Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Icredibar unter Google Chrome

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 12.10.2012, 21:09   #1
dr_baer
 
Icredibar unter Google Chrome - Standard

Icredibar unter Google Chrome



Hallo Leute,

ich habe mir leider diese Inredibar unter Google Chrome eingefangen. Die Toolbar an sich kann ich ja loeschen bzw deaktivieren. Nur, die "mystart" Startseite kommt immer wieder und die toolbar aktiviert bzw installiert sich nach jedem neuinstallieren von google Chrome neu.
Nun habe ich die Schritte nach folgender Anleitung durchgefuehrt.

http://www.trojaner-board.de/51187-a...i-malware.html


Hier nun mein Logfile

Zitat:
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.12.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Alexander Bär :: ALEXPC2 [Administrator]

12.10.2012 20:37:27
mbam-log-2012-10-12 (20-37-27).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 196871
Laufzeit: 58 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Alexander Bär\Downloads\7ZipSetup.exe (PUP.BundleInstaller.BI) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Waere echt net, wenn mir jemand von euch helfen koennte.

Schoenen Dank schon mal im vorraus

Gruesse Alex

Alt 13.10.2012, 15:23   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Icredibar unter Google Chrome - Standard

Icredibar unter Google Chrome



Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 15.10.2012, 20:15   #3
dr_baer
 
Icredibar unter Google Chrome - Standard

Icredibar unter Google Chrome



Hallo,

vielen Dank schonmal.

Hier habe ich einen Scan am 12.10. schonmal durckgeführt.

Zitat:
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.12.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Alexander Bär :: ALEXPC2 [Administrator]

12.10.2012 20:37:27
mbam-log-2012-10-12 (20-37-27).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 196871
Laufzeit: 58 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Alexander Bär\Downloads\7ZipSetup.exe (PUP.BundleInstaller.BI) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Danach habe ich die infizierte Datei geloescht. Diese befindet sich jetzt bei mir in Quarantaene.

Und hier mein Scan von heute

Zitat:
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.15.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Alexander Bär :: ALEXPC2 [Administrator]

15.10.2012 19:49:54
mbam-log-2012-10-15 (19-49-54).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 308428
Laufzeit: 9 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Wie soll ich nun weiter verfahren?

MFG
__________________

Alt 15.10.2012, 21:55   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Icredibar unter Google Chrome - Standard

Icredibar unter Google Chrome



adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.10.2012, 22:00   #5
dr_baer
 
Icredibar unter Google Chrome - Standard

Icredibar unter Google Chrome



Ok, hier mein naechstes Logfile

Zitat:
# AdwCleaner v2.005 - Datei am 15/10/2012 um 21:58:18 erstellt
# Aktualisiert am 14/10/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Alexander Bär - ALEXPC2
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Alexander Bär\Downloads\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****

Gefunden : IBUpdaterService

***** [Dateien / Ordner] *****

Datei Gefunden : C:\user.js
Ordner Gefunden : C:\Program Files (x86)\Viewpoint
Ordner Gefunden : C:\Users\Alexander Bär\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\IM
Schlüssel Gefunden : HKCU\Software\ImInstaller
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
Schlüssel Gefunden : HKLM\Software\MetaStream
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Schlüssel Gefunden : HKLM\Software\Viewpoint
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Schlüssel Gefunden : HKU\S-1-5-21-2956429621-859001709-2434547980-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKU\S-1-5-21-2956429621-859001709-2434547980-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0.1 (de)

Profilname : default
Datei : C:\Users\Alexander Bär\AppData\Roaming\Mozilla\Firefox\Profiles\rlgq0f03.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Alexander Bär\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

-\\ Opera v12.2.1578.0

Datei : C:\Users\Alexander Bär\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [5189 octets] - [15/10/2012 21:58:18]

########## EOF - C:\AdwCleaner[R1].txt - [5249 octets] ##########


Alt 16.10.2012, 16:19   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Icredibar unter Google Chrome - Standard

Icredibar unter Google Chrome



Die Logs bitte in CODE-Tags!

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)
__________________
--> Icredibar unter Google Chrome

Alt 16.10.2012, 21:06   #7
dr_baer
 
Icredibar unter Google Chrome - Standard

Icredibar unter Google Chrome



sorry, diesmal hab ich es richtig gemacht

aso hier der code


Code:
ATTFilter
# AdwCleaner v2.005 - Datei am 16/10/2012 um 21:02:04 erstellt
# Aktualisiert am 14/10/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Alexander Bär - ALEXPC2
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Alexander Bär\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : IBUpdaterService

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\user.js
Ordner Gelöscht : C:\Program Files (x86)\Viewpoint
Ordner Gelöscht : C:\Users\Alexander Bär\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
Schlüssel Gelöscht : HKLM\Software\MetaStream
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Schlüssel Gelöscht : HKLM\Software\Viewpoint
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0.1 (de)

Profilname : default 
Datei : C:\Users\Alexander Bär\AppData\Roaming\Mozilla\Firefox\Profiles\rlgq0f03.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Alexander Bär\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

-\\ Opera v12.2.1578.0

Datei : C:\Users\Alexander Bär\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [5300 octets] - [15/10/2012 21:58:18]
AdwCleaner[S1].txt - [4844 octets] - [16/10/2012 21:02:04]

########## EOF - C:\AdwCleaner[S1].txt - [4904 octets] ##########
         

mfg

Alt 17.10.2012, 14:51   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Icredibar unter Google Chrome - Standard

Icredibar unter Google Chrome



Hätte da mal zwei Fragen bevor es weiter geht (wir sind noch nicht fertig!)

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 17.10.2012, 21:26   #9
dr_baer
 
Icredibar unter Google Chrome - Standard

Icredibar unter Google Chrome



1. ja, klappt alles problemlos. windows hat (zum glueck) keine probleme gemacht. ausser halt die mystart startseite bei chrome funzt nicht.

2. habe keine leeren ordner gefunden

Alt 17.10.2012, 22:16   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Icredibar unter Google Chrome - Standard

Icredibar unter Google Chrome



Mach bitte einen CustomScan mit OTL . Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 18.10.2012, 21:33   #11
dr_baer
 
Icredibar unter Google Chrome - Standard

Icredibar unter Google Chrome



also hier nun das naechste logfile

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 18.10.2012 21:22:01 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Alexander Bär\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 2,42 Gb Available Physical Memory | 61,93% Memory free
7,82 Gb Paging File | 6,13 Gb Available in Paging File | 78,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 136,41 Gb Total Space | 90,80 Gb Free Space | 66,56% Space Free | Partition Type: NTFS
 
Computer Name: ALEXPC2 | User Name: Alexander Bär | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.18 21:09:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alexander Bär\Desktop\OTL.exe
PRC - [2012.10.03 14:26:12 | 000,188,760 | ---- | M] () -- C:\Programme\IB Updater\ExtensionUpdaterService.exe
PRC - [2012.09.21 12:28:42 | 000,874,896 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe
PRC - [2012.08.13 11:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012.08.13 11:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2012.03.19 21:58:12 | 000,514,128 | ---- | M] (REINER SCT) -- C:\Windows\SysWOW64\cjpcsc.exe
PRC - [2010.12.29 13:54:10 | 000,740,688 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
PRC - [2010.12.15 10:46:50 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
PRC - [2010.11.17 03:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010.11.05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.11.05 23:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.10.05 21:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.10.05 21:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.10.01 11:49:08 | 000,151,552 | ---- | M] (Atheros) -- C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe
PRC - [2003.06.24 12:09:00 | 000,568,096 | ---- | M] (Mozilla, Netscape) -- C:\Program Files (x86)\Netscape\Netscape\Netscp.exe
PRC - [2002.04.26 19:53:36 | 000,012,288 | ---- | M] () -- C:\Program Files (x86)\Winamp\winampa.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.10.15 19:23:25 | 009,814,968 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
MOD - [2012.10.07 20:50:12 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.10.07 20:50:12 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.10.07 20:50:12 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3b2b9f4ec1819e4b95792d92f56d26f9\IAStorCommon.ni.dll
MOD - [2012.10.07 20:50:10 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\2e16482769fcdf856919e292a968f16c\IAStorUtil.ni.dll
MOD - [2012.10.07 20:50:08 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.10.07 20:50:03 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.10.07 20:50:00 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.10.07 20:49:57 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.10.07 20:49:56 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.10.07 20:49:53 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012.08.10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2010.12.15 10:46:50 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.06.10 23:41:46 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2003.06.20 00:19:00 | 000,122,576 | ---- | M] () -- C:\Program Files (x86)\Common Files\mozilla.org\GRE\1.4f_2003062408\components\gkwidget.dll
MOD - [2002.04.26 19:53:36 | 000,012,288 | ---- | M] () -- C:\Program Files (x86)\Winamp\winampa.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.05.11 16:53:46 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.12.03 10:26:34 | 003,143,472 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.10.03 14:26:12 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Programme\IB Updater\ExtensionUpdaterService.exe -- (IB Updater Updater)
SRV - [2012.09.21 12:54:28 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2012.09.12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.09.12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.09.06 03:25:06 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.03.19 21:58:12 | 000,514,128 | ---- | M] (REINER SCT) [Auto | Running] -- C:\Windows\SysWOW64\cjpcsc.exe -- (cjpcsc)
SRV - [2011.01.24 19:57:18 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV)
SRV - [2010.12.29 13:54:24 | 000,440,144 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Programme\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV - [2010.12.17 14:46:48 | 000,053,920 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe -- (AtherosSvc)
SRV - [2010.12.03 10:14:58 | 002,696,496 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
SRV - [2010.11.29 15:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Running] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV - [2010.11.05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.10.05 21:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.10.05 21:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.10.01 11:49:08 | 000,151,552 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.02 20:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\IDT\WDM\AESTSr64.exe -- (AESTFilters)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.08.30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.05.11 20:16:38 | 009,319,424 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.05.11 16:16:54 | 000,304,128 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.04.10 05:51:06 | 012,223,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2011.03.29 10:50:26 | 000,034,672 | ---- | M] (REINER SCT) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cjusb.sys -- (cjusb)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.24 19:57:18 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010.12.17 14:47:10 | 000,275,616 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2010.12.17 14:47:08 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2010.12.17 14:47:08 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2010.12.17 14:47:08 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2010.12.17 14:47:08 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2010.12.17 14:47:08 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2010.12.17 14:47:06 | 000,298,144 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2010.12.13 09:34:14 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
DRV:64bit: - [2010.12.10 07:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.12.10 07:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.11.29 15:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010.11.24 11:33:26 | 002,673,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.10.19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.10.14 19:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.08.20 11:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2956429621-859001709-2434547980-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
IE - HKU\S-1-5-21-2956429621-859001709-2434547980-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2956429621-859001709-2434547980-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2956429621-859001709-2434547980-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX [2012.10.07 19:15:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2012.09.21 12:35:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.07 19:51:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.09.14 17:07:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape 7.1\Extensions\\Components: C:\Program Files (x86)\Netscape\Netscape\Components [2012.09.21 12:30:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape 7.1\Extensions\\Plugins: C:\Program Files (x86)\Netscape\Netscape\Plugins [2012.09.30 11:03:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Netscape 7.1\Extensions\\Components: C:\Program Files (x86)\Netscape\Netscape\Components [2012.09.21 12:30:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Netscape 7.1\Extensions\\Plugins: C:\Program Files (x86)\Netscape\Netscape\Plugins [2012.09.30 11:03:07 | 000,000,000 | ---D | M]
 
[2012.09.14 17:07:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alexander Bär\AppData\Roaming\mozilla\Extensions
[2012.10.13 16:50:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alexander Bär\AppData\Roaming\mozilla\Firefox\Profiles\rlgq0f03.default\extensions
[2012.10.13 16:50:58 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Alexander Bär\AppData\Roaming\mozilla\Firefox\Profiles\rlgq0f03.default\extensions\ich@maltegoetz.de
[2012.10.07 19:51:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
File not found (No name found) -- C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE
[2012.09.06 03:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.09.06 04:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.06 04:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.09.06 04:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.06 04:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.06 04:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.06 04:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Injovo Extension Plugin (Enabled) = C:\Users\Alexander B\u00E4r\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.534_0\npbrowserext.dll
CHR - plugin: Perion plugin (Enabled) = C:\Users\Alexander B\u00E4r\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\Plugins/PerionNewTabChrome-32.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Alexander Bär\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Alexander Bär\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: New tab for Chrome\u2122 = C:\Users\Alexander Bär\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\
CHR - Extension: Google Mail = C:\Users\Alexander Bär\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (AusweisApp 1.9.0.0) - {C9EE92B7-EDD5-4ad9-8029-2EC6818E653A} - C:\Program Files (x86)\AusweisApp\siqeCardClient.ols (OpenLimit SignCubes AG)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\Winampa.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2956429621-859001709-2434547980-1000..\Run: [HP Officejet 6700 (NET)] C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-21-2956429621-859001709-2434547980-1000..\Run: [Mozilla Quick Launch] C:\Program Files (x86)\Netscape\Netscape\Netscp.exe (Mozilla, Netscape)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Alexander Bär\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Alexander Bär\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Überwachungstool für die Intel® Turbo-Boost-Technik 2.0.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34520256-E0DE-4721-B7E4-835361D8C1D0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57BC3B07-DA9F-4998-BDEC-CC8510DA02FC}: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe) - C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe (DigitalPersona, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{ded7a7d1-fe77-11e1-920c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ded7a7d1-fe77-11e1-920c-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autoRcd.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.18 21:09:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Alexander Bär\Desktop\OTL.exe
[2012.10.17 06:46:26 | 000,000,000 | ---D | C] -- C:\Users\Alexander Bär\AppData\Roaming\Foxit Software
[2012.10.16 21:03:28 | 000,000,000 | R--D | C] -- C:\Users\Alexander Bär\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2012.10.12 20:53:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.10.12 20:36:57 | 000,000,000 | ---D | C] -- C:\Users\Alexander Bär\AppData\Roaming\Malwarebytes
[2012.10.12 20:36:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.12 20:36:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.12 20:36:42 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.10.12 20:36:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.10.12 20:04:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2012.10.10 22:50:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jAlbum
[2012.10.10 22:50:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\jAlbum
[2012.10.10 22:03:38 | 000,000,000 | ---D | C] -- C:\Users\Alexander Bär\Projects
[2012.10.07 19:51:54 | 000,000,000 | ---D | C] -- C:\Users\Alexander Bär\AppData\Local\Macromedia
[2012.10.07 19:51:17 | 000,000,000 | ---D | C] -- C:\Users\Alexander Bär\AppData\Local\Mozilla
[2012.10.07 19:51:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.10.07 19:51:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.10.07 19:16:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012.10.07 19:16:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012.10.07 19:15:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Perion
[2012.10.07 19:15:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.10.07 19:15:08 | 000,035,328 | ---- | C] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll
[2012.10.07 19:15:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ARFC
[2012.10.07 19:15:07 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WNLT
[2012.10.07 19:15:04 | 000,000,000 | ---D | C] -- C:\Program Files\IB Updater
[2012.10.06 10:30:08 | 000,000,000 | ---D | C] -- C:\Users\Alexander Bär\AppData\Roaming\OpenOffice.org
[2012.10.05 13:21:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2012.10.05 13:21:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software
[2012.10.04 19:49:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
[2012.10.04 19:49:25 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2012.10.03 08:28:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012.09.30 11:02:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012.09.28 21:54:28 | 000,000,000 | ---D | C] -- C:\Users\Alexander Bär\Documents\My Albums
[2012.09.28 20:22:41 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
[2012.09.21 13:09:14 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2012.09.21 13:08:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2012.09.21 13:04:46 | 000,000,000 | ---D | C] -- C:\Users\Alexander Bär\AppData\Roaming\jAlbum
[2012.09.21 12:54:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macromedia Shared
[2012.09.21 12:54:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macromedia
[2012.09.21 12:54:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macromedia
[2012.09.21 12:53:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Macromedia
[2012.09.21 12:49:03 | 000,000,000 | ---D | C] -- C:\Users\Alexander Bär\AppData\Roaming\DigitalPersona
[2012.09.21 12:49:03 | 000,000,000 | ---D | C] -- C:\Users\Alexander Bär\AppData\Local\DigitalPersona
[2012.09.21 12:46:34 | 000,021,616 | ---- | C] (ST Microelectronics) -- C:\Windows\SysNative\drivers\stdcfltn.sys
[2012.09.21 12:46:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2012.09.21 12:45:57 | 000,000,000 | ---D | C] -- C:\Program Files\STMicroelectronics
[2012.09.21 12:45:45 | 000,081,008 | ---- | C] (ST Microelectronics) -- C:\Windows\SysNative\accelernco01.dll
[2012.09.21 12:45:45 | 000,027,760 | ---- | C] (ST Microelectronics) -- C:\Windows\SysNative\drivers\Accelern.sys
[2012.09.21 12:45:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\STMicroelectronics
[2012.09.21 12:38:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Validity
[2012.09.21 12:38:22 | 000,000,000 | ---D | C] -- C:\Program Files\Validity Sensors
[2012.09.21 12:37:41 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2012.09.21 12:35:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Macrovision
[2012.09.21 12:35:50 | 000,000,000 | ---D | C] -- C:\Users\Alexander Bär\AppData\Local\Programs
[2012.09.21 12:35:50 | 000,000,000 | ---D | C] -- C:\Users\Alexander Bär\AppData\Roaming\Macrovision
[2012.09.21 12:35:49 | 000,000,000 | ---D | C] -- C:\Users\Alexander Bär\AppData\Roaming\FLEXnet
[2012.09.21 12:35:43 | 000,000,000 | ---D | C] -- C:\Windows\DPDrv
[2012.09.21 12:35:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\zh-Hant
[2012.09.21 12:35:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\zh-Hans
[2012.09.21 12:35:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\tr
[2012.09.21 12:35:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\sv
[2012.09.21 12:35:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ru
[2012.09.21 12:35:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\zh-Hant
[2012.09.21 12:35:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\zh-Hans
[2012.09.21 12:35:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\tr
[2012.09.21 12:35:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\sv
[2012.09.21 12:35:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ru
[2012.09.21 12:35:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\no
[2012.09.21 12:35:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\no
[2012.09.21 12:35:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\nl
[2012.09.21 12:35:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\nl
[2012.09.21 12:35:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ko
[2012.09.21 12:35:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ko
[2012.09.21 12:35:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ja
[2012.09.21 12:35:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ja
[2012.09.21 12:35:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\it
[2012.09.21 12:35:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\it
[2012.09.21 12:35:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\gl-ES
[2012.09.21 12:35:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\gl-ES
[2012.09.21 12:35:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\fr
[2012.09.21 12:35:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\fr
[2012.09.21 12:35:37 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2012.09.21 12:35:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\eu-ES
[2012.09.21 12:35:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\eu-ES
[2012.09.21 12:35:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\es
[2012.09.21 12:35:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\es
[2012.09.21 12:35:37 | 000,000,000 | ---D | C] -- C:\Program Files\DigitalPersona
[2012.09.21 12:35:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DigitalPersona
[2012.09.21 12:35:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\da
[2012.09.21 12:35:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\da
[2012.09.21 12:35:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ca-ES
[2012.09.21 12:35:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ca-ES
[2012.09.21 12:35:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView
[2012.09.21 12:35:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2012.09.21 12:35:13 | 000,000,000 | ---D | C] -- C:\Users\Alexander Bär\AppData\Roaming\IrfanView
[2012.09.21 12:35:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView
[2012.09.21 12:32:48 | 000,000,000 | ---D | C] -- C:\Users\Alexander Bär\AppData\Roaming\WinRAR
[2012.09.21 12:32:48 | 000,000,000 | ---D | C] -- C:\Users\Alexander Bär\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.09.21 12:32:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.09.21 12:32:44 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012.09.21 12:31:04 | 000,000,000 | ---D | C] -- C:\Users\Alexander Bär\AppData\Roaming\vlc
[2012.09.21 12:30:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.09.21 12:30:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hewlett-Packard
[2012.09.21 12:30:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2012.09.21 12:30:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2012.09.21 12:30:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.09.21 12:30:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012.09.21 12:30:03 | 000,000,000 | ---D | C] -- C:\Users\Alexander Bär\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp
[2012.09.21 12:30:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
[2012.09.21 12:30:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2012.09.21 12:29:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Netscape 7.1
[2012.09.21 12:29:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\mozilla.org
[2012.09.21 12:29:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Netscape
[2012.09.21 12:29:16 | 000,000,000 | ---D | C] -- C:\Users\Alexander Bär\AppData\Roaming\HpUpdate
[2012.09.21 12:29:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2012.09.21 12:28:46 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2012.09.21 12:28:44 | 000,000,000 | ---D | C] -- C:\Users\Alexander Bär\AppData\Roaming\Opera
[2012.09.21 12:28:44 | 000,000,000 | ---D | C] -- C:\Users\Alexander Bär\AppData\Local\Opera
[2012.09.21 12:28:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2012.09.21 12:28:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2012.09.21 12:27:53 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2012.09.21 12:26:48 | 000,000,000 | ---D | C] -- C:\Users\Alexander Bär\AppData\Local\HP
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.18 21:21:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.18 21:10:31 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.18 21:09:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alexander Bär\Desktop\OTL.exe
[2012.10.18 20:58:56 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2012.10.18 20:58:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.16 21:10:18 | 000,021,088 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.16 21:10:18 | 000,021,088 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.16 21:07:30 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.10.16 21:07:30 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.10.16 21:07:30 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.10.16 21:07:30 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.10.16 21:07:30 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.10.16 21:03:23 | 000,001,918 | ---- | M] () -- C:\Users\Alexander Bär\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk
[2012.10.16 21:03:07 | 3148,222,464 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.12 20:53:17 | 000,002,282 | ---- | M] () -- C:\Users\Alexander Bär\Desktop\Google Chrome.lnk
[2012.10.09 17:31:03 | 000,729,542 | ---- | M] () -- C:\Users\Alexander Bär\Documents\BG-Zahlung-Studium.pdf
[2012.10.07 19:51:14 | 000,001,165 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.10.07 19:16:31 | 000,002,247 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012.10.06 10:30:13 | 000,001,270 | ---- | M] () -- C:\Users\Alexander Bär\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2012.10.02 17:20:24 | 001,261,936 | ---- | M] () -- C:\Windows\SysNative\dmwu.exe
[2012.10.02 17:19:30 | 000,035,328 | ---- | M] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll
[2012.09.26 09:30:53 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.09.22 16:28:37 | 000,292,776 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.09.21 13:11:29 | 000,000,600 | ---- | M] () -- C:\Users\Alexander Bär\AppData\Roaming\winscp.rnd
[2012.09.21 12:38:28 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2012.09.21 12:37:42 | 000,001,063 | ---- | M] () -- C:\Users\Alexander Bär\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Überwachungstool für die Intel® Turbo-Boost-Technik 2.0.lnk
[2012.09.21 12:30:05 | 000,000,335 | ---- | M] () -- C:\Windows\nsreg.dat
[2012.09.21 12:30:04 | 000,007,614 | ---- | M] () -- C:\Windows\mozver.dat
[2012.09.21 12:30:00 | 000,087,184 | ---- | M] () -- C:\Windows\NSUninst.exe
[2012.09.21 12:29:55 | 000,087,184 | ---- | M] () -- C:\Windows\GREUninstall.exe
[2012.09.21 12:27:41 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
 
========== Files Created - No Company Name ==========
 
[2012.10.12 20:53:17 | 000,002,282 | ---- | C] () -- C:\Users\Alexander Bär\Desktop\Google Chrome.lnk
[2012.10.09 17:31:02 | 000,729,542 | ---- | C] () -- C:\Users\Alexander Bär\Documents\BG-Zahlung-Studium.pdf
[2012.10.07 19:51:14 | 000,001,177 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.10.07 19:51:14 | 000,001,165 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.10.07 19:16:31 | 000,002,247 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012.10.07 19:16:04 | 000,001,124 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.07 19:16:04 | 000,001,120 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.07 19:15:08 | 001,261,936 | ---- | C] () -- C:\Windows\SysNative\dmwu.exe
[2012.10.06 10:30:13 | 000,001,270 | ---- | C] () -- C:\Users\Alexander Bär\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2012.10.01 18:18:56 | 000,609,280 | ---- | C] () -- C:\Users\Public\Documents\PasswortGen.exe
[2012.09.25 20:20:04 | 000,048,537 | ---- | C] () -- C:\proxtube.crx
[2012.09.21 13:11:29 | 000,000,600 | ---- | C] () -- C:\Users\Alexander Bär\AppData\Roaming\winscp.rnd
[2012.09.21 13:10:51 | 000,000,520 | ---- | C] () -- C:\Users\Alexander Bär\salamand.key
[2012.09.21 13:10:39 | 000,000,949 | ---- | C] () -- C:\Users\Alexander Bär\keys.zip
[2012.09.21 12:38:28 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2012.09.21 12:37:43 | 000,001,063 | ---- | C] () -- C:\Users\Alexander Bär\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Überwachungstool für die Intel® Turbo-Boost-Technik 2.0.lnk
[2012.09.21 12:35:55 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DigitalPersona Fingerprint Software.lnk
[2012.09.21 12:32:55 | 000,001,918 | ---- | C] () -- C:\Users\Alexander Bär\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk
[2012.09.21 12:30:05 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2012.09.21 12:30:00 | 000,087,184 | ---- | C] () -- C:\Windows\NSUninst.exe
[2012.09.21 12:29:55 | 000,087,184 | ---- | C] () -- C:\Windows\GREUninstall.exe
[2012.09.21 12:29:53 | 000,007,614 | ---- | C] () -- C:\Windows\mozver.dat
[2012.09.21 12:29:19 | 000,000,968 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk
[2012.09.21 12:28:44 | 000,001,841 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2012.09.21 12:27:41 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012.09.16 23:34:01 | 000,000,396 | ---- | C] () -- C:\Windows\hbcikrnl.ini
[2012.09.16 23:33:56 | 000,167,936 | ---- | C] () -- C:\Windows\SysWow64\SerialXP.dll
[2012.09.16 23:33:56 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\win32com.dll
[2012.09.14 17:02:57 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.09.14 16:57:13 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.09.14 16:55:57 | 000,003,914 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2012.09.14 16:55:43 | 000,003,914 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012.09.14 16:40:58 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2011.05.11 23:57:52 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.04.10 05:49:08 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.04.10 05:49:08 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.04.10 05:49:08 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.04.10 05:42:48 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.04.10 05:18:22 | 013,356,032 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.09.21 12:49:03 | 000,000,000 | ---D | M] -- C:\Users\Alexander Bär\AppData\Roaming\DigitalPersona
[2012.10.17 06:46:26 | 000,000,000 | ---D | M] -- C:\Users\Alexander Bär\AppData\Roaming\Foxit Software
[2012.09.21 12:35:13 | 000,000,000 | ---D | M] -- C:\Users\Alexander Bär\AppData\Roaming\IrfanView
[2012.09.21 13:05:15 | 000,000,000 | ---D | M] -- C:\Users\Alexander Bär\AppData\Roaming\jAlbum
[2012.10.06 10:30:08 | 000,000,000 | ---D | M] -- C:\Users\Alexander Bär\AppData\Roaming\OpenOffice.org
[2012.09.21 12:28:44 | 000,000,000 | ---D | M] -- C:\Users\Alexander Bär\AppData\Roaming\Opera
[2012.09.14 17:07:06 | 000,000,000 | ---D | M] -- C:\Users\Alexander Bär\AppData\Roaming\Thunderbird
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.09.14 23:13:43 | 000,000,000 | ---D | M] -- C:\Users\Alexander Bär\AppData\Roaming\Adobe
[2012.09.14 16:57:26 | 000,000,000 | ---D | M] -- C:\Users\Alexander Bär\AppData\Roaming\ATI
[2012.09.21 12:49:03 | 000,000,000 | ---D | M] -- C:\Users\Alexander Bär\AppData\Roaming\DigitalPersona
[2012.09.21 12:35:49 | 000,000,000 | ---D | M] -- C:\Users\Alexander Bär\AppData\Roaming\FLEXnet
[2012.10.17 06:46:26 | 000,000,000 | ---D | M] -- C:\Users\Alexander Bär\AppData\Roaming\Foxit Software
[2012.10.05 19:42:53 | 000,000,000 | ---D | M] -- C:\Users\Alexander Bär\AppData\Roaming\HpUpdate
[2012.09.14 16:32:58 | 000,000,000 | ---D | M] -- C:\Users\Alexander Bär\AppData\Roaming\Identities
[2012.09.14 16:40:21 | 000,000,000 | ---D | M] -- C:\Users\Alexander Bär\AppData\Roaming\InstallShield
[2012.09.14 16:57:26 | 000,000,000 | ---D | M] -- C:\Users\Alexander Bär\AppData\Roaming\Intel Corporation
[2012.09.21 12:35:13 | 000,000,000 | ---D | M] -- C:\Users\Alexander Bär\AppData\Roaming\IrfanView
[2012.09.21 13:05:15 | 000,000,000 | ---D | M] -- C:\Users\Alexander Bär\AppData\Roaming\jAlbum
[2012.09.21 13:03:02 | 000,000,000 | ---D | M] -- C:\Users\Alexander Bär\AppData\Roaming\Macromedia
[2012.09.21 12:35:50 | 000,000,000 | ---D | M] -- C:\Users\Alexander Bär\AppData\Roaming\Macrovision
[2012.10.12 20:36:57 | 000,000,000 | ---D | M] -- C:\Users\Alexander Bär\AppData\Roaming\Malwarebytes
[2010.11.21 09:16:58 | 000,000,000 | ---D | M] -- C:\Users\Alexander Bär\AppData\Roaming\Media Center Programs
[2012.10.07 19:51:54 | 000,000,000 | --SD | M] -- C:\Users\Alexander Bär\AppData\Roaming\Microsoft
[2012.10.07 19:51:17 | 000,000,000 | ---D | M] -- C:\Users\Alexander Bär\AppData\Roaming\Mozilla
[2012.10.06 10:30:08 | 000,000,000 | ---D | M] -- C:\Users\Alexander Bär\AppData\Roaming\OpenOffice.org
[2012.09.21 12:28:44 | 000,000,000 | ---D | M] -- C:\Users\Alexander Bär\AppData\Roaming\Opera
[2012.09.14 17:07:06 | 000,000,000 | ---D | M] -- C:\Users\Alexander Bär\AppData\Roaming\Thunderbird
[2012.10.10 17:54:44 | 000,000,000 | ---D | M] -- C:\Users\Alexander Bär\AppData\Roaming\vlc
[2012.09.21 12:32:48 | 000,000,000 | ---D | M] -- C:\Users\Alexander Bär\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2012.09.21 12:35:49 | 001,373,552 | ---- | M] (Flexera Software, Inc.) -- C:\Users\Alexander Bär\AppData\Roaming\FLEXnet\Connect\11\agent.exe
[2012.09.21 12:35:50 | 000,206,112 | ---- | M] (InstallShield Software Corporation) -- C:\Users\Alexander Bär\AppData\Roaming\FLEXnet\Connect\11\dwusplay.exe
[2012.09.21 12:35:49 | 000,439,664 | ---- | M] (Flexera Software, Inc.) -- C:\Users\Alexander Bär\AppData\Roaming\FLEXnet\Connect\11\isdm.exe
[2012.09.21 12:35:50 | 000,087,408 | ---- | M] (Flexera Software, Inc.) -- C:\Users\Alexander Bär\AppData\Roaming\FLEXnet\Connect\11\issch.exe
[2012.09.21 12:35:50 | 000,718,192 | ---- | M] (Flexera Software, Inc.) -- C:\Users\Alexander Bär\AppData\Roaming\Macrovision\FLEXnet Connect\11\agent.exe
[2012.09.21 12:35:50 | 000,742,768 | ---- | M] (Flexera Software, Inc.) -- C:\Users\Alexander Bär\AppData\Roaming\Macrovision\FLEXnet Connect\6\agent.exe
[2012.09.14 16:55:57 | 000,010,134 | R--- | M] () -- C:\Users\Alexander Bär\AppData\Roaming\Microsoft\Installer\{11081E1B-9D55-63DD-67FE-8AC8D08834C9}\ARPPRODUCTICON.exe
[2012.09.14 16:37:21 | 000,010,134 | R--- | M] () -- C:\Users\Alexander Bär\AppData\Roaming\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\ARPPRODUCTICON.exe
[2012.09.14 16:37:21 | 000,045,056 | R--- | M] (Macrovision Corporation) -- C:\Users\Alexander Bär\AppData\Roaming\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\NewShortcut1_42929F0FCE1447AF9FC7FF297A603021_1.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2010.11.05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\drivers\iaStor.sys
[2010.11.05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_710b330fb3531234\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >
         
--- --- ---

[/code]

viele gruesse

Alt 18.10.2012, 22:09   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Icredibar unter Google Chrome - Standard

Icredibar unter Google Chrome



Ist recht unauffällig

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 23.10.2012, 17:56   #13
dr_baer
 
Icredibar unter Google Chrome - Standard

Icredibar unter Google Chrome



hi,
leider hat es diesmal etwas laenger gedauert, aber hier nun das logfile

Code:
ATTFilter
17:53:41.0337 7448  TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
17:53:41.0571 7448  ============================================================
17:53:41.0571 7448  Current date / time: 2012/10/23 17:53:41.0571
17:53:41.0571 7448  SystemInfo:
17:53:41.0571 7448  
17:53:41.0571 7448  OS Version: 6.1.7601 ServicePack: 1.0
17:53:41.0571 7448  Product type: Workstation
17:53:41.0571 7448  ComputerName: ALEXPC2
17:53:41.0571 7448  UserName: Alexander Bär
17:53:41.0571 7448  Windows directory: C:\Windows
17:53:41.0571 7448  System windows directory: C:\Windows
17:53:41.0571 7448  Running under WOW64
17:53:41.0571 7448  Processor architecture: Intel x64
17:53:41.0571 7448  Number of processors: 4
17:53:41.0571 7448  Page size: 0x1000
17:53:41.0587 7448  Boot type: Normal boot
17:53:41.0587 7448  ============================================================
17:53:41.0852 7448  Drive \Device\Harddisk0\DR0 - Size: 0x3B9E656000 (238.47 Gb), SectorSize: 0x200, Cylinders: 0x799A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:53:41.0868 7448  ============================================================
17:53:41.0868 7448  \Device\Harddisk0\DR0:
17:53:41.0868 7448  MBR partitions:
17:53:41.0868 7448  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:53:41.0868 7448  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x110D07FB
17:53:41.0868 7448  ============================================================
17:53:41.0868 7448  C: <-> \Device\Harddisk0\DR0\Partition2
17:53:41.0868 7448  ============================================================
17:53:41.0868 7448  Initialize success
17:53:41.0868 7448  ============================================================
17:54:39.0791 4352  ============================================================
17:54:39.0791 4352  Scan started
17:54:39.0791 4352  Mode: Manual; SigCheck; TDLFS; 
17:54:39.0791 4352  ============================================================
17:54:39.0915 4352  ================ Scan system memory ========================
17:54:39.0915 4352  System memory - ok
17:54:39.0915 4352  ================ Scan services =============================
17:54:39.0978 4352  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
17:54:40.0087 4352  1394ohci - ok
17:54:40.0087 4352  [ E0065CBF1A25C015C218457D2CD522B9 ] Acceler         C:\Windows\system32\DRIVERS\Accelern.sys
17:54:40.0118 4352  Acceler - ok
17:54:40.0118 4352  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
17:54:40.0149 4352  ACPI - ok
17:54:40.0149 4352  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
17:54:40.0181 4352  AcpiPmi - ok
17:54:40.0196 4352  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
17:54:40.0212 4352  adp94xx - ok
17:54:40.0227 4352  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
17:54:40.0243 4352  adpahci - ok
17:54:40.0259 4352  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
17:54:40.0274 4352  adpu320 - ok
17:54:40.0290 4352  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
17:54:40.0368 4352  AeLookupSvc - ok
17:54:40.0368 4352  [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters     C:\Program Files\IDT\WDM\AESTSr64.exe
17:54:40.0383 4352  AESTFilters - ok
17:54:40.0399 4352  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
17:54:40.0415 4352  AFD - ok
17:54:40.0415 4352  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
17:54:40.0430 4352  agp440 - ok
17:54:40.0430 4352  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
17:54:40.0446 4352  ALG - ok
17:54:40.0446 4352  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
17:54:40.0461 4352  aliide - ok
17:54:40.0461 4352  [ E6CE56BE2C8BFF7464554629829A1271 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
17:54:40.0493 4352  AMD External Events Utility - ok
17:54:40.0508 4352  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
17:54:40.0508 4352  amdide - ok
17:54:40.0508 4352  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
17:54:40.0524 4352  AmdK8 - ok
17:54:40.0649 4352  [ E3CC08F03C55A284FBFD79071822DF43 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
17:54:40.0758 4352  amdkmdag - ok
17:54:40.0773 4352  [ F8976E22AFD861CF67B6E2D3B4995CDB ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
17:54:40.0789 4352  amdkmdap - ok
17:54:40.0789 4352  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
17:54:40.0805 4352  AmdPPM - ok
17:54:40.0805 4352  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
17:54:40.0820 4352  amdsata - ok
17:54:40.0820 4352  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
17:54:40.0836 4352  amdsbs - ok
17:54:40.0836 4352  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
17:54:40.0836 4352  amdxata - ok
17:54:40.0836 4352  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
17:54:40.0898 4352  AppID - ok
17:54:40.0914 4352  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
17:54:40.0929 4352  AppIDSvc - ok
17:54:40.0945 4352  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
17:54:40.0961 4352  Appinfo - ok
17:54:40.0976 4352  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
17:54:40.0992 4352  AppMgmt - ok
17:54:40.0992 4352  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
17:54:40.0992 4352  arc - ok
17:54:41.0007 4352  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
17:54:41.0007 4352  arcsas - ok
17:54:41.0007 4352  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
17:54:41.0039 4352  AsyncMac - ok
17:54:41.0039 4352  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
17:54:41.0054 4352  atapi - ok
17:54:41.0054 4352  [ CBE61B4494165F458BD87E37181EE934 ] AthBTPort       C:\Windows\system32\DRIVERS\btath_flt.sys
17:54:41.0054 4352  AthBTPort - ok
17:54:41.0070 4352  [ 67B8BD46E8626C348688930244761DAB ] Atheros Bt&Wlan Coex Agent C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe
17:54:41.0070 4352  Atheros Bt&Wlan Coex Agent ( UnsignedFile.Multi.Generic ) - warning
17:54:41.0070 4352  Atheros Bt&Wlan Coex Agent - detected UnsignedFile.Multi.Generic (1)
17:54:41.0085 4352  [ 8430ED17CEF0D7878B25776E02508957 ] AtherosSvc      C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
17:54:41.0085 4352  AtherosSvc - ok
17:54:41.0117 4352  [ 782D36BAD8DDBF008D02E055DBE70F82 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
17:54:41.0148 4352  athr - ok
17:54:41.0163 4352  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:54:41.0195 4352  AudioEndpointBuilder - ok
17:54:41.0210 4352  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
17:54:41.0241 4352  AudioSrv - ok
17:54:41.0241 4352  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
17:54:41.0257 4352  AxInstSV - ok
17:54:41.0273 4352  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
17:54:41.0288 4352  b06bdrv - ok
17:54:41.0288 4352  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
17:54:41.0304 4352  b57nd60a - ok
17:54:41.0304 4352  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
17:54:41.0319 4352  BDESVC - ok
17:54:41.0319 4352  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
17:54:41.0351 4352  Beep - ok
17:54:41.0366 4352  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
17:54:41.0397 4352  BFE - ok
17:54:41.0413 4352  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
17:54:41.0444 4352  BITS - ok
17:54:41.0444 4352  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
17:54:41.0460 4352  blbdrive - ok
17:54:41.0460 4352  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:54:41.0475 4352  bowser - ok
17:54:41.0475 4352  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
17:54:41.0491 4352  BrFiltLo - ok
17:54:41.0491 4352  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
17:54:41.0507 4352  BrFiltUp - ok
17:54:41.0507 4352  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
17:54:41.0522 4352  Browser - ok
17:54:41.0522 4352  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
17:54:41.0538 4352  Brserid - ok
17:54:41.0538 4352  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
17:54:41.0553 4352  BrSerWdm - ok
17:54:41.0553 4352  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
17:54:41.0569 4352  BrUsbMdm - ok
17:54:41.0569 4352  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
17:54:41.0585 4352  BrUsbSer - ok
17:54:41.0585 4352  [ 227C8F308DE4AF4808E587465CEAB838 ] BTATH_A2DP      C:\Windows\system32\drivers\btath_a2dp.sys
17:54:41.0600 4352  BTATH_A2DP - ok
17:54:41.0600 4352  [ A83A91D07D1FE6BBE7A9DB46CA00434B ] BTATH_BUS       C:\Windows\system32\DRIVERS\btath_bus.sys
17:54:41.0600 4352  BTATH_BUS - ok
17:54:41.0616 4352  [ C864FF85EE16D61C2BDD5EF76824625F ] BTATH_HCRP      C:\Windows\system32\DRIVERS\btath_hcrp.sys
17:54:41.0616 4352  BTATH_HCRP - ok
17:54:41.0616 4352  [ 0DEA505EFB5D771826D177EF8B8A208F ] BTATH_LWFLT     C:\Windows\system32\DRIVERS\btath_lwflt.sys
17:54:41.0631 4352  BTATH_LWFLT - ok
17:54:41.0631 4352  [ 724C8088C96EFE7A3E63FEC21D4681C0 ] BTATH_RCP       C:\Windows\system32\DRIVERS\btath_rcp.sys
17:54:41.0631 4352  BTATH_RCP - ok
17:54:41.0647 4352  [ 486720DA2B3BB13D1080C83140C18B56 ] BtFilter        C:\Windows\system32\DRIVERS\btfilter.sys
17:54:41.0663 4352  BtFilter - ok
17:54:41.0663 4352  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
17:54:41.0663 4352  BthEnum - ok
17:54:41.0678 4352  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
17:54:41.0678 4352  BTHMODEM - ok
17:54:41.0694 4352  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
17:54:41.0709 4352  BthPan - ok
17:54:41.0709 4352  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
17:54:41.0725 4352  BTHPORT - ok
17:54:41.0725 4352  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
17:54:41.0756 4352  bthserv - ok
17:54:41.0756 4352  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
17:54:41.0772 4352  BTHUSB - ok
17:54:41.0772 4352  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:54:41.0803 4352  cdfs - ok
17:54:41.0819 4352  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
17:54:41.0819 4352  cdrom - ok
17:54:41.0819 4352  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
17:54:41.0850 4352  CertPropSvc - ok
17:54:41.0850 4352  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
17:54:41.0865 4352  circlass - ok
17:54:41.0897 4352  [ ED81E81752CA817AFA740C14AD05BC6C ] cjpcsc          C:\Windows\SysWOW64\cjpcsc.exe
17:54:41.0912 4352  cjpcsc - ok
17:54:41.0912 4352  [ 06E1F5228399FC49A8D026DA38DB6784 ] cjusb           C:\Windows\system32\DRIVERS\cjusb.sys
17:54:41.0912 4352  cjusb - ok
17:54:41.0928 4352  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
17:54:41.0943 4352  CLFS - ok
17:54:41.0943 4352  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:54:41.0959 4352  clr_optimization_v2.0.50727_32 - ok
17:54:41.0959 4352  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:54:41.0975 4352  clr_optimization_v2.0.50727_64 - ok
17:54:41.0975 4352  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:54:41.0990 4352  clr_optimization_v4.0.30319_32 - ok
17:54:42.0006 4352  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:54:42.0006 4352  clr_optimization_v4.0.30319_64 - ok
17:54:42.0006 4352  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
17:54:42.0021 4352  CmBatt - ok
17:54:42.0021 4352  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
17:54:42.0037 4352  cmdide - ok
17:54:42.0037 4352  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
17:54:42.0053 4352  CNG - ok
17:54:42.0068 4352  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
17:54:42.0068 4352  Compbatt - ok
17:54:42.0068 4352  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
17:54:42.0084 4352  CompositeBus - ok
17:54:42.0084 4352  COMSysApp - ok
17:54:42.0099 4352  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
17:54:42.0099 4352  crcdisk - ok
17:54:42.0115 4352  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
17:54:42.0115 4352  CryptSvc - ok
17:54:42.0131 4352  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
17:54:42.0146 4352  CSC - ok
17:54:42.0146 4352  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
17:54:42.0162 4352  CscService - ok
17:54:42.0177 4352  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
17:54:42.0209 4352  DcomLaunch - ok
17:54:42.0224 4352  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
17:54:42.0255 4352  defragsvc - ok
17:54:42.0255 4352  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
17:54:42.0287 4352  DfsC - ok
17:54:42.0287 4352  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
17:54:42.0318 4352  Dhcp - ok
17:54:42.0318 4352  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
17:54:42.0349 4352  discache - ok
17:54:42.0349 4352  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
17:54:42.0365 4352  Disk - ok
17:54:42.0365 4352  [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
17:54:42.0380 4352  dmvsc - ok
17:54:42.0380 4352  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
17:54:42.0396 4352  Dnscache - ok
17:54:42.0396 4352  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
17:54:42.0427 4352  dot3svc - ok
17:54:42.0427 4352  [ C43618154FC0C8480F53B04BA7A2F371 ] DpHost          C:\Program Files\DigitalPersona\Bin\DpHostW.exe
17:54:42.0443 4352  DpHost - ok
17:54:42.0458 4352  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
17:54:42.0474 4352  DPS - ok
17:54:42.0489 4352  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
17:54:42.0489 4352  drmkaud - ok
17:54:42.0505 4352  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
17:54:42.0521 4352  DXGKrnl - ok
17:54:42.0536 4352  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
17:54:42.0567 4352  EapHost - ok
17:54:42.0599 4352  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
17:54:42.0645 4352  ebdrv - ok
17:54:42.0645 4352  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
17:54:42.0645 4352  EFS - ok
17:54:42.0661 4352  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
17:54:42.0692 4352  ehRecvr - ok
17:54:42.0692 4352  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
17:54:42.0692 4352  ehSched - ok
17:54:42.0708 4352  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
17:54:42.0723 4352  elxstor - ok
17:54:42.0723 4352  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
17:54:42.0739 4352  ErrDev - ok
17:54:42.0755 4352  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
17:54:42.0786 4352  EventSystem - ok
17:54:42.0786 4352  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
17:54:42.0817 4352  exfat - ok
17:54:42.0817 4352  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
17:54:42.0848 4352  fastfat - ok
17:54:42.0864 4352  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
17:54:42.0879 4352  Fax - ok
17:54:42.0879 4352  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
17:54:42.0895 4352  fdc - ok
17:54:42.0895 4352  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
17:54:42.0926 4352  fdPHost - ok
17:54:42.0926 4352  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
17:54:42.0957 4352  FDResPub - ok
17:54:42.0957 4352  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
17:54:42.0957 4352  FileInfo - ok
17:54:42.0973 4352  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
17:54:42.0989 4352  Filetrace - ok
17:54:43.0004 4352  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
17:54:43.0004 4352  flpydisk - ok
17:54:43.0020 4352  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
17:54:43.0020 4352  FltMgr - ok
17:54:43.0035 4352  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
17:54:43.0067 4352  FontCache - ok
17:54:43.0067 4352  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:54:43.0067 4352  FontCache3.0.0.0 - ok
17:54:43.0082 4352  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
17:54:43.0082 4352  FsDepends - ok
17:54:43.0082 4352  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
17:54:43.0098 4352  Fs_Rec - ok
17:54:43.0098 4352  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
17:54:43.0113 4352  fvevol - ok
17:54:43.0113 4352  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
17:54:43.0129 4352  gagp30kx - ok
17:54:43.0145 4352  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
17:54:43.0176 4352  gpsvc - ok
17:54:43.0176 4352  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:54:43.0176 4352  gupdate - ok
17:54:43.0191 4352  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:54:43.0191 4352  gupdatem - ok
17:54:43.0191 4352  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
17:54:43.0207 4352  hcw85cir - ok
17:54:43.0207 4352  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:54:43.0223 4352  HdAudAddService - ok
17:54:43.0238 4352  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
17:54:43.0254 4352  HDAudBus - ok
17:54:43.0254 4352  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
17:54:43.0254 4352  HidBatt - ok
17:54:43.0269 4352  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
17:54:43.0269 4352  HidBth - ok
17:54:43.0285 4352  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
17:54:43.0285 4352  HidIr - ok
17:54:43.0301 4352  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
17:54:43.0316 4352  hidserv - ok
17:54:43.0332 4352  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
17:54:43.0332 4352  HidUsb - ok
17:54:43.0347 4352  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
17:54:43.0363 4352  hkmsvc - ok
17:54:43.0379 4352  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:54:43.0379 4352  HomeGroupListener - ok
17:54:43.0394 4352  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:54:43.0410 4352  HomeGroupProvider - ok
17:54:43.0410 4352  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
17:54:43.0410 4352  HpSAMD - ok
17:54:43.0425 4352  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
17:54:43.0457 4352  HTTP - ok
17:54:43.0472 4352  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
17:54:43.0472 4352  hwpolicy - ok
17:54:43.0472 4352  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
17:54:43.0488 4352  i8042prt - ok
17:54:43.0488 4352  [ D7921D5A870B11CC1ADAB198A519D50A ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
17:54:43.0503 4352  iaStor - ok
17:54:43.0503 4352  [ 8FFF9083252C16FE3960173722605E9E ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
17:54:43.0519 4352  IAStorDataMgrSvc - ok
17:54:43.0519 4352  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
17:54:43.0535 4352  iaStorV - ok
17:54:43.0550 4352  [ 27E402C11C323A44C080CBD31182830A ] IB Updater Updater C:\Program Files\IB Updater\ExtensionUpdaterService.exe
17:54:43.0550 4352  IB Updater Updater - ok
17:54:43.0566 4352  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:54:43.0581 4352  idsvc - ok
17:54:43.0581 4352  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
17:54:43.0597 4352  iirsp - ok
17:54:43.0613 4352  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
17:54:43.0644 4352  IKEEXT - ok
17:54:43.0644 4352  [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
17:54:43.0659 4352  IntcDAud - ok
17:54:43.0659 4352  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
17:54:43.0675 4352  intelide - ok
17:54:43.0815 4352  [ 174BCAC474DE13B2650E444CF124828E ] intelkmd        C:\Windows\system32\DRIVERS\igdpmd64.sys
17:54:43.0956 4352  intelkmd - ok
17:54:43.0971 4352  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
17:54:43.0971 4352  intelppm - ok
17:54:43.0987 4352  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
17:54:44.0003 4352  IPBusEnum - ok
17:54:44.0018 4352  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:54:44.0034 4352  IpFilterDriver - ok
17:54:44.0049 4352  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
17:54:44.0081 4352  iphlpsvc - ok
17:54:44.0081 4352  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
17:54:44.0096 4352  IPMIDRV - ok
17:54:44.0096 4352  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
17:54:44.0127 4352  IPNAT - ok
17:54:44.0127 4352  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
17:54:44.0143 4352  IRENUM - ok
17:54:44.0143 4352  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
17:54:44.0159 4352  isapnp - ok
17:54:44.0159 4352  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
17:54:44.0174 4352  iScsiPrt - ok
17:54:44.0174 4352  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
17:54:44.0174 4352  kbdclass - ok
17:54:44.0190 4352  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
17:54:44.0190 4352  kbdhid - ok
17:54:44.0190 4352  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
17:54:44.0205 4352  KeyIso - ok
17:54:44.0205 4352  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:54:44.0221 4352  KSecDD - ok
17:54:44.0221 4352  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
17:54:44.0237 4352  KSecPkg - ok
17:54:44.0237 4352  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
17:54:44.0268 4352  ksthunk - ok
17:54:44.0268 4352  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
17:54:44.0299 4352  KtmRm - ok
17:54:44.0315 4352  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
17:54:44.0330 4352  LanmanServer - ok
17:54:44.0346 4352  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:54:44.0377 4352  LanmanWorkstation - ok
17:54:44.0377 4352  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
17:54:44.0408 4352  lltdio - ok
17:54:44.0408 4352  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
17:54:44.0439 4352  lltdsvc - ok
17:54:44.0439 4352  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
17:54:44.0471 4352  lmhosts - ok
17:54:44.0471 4352  [ 0803906D607A9B83184447B75B60ECC2 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
17:54:44.0486 4352  LMS - ok
17:54:44.0486 4352  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
17:54:44.0502 4352  LSI_FC - ok
17:54:44.0502 4352  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
17:54:44.0517 4352  LSI_SAS - ok
17:54:44.0517 4352  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
17:54:44.0517 4352  LSI_SAS2 - ok
17:54:44.0533 4352  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
17:54:44.0533 4352  LSI_SCSI - ok
17:54:44.0533 4352  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
17:54:44.0564 4352  luafv - ok
17:54:44.0580 4352  [ B8EAC4507EB4655377B1E094FCE7F12E ] Macromedia Licensing Service C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
17:54:44.0580 4352  Macromedia Licensing Service ( UnsignedFile.Multi.Generic ) - warning
17:54:44.0580 4352  Macromedia Licensing Service - detected UnsignedFile.Multi.Generic (1)
17:54:44.0580 4352  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
17:54:44.0595 4352  Mcx2Svc - ok
17:54:44.0595 4352  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
17:54:44.0611 4352  megasas - ok
17:54:44.0611 4352  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
17:54:44.0627 4352  MegaSR - ok
17:54:44.0627 4352  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
17:54:44.0627 4352  MEIx64 - ok
17:54:44.0642 4352  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
17:54:44.0658 4352  MMCSS - ok
17:54:44.0673 4352  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
17:54:44.0689 4352  Modem - ok
17:54:44.0705 4352  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
17:54:44.0705 4352  monitor - ok
17:54:44.0720 4352  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
17:54:44.0720 4352  mouclass - ok
17:54:44.0720 4352  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
17:54:44.0736 4352  mouhid - ok
17:54:44.0736 4352  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
17:54:44.0751 4352  mountmgr - ok
17:54:44.0751 4352  [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:54:44.0767 4352  MozillaMaintenance - ok
17:54:44.0767 4352  [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
17:54:44.0783 4352  MpFilter - ok
17:54:44.0783 4352  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
17:54:44.0798 4352  mpio - ok
17:54:44.0798 4352  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:54:44.0829 4352  mpsdrv - ok
17:54:44.0829 4352  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
17:54:44.0876 4352  MpsSvc - ok
17:54:44.0876 4352  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:54:44.0892 4352  MRxDAV - ok
17:54:44.0892 4352  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:54:44.0907 4352  mrxsmb - ok
17:54:44.0907 4352  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:54:44.0923 4352  mrxsmb10 - ok
17:54:44.0923 4352  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:54:44.0939 4352  mrxsmb20 - ok
17:54:44.0939 4352  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
17:54:44.0954 4352  msahci - ok
17:54:44.0954 4352  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
17:54:44.0970 4352  msdsm - ok
17:54:44.0970 4352  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
17:54:44.0985 4352  MSDTC - ok
17:54:44.0985 4352  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
17:54:45.0017 4352  Msfs - ok
17:54:45.0017 4352  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
17:54:45.0048 4352  mshidkmdf - ok
17:54:45.0048 4352  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
17:54:45.0048 4352  msisadrv - ok
17:54:45.0063 4352  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
17:54:45.0095 4352  MSiSCSI - ok
17:54:45.0095 4352  msiserver - ok
17:54:45.0095 4352  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
17:54:45.0126 4352  MSKSSRV - ok
17:54:45.0126 4352  [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
17:54:45.0141 4352  MsMpSvc - ok
17:54:45.0141 4352  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
17:54:45.0173 4352  MSPCLOCK - ok
17:54:45.0173 4352  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
17:54:45.0188 4352  MSPQM - ok
17:54:45.0204 4352  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
17:54:45.0219 4352  MsRPC - ok
17:54:45.0219 4352  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
17:54:45.0235 4352  mssmbios - ok
17:54:45.0235 4352  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
17:54:45.0266 4352  MSTEE - ok
17:54:45.0266 4352  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
17:54:45.0266 4352  MTConfig - ok
17:54:45.0282 4352  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
17:54:45.0282 4352  Mup - ok
17:54:45.0297 4352  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
17:54:45.0329 4352  napagent - ok
17:54:45.0329 4352  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
17:54:45.0344 4352  NativeWifiP - ok
17:54:45.0360 4352  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
17:54:45.0375 4352  NDIS - ok
17:54:45.0391 4352  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
17:54:45.0407 4352  NdisCap - ok
17:54:45.0422 4352  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:54:45.0438 4352  NdisTapi - ok
17:54:45.0453 4352  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
17:54:45.0469 4352  Ndisuio - ok
17:54:45.0485 4352  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
17:54:45.0500 4352  NdisWan - ok
17:54:45.0516 4352  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
17:54:45.0531 4352  NDProxy - ok
17:54:45.0547 4352  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
17:54:45.0563 4352  NetBIOS - ok
17:54:45.0578 4352  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
17:54:45.0609 4352  NetBT - ok
17:54:45.0609 4352  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
17:54:45.0609 4352  Netlogon - ok
17:54:45.0625 4352  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
17:54:45.0656 4352  Netman - ok
17:54:45.0656 4352  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
17:54:45.0687 4352  netprofm - ok
17:54:45.0703 4352  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:54:45.0703 4352  NetTcpPortSharing - ok
17:54:45.0703 4352  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
17:54:45.0719 4352  nfrd960 - ok
17:54:45.0719 4352  [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
17:54:45.0734 4352  NisDrv - ok
17:54:45.0734 4352  [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
17:54:45.0750 4352  NisSrv - ok
17:54:45.0750 4352  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
17:54:45.0781 4352  NlaSvc - ok
17:54:45.0797 4352  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
17:54:45.0812 4352  Npfs - ok
17:54:45.0828 4352  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
17:54:45.0843 4352  nsi - ok
17:54:45.0859 4352  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:54:45.0875 4352  nsiproxy - ok
17:54:45.0906 4352  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
17:54:45.0937 4352  Ntfs - ok
17:54:45.0937 4352  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
17:54:45.0968 4352  Null - ok
17:54:45.0968 4352  [ 158AD24745BD85BA9BE3C51C38F48C32 ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
17:54:45.0968 4352  nusb3hub - ok
17:54:45.0984 4352  [ D40A13B2C0891E218F9523B376955DB6 ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
17:54:45.0984 4352  nusb3xhc - ok
17:54:45.0999 4352  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
17:54:45.0999 4352  nvraid - ok
17:54:46.0015 4352  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
17:54:46.0015 4352  nvstor - ok
17:54:46.0015 4352  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
17:54:46.0031 4352  nv_agp - ok
17:54:46.0031 4352  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
17:54:46.0046 4352  ohci1394 - ok
17:54:46.0046 4352  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
17:54:46.0062 4352  p2pimsvc - ok
17:54:46.0077 4352  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
17:54:46.0093 4352  p2psvc - ok
17:54:46.0093 4352  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
17:54:46.0093 4352  Parport - ok
17:54:46.0109 4352  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
17:54:46.0109 4352  partmgr - ok
17:54:46.0124 4352  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
17:54:46.0140 4352  PcaSvc - ok
17:54:46.0140 4352  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
17:54:46.0140 4352  pci - ok
17:54:46.0155 4352  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
17:54:46.0155 4352  pciide - ok
17:54:46.0171 4352  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
17:54:46.0171 4352  pcmcia - ok
17:54:46.0171 4352  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
17:54:46.0187 4352  pcw - ok
17:54:46.0202 4352  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:54:46.0233 4352  PEAUTH - ok
17:54:46.0249 4352  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
17:54:46.0265 4352  PeerDistSvc - ok
17:54:46.0296 4352  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
17:54:46.0311 4352  PerfHost - ok
17:54:46.0327 4352  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
17:54:46.0374 4352  pla - ok
17:54:46.0374 4352  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:54:46.0389 4352  PlugPlay - ok
17:54:46.0389 4352  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
17:54:46.0405 4352  PNRPAutoReg - ok
17:54:46.0405 4352  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
17:54:46.0421 4352  PNRPsvc - ok
17:54:46.0436 4352  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
17:54:46.0467 4352  PolicyAgent - ok
17:54:46.0467 4352  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
17:54:46.0499 4352  Power - ok
17:54:46.0499 4352  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:54:46.0530 4352  PptpMiniport - ok
17:54:46.0530 4352  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
17:54:46.0545 4352  Processor - ok
17:54:46.0545 4352  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
17:54:46.0561 4352  ProfSvc - ok
17:54:46.0561 4352  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:54:46.0577 4352  ProtectedStorage - ok
17:54:46.0577 4352  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
17:54:46.0608 4352  Psched - ok
17:54:46.0623 4352  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
17:54:46.0655 4352  ql2300 - ok
17:54:46.0655 4352  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
17:54:46.0670 4352  ql40xx - ok
17:54:46.0670 4352  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
17:54:46.0686 4352  QWAVE - ok
17:54:46.0686 4352  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:54:46.0701 4352  QWAVEdrv - ok
17:54:46.0717 4352  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:54:46.0733 4352  RasAcd - ok
17:54:46.0748 4352  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
17:54:46.0764 4352  RasAgileVpn - ok
17:54:46.0779 4352  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
17:54:46.0795 4352  RasAuto - ok
17:54:46.0811 4352  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
17:54:46.0826 4352  Rasl2tp - ok
17:54:46.0842 4352  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
17:54:46.0873 4352  RasMan - ok
17:54:46.0873 4352  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:54:46.0904 4352  RasPppoe - ok
17:54:46.0904 4352  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
17:54:46.0935 4352  RasSstp - ok
17:54:46.0935 4352  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
17:54:46.0967 4352  rdbss - ok
17:54:46.0967 4352  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
17:54:46.0982 4352  rdpbus - ok
17:54:46.0982 4352  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:54:47.0013 4352  RDPCDD - ok
17:54:47.0013 4352  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
17:54:47.0029 4352  RDPDR - ok
17:54:47.0029 4352  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:54:47.0060 4352  RDPENCDD - ok
17:54:47.0060 4352  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
17:54:47.0091 4352  RDPREFMP - ok
17:54:47.0091 4352  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
17:54:47.0107 4352  RDPWD - ok
17:54:47.0107 4352  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
17:54:47.0123 4352  rdyboost - ok
17:54:47.0123 4352  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:54:47.0154 4352  RemoteAccess - ok
17:54:47.0154 4352  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:54:47.0185 4352  RemoteRegistry - ok
17:54:47.0201 4352  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
17:54:47.0201 4352  RFCOMM - ok
17:54:47.0216 4352  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
17:54:47.0247 4352  RpcEptMapper - ok
17:54:47.0247 4352  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
17:54:47.0247 4352  RpcLocator - ok
17:54:47.0263 4352  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
17:54:47.0294 4352  RpcSs - ok
17:54:47.0294 4352  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:54:47.0325 4352  rspndr - ok
17:54:47.0325 4352  [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
17:54:47.0341 4352  RTL8167 - ok
17:54:47.0357 4352  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
17:54:47.0357 4352  s3cap - ok
17:54:47.0357 4352  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
17:54:47.0372 4352  SamSs - ok
17:54:47.0372 4352  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
17:54:47.0388 4352  sbp2port - ok
17:54:47.0388 4352  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:54:47.0419 4352  SCardSvr - ok
17:54:47.0419 4352  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
17:54:47.0450 4352  scfilter - ok
17:54:47.0466 4352  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
17:54:47.0497 4352  Schedule - ok
17:54:47.0497 4352  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
17:54:47.0528 4352  SCPolicySvc - ok
17:54:47.0528 4352  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:54:47.0544 4352  SDRSVC - ok
17:54:47.0544 4352  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
17:54:47.0575 4352  secdrv - ok
17:54:47.0575 4352  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
17:54:47.0606 4352  seclogon - ok
17:54:47.0606 4352  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
17:54:47.0637 4352  SENS - ok
17:54:47.0637 4352  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
17:54:47.0653 4352  SensrSvc - ok
17:54:47.0653 4352  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
17:54:47.0669 4352  Serenum - ok
17:54:47.0669 4352  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
17:54:47.0684 4352  Serial - ok
17:54:47.0684 4352  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
17:54:47.0700 4352  sermouse - ok
17:54:47.0700 4352  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
17:54:47.0731 4352  SessionEnv - ok
17:54:47.0731 4352  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
17:54:47.0747 4352  sffdisk - ok
17:54:47.0747 4352  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
17:54:47.0762 4352  sffp_mmc - ok
17:54:47.0762 4352  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
17:54:47.0778 4352  sffp_sd - ok
17:54:47.0778 4352  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
17:54:47.0793 4352  sfloppy - ok
17:54:47.0793 4352  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
17:54:47.0825 4352  SharedAccess - ok
17:54:47.0840 4352  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:54:47.0871 4352  ShellHWDetection - ok
17:54:47.0871 4352  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
17:54:47.0871 4352  SiSRaid2 - ok
17:54:47.0887 4352  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
17:54:47.0887 4352  SiSRaid4 - ok
17:54:47.0903 4352  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
17:54:47.0918 4352  Smb - ok
17:54:47.0934 4352  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:54:47.0949 4352  SNMPTRAP - ok
17:54:47.0949 4352  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
17:54:47.0949 4352  spldr - ok
17:54:47.0965 4352  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
17:54:47.0981 4352  Spooler - ok
17:54:48.0012 4352  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
17:54:48.0074 4352  sppsvc - ok
17:54:48.0074 4352  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
17:54:48.0105 4352  sppuinotify - ok
17:54:48.0121 4352  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
17:54:48.0137 4352  srv - ok
17:54:48.0137 4352  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:54:48.0152 4352  srv2 - ok
17:54:48.0152 4352  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:54:48.0168 4352  srvnet - ok
17:54:48.0168 4352  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
17:54:48.0199 4352  SSDPSRV - ok
17:54:48.0199 4352  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
17:54:48.0230 4352  SstpSvc - ok
17:54:48.0246 4352  [ B2D8B364A831427A5741F6C408FA8AE3 ] STacSV          C:\Program Files\IDT\WDM\STacSV64.exe
17:54:48.0246 4352  STacSV - ok
17:54:48.0261 4352  [ 92E7F6666633D2DD91D527503DAA7BE0 ] stdcfltn        C:\Windows\system32\DRIVERS\stdcfltn.sys
17:54:48.0261 4352  stdcfltn - ok
17:54:48.0261 4352  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
17:54:48.0277 4352  stexstor - ok
17:54:48.0277 4352  [ EF5ACDE92BA3F691BBFEF781CB063501 ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
17:54:48.0293 4352  STHDA - ok
17:54:48.0308 4352  [ DECACB6921DED1A38642642685D77DAC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
17:54:48.0308 4352  StillCam - ok
17:54:48.0324 4352  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
17:54:48.0339 4352  stisvc - ok
17:54:48.0339 4352  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
17:54:48.0355 4352  storflt - ok
17:54:48.0355 4352  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll
17:54:48.0371 4352  StorSvc - ok
17:54:48.0371 4352  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
17:54:48.0386 4352  storvsc - ok
17:54:48.0386 4352  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
17:54:48.0386 4352  swenum - ok
17:54:48.0402 4352  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
17:54:48.0433 4352  swprv - ok
17:54:48.0449 4352  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
17:54:48.0480 4352  SysMain - ok
17:54:48.0495 4352  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:54:48.0511 4352  TabletInputService - ok
17:54:48.0511 4352  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
17:54:48.0542 4352  TapiSrv - ok
17:54:48.0542 4352  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
17:54:48.0573 4352  TBS - ok
17:54:48.0589 4352  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
17:54:48.0636 4352  Tcpip - ok
17:54:48.0651 4352  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
17:54:48.0683 4352  TCPIP6 - ok
17:54:48.0683 4352  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:54:48.0714 4352  tcpipreg - ok
17:54:48.0714 4352  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:54:48.0729 4352  TDPIPE - ok
17:54:48.0729 4352  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
17:54:48.0745 4352  TDTCP - ok
17:54:48.0745 4352  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
17:54:48.0776 4352  tdx - ok
17:54:48.0776 4352  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
17:54:48.0776 4352  TermDD - ok
17:54:48.0792 4352  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
17:54:48.0823 4352  TermService - ok
17:54:48.0839 4352  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
17:54:48.0839 4352  Themes - ok
17:54:48.0854 4352  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
17:54:48.0870 4352  THREADORDER - ok
17:54:48.0885 4352  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
17:54:48.0917 4352  TrkWks - ok
17:54:48.0917 4352  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:54:48.0948 4352  TrustedInstaller - ok
17:54:48.0948 4352  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:54:48.0979 4352  tssecsrv - ok
17:54:48.0979 4352  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
17:54:48.0995 4352  TsUsbFlt - ok
17:54:48.0995 4352  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
17:54:48.0995 4352  TsUsbGD - ok
17:54:49.0010 4352  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:54:49.0026 4352  tunnel - ok
17:54:49.0026 4352  [ FD24F98D2898BE093FE926604BE7DB99 ] TurboB          C:\Windows\system32\DRIVERS\TurboB.sys
17:54:49.0041 4352  TurboB - ok
17:54:49.0041 4352  [ 600B406A04D90F577FEA8A88D7379F08 ] TurboBoost      C:\Program Files\Intel\TurboBoost\TurboBoost.exe
17:54:49.0057 4352  TurboBoost - ok
17:54:49.0057 4352  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
17:54:49.0073 4352  uagp35 - ok
17:54:49.0073 4352  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:54:49.0104 4352  udfs - ok
17:54:49.0104 4352  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
17:54:49.0119 4352  UI0Detect - ok
17:54:49.0119 4352  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
17:54:49.0135 4352  uliagpkx - ok
17:54:49.0135 4352  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
17:54:49.0151 4352  umbus - ok
17:54:49.0151 4352  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
17:54:49.0166 4352  UmPass - ok
17:54:49.0166 4352  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
17:54:49.0182 4352  UmRdpService - ok
17:54:49.0197 4352  [ EB79C6C91A99930015EF29AE7FA802D1 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
17:54:49.0244 4352  UNS - ok
17:54:49.0260 4352  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
17:54:49.0291 4352  upnphost - ok
17:54:49.0291 4352  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
17:54:49.0307 4352  usbccgp - ok
17:54:49.0307 4352  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
17:54:49.0322 4352  usbcir - ok
17:54:49.0322 4352  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
17:54:49.0322 4352  usbehci - ok
17:54:49.0338 4352  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
17:54:49.0353 4352  usbhub - ok
17:54:49.0353 4352  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
17:54:49.0353 4352  usbohci - ok
17:54:49.0369 4352  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\drivers\usbprint.sys
17:54:49.0369 4352  usbprint - ok
17:54:49.0385 4352  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:54:49.0385 4352  USBSTOR - ok
17:54:49.0400 4352  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
17:54:49.0400 4352  usbuhci - ok
17:54:49.0400 4352  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
17:54:49.0416 4352  usbvideo - ok
17:54:49.0431 4352  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
17:54:49.0447 4352  UxSms - ok
17:54:49.0463 4352  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
17:54:49.0463 4352  VaultSvc - ok
17:54:49.0494 4352  [ 8C51E58D59CBF2639832484EC9ED8DDA ] vcsFPService    C:\Windows\system32\vcsFPService.exe
17:54:49.0541 4352  vcsFPService - ok
17:54:49.0556 4352  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
17:54:49.0556 4352  vdrvroot - ok
17:54:49.0572 4352  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
17:54:49.0603 4352  vds - ok
17:54:49.0603 4352  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
17:54:49.0619 4352  vga - ok
17:54:49.0619 4352  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
17:54:49.0650 4352  VgaSave - ok
17:54:49.0650 4352  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
17:54:49.0665 4352  vhdmp - ok
17:54:49.0665 4352  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
17:54:49.0681 4352  viaide - ok
17:54:49.0681 4352  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
17:54:49.0697 4352  vmbus - ok
17:54:49.0697 4352  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
17:54:49.0697 4352  VMBusHID - ok
17:54:49.0712 4352  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
17:54:49.0712 4352  volmgr - ok
17:54:49.0728 4352  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
17:54:49.0728 4352  volmgrx - ok
17:54:49.0743 4352  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
17:54:49.0743 4352  volsnap - ok
17:54:49.0759 4352  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
17:54:49.0759 4352  vsmraid - ok
17:54:49.0790 4352  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
17:54:49.0837 4352  VSS - ok
17:54:49.0837 4352  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
17:54:49.0853 4352  vwifibus - ok
17:54:49.0853 4352  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
17:54:49.0868 4352  vwififlt - ok
17:54:49.0868 4352  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
17:54:49.0899 4352  W32Time - ok
17:54:49.0899 4352  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
17:54:49.0915 4352  WacomPen - ok
17:54:49.0915 4352  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
17:54:49.0946 4352  WANARP - ok
17:54:49.0946 4352  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:54:49.0977 4352  Wanarpv6 - ok
17:54:49.0993 4352  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
17:54:50.0024 4352  wbengine - ok
17:54:50.0024 4352  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
17:54:50.0040 4352  WbioSrvc - ok
17:54:50.0055 4352  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
17:54:50.0071 4352  wcncsvc - ok
17:54:50.0071 4352  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:54:50.0087 4352  WcsPlugInService - ok
17:54:50.0087 4352  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
17:54:50.0087 4352  Wd - ok
17:54:50.0102 4352  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:54:50.0118 4352  Wdf01000 - ok
17:54:50.0118 4352  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:54:50.0149 4352  WdiServiceHost - ok
17:54:50.0149 4352  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
17:54:50.0165 4352  WdiSystemHost - ok
17:54:50.0180 4352  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
17:54:50.0196 4352  WebClient - ok
17:54:50.0196 4352  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:54:50.0227 4352  Wecsvc - ok
17:54:50.0227 4352  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
17:54:50.0258 4352  wercplsupport - ok
17:54:50.0258 4352  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
17:54:50.0289 4352  WerSvc - ok
17:54:50.0289 4352  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
17:54:50.0321 4352  WfpLwf - ok
17:54:50.0321 4352  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
17:54:50.0336 4352  WIMMount - ok
17:54:50.0336 4352  WinDefend - ok
17:54:50.0336 4352  WinHttpAutoProxySvc - ok
17:54:50.0352 4352  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
17:54:50.0383 4352  Winmgmt - ok
17:54:50.0399 4352  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
17:54:50.0445 4352  WinRM - ok
17:54:50.0461 4352  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
17:54:50.0477 4352  WinUsb - ok
17:54:50.0492 4352  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
17:54:50.0508 4352  Wlansvc - ok
17:54:50.0508 4352  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
17:54:50.0523 4352  WmiAcpi - ok
17:54:50.0523 4352  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:54:50.0539 4352  wmiApSrv - ok
17:54:50.0539 4352  WMPNetworkSvc - ok
17:54:50.0555 4352  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
17:54:50.0555 4352  WPCSvc - ok
17:54:50.0570 4352  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:54:50.0586 4352  WPDBusEnum - ok
17:54:50.0586 4352  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
17:54:50.0617 4352  ws2ifsl - ok
17:54:50.0617 4352  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
17:54:50.0633 4352  wscsvc - ok
17:54:50.0633 4352  WSearch - ok
17:54:50.0664 4352  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
17:54:50.0711 4352  wuauserv - ok
17:54:50.0711 4352  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
17:54:50.0742 4352  WudfPf - ok
17:54:50.0742 4352  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
17:54:50.0773 4352  WUDFRd - ok
17:54:50.0773 4352  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
17:54:50.0804 4352  wudfsvc - ok
17:54:50.0804 4352  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
17:54:50.0820 4352  WwanSvc - ok
17:54:50.0835 4352  ================ Scan global ===============================
17:54:50.0835 4352  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:54:50.0835 4352  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
17:54:50.0851 4352  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
17:54:50.0851 4352  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:54:50.0851 4352  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:54:50.0867 4352  [Global] - ok
17:54:50.0867 4352  ================ Scan MBR ==================================
17:54:50.0867 4352  [ 8E734BD7AA1D4F7E9AF58DF495F6CF9E ] \Device\Harddisk0\DR0
17:54:50.0882 4352  \Device\Harddisk0\DR0 - ok
17:54:50.0882 4352  ================ Scan VBR ==================================
17:54:50.0882 4352  [ 77E1D1643F5106F1242368AB5C51F450 ] \Device\Harddisk0\DR0\Partition1
17:54:50.0898 4352  \Device\Harddisk0\DR0\Partition1 - ok
17:54:50.0898 4352  [ 6BB0B2A9F6659BFEFCF3F59957F9202F ] \Device\Harddisk0\DR0\Partition2
17:54:50.0898 4352  \Device\Harddisk0\DR0\Partition2 - ok
17:54:50.0898 4352  ============================================================
17:54:50.0898 4352  Scan finished
17:54:50.0898 4352  ============================================================
17:54:50.0898 11080  Detected object count: 2
17:54:50.0898 11080  Actual detected object count: 2
17:54:59.0259 11080  Atheros Bt&Wlan Coex Agent ( UnsignedFile.Multi.Generic ) - skipped by user
17:54:59.0259 11080  Atheros Bt&Wlan Coex Agent ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:54:59.0259 11080  Macromedia Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:54:59.0259 11080  Macromedia Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
MFG

Alt 23.10.2012, 21:53   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Icredibar unter Google Chrome - Standard

Icredibar unter Google Chrome



Ebenfalls unauffällig
Noch Probleme oder Fragen offen?

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.10.2012, 21:13   #15
dr_baer
 
Icredibar unter Google Chrome - Standard

Icredibar unter Google Chrome



Logfile Malware
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.10.24.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Alexander Bär :: ALEXPC2 [Administrator]

Schutz: Aktiviert

24.10.2012 20:31:45
mbam-log-2012-10-24 (20-31-45).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 323194
Laufzeit: 11 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\Alexander Bär\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MSNT6UQR\WORLD_21_target_5830[1].exe (PUP.Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Alexander Bär\AppData\Local\Opera\Opera\cache\g_006B\opr00ANY.tmp (PUP.BundleInstaller.SOL) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Alexander Bär\Downloads\dvd shrink.exe (PUP.BundleInstaller.SOL) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

Logfile SuperAntiSpyware
Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 10/24/2012 at 09:04 PM

Application Version : 5.6.1012

Core Rules Database Version : 9466
Trace Rules Database Version: 7278

Scan type       : Quick Scan
Total Scan Time : 00:02:25

Operating System Information
Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 800
Memory threats detected   : 0
Registry items scanned    : 60402
Registry threats detected : 28
File items scanned        : 10784
File threats detected     : 281

Adware.Yontoo
	(x86) HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
	(x86) HKCR\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
	(x86) HKCR\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
	(x86) HKCR\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\InprocServer32
	(x86) HKCR\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\InprocServer32#ThreadingModel
	(x86) HKCR\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ProgID
	(x86) HKCR\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\Programmable
	(x86) HKCR\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\TypeLib
	(x86) HKCR\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\VersionIndependentProgID
	(x86) HKCR\YontooIEClient.Layers.1
	(x86) HKCR\YontooIEClient.Layers.1\CLSID
	(x86) HKCR\YontooIEClient.Layers
	(x86) HKCR\YontooIEClient.Layers\CLSID
	(x86) HKCR\YontooIEClient.Layers\CurVer
	(x86) HKCR\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
	(x86) HKCR\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0
	(x86) HKCR\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0\0
	(x86) HKCR\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0\0\win32
	(x86) HKCR\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0\FLAGS
	(x86) HKCR\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0\HELPDIR
	C:\PROGRAM FILES (X86)\YONTOO\YONTOOIECLIENT.DLL
	(x86) HKCR\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
	(x86) HKCR\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\ProxyStubClsid32
	(x86) HKCR\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\TypeLib
	(x86) HKCR\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\TypeLib#Version
	(x86) HKCR\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
	(x86) HKCR\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}\ProxyStubClsid32
	(x86) HKCR\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}\TypeLib
	(x86) HKCR\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}\TypeLib#Version

Adware.Tracking Cookie
	revsci.net [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	invitemedia.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	C:\Users\Alexander Bär\AppData\Roaming\Microsoft\Windows\Cookies\FQRW2PG8.txt [ /c.atdmt.com ]
	apmebf.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	mediaplex.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	track.adform.net [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	atdmt.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	atdmt.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	C:\USERS\ALEXANDER BäR\AppData\Roaming\Microsoft\Windows\Cookies\Low\PQT1NG5B.txt [ Cookie:alexander bär@ads.pornerbros.com/ ]
	revenuemax.de [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	a.revenuemax.de [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	C:\USERS\ALEXANDER BäR\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexander_bär@ads2.zeusclicks[1].txt [ Cookie:alexander bär@ads2.zeusclicks.com/ ]
	ad.yieldmanager.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	zanox.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	adxpose.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	fuckyouverymuch.dk [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	fuckyouverymuch.dk [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	C:\USERS\ALEXANDER BäR\AppData\Roaming\Microsoft\Windows\Cookies\Low\RV1ED7WB.txt [ Cookie:alexander bär@rpc.trafficfactory.biz/ ]
	adtech.de [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	C:\USERS\ALEXANDER BäR\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexander_bär@www.googleadservices[2].txt [ Cookie:alexander bär@www.googleadservices.com/pagead/conversion/1052825818/ ]
	C:\USERS\ALEXANDER BäR\AppData\Roaming\Microsoft\Windows\Cookies\Low\52ZY9ZMW.txt [ Cookie:alexander bär@ubesttorrent2011.com/tracking/ ]
	C:\USERS\ALEXANDER BäR\AppData\Roaming\Microsoft\Windows\Cookies\Low\IJIJRTTL.txt [ Cookie:alexander bär@mediaplex.com/ ]
	C:\USERS\ALEXANDER BäR\AppData\Roaming\Microsoft\Windows\Cookies\Low\BBIZJAV5.txt [ Cookie:alexander bär@api.firestormmedia.tv/iptv/ ]
	C:\USERS\ALEXANDER BäR\AppData\Roaming\Microsoft\Windows\Cookies\Low\91A083KF.txt [ Cookie:alexander bär@hardsextube.com/video/1073584/Busty-Granny-Ginette/ ]
	C:\USERS\ALEXANDER BäR\AppData\Roaming\Microsoft\Windows\Cookies\Low\HDXYZ1B1.txt [ Cookie:alexander bär@service.clicksvenue.com/ ]
	C:\USERS\ALEXANDER BäR\AppData\Roaming\Microsoft\Windows\Cookies\Low\PCKVX3TO.txt [ Cookie:alexander bär@adxpansion.com/ ]
	C:\USERS\ALEXANDER BäR\AppData\Roaming\Microsoft\Windows\Cookies\Low\WRVS3027.txt [ Cookie:alexander bär@de.youporn.com/ ]
	revsci.net [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	C:\USERS\ALEXANDER BäR\AppData\Roaming\Microsoft\Windows\Cookies\Low\0PQTN5V2.txt [ Cookie:alexander bär@dev.hardsextube.com/ ]
	serving-sys.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	C:\USERS\ALEXANDER BäR\AppData\Roaming\Microsoft\Windows\Cookies\Low\E5UL762N.txt [ Cookie:alexander bär@ero-advertising.com/ ]
	serving-sys.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	C:\USERS\ALEXANDER BäR\AppData\Roaming\Microsoft\Windows\Cookies\Low\KCQMHDC6.txt [ Cookie:alexander bär@adserver.hardsextube.com/ ]
	C:\USERS\ALEXANDER BäR\AppData\Roaming\Microsoft\Windows\Cookies\Low\FF7TJ28I.txt [ Cookie:alexander bär@ads.crakmedia.com/ ]
	C:\USERS\ALEXANDER BäR\AppData\Roaming\Microsoft\Windows\Cookies\Low\ISJRIA4A.txt [ Cookie:alexander bär@hardsextube.com/ ]
	amazon-adsystem.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	C:\USERS\ALEXANDER BäR\AppData\Roaming\Microsoft\Windows\Cookies\Low\XIITWWEX.txt [ Cookie:alexander bär@youporn.com/ ]
	amazon-adsystem.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	C:\USERS\ALEXANDER BäR\AppData\Roaming\Microsoft\Windows\Cookies\Low\VVNPBLQH.txt [ Cookie:alexander bär@panzertraffic.com/ ]
	C:\USERS\ALEXANDER BäR\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexander_bär@atdmt[2].txt [ Cookie:alexander bär@atdmt.com/ ]
	in.getclicky.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	doubleclick.net [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	imrworldwide.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	imrworldwide.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	ads.pointroll.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	pointroll.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	pointroll.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	ads.pointroll.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	ads.pointroll.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	ads.pointroll.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	ads.pointroll.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	ads.pointroll.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	ads.pointroll.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	legolas-media.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	insightexpressai.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	insightexpressai.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	server.adformdsp.net [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	adformdsp.net [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	adform.net [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	webmasterplan.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	webmasterplan.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	ad4.adfarm1.adition.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	zanox-affiliate.de [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	kontera.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	clicksor.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	clicksor.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	myroitracking.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	clicksor.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	clicksor.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	fastclick.net [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	webmasterplan.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	eas4.emediate.eu [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	mediathek.rbb-online.de [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	invitemedia.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	adx2.chip.de [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	generaltracking.de [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	generaltracking.de [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	generaltracking.de [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	generaltracking.de [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	ad.adnet.de [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	webmasterplan.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	revsci.net [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	xiti.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	adbrite.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	adbrite.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	casalemedia.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	casalemedia.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	casalemedia.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	casalemedia.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	invitemedia.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	generaltracking.de [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	ad.dyntracker.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	tracking.quisma.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	tracking.quisma.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	tradedoubler.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	unister-adservices.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	unister-adservices.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	smartadserver.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	smartadserver.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	ww251.smartadserver.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	smartadserver.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	smartadserver.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	www7.addfreestats.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	warez-load.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	warez-load.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	yadro.ru [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	yadro.ru [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	aim4media.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	webmasterplan.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	webmasterplan.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	banners.victor.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	webmasterplan.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	invitemedia.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	smartadserver.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	apmebf.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	adtech.de [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	webmasterplan.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	guj.122.2o7.net [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	questionmarket.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	questionmarket.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	webmasterplan.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	webmasterplan.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	tradedoubler.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	eas5.emediate.eu [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	mediaplex.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	tracking.quisma.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	traffictrack.de [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	advertising.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	webmasterplan.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	eas4.emediate.eu [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	track.adform.net [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	adform.net [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	invitemedia.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	invitemedia.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	invitemedia.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	zanox-affiliate.de [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	www.zanox-affiliate.de [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	tracking.quisma.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	quartermedia.de [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	tracker.vinsight.de [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	revsci.net [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	revsci.net [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	revsci.net [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	revsci.net [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	adtech.de [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	webmasterplan.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	webmasterplan.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	webmasterplan.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	tradedoubler.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	tradedoubler.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	www.ardmediathek.de [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	statcounter.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	doubleclick.net [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	zanox.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	adfarm1.adition.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	adfarm1.adition.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	adfarm1.adition.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	adfarm1.adition.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	serving-sys.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	serving-sys.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	serving-sys.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	accounts.google.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	accounts.google.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	.zanox.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	.apmebf.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	.amazon-adsystem.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	.amazon-adsystem.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	tomtailor.dyntracker.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	.fastclick.net [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	tracking.mlsat02.de [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	.zanox-affiliate.de [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	.zanox-affiliate.de [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	.revenuemax.de [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	ad.adserver01.de [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	.ru4.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	.questionmarket.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	.questionmarket.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	ad1.adfarm1.adition.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	server.adform.net [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	server.adform.net [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	.adform.net [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	adfarm1.adition.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	www.usenext.de [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	statse.webtrendslive.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	ad2.adfarm1.adition.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	.zanox.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	ad.zanox.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	.quartermedia.de [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	.quartermedia.de [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	ad3.adfarm1.adition.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	.bs.serving-sys.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	.statcounter.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	.statcounter.com [ C:\USERS\ALEXANDER BäR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLGQ0F03.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\ALEXANDER BäR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad.yieldmanager.com [ C:\USERS\ALEXANDER BäR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad.yieldmanager.com [ C:\USERS\ALEXANDER BäR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	in.getclicky.com [ C:\USERS\ALEXANDER BäR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	www.googleadservices.com [ C:\USERS\ALEXANDER BäR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	statse.webtrendslive.com [ C:\USERS\ALEXANDER BäR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad.yieldmanager.com [ C:\USERS\ALEXANDER BäR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad.yieldmanager.com [ C:\USERS\ALEXANDER BäR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad.yieldmanager.com [ C:\USERS\ALEXANDER BäR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
         

Antwort

Themen zu Icredibar unter Google Chrome
administrator, aktiviert, anleitung, autostart, bösartige, dateien, downloads, erfolgreich, explorer, folge, folgender, gelöscht, google, installiert, kommt immer wieder, leute, logfile, neuinstallieren, quarantäne, registrierung, seite, service, speicher, startseite, toolbar, version



Ähnliche Themen: Icredibar unter Google Chrome


  1. ESET hat Diverses gefunden, Laptop extrem langsam, andauernde Fehlermeldungen Chrome"Ups Google Chrome ...."
    Plagegeister aller Art und deren Bekämpfung - 19.07.2015 (165)
  2. onclickads öffnet ständig Werbungen in neuen Tabs/Fenstern unter Windows 8 / Chrome
    Log-Analyse und Auswertung - 02.05.2015 (20)
  3. Unter Google Chrome öffnen sich automatisch Tabs
    Plagegeister aller Art und deren Bekämpfung - 23.03.2015 (15)
  4. Werbung trotz Addblocker unter Windows 8.1 und Chrome
    Plagegeister aller Art und deren Bekämpfung - 04.02.2015 (14)
  5. Google Chrome - öffnet eine andere Seite beim Starten von Google Chrome (Win7)
    Plagegeister aller Art und deren Bekämpfung - 19.01.2015 (29)
  6. Seltsames Verhalten Chrome unter OSX Mavericks
    Alles rund um Mac OSX & Linux - 16.11.2014 (9)
  7. Pop-up Fenster in Chrome und Safari unter Mac OSX
    Alles rund um Mac OSX & Linux - 03.09.2014 (3)
  8. Win 7: Google Chrome/Mozilla firefox lässt vermehrt Werbung auf Webseiten zu & Google Suchergebnisse scheinen manipuliert zu sein
    Log-Analyse und Auswertung - 29.04.2014 (8)
  9. JS:Trojan.Clicker.NBP (B) im Chrome Cache unter WIN7
    Log-Analyse und Auswertung - 21.12.2013 (15)
  10. GOLSearch in Chrome unter W7 64bit eingenistet
    Log-Analyse und Auswertung - 24.11.2013 (5)
  11. do-search lässt sich aus chrome unter win7 x64 nicht löschen
    Log-Analyse und Auswertung - 15.11.2013 (1)
  12. Seltsame Pop-Ups und Verlinkungen unter Chrome und IE. Virus?
    Log-Analyse und Auswertung - 10.07.2013 (41)
  13. snap.do unter google Chrome komplett entfernen
    Log-Analyse und Auswertung - 19.04.2013 (2)
  14. Mystart incredibar hat mich unter Chrome u. Firefox erwischt
    Plagegeister aller Art und deren Bekämpfung - 16.02.2013 (11)
  15. MyStart Icredibar
    Log-Analyse und Auswertung - 26.09.2012 (2)
  16. Mehr Sicherheit für Flash in Chrome unter Windows
    Nachrichten - 09.08.2012 (0)
  17. Google Chrome leitet Trojaner-Board Treffer bei Google auf dollarade.com um!
    Diskussionsforum - 07.02.2012 (18)

Zum Thema Icredibar unter Google Chrome - Hallo Leute, ich habe mir leider diese Inredibar unter Google Chrome eingefangen. Die Toolbar an sich kann ich ja loeschen bzw deaktivieren. Nur, die "mystart" Startseite kommt immer wieder und - Icredibar unter Google Chrome...
Archiv
Du betrachtest: Icredibar unter Google Chrome auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.