;c:\windows\system32\DRIVERS\lgmcobex.sys [2008-01-09 124928]
R3 lgmcunic;LGE Mobile USB WMC Ethernet ELDA (WDM);c:\windows\system32\DRIVERS\lgmcunic.sys [2008-01-09 144384]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-26 113120]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-03-12 242720]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [2010-01-15 39008]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-03 202752]
S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2009-10-19 28176]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-03-03 6402560]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-03-03 188928]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-02-22 75304]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbsmi;Lenovo EasyCamera;c:\windows\system32\DRIVERS\SMIksdrv.sys [2010-04-20 200704]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [2009-07-16 11280]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
IgrsSvcs	REG_MULTI_SZ   	ReadyComm.DirectRouter PS_MDP
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 13:13]
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-11 09:32]
.
2012-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-11 09:32]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Saiken\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Saiken\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Saiken\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Saiken\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-27 10775584]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-04-27 2040352]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\utility.exe" [2010-04-12 4462496]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2010-03-18 7056800]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube Download - c:\users\Saiken\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Saiken\AppData\Roaming\Mozilla\Firefox\Profiles\8gcostlq.default\
FF - prefs.js: browser.startup.homepage - web.de
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-08-15  09:06:14
ComboFix-quarantined-files.txt  2012-08-15 07:06
ComboFix2.txt  2012-08-13 16:43
.
Vor Suchlauf: 12 Verzeichnis(se), 220.101.382.144 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 220.038.238.208 Bytes frei
.
- - End Of File - - 40F688E42A32D34F6034E2FAEC04CCB6
         

Alt 15.08.2012, 19:38   #24
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Live Security Platinum entfernen - Standard

Live Security Platinum entfernen



Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 16.08.2012, 11:20   #25
Saiken
 
Live Security Platinum entfernen - Standard

Live Security Platinum entfernen



Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-08-16 11:10:08
Windows 6.1.7601 Service Pack 1 
Running: 297pi42d.exe


---- Registry - GMER 1.0.15 ----

Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269ec2d88                      
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269ec2d88 (not active ControlSet)  

---- EOF - GMER 1.0.15 ----
         
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 11:22:15 on 16.08.2012

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit
Default Browser: Mozilla Corporation Firefox 13.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"acedrv05" (acedrv05) - ? - C:\windows\system32\drivers\acedrv05.sys  (File found, but it contains no detailed information)
"Bridge0" (Bridge0) - "Lenovo" - C:\windows\System32\drivers\WDBridge.sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"LHDmgr" (LHDmgr) - "Lenovo." - C:\windows\System32\DRIVERS\LhdX64.sys
"Sftfs" (Sftfs) - "Microsoft Corporation" - C:\windows\System32\DRIVERS\Sftfslh.sys
"Sftplay" (Sftplay) - "Microsoft Corporation" - C:\windows\System32\DRIVERS\Sftplaylh.sys
"Sftredir" (Sftredir) - "Microsoft Corporation" - C:\windows\System32\DRIVERS\Sftredirlh.sys
"Sftvol" (Sftvol) - "Microsoft Corporation" - C:\windows\System32\DRIVERS\Sftvollh.sys
"WimFltr" (WimFltr) - "Microsoft Corporation" - C:\windows\System32\DRIVERS\wimfltr.sys

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{16148659-720A-457d-850B-2DBD87BB129D} "AudibleShlExt Class" - "Audible, Inc." - C:\Program Files (x86)\Audible\Bin\AudibleExt.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{16148659-720A-457d-850B-2DBD87BB129D} "AudibleShlExt Class" - "Audible, Inc." - C:\Program Files (x86)\Audible\Bin\AudibleExt.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "Catalyst Context Menu extension" - ? -   (File not found | COM-object registry key not found)
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
{94586423-855F-4EB2-9F6A-D9DA5658DBE3} "Context menu" - ? - C:\PROGRA~2\FREEM4~1\m4a_menu.dll  (File found, but it contains no detailed information)
{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll
{83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_32" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} "Java Plug-in 1.6.0_32" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_32" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_32.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{8dcb7100-df86-4384-8842-8fa844297b3f} "Bing Bar" - "Microsoft Corporation." - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} "Bing Bar Helper" - "Microsoft Corporation." - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll
{326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
{0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Saiken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Dropbox.lnk" - "Dropbox, Inc." - C:\Users\Saiken\AppData\Roaming\Dropbox\bin\Dropbox.exe  (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe  (Shortcut exists | File exists)
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"DivXUpdate" - ? - "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"HP Software Update" - "Hewlett-Packard" - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"UCam_Menu" - "CyberLink Corp." - "C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
"UpdateP2GShortCut" - "CyberLink Corp." - "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
"YouCam Mirror Tray icon" - "CyberLink Corp." - "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll  (File not found)
"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"  (File not found)
"@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243" (NisSrv) - ? - "c:\Program Files\Microsoft Security Client\NisSrv.exe"  (File not found)
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
"Application Virtualization Client" (sftlist) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
"Application Virtualization Service Agent" (sftvsa) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
"BBUpdate" (BBUpdate) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
"Bing Bar Update Service" (BBSvc) - "Microsoft Corporation." - C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
"Client Virtualization Handler" (cvhsvc) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
"Google Update-Dienst (gupdate)" (gupdate) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"Google Updater Service" (gusvc) - "Google" - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
"HP Network Devices Support" (HPSLPSVC) - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
"IGRS" (IGRS) - "Lenovo Group Limited" - C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe
"Lenovo ReadyComm AppSvc" (Lenovo ReadyComm AppSvc) - "Lenovo Group Limited" - C:\Program Files\Lenovo\ReadyComm\AppSvc.exe
"Lenovo ReadyComm ConnSvc" (Lenovo ReadyComm ConnSvc) - "Lenovo Group Limited" - C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe
"Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Antimalware Service" (MsMpSvc) - "Microsoft Corporation" - c:\Program Files\Microsoft Security Client\MsMpEng.exe
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll
"ReadyComm Presentation Space Helper Service" (PS_MDP) - ? - C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs  (File not found)
"ReadyComm.DirectRouter" (ReadyComm.DirectRouter) - ? - C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs  (File not found)
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files (x86)\Skype\Updater\Updater.exe

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
         
Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-16 11:23:49
-----------------------------
11:23:49.957    OS Version: Windows x64 6.1.7601 Service Pack 1
11:23:49.957    Number of processors: 3 586 0x503
11:23:49.958    ComputerName: SAIKENS-BABY  UserName: Saiken
11:23:51.569    Initialize success
11:25:11.875    AVAST engine defs: 12081503
11:25:21.371    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:25:21.376    Disk 0 Vendor: HITACHI_HTS545050B9A300 PB4ZC61H Size: 476940MB BusType: 11
11:25:21.392    Disk 0 MBR read successfully
11:25:21.398    Disk 0 MBR scan
11:25:21.407    Disk 0 Windows 7 default MBR code
11:25:21.424    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          200 MB offset 2048
11:25:21.439    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       431938 MB offset 411648
11:25:21.449    Disk 0 Partition - 00     0F Extended LBA             29692 MB offset 885020672
11:25:21.489    Disk 0 Partition 3 00     12  Compaq diag NTFS        15109 MB offset 945829888
11:25:21.528    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS        29691 MB offset 885022720
11:25:21.567    Disk 0 scanning C:\windows\system32\drivers
11:25:36.912    Service scanning
11:26:12.154    Modules scanning
11:26:12.173    Disk 0 trace - called modules:
11:26:12.205    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
11:26:12.217    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004651060]
11:26:12.228    3 CLASSPNP.SYS[fffff880019bd43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80045c0060]
11:26:13.829    AVAST engine scan C:\windows
11:26:17.376    AVAST engine scan C:\windows\system32
11:30:09.275    AVAST engine scan C:\windows\system32\drivers
11:30:27.032    AVAST engine scan C:\Users\Saiken
12:04:24.090    AVAST engine scan C:\ProgramData
12:05:41.539    Scan finished successfully
12:17:51.576    Disk 0 MBR has been saved successfully to "C:\Users\Saiken\Desktop\MBR.dat"
12:17:51.581    The log file has been saved successfully to "C:\Users\Saiken\Desktop\aswMBR.txt"
         

Alt 16.08.2012, 13:16   #26
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Live Security Platinum entfernen - Standard

Live Security Platinum entfernen



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 16.08.2012, 20:49   #27
Saiken
 
Live Security Platinum entfernen - Standard

Live Security Platinum entfernen



Bald durch? Das wäre ein Traum!!!

Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 08/16/2012 at 08:18 PM

Application Version : 5.5.1012

Core Rules Database Version : 9068
Trace Rules Database Version: 6880

Scan type       : Complete Scan
Total Scan Time : 02:40:08

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator

Memory items scanned      : 756
Memory threats detected   : 0
Registry items scanned    : 66492
Registry threats detected : 0
File items scanned        : 181360
File threats detected     : 386

Adware.Tracking Cookie
	C:\Users\Saiken\AppData\Roaming\Microsoft\Windows\Cookies\D6U6LSA9.txt [ /adx.chip.de ]
	C:\Users\Saiken\AppData\Roaming\Microsoft\Windows\Cookies\DSIU9596.txt [ /ads.creative-serving.com ]
	C:\Users\Saiken\AppData\Roaming\Microsoft\Windows\Cookies\WONU1WCV.txt [ /adbrite.com ]
	C:\Users\Saiken\AppData\Roaming\Microsoft\Windows\Cookies\64CWGHTJ.txt [ /ad.yieldmanager.com ]
	C:\Users\Saiken\AppData\Roaming\Microsoft\Windows\Cookies\QLK0LO35.txt [ /atdmt.com ]
	C:\Users\Saiken\AppData\Roaming\Microsoft\Windows\Cookies\NU6YQD1J.txt [ /casalemedia.com ]
	C:\Users\Saiken\AppData\Roaming\Microsoft\Windows\Cookies\ZTXA3ZS3.txt [ /imrworldwide.com ]
	C:\Users\Saiken\AppData\Roaming\Microsoft\Windows\Cookies\OLX23HEJ.txt [ /ad.zanox.com ]
	C:\Users\Saiken\AppData\Roaming\Microsoft\Windows\Cookies\O12DRY65.txt [ /ad.360yield.com ]
	C:\Users\Saiken\AppData\Roaming\Microsoft\Windows\Cookies\3O99XFI0.txt [ /adx2.chip.de ]
	C:\Users\Saiken\AppData\Roaming\Microsoft\Windows\Cookies\VJUQ97VB.txt [ /revsci.net ]
	C:\Users\Saiken\AppData\Roaming\Microsoft\Windows\Cookies\HDL2QZNA.txt [ /im.banner.t-online.de ]
	C:\Users\Saiken\AppData\Roaming\Microsoft\Windows\Cookies\U0TMOMRG.txt [ /bs.serving-sys.com ]
	C:\Users\Saiken\AppData\Roaming\Microsoft\Windows\Cookies\ZM3BD9N2.txt [ /microsoftwlsearchcrm.112.2o7.net ]
	C:\Users\Saiken\AppData\Roaming\Microsoft\Windows\Cookies\7EUVB5S1.txt [ /c.atdmt.com ]
	C:\Users\Saiken\AppData\Roaming\Microsoft\Windows\Cookies\FVWU9SC0.txt [ /invitemedia.com ]
	C:\Users\Saiken\AppData\Roaming\Microsoft\Windows\Cookies\XBNUGBA6.txt [ /adtech.de ]
	C:\Users\Saiken\AppData\Roaming\Microsoft\Windows\Cookies\Q3WJQ8N7.txt [ /apmebf.com ]
	C:\Users\Saiken\AppData\Roaming\Microsoft\Windows\Cookies\61X187RS.txt [ /adfarm1.adition.com ]
	C:\Users\Saiken\AppData\Roaming\Microsoft\Windows\Cookies\CTVFHXNL.txt [ /tracking.quisma.com ]
	C:\Users\Saiken\AppData\Roaming\Microsoft\Windows\Cookies\BV8Q945I.txt [ /mediaplex.com ]
	C:\Users\Saiken\AppData\Roaming\Microsoft\Windows\Cookies\VDODZHW9.txt [ /webmasterplan.com ]
	C:\Users\Saiken\AppData\Roaming\Microsoft\Windows\Cookies\K276BQIM.txt [ /ad2.adfarm1.adition.com ]
	C:\Users\Saiken\AppData\Roaming\Microsoft\Windows\Cookies\AC2GEMEO.txt [ /doubleclick.net ]
	C:\Users\Saiken\AppData\Roaming\Microsoft\Windows\Cookies\115GIDLN.txt [ /specificclick.net ]
	C:\Users\Saiken\AppData\Roaming\Microsoft\Windows\Cookies\8QJ1DB2K.txt [ /zanox.com ]
	C:\Users\Saiken\AppData\Roaming\Microsoft\Windows\Cookies\QLFGWBDY.txt [ /adviva.net ]
	C:\USERS\SAIKEN\Cookies\D6U6LSA9.txt [ Cookie:saiken@adx.chip.de/ ]
	C:\USERS\SAIKEN\Cookies\QLK0LO35.txt [ Cookie:saiken@atdmt.com/ ]
	C:\USERS\SAIKEN\Cookies\NU6YQD1J.txt [ Cookie:saiken@casalemedia.com/ ]
	C:\USERS\SAIKEN\Cookies\ZTXA3ZS3.txt [ Cookie:saiken@imrworldwide.com/cgi-bin ]
	C:\USERS\SAIKEN\Cookies\OLX23HEJ.txt [ Cookie:saiken@ad.zanox.com/ ]
	C:\USERS\SAIKEN\Cookies\3O99XFI0.txt [ Cookie:saiken@adx2.chip.de/ ]
	C:\USERS\SAIKEN\Cookies\VJUQ97VB.txt [ Cookie:saiken@revsci.net/ ]
	C:\USERS\SAIKEN\Cookies\HDL2QZNA.txt [ Cookie:saiken@im.banner.t-online.de/ ]
	C:\USERS\SAIKEN\Cookies\U0TMOMRG.txt [ Cookie:saiken@bs.serving-sys.com/ ]
	C:\USERS\SAIKEN\Cookies\ZM3BD9N2.txt [ Cookie:saiken@microsoftwlsearchcrm.112.2o7.net/ ]
	C:\USERS\SAIKEN\Cookies\7EUVB5S1.txt [ Cookie:saiken@c.atdmt.com/ ]
	C:\USERS\SAIKEN\Cookies\FVWU9SC0.txt [ Cookie:saiken@invitemedia.com/ ]
	C:\USERS\SAIKEN\Cookies\XBNUGBA6.txt [ Cookie:saiken@adtech.de/ ]
	C:\USERS\SAIKEN\Cookies\Q3WJQ8N7.txt [ Cookie:saiken@apmebf.com/ ]
	C:\USERS\SAIKEN\Cookies\CTVFHXNL.txt [ Cookie:saiken@tracking.quisma.com/ ]
	C:\USERS\SAIKEN\Cookies\BV8Q945I.txt [ Cookie:saiken@mediaplex.com/ ]
	C:\USERS\SAIKEN\Cookies\VDODZHW9.txt [ Cookie:saiken@webmasterplan.com/ ]
	C:\USERS\SAIKEN\Cookies\K276BQIM.txt [ Cookie:saiken@ad2.adfarm1.adition.com/ ]
	C:\USERS\SAIKEN\Cookies\AC2GEMEO.txt [ Cookie:saiken@doubleclick.net/ ]
	C:\USERS\SAIKEN\Cookies\115GIDLN.txt [ Cookie:saiken@specificclick.net/ ]
	C:\USERS\SAIKEN\Cookies\8QJ1DB2K.txt [ Cookie:saiken@zanox.com/ ]
	C:\USERS\SAIKEN\Cookies\QLFGWBDY.txt [ Cookie:saiken@adviva.net/ ]
	delivery.ibanner.de [ C:\USERS\SAIKEN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\HMFVNVPQ ]
	track.adform.net [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.apmebf.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.questionmarket.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.ww251.smartadserver.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	server.adform.net [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.specificclick.net [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	www.zanox-affiliate.de [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	tracking.sim-technik.de [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	www.awista-duesseldorf.de [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	ad.adserver01.de [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.lucidmedia.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.advertising.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.de.at.atwola.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.questionmarket.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	tracking.mobile.de [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.fastclick.net [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	tracking.tchibo.de [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.amazon-adsystem.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.amazon-adsystem.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.ad.adnet.de [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.ru4.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	ad.zanox.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	partners.webmasterplan.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.qfind.net [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	ww2.qfind.net [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	ww2.qfind.net [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	ww2.qfind.net [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	ww2.qfind.net [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.vipstatsguard.org [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.vipstatsguard.org [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.vipstatsguard.org [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	track.zalando.de [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	media.gan-online.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.guj.122.2o7.net [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	www.mediamarkt.de [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	www.mediamarkt.de [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	media4.tchibo-content.de [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.bizrate.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.fwu-mediathek.de [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.fwu-mediathek.de [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.fwu-mediathek.de [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.staubbeutel-discount.de [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.staubbeutel-discount.de [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.staubbeutel-discount.de [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.overture.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	tomtailor.dyntracker.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adviva.net [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	www.omediatrack.de [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	ads2.bartime.de [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	media.gan-online.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.ad.adnet.de [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.advertising.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	track.adform.net [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	accounts.google.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	media1.tchibo-content.de [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.clickfuse.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.traffictrack.de [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.bs.serving-sys.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	ad4.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.accounts.google.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.accounts.google.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.accounts.google.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	statse.webtrendslive.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.fastclick.net [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.ihg2.db.advertising.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.advertising.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.ihg.db.advertising.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	ads.playamedia.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	server.adform.net [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adform.net [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	accounts.google.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	accounts.google.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adbrite.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adbrite.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.casalemedia.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.casalemedia.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.casalemedia.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.casalemedia.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.casalemedia.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.casalemedia.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	ad1.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	ad3.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	ww251.smartadserver.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	ad2.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.unitymedia.de [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.unitymedia.de [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	ad.zanox.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.zanox.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.zanox-affiliate.de [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.tracker.vinsight.de [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\SAIKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GCOSTLQ.DEFAULT\COOKIES.SQLITE ]
	cdn2.baronsmedia.com [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\9GDYHFGT ]
         
Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.16.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Saiken :: SAIKENS-BABY [Administrator]

16.08.2012 15:03:50
mbam-log-2012-08-16 (15-03-50).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 391654
Laufzeit: 1 Stunde(n), 4 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Alt 17.08.2012, 19:36   #28
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Live Security Platinum entfernen - Standard

Live Security Platinum entfernen



Sieht ok aus, da wurden nur Cookies gefunden.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )


Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 21.08.2012, 15:43   #29
Saiken
 
Live Security Platinum entfernen - Standard

Live Security Platinum entfernen



Soweit scheint alles gut zu sein. Ich habe nur noch Probleme mit dem Update für Microsoft, stehe aber schon in Kontakt mit einem Supporter.

Mal sehen was das ergibt.

Auf jeden Fall vielen Dank für die ganze Mühe, das war echt toll von dir!!!

Alt 30.08.2012, 11:23   #30
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Live Security Platinum entfernen - Standard

Live Security Platinum entfernen



Wurde das Problem mit Microsoft behoben? Wenn ja, bitte kurze Erläuterung
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Live Security Platinum entfernen
acedrv05.sys, adobe, andere, anderen, antiviren, anwendungen, bingbar, computer, document, entfernen, firefox, flash, forum, hallo zusammen, install.exe, lenovo, live, live security platinum entfernen, malwarebytes, microsoft office starter 2010, officejet, pdfforge toolbar, picasa, platinum, plug-in, programme, rechner, richtig, richtlinie, scan, searchscopes, security, software, update, usb 2.0, verlauf, wahrscheinlich, zusammen



Ähnliche Themen: Live Security Platinum entfernen


  1. troj zero acces in: Live Security Platinum und Microsoft\Security Center|
    Log-Analyse und Auswertung - 10.12.2012 (7)
  2. Live Security Platinum komplett entfernen
    Plagegeister aller Art und deren Bekämpfung - 02.09.2012 (3)
  3. Live Security Platinum - vollständig entfernen
    Plagegeister aller Art und deren Bekämpfung - 01.09.2012 (34)
  4. XP32: Live Security Platinum Infekt auf einem Account über ADMIN zu entfernen?
    Plagegeister aller Art und deren Bekämpfung - 28.08.2012 (9)
  5. Live Security Platinum - Wie Entfernen ?
    Plagegeister aller Art und deren Bekämpfung - 12.08.2012 (29)
  6. Entfernen von Live Security Platinum erfolgreich?
    Log-Analyse und Auswertung - 29.07.2012 (11)
  7. Log Files nach Entfernen von Live Security Platinum - Was muss ich nun noch tun?
    Log-Analyse und Auswertung - 27.07.2012 (9)
  8. Live Security Platinum entfernen
    Plagegeister aller Art und deren Bekämpfung - 26.07.2012 (1)
  9. Live Security Platinum entfernen
    Plagegeister aller Art und deren Bekämpfung - 25.07.2012 (1)
  10. Live Security Platinum wieder entfernen?
    Log-Analyse und Auswertung - 24.07.2012 (27)
  11. Live Security Platinum entfernen
    Plagegeister aller Art und deren Bekämpfung - 23.07.2012 (1)
  12. Entfernen von Live Security Platinum erfolgreich? (inkl. Logs)
    Log-Analyse und Auswertung - 22.07.2012 (4)
  13. Live Security Platinum entfernen - hier mein Malwarebytes scan
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (1)
  14. Live Security Platinum entfernen
    Mülltonne - 18.07.2012 (0)
  15. Live Security Platinum-Trojaner, Verschlüsselungs-Trojaner entfernen
    Plagegeister aller Art und deren Bekämpfung - 16.07.2012 (1)
  16. Live Security Platinum lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 10.07.2012 (1)
  17. Live Security Platinum entfernen
    Anleitungen, FAQs & Links - 01.06.2012 (2)

Zum Thema Live Security Platinum entfernen - Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert - Live Security Platinum entfernen...
Archiv
Du betrachtest: Live Security Platinum entfernen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.