Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Antivir blockt mor.exe (https://www.trojaner-board.de/123366-antivir-blockt-mor-exe.html)

berlinessa 03.09.2012 08:18

Antivir blockt mor.exe
 
Hallo liebes Trojanerboard,

mein Avira Scanner hat beim Surfen auf www.kuhnshop.de die Ausführung von mor.exe geblockt:

Gesperrte Anwendung:
Lokale IP: 0.0.0.0
Lokaler Port: 7621
Remote IP: 127.0.0.1
Remote Port: 12460
Aktionscode: Connect
Pfad der Anwendung: C:\Users\JUDITH~1\AppData\Local\Temp\mor.exe

Zur Vorgeschichte: ich erhielt eine Spammail, die mich aufforderte eine noch nicht beglichene Rechnung von über 5000,- € bei Kuhn Versand zu bezahlen. Ich hab mir über Google die Seite rausgesucht und habe auf der Website auf Impressum geklickt - dann kam der Block.

Daraufhin habe ich einen Scan mit Antivir gemacht, das Programm hat auch was gefunden, hier das Logfile:

Code:

Avira Internet Security 2012
Erstellungsdatum der Reportdatei: Sonntag, 2. September 2012  11:11

Es wird nach 4205569 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer  : ***
Seriennummer  : 2212046140-ISECE-0000001
Plattform      : Windows 7 Home Premium
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus    : Normal gebootet
Benutzername  : SYSTEM
Computername  : CHARMIANATHOME

Versionsinformationen:
BUILD.DAT      : 12.0.0.1128    48679 Bytes  18.07.2012 18:52:00
AVSCAN.EXE    : 12.3.0.33    468472 Bytes  31.07.2012 08:38:36
AVSCAN.DLL    : 12.3.0.15      66256 Bytes  18.06.2012 21:41:47
LUKE.DLL      : 12.3.0.15      68304 Bytes  18.06.2012 21:42:07
AVSCPLR.DLL    : 12.3.0.14      97032 Bytes  18.06.2012 21:42:29
AVREG.DLL      : 12.3.0.17    232200 Bytes  18.06.2012 21:42:28
VBASE000.VDF  : 7.10.0.0    19875328 Bytes  06.11.2009 11:47:38
VBASE001.VDF  : 7.11.0.0    13342208 Bytes  14.12.2010 11:47:48
VBASE002.VDF  : 7.11.19.170 14374912 Bytes  20.12.2011 07:20:45
VBASE003.VDF  : 7.11.21.238  4472832 Bytes  01.02.2012 12:10:36
VBASE004.VDF  : 7.11.26.44  4329472 Bytes  28.03.2012 18:46:58
VBASE005.VDF  : 7.11.34.116  4034048 Bytes  29.06.2012 13:02:04
VBASE006.VDF  : 7.11.34.117    2048 Bytes  29.06.2012 13:02:04
VBASE007.VDF  : 7.11.34.118    2048 Bytes  29.06.2012 13:02:04
VBASE008.VDF  : 7.11.34.119    2048 Bytes  29.06.2012 13:02:04
VBASE009.VDF  : 7.11.34.120    2048 Bytes  29.06.2012 13:02:04
VBASE010.VDF  : 7.11.34.121    2048 Bytes  29.06.2012 13:02:04
VBASE011.VDF  : 7.11.34.122    2048 Bytes  29.06.2012 13:02:04
VBASE012.VDF  : 7.11.34.123    2048 Bytes  29.06.2012 13:02:04
VBASE013.VDF  : 7.11.34.124    2048 Bytes  29.06.2012 13:02:05
VBASE014.VDF  : 7.11.38.18  2554880 Bytes  30.07.2012 19:09:51
VBASE015.VDF  : 7.11.38.70    556032 Bytes  31.07.2012 08:41:29
VBASE016.VDF  : 7.11.38.143  171008 Bytes  02.08.2012 21:34:45
VBASE017.VDF  : 7.11.38.221  178176 Bytes  06.08.2012 08:39:10
VBASE018.VDF  : 7.11.39.37    168448 Bytes  08.08.2012 07:02:28
VBASE019.VDF  : 7.11.39.89    131072 Bytes  09.08.2012 15:30:03
VBASE020.VDF  : 7.11.39.145  142336 Bytes  11.08.2012 19:30:03
VBASE021.VDF  : 7.11.39.207  165888 Bytes  14.08.2012 16:06:37
VBASE022.VDF  : 7.11.40.9    156160 Bytes  16.08.2012 18:37:57
VBASE023.VDF  : 7.11.40.49    133120 Bytes  17.08.2012 20:19:08
VBASE024.VDF  : 7.11.40.95    156160 Bytes  20.08.2012 14:34:43
VBASE025.VDF  : 7.11.40.155  181760 Bytes  22.08.2012 08:34:58
VBASE026.VDF  : 7.11.40.205  203264 Bytes  23.08.2012 13:03:01
VBASE027.VDF  : 7.11.41.29    188416 Bytes  27.08.2012 20:18:40
VBASE028.VDF  : 7.11.41.87    250368 Bytes  30.08.2012 10:36:12
VBASE029.VDF  : 7.11.41.88      2048 Bytes  30.08.2012 10:36:12
VBASE030.VDF  : 7.11.41.89      2048 Bytes  30.08.2012 10:36:12
VBASE031.VDF  : 7.11.41.134  215040 Bytes  02.09.2012 09:10:03
Engineversion  : 8.2.10.150
AEVDF.DLL      : 8.1.2.10      102772 Bytes  10.07.2012 11:17:30
AESCRIPT.DLL  : 8.1.4.46      455034 Bytes  24.08.2012 13:03:05
AESCN.DLL      : 8.1.8.2      131444 Bytes  27.01.2012 08:19:39
AESBX.DLL      : 8.2.5.12      606578 Bytes  18.06.2012 10:47:55
AERDL.DLL      : 8.1.9.15      639348 Bytes  18.09.2011 11:57:45
AEPACK.DLL    : 8.3.0.32      811382 Bytes  24.08.2012 13:03:05
AEOFFICE.DLL  : 8.1.2.42      201083 Bytes  19.07.2012 14:09:42
AEHEUR.DLL    : 8.1.4.94    5230967 Bytes  30.08.2012 10:36:13
AEHELP.DLL    : 8.1.23.2      258422 Bytes  28.06.2012 13:01:45
AEGEN.DLL      : 8.1.5.36      434549 Bytes  24.08.2012 13:03:01
AEEXP.DLL      : 8.1.0.84      90485 Bytes  30.08.2012 10:36:14
AEEMU.DLL      : 8.1.3.2      393587 Bytes  10.07.2012 11:17:29
AECORE.DLL    : 8.1.27.4      201078 Bytes  07.08.2012 10:39:27
AEBB.DLL      : 8.1.1.0        53618 Bytes  05.01.2011 11:47:51
AVWINLL.DLL    : 12.3.0.15      27344 Bytes  18.06.2012 21:41:28
AVPREF.DLL    : 12.3.0.15      51920 Bytes  18.06.2012 21:41:47
AVREP.DLL      : 12.3.0.15    179208 Bytes  18.06.2012 21:42:29
AVARKT.DLL    : 12.3.0.15    211408 Bytes  18.06.2012 21:41:36
AVEVTLOG.DLL  : 12.3.0.15    169168 Bytes  18.06.2012 21:41:38
SQLITE3.DLL    : 3.7.0.1      398288 Bytes  18.06.2012 21:42:15
AVSMTP.DLL    : 12.3.0.32      63992 Bytes  31.07.2012 08:38:36
NETNT.DLL      : 12.3.0.15      17104 Bytes  18.06.2012 21:42:10
RCIMAGE.DLL    : 12.3.0.31    4819704 Bytes  31.07.2012 08:38:35
RCTEXT.DLL    : 12.3.0.31    100088 Bytes  31.07.2012 08:38:35

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Sonntag, 2. September 2012  11:11

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD1
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD2
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD3
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'SearchFilterHost.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '9' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '139' Modul(e) wurden durchsucht
Durchsuche Prozess 'EXCEL.EXE' - '92' Modul(e) wurden durchsucht
Durchsuche Prozess 'EvernoteTray.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'Evernote.exe' - '123' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'wuauclt.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_3_300_271.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_3_300_271.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '118' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '113' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'iPodService.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'AVWEBGRD.EXE' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'avmailc.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'EvernoteClipper.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dropbox.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'PfuSsMon.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'CardLauncher.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '117' Modul(e) wurden durchsucht
Durchsuche Prozess 'acrotray.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'SsWiaChecker.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleCrashHandler.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '180' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'avfwsvc.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '91' Modul(e) wurden durchsucht
Durchsuche Prozess 'atieclxx.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '156' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '121' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '96' Modul(e) wurden durchsucht
Durchsuche Prozess 'atiesrxx.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '3373' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
C:\Users\***\AppData\Local\Temp\jar_cache1333515056142189599.tmp
  [0] Archivtyp: ZIP
  --> xmltree/armin.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/JAVA.Niabil.Gen
  --> xmltree/opkat.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840
C:\Users\***\AppData\Local\Temp\jar_cache3137602177006505005.tmp
  [0] Archivtyp: ZIP
  --> eel.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2011-3544.CD
  --> nit.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2011-3544.BN.2
C:\Users\***\AppData\Local\Temp\YontooSetup-Silent.exe
  [FUND]      Enthält Erkennungsmuster der Adware ADWARE/Yontoo.E.1
C:\Users\***\Downloads\avira_internet_security_de.exe
  [WARNUNG]  Die Datei ist kennwortgeschützt

Beginne mit der Desinfektion:
C:\Users\***\AppData\Local\Temp\YontooSetup-Silent.exe
  [FUND]      Enthält Erkennungsmuster der Adware ADWARE/Yontoo.E.1
  [HINWEIS]  Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5596cc02.qua' verschoben!
C:\Users\***\AppData\Local\Temp\jar_cache3137602177006505005.tmp
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/2011-3544.BN.2
  [HINWEIS]  Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4d05e3b7.qua' verschoben!
C:\Users\***\AppData\Local\Temp\jar_cache1333515056142189599.tmp
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840
  [HINWEIS]  Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1f5ab95f.qua' verschoben!


Ende des Suchlaufs: Sonntag, 2. September 2012  15:45
Benötigte Zeit:  4:32:29 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  40655 Verzeichnisse wurden überprüft
893035 Dateien wurden geprüft
      5 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      3 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
893030 Dateien ohne Befall
  15720 Archive wurden durchsucht
      1 Warnungen
      3 Hinweise
523997 Objekte wurden beim Rootkitscan durchsucht
      0 Versteckte Objekte wurden gefunden

OTL Text
Code:

OTL logfile created on: 02.09.2012 17:15:53 - Run 3
OTL by OldTimer - Version 3.2.59.1    Folder = C:\Users\***\Documents\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 48,85% Memory free
6,50 Gb Paging File | 4,70 Gb Available in Paging File | 72,36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 1397,17 Gb Total Space | 1139,55 Gb Free Space | 81,56% Space Free | Partition Type: NTFS
 
Computer Name: CHARMIANATHOME | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.02 14:02:23 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\***\Documents\Desktop\OTL.exe
PRC - [2012.08.30 08:54:47 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.08.14 10:52:28 | 001,014,624 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Programme\Evernote\Evernote\EvernoteClipper.exe
PRC - [2012.08.14 10:42:56 | 011,639,136 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Programme\Evernote\Evernote\Evernote.exe
PRC - [2012.08.14 10:42:56 | 000,391,520 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Programme\Evernote\Evernote\EvernoteTray.exe
PRC - [2012.07.31 10:38:35 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.19 19:30:24 | 000,186,832 | ---- | M] (Google Inc.) -- C:\Programme\Google\Update\1.3.21.115\GoogleCrashHandler.exe
PRC - [2012.06.18 23:42:13 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.06.18 23:41:48 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012.06.18 23:41:48 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.06.18 23:41:44 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe
PRC - [2012.06.18 23:41:42 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.06.18 23:41:41 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.01.19 13:36:30 | 000,077,824 | ---- | M] (PFU LIMITED) -- C:\Programme\PFU\ScanSnap\CardMinder\CardLauncher.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.01.09 01:34:18 | 000,372,736 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010.01.09 01:33:48 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009.12.01 10:28:54 | 001,146,880 | ---- | M] (PFU LIMITED) -- C:\Programme\PFU\ScanSnap\Driver\PfuSsMon.exe
PRC - [2009.09.30 11:07:34 | 000,086,016 | ---- | M] (PFU LIMITED) -- C:\Windows\SSDriver\fi5110\SsWiaChecker.exe
PRC - [2008.06.11 23:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.08.30 08:54:47 | 002,242,528 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012.07.31 09:35:18 | 021,007,360 | ---- | M] () -- C:\Programme\Evernote\Evernote\libcef.dll
MOD - [2012.03.16 15:42:58 | 000,315,392 | ---- | M] () -- C:\Programme\Evernote\Evernote\libtidy.dll
MOD - [2012.03.16 15:42:56 | 000,433,664 | ---- | M] () -- C:\Programme\Evernote\Evernote\libxml2.dll
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009.11.23 10:34:28 | 000,344,064 | ---- | M] () -- C:\Programme\PFU\ScanSnap\Driver\PfuSsConfig.dll
MOD - [2009.10.15 10:02:00 | 000,233,472 | ---- | M] () -- C:\Programme\PFU\ScanSnap\Driver\PfuSsExtention.dll
MOD - [2008.11.12 16:32:30 | 000,014,848 | ---- | M] () -- C:\Programme\PFU\ScanSnap\CardMinder\CardPath.dll
MOD - [2008.09.10 14:04:20 | 000,069,632 | ---- | M] () -- C:\Programme\PFU\ScanSnap\CardMinder\0407\CardConfig0407.dll
MOD - [2007.06.26 21:27:18 | 000,167,936 | ---- | M] () -- C:\Programme\PFU\ScanSnap\Driver\SSsltsa.dll
MOD - [2003.03.26 19:46:36 | 000,135,168 | ---- | M] () -- C:\Programme\PFU\ScanSnap\Driver\PfuSsImgIO.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.08.30 08:54:47 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.15 10:58:34 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.06.18 23:42:13 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.06.18 23:41:48 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.06.18 23:41:44 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012.06.18 23:41:42 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.06.18 23:41:41 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2012.01.25 00:57:57 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.01.09 01:33:48 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\JUDITH~1\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - [2012.06.18 23:42:28 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.06.18 23:42:28 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012.06.18 23:42:27 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.06.18 23:42:26 | 000,112,032 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avfwot.sys -- (avfwot)
DRV - [2012.06.18 23:42:26 | 000,091,968 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avfwim.sys -- (avfwim)
DRV - [2012.06.18 23:42:26 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.01.09 01:54:44 | 005,191,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag)
DRV - [2010.01.09 00:40:42 | 000,125,440 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2009.11.19 01:25:04 | 000,100,352 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009.09.22 15:34:44 | 000,579,072 | R--- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192su.sys -- (RTL8192su)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.07 23:48:14 | 000,011,832 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amdide.sys -- (amdide)
DRV - [2009.06.05 03:53:42 | 000,027,320 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2009.05.05 11:00:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2003.04.22 15:47:00 | 000,016,509 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PalmUSBD.sys -- (PalmUSBD)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
 
IE - HKU\S-1-5-21-3099018591-4240011507-2240214865-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3099018591-4240011507-2240214865-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3099018591-4240011507-2240214865-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 84 05 6D 1D 22 7A CD 01  [binary data]
IE - HKU\S-1-5-21-3099018591-4240011507-2240214865-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3099018591-4240011507-2240214865-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3099018591-4240011507-2240214865-1000\..\SearchScopes\{6FDFE877-99EB-47A4-9D1A-F876293661E1}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-3099018591-4240011507-2240214865-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3099018591-4240011507-2240214865-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.106
FF - prefs.js..extensions.enabledItems: {E0B8C461-F8FB-49b4-8373-FE32E9252800}:4.0.0.138228
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.50
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: lazarus@interclue.com:2.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.1.1
FF - prefs.js..extensions.enabledItems: {fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3}:5.1.0.23
FF - prefs.js..extensions.enabledItems: {d9284e50-81fc-11da-a72b-0800200c9a66}:7.6.5
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.100
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@palmsource.com/installer,version=1.0: C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2011.04.14 12:19:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.30 08:54:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.16 07:30:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.07.14 09:43:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.30 08:54:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.16 07:30:48 | 000,000,000 | ---D | M]
 
[2010.06.28 10:45:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.06.28 10:45:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.08.30 15:15:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bu1cut1c.default\extensions
[2011.07.10 11:49:36 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bu1cut1c.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2011.02.13 12:58:59 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bu1cut1c.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.04.17 19:56:04 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bu1cut1c.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.06.08 12:32:24 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bu1cut1c.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2012.05.23 11:58:17 | 000,000,000 | ---D | M] (Diigo Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bu1cut1c.default\extensions\{fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3}
[2011.04.26 14:28:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bu1cut1c.default\extensions\nostmp
[2011.12.10 09:07:36 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bu1cut1c.default\extensions\plugin@yontoo.com
[2012.08.30 15:15:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bu1cut1c.default\extensions\trash
[2012.09.01 02:25:13 | 000,002,533 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bu1cut1c.default\searchplugins\diigo--google.xml
[2011.03.08 12:55:45 | 000,002,313 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bu1cut1c.default\searchplugins\downloadhelper-safe-videos.xml
[2011.11.13 10:35:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.09.05 10:29:54 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012.01.22 13:41:16 | 000,138,614 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
[2012.04.13 09:25:38 | 002,935,635 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\EXTENSIONS\{D9284E50-81FC-11DA-A72B-0800200C9A66}.XPI
[2012.08.25 09:01:35 | 000,270,021 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
[2012.07.12 10:39:49 | 000,223,394 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\EXTENSIONS\ISREADITLATER@IDEASHOWER.COM.XPI
[2011.08.12 19:23:51 | 000,246,802 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\EXTENSIONS\LAZARUS@INTERCLUE.COM.XPI
[2012.07.02 08:53:52 | 000,382,926 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\EXTENSIONS\READABLE@EVERNOTE.COM.XPI
[2012.08.30 08:54:48 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.05.14 07:33:26 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.30 08:54:47 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.05.14 07:33:26 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.05.14 07:33:26 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.05.14 07:33:26 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.05.14 07:33:26 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\11.0.696.77\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\11.0.696.77\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\11.0.696.77\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: PalmSource Package Installer (Enabled) = C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\***\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Dragosien Resourcenindikatoren = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpmeegekipmnabmgkbdbenggnmgnbefm\1.0_0\
CHR - Extension: Diigo Bookmark, Archive, Highlight & Sticky-Note = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\oojbgadfejifecebmdnhhkbhdjaphole\1.6.3.5_0\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Programme\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3099018591-4240011507-2240214865-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [ScanSnap WIA Service Checker] C:\Windows\SSDriver\fi5110\SsWiaChecker.exe (PFU LIMITED)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Programme\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yammer.lnk = C:\Programme\Yammer\Yammer.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3099018591-4240011507-2240214865-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll File not found
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5ABE0942-33AB-42F7-BEA4-3076B88ABFB9}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{6c56a7de-390a-11e1-9208-4061869a0bfa}\Shell - "" = AutoRun
O33 - MountPoints2\{6c56a7de-390a-11e1-9208-4061869a0bfa}\Shell\AutoRun\command - "" = H:\AUTORUN.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.02 15:52:42 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\***\Documents\Desktop\OTL.exe
[2012.08.15 14:02:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
[2012.08.06 17:10:24 | 000,000,000 | ---D | C] -- C:\Program Files\phenomedia
[2012.08.06 17:10:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Moorhuhn Remake
[2010.06.26 16:16:40 | 016,527,250 | ---- | C] (Palm, Inc.) -- C:\Program Files\PalmDesktop41SP03DEU.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.02 17:04:00 | 000,001,148 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3099018591-4240011507-2240214865-1000UA.job
[2012.09.02 16:58:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.02 16:35:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.02 16:04:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3099018591-4240011507-2240214865-1000Core.job
[2012.09.02 15:55:36 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.09.02 14:02:23 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\***\Documents\Desktop\OTL.exe
[2012.09.02 13:36:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.02 09:51:39 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.02 09:51:39 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.02 09:43:47 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.02 09:43:36 | 2615,910,400 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.31 07:55:28 | 000,000,929 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yammer.lnk
[2012.08.26 10:37:59 | 001,755,986 | ---- | M] () -- C:\Users\***\Documents\Desktop\Anlagen 1-19.pdf
[2012.08.22 13:16:55 | 000,627,715 | ---- | M] () -- C:\Users\***\Documents\Desktop\Inhaltsverzeichnis Antrag VHS Dahme Spreewald.pdf
[2012.08.16 12:54:54 | 002,163,010 | ---- | M] () -- C:\Users\***\Documents\Desktop\Kosten & Aufteilung.pdf
[2012.08.16 12:54:08 | 000,471,310 | ---- | M] () -- C:\Users\***\Documents\Desktop\Exposé (Objekt-Nr J9400).pdf
[2012.08.16 12:53:38 | 000,668,499 | ---- | M] () -- C:\Users\***\Documents\Desktop\Teilungserklärung.pdf
[2012.08.16 12:51:32 | 000,052,433 | ---- | M] () -- C:\Users\***\Documents\Desktop\Grüntaler Str. 81_Grundbuch.pdf
[2012.08.16 07:27:56 | 000,308,736 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.08.13 21:30:27 | 000,022,873 | ---- | M] () -- C:\Users\***\Documents\Desktop\Unbenannt.GIF
[2012.08.07 12:01:04 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.07 12:01:04 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.07 12:01:04 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.07 12:01:04 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.06 17:11:08 | 000,002,107 | ---- | M] () -- C:\Users\Public\Desktop\Moorhuhn Remake starten.lnk
 
========== Files Created - No Company Name ==========
 
[2012.09.02 15:55:36 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.08.26 10:33:09 | 001,755,986 | ---- | C] () -- C:\Users\***\Documents\Desktop\Anlagen 1-19.pdf
[2012.08.22 13:16:54 | 000,627,715 | ---- | C] () -- C:\Users\***\Documents\Desktop\Inhaltsverzeichnis Antrag VHS Dahme Spreewald.pdf
[2012.08.16 12:44:59 | 000,471,310 | ---- | C] () -- C:\Users\***\Documents\Desktop\Exposé (Objekt-Nr J9400).pdf
[2012.08.16 12:44:29 | 000,052,433 | ---- | C] () -- C:\Users\***\Documents\Desktop\Grüntaler Str. 81_Grundbuch.pdf
[2012.08.16 12:44:02 | 002,163,010 | ---- | C] () -- C:\Users\***\Documents\Desktop\Kosten & Aufteilung.pdf
[2012.08.16 12:43:38 | 000,668,499 | ---- | C] () -- C:\Users\***\Documents\Desktop\Teilungserklärung.pdf
[2012.08.13 21:30:27 | 000,022,873 | ---- | C] () -- C:\Users\***\Documents\Desktop\Unbenannt.GIF
[2012.08.06 17:11:04 | 000,002,107 | ---- | C] () -- C:\Users\Public\Desktop\Moorhuhn Remake starten.lnk
[2012.01.24 23:25:05 | 000,000,161 | ---- | C] () -- C:\Windows\DISPARAM.INI
[2011.04.26 13:49:52 | 000,000,807 | ---- | C] () -- C:\Users\***\.recently-used.xbel
[2011.02.11 12:55:07 | 000,002,528 | ---- | C] () -- C:\Windows\FCIC.INI
[2010.12.20 18:21:09 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2010.09.05 10:33:14 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.08.10 11:45:54 | 000,002,264 | ---- | C] () -- C:\Users\***\.powerupdate.user.properties
[2010.08.05 15:30:52 | 000,003,584 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== LOP Check ==========
 
[2012.02.17 00:32:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2010.08.18 13:15:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2011.05.22 19:34:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CmapTools
[2010.06.27 14:15:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\dba2csv
[2012.09.02 09:44:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2011.02.13 13:08:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2011.02.13 13:08:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.01.19 20:03:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Elluminate
[2012.01.25 00:05:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Fujitsu
[2010.08.27 14:33:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GHISLER
[2011.03.20 13:25:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2010.06.27 14:07:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HotSync
[2010.09.19 14:06:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\inkscape
[2012.02.06 17:11:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2012.07.24 23:05:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\KeePass
[2010.12.20 18:48:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2011.04.13 18:05:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MindomoDesktop
[2011.04.30 13:16:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\org.gapminder.desktop.434684C0EEE0B6011903D7CB9F42374B4E5823E7.1
[2010.06.27 23:54:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\palm2google
[2012.06.30 11:20:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PFU
[2010.06.28 10:45:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2011.01.21 14:08:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2010.12.03 00:19:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WEB.DE
[2010.08.25 11:35:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Wimpomat2
[2011.01.08 21:10:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Xilisoft
[2011.03.10 16:49:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Yammer
[2011.10.14 11:05:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Yoono
[2012.06.03 12:31:45 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

Extras.txt

Code:

OTL Extras logfile created on: 02.09.2012 15:57:53 - Run 1
OTL by OldTimer - Version 3.2.59.1    Folder = C:\Users\xxx\Documents\Canon\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,15 Gb Available Physical Memory | 66,08% Memory free
6,50 Gb Paging File | 5,17 Gb Available in Paging File | 79,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 1397,17 Gb Total Space | 1139,56 Gb Free Space | 81,56% Space Free | Partition Type: NTFS
 
Computer Name: CHARMIANATHOME | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{25B67894-2B5A-4B99-9279-3F758C110F99}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3B0400AE-4D10-4779-BAD2-0F9837D0DB2A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{49108FD2-058C-4787-96F2-D1A9A735655A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{602D20F8-FA9A-46BD-9F3E-70005D271A3A}" = rport=138 | protocol=17 | dir=out | app=system |
"{639C176E-091D-4C71-BE65-8D345D774EB0}" = lport=137 | protocol=17 | dir=in | app=system |
"{66A1ECB7-1460-452E-A6D4-4BD43E6B9016}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6D8F2C53-237B-458D-9EE9-B39A1FBE54B2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6F9D3FE3-0BF0-4269-9B97-8650E43EA656}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{709EE42E-92B8-463B-81EF-C963F715F664}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7B5AD23B-3DF0-4D32-9BE1-795FF3CDE24A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{87A985EA-1461-4838-8D37-CDEE81F34CBC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9900E08E-9A8F-4147-9D0D-1279E307FEFD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A76940BE-358A-4434-8EA6-B212FB2C793F}" = lport=139 | protocol=6 | dir=in | app=system |
"{B1AEA28E-AFDD-4BCF-B250-D21AB059739A}" = rport=445 | protocol=6 | dir=out | app=system |
"{B4FFB84E-3FA3-472D-89A8-0AF843DDD934}" = rport=10243 | protocol=6 | dir=out | app=system |
"{BE048F70-4845-48CC-9F12-0C0CB29C22B4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CBDA0035-4950-4776-91A8-DF441957ED37}" = rport=139 | protocol=6 | dir=out | app=system |
"{D01B383F-DF89-4690-B6D8-E0AFA8D27EB4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D10F5169-9E25-4CDE-A195-A444F74E70A2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D312C754-C405-4457-AD1E-22608F1B190F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D3E100CB-2CED-44AD-865C-F88CCA6374D6}" = rport=137 | protocol=17 | dir=out | app=system |
"{E03CD8B9-A17C-40EA-A164-A966E63022BF}" = lport=445 | protocol=6 | dir=in | app=system |
"{EF573063-0330-4AA3-AF89-5A49D0E023A3}" = lport=138 | protocol=17 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05A9ECE2-15C1-48C5-85BE-620336DD56A2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{0B8FE1A7-2510-46EF-9317-57EE9D4D56DA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{109D230B-F242-4367-A5C2-F39DBF64C1D9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{19758405-2B1D-4E52-AF47-EE3597A257A5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1D04B79A-067F-42A7-8593-0F93898727EC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2A53F95E-46F6-436A-ACE8-F41ABAAFB520}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{369BC984-B2ED-4411-9404-08277BBB2405}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{470BABAD-FD1C-4962-9CAD-970526772999}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{483684CB-E2F8-485F-B1ED-90885CE84618}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{69F925F3-378E-4974-B37E-D57C5D1D6583}" = protocol=6 | dir=out | app=system |
"{6C06E710-2C5D-4C19-A9D6-7A99D722D196}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6FEAD8CE-A37E-43B8-B0C2-54E6581217E2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9050A77C-724B-48C0-822A-AF8E0CF088BA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{98C24B25-BB6D-4EB1-93AD-808183A41755}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A837037B-3EC6-4CB3-AE06-42CBE3EC0FE6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B6013B50-751E-45E9-B3A9-355307A0A162}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B9AB03BD-5D48-4887-B708-00F15240EE0E}" = protocol=17 | dir=in | app=c:\users\xxx\appdata\roaming\dropbox\bin\dropbox.exe |
"{C859F6A5-7C10-4BFC-B30D-1BF1DF417B43}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CF698427-FA65-40AC-901C-971C7D7ED87E}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{E19A95B3-63DC-445A-ADEB-487A77ECEEA0}" = protocol=6 | dir=in | app=c:\users\xxx\appdata\roaming\dropbox\bin\dropbox.exe |
"{E3925394-2FEC-49E8-B111-2D71BAEB6C55}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{E40413D9-EB16-48A1-8F7D-297AFF006D69}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EBE0392C-E82B-47AF-A79A-95CFF7A396F9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F02FEB17-36E6-4F4D-989F-00BC65A53BE5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F9FCC044-B571-4818-B2D7-7A38D8239BF1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"TCP Query User{078500FA-82F7-4E47-B8A0-7CCB6A8C6CC3}C:\users\xxx\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\xxx\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{2402836B-5610-402E-BB83-BCEB1861F0E8}C:\program files\palm\hotsync.exe" = protocol=6 | dir=in | app=c:\program files\palm\hotsync.exe |
"TCP Query User{6914A0D7-EE07-416A-A947-89B4358AC32E}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe |
"TCP Query User{A597A3E7-C023-4E68-B96B-719D59278D4A}C:\program files\palm\hotsync.exe" = protocol=6 | dir=in | app=c:\program files\palm\hotsync.exe |
"UDP Query User{1704B021-0D97-48C1-8117-E98C7C8D01BE}C:\program files\palm\hotsync.exe" = protocol=17 | dir=in | app=c:\program files\palm\hotsync.exe |
"UDP Query User{2B95394F-DB36-48CD-B104-494370777A77}C:\users\xxx\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\xxx\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{4CAD67F1-A22E-43CA-824E-F1C7834324A4}C:\program files\palm\hotsync.exe" = protocol=17 | dir=in | app=c:\program files\palm\hotsync.exe |
"UDP Query User{7D746085-27C6-4044-AFAA-1AF42BB476EA}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2411" = CanoScan LiDE 70
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{1433046A-BAE7-EBC6-4CAE-9A7BD0C3A35D}" = CCC Help Finnish
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2CC5FCAE-51BA-4926-8C2B-4F07E54F6EA3}" = ScanSnap
"{2E4125CE-DDCF-8CF6-5A4E-88735CF284F9}" = Gapminder Desktop
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{33288D2D-FDA1-449C-B226-7ABBBA342EEA}" = Dba2Csv
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D66F66A-D5FA-15A2-F6E5-5589BD7E29AA}" = Catalyst Control Center InstallProxy
"{4F5B18A3-E921-4FFE-BEF4-ACBB98964FC2}" = AMD USB Filter Driver
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52210D57-0B1F-4681-90DD-8659DF4BCC40}" = Moorhuhn Remake
"{54873998-9F2C-4D2F-2CC1-BEE8D9D9FC73}" = ccc-utility
"{55E63724-2BFE-49BC-B03E-9BE0F62E18C2}" = ScanSnap Organizer
"{5B35C417-2649-11D6-83D1-0050FC01225C}" = FirstClass® Client
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6F51CDE0-1391-878A-C593-BD340AD9D0DE}" = TweetDeck
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77A2EA4C-F1DD-BBA7-F816-BD76EA3C08DF}" = CCC Help French
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7FF95752-5AD1-4C4A-9785-FAB80E499BB2}_is1" = Wimpomat 2.9
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{88A34D88-1A75-8C9D-A26E-F283436AC0A6}" = ATI Catalyst Install Manager
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C1969E4-3533-3735-B5DF-82F24164203C}" = CCC Help Japanese
"{8DCD0779-8811-4060-9227-871E2FD48E45}" = CardMinder V4.1
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C516706-B1CC-EBFC-A0CB-02E1FF5FC0FC}" = CCC Help Danish
"{9D8004FF-B214-18C6-4473-4993230B11D5}" = CCC Help Norwegian
"{9E3C6E9F-26C9-F771-36B5-2065515AA7C2}" = CCC Help Dutch
"{A81EB5BC-F764-308A-B979-0F8F078DAB29}" = Yammer
"{A81FC45F-6431-CFD2-2FEF-B259C3B8DEB4}" = Catalyst Control Center Graphics Light
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-BA7E-000000000004}" = Adobe Acrobat  9 Standard - English, Français, Deutsch
"{AC76BA86-1033-F400-BA7E-000000000004}{AC76BA86-1033-F400-BA7E-000000000004}" = Adobe Acrobat  9 Standard - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACCC042D-A515-F15A-44DC-B8916D269A53}" = Catalyst Control Center Localization All
"{B20F9D1C-A0A5-4cd8-8306-DE95842311B1}" = REALTEK Wireless LAN Driver
"{BA67EF42-DC5C-18EE-5DB4-7EB3987589BC}" = Catalyst Control Center Core Implementation
"{BC37B94A-1C40-D769-0E53-157C3FF481C6}" = CCC Help German
"{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}" = Pivot Stickfigure Animator
"{C170B7B5-9720-C191-F5FA-981C3FACAED6}" = CCC Help English
"{C5346D3C-C9FF-A4FD-FDDB-A36DE137A513}" = CCC Help Italian
"{CB5167B0-61DF-D5EA-E1C4-438D869D0B4A}" = ccc-core-static
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D443CF18-21ED-8648-CB98-B338EF0D8A51}" = CCC Help Swedish
"{D4F2AFD3-0167-4464-B92F-78AB6DA8A0AA}" = CardMinder
"{D8104EB7-EA8D-08D1-9A69-717E2F2E86F9}" = Catalyst Control Center Graphics Full New
"{D8D76911-AA3A-62C8-8E1B-F94A518BD27D}" = Catalyst Control Center Graphics Previews Vista
"{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}" = ScanSnap Manager
"{DED01768-E634-11E1-AEB0-984BE15F174E}" = Evernote v. 4.5.8
"{E58F3B88-3B3E-4F85-9323-04789D979C15}" = ScanSnap Organizer
"{EC27B0C8-F3B7-95BD-96B8-A8D8C78A94B8}" = Catalyst Control Center Graphics Full Existing
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F92DBD0E-7769-3E62-3526-45ED37E0A921}" = CCC Help Spanish
"{FB400000-0002-0000-0000-074957833700}" = ABBYY FineReader for ScanSnap (TM) 4.1
"{FD6034A3-655C-49F0-B496-D4CBFD74D7A7}" = Palm Desktop by ACCESS
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALDI NORD Bestellsoftware" = ALDI NORD Bestellsoftware 4.11.0
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Avira AntiVir Desktop" = Avira Internet Security 2012
"CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
"Finanzplan in Excel Version 3.2.02" = Finanzplan in Excel Version 3.2.02
"FormatFactory" = FormatFactory 2.60
"Free Studio_is1" = Free Studio version 5.0.4
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IHMC CmapTools v5.04.02" = IHMC CmapTools v5.04.02
"Inkscape" = Inkscape 0.47
"IrfanView" = IrfanView (remove only)
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.19
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"Mozilla Thunderbird 14.0 (x86 de)" = Mozilla Thunderbird 14.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"org.gapminder.desktop.434684C0EEE0B6011903D7CB9F42374B4E5823E7.1" = Gapminder Desktop
"Totalcmd" = Total Commander (Remove or Repair)
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"Uninstall_is1" = Uninstall 1.0.0.1
"WEB.DE Club SmartFax" = WEB.DE Club SmartFax
"WinGimp-2.0_is1" = GIMP 2.6.11
"Xilisoft iPad Magic" = Xilisoft iPad Magic
"Yammer" = Yammer
"Yoono Desktop_is1" = Yoono Desktop 1.8.16
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12.12.2011 10:12:55 | Computer Name = charmianathome | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 12.12.2011 10:12:55 | Computer Name = charmianathome | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9033
 
Error - 12.12.2011 10:12:55 | Computer Name = charmianathome | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9033
 
Error - 12.12.2011 10:12:56 | Computer Name = charmianathome | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 12.12.2011 10:12:56 | Computer Name = charmianathome | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10031
 
Error - 12.12.2011 10:12:56 | Computer Name = charmianathome | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10031
 
Error - 12.12.2011 10:12:57 | Computer Name = charmianathome | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 12.12.2011 10:12:57 | Computer Name = charmianathome | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11029
 
Error - 12.12.2011 10:12:57 | Computer Name = charmianathome | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11029
 
Error - 12.12.2011 10:12:58 | Computer Name = charmianathome | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
[ OSession Events ]
Error - 08.10.2011 09:08:51 | Computer Name = charmianathome | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 17
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 09.07.2012 15:37:28 | Computer Name = charmianathome | Source = BROWSER | ID = 8032
Description =
 
Error - 13.07.2012 03:58:37 | Computer Name = charmianathome | Source = DCOM | ID = 10010
Description =
 
Error - 14.07.2012 03:46:18 | Computer Name = charmianathome | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
 bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 16.07.2012 18:23:23 | Computer Name = charmianathome | Source = Service Control Manager | ID = 7043
Description = Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements
 nicht richtig heruntergefahren werden.
 
Error - 05.08.2012 14:38:59 | Computer Name = charmianathome | Source = Service Control Manager | ID = 7034
Description = Dienst "Google Update Service (gupdate)" wurde unerwartet beendet.
 Dies ist bereits 1 Mal passiert.
 
Error - 05.08.2012 14:39:29 | Computer Name = charmianathome | Source = DCOM | ID = 10010
Description =
 
Error - 07.08.2012 05:59:48 | Computer Name = charmianathome | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.
 
Error - 09.08.2012 03:58:52 | Computer Name = charmianathome | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.
 
Error - 13.08.2012 17:45:28 | Computer Name = charmianathome | Source = Microsoft-Windows-Eventlog | ID = 23
Description = Der Ereignisprotokollierungsdienst hat einen Fehler (Auflösung=32)
 beim Initialisieren der Protokollierung der Ressourcen für Kanal "Microsoft-Windows-LanguagePackSetup/Operational"
 erkannt.
 
Error - 31.08.2012 03:10:01 | Computer Name = charmianathome | Source = DCOM | ID = 10010
Description =
 
 
< End of report >

Gmer.txt

Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-03 08:43:20
Windows 6.1.7601 Service Pack 1
Running: t3x65s7e.exe; Driver: C:\Users\JUDITH~1\AppData\Local\Temp\kwlcqpob.sys


---- System - GMER 1.0.15 ----

SSDT            91C884F6                                                                                        ZwCreateSection
SSDT            91C884CE                                                                                        ZwCreateSymbolicLinkObject
SSDT            91C884D3                                                                                        ZwLoadDriver
SSDT            91C884C9                                                                                        ZwOpenSection
SSDT            91C88500                                                                                        ZwRequestWaitReplyPort
SSDT            91C884FB                                                                                        ZwSetContextThread
SSDT            91C88505                                                                                        ZwSetSecurityObject
SSDT            91C884D8                                                                                        ZwSetSystemInformation
SSDT            91C8850A                                                                                        ZwSystemDebugControl
SSDT            91C88497                                                                                        ZwTerminateProcess
SSDT            91C88492                                                                                        ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                        82E453C9 1 Byte  [06]
.text          ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                          82E7ED52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text          ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                              82E85EAC 4 Bytes  [F6, 84, C8, 91]
.text          ntkrnlpa.exe!KeRemoveQueueEx + 11FF                                                              82E85EB4 4 Bytes  [CE, 84, C8, 91] {INTO ; TEST AL, CL; XCHG ECX, EAX}
.text          ntkrnlpa.exe!KeRemoveQueueEx + 1313                                                              82E85FC8 4 Bytes  [D3, 84, C8, 91]
.text          ntkrnlpa.exe!KeRemoveQueueEx + 13AF                                                              82E86064 4 Bytes  [C9, 84, C8, 91] {LEAVE ; TEST AL, CL; XCHG ECX, EAX}
.text          ntkrnlpa.exe!KeRemoveQueueEx + 1553                                                              82E86208 4 Bytes  [00, 85, C8, 91]
.text          ...                                                                                             
.text          C:\Windows\system32\DRIVERS\atipmdag.sys                                                        section is writeable [0x9223B000, 0x2D293E, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\tdx \Device\Tcp                                                                          avfwot.sys (TDI filtering kernel driver/Avira GmbH)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                          fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                          fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                          fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                          fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                          fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\tdx \Device\Udp                                                                          avfwot.sys (TDI filtering kernel driver/Avira GmbH)
AttachedDevice  \Driver\tdx \Device\RawIp                                                                        avfwot.sys (TDI filtering kernel driver/Avira GmbH)

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0011f607f0a8                     
Reg            HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0011f607f0a8 (not active ControlSet) 

---- EOF - GMER 1.0.15 ----

Bisher gibt es keine Symptome, d.h. der Computer arbeitet einwandfrei.
Ich wäre sehr froh, wenn mir jemand weiterhelfen könnte.

Herzlichen Dank im Voraus und viele Grüße
Judith

cosinus 04.09.2012 20:43

Bitte erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

berlinessa 05.09.2012 08:53

Hallo Cosinus,
herzlichen Dank für die Antwort.
Was ich in meinem ersten Post vergessen hatte - ich habe auch nach Anweisung Defogger heruntergeladen und dort den Disable Button betätigt - falls das wichtig sein sollte.
Hier kommen nun die gewünschten Logfiles - ich habe gesehen, dass dort auch Softonic auftaucht - hab ich hier im Forum gelernt, dass man das nicht nutzen sollte, werd ich nicht wieder tun...

Logfile Malwarebyte alt (vom Februar 2012)

Code:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.06.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
*** :: CHARMIANATHOME [Administrator]

06.02.2012 22:28:11
mbam-log-2012-02-06 (22-28-11).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 472771
Laufzeit: 1 Stunde(n), 23 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Logfile Malwarebyte aktuell

Code:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.09.04.10

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
*** :: CHARMIANATHOME [Administrator]

04.09.2012 22:47:55
mbam-log-2012-09-04 (22-47-55).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 577234
Laufzeit: 3 Stunde(n), 39 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Eset Logfile
Code:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=12c10ae235a54f43bedcd176919a85c0
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-05 07:35:26
# local_time=2012-09-05 09:35:26 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 6735972 6735972 0 0
# compatibility_mode=5893 16776574 100 94 39186116 98453098 0 0
# compatibility_mode=8192 67108863 100 0 410 410 0 0
# scanned=392534
# found=15
# cleaned=0
# scan_time=8618
C:\Program Files\Yontoo\YontooIEClient.dll        a variant of Win32/Adware.Yontoo.A application (unable to clean)        00000000000000000000000000000000        I
C:\ProgramData\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll        a variant of Win32/Adware.Yontoo.B application (unable to clean)        00000000000000000000000000000000        I
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll        a variant of Win32/Adware.Yontoo.B application (unable to clean)        00000000000000000000000000000000        I
C:\Users\All Users\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll        a variant of Win32/Adware.Yontoo.B application (unable to clean)        00000000000000000000000000000000        I
C:\Users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll        a variant of Win32/Adware.Yontoo.B application (unable to clean)        00000000000000000000000000000000        I
C:\Users\***\AppData\Local\Temp\Xilisoft FileBulldog.exe        a variant of Win32/Somoto.A application (unable to clean)        00000000000000000000000000000000        I
C:\Users\***\AppData\Local\Temp\YontooFFClient.xpi        Win32/Adware.Yontoo application (unable to clean)        00000000000000000000000000000000        I
C:\Users\***\AppData\Local\Temp\YontooIEClient.dll        a variant of Win32/Adware.Yontoo.A application (unable to clean)        00000000000000000000000000000000        I
C:\Users\***\AppData\Local\Temp\YontooLayers.crx        Win32/Adware.Yontoo.C application (unable to clean)        00000000000000000000000000000000        I
C:\Users\***\AppData\Local\Temp\YontooLayers\background.html        Win32/Adware.Yontoo.C application (unable to clean)        00000000000000000000000000000000        I
C:\Users\***\AppData\Local\TempDIR\BetterInstaller.exe        a variant of Win32/Somoto.A application (unable to clean)        00000000000000000000000000000000        I
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bu1cut1c.default\extensions\plugin@yontoo.com\content\overlay.js        Win32/Adware.Yontoo application (unable to clean)        00000000000000000000000000000000        I
C:\Users\***\Downloads\BestVideoDownloaderSetup-TurboUpgrade.exe        probably a variant of Win32/Adware.DWTYODG application (unable to clean)        00000000000000000000000000000000        I
C:\Users\***\Downloads\SoftonicDownloader42591.exe        a variant of Win32/SoftonicDownloader.A application (unable to clean)        00000000000000000000000000000000        I
C:\Users\***\Downloads\SoftonicDownloader_for_pivot-stickfigure-animator.exe        a variant of Win32/SoftonicDownloader.A application (unable to clean)        00000000000000000000000000000000        I

Viele Grüße
Judith

cosinus 05.09.2012 14:26

Code:

C:\Users\***\Downloads\SoftonicDownloader42591.exe        a variant of Win32/SoftonicDownloader.A application (unable to clean)        00000000000000000000000000000000        I
C:\Users\***\Downloads\SoftonicDownloader_for_pivot-stickfigure-animator.exe        a variant of Win32/SoftonicDownloader.A application (unable to clean)        00000000000000000000000000000000        I

Vermüllte Software von Softonic scheint gerade stark in Mode zu sein! :stirn:

Finger weg von Softonic!! :pfui:

Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen



adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

berlinessa 05.09.2012 15:23

hier die Logfile von AdwCleaner:

Code:

# AdwCleaner v2.000 - Datei am 09/05/2012 um 16:17:48 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : *** - CHARMIANATHOME
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\***\Documents\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\Program Files\Yontoo
Ordner Gefunden : C:\ProgramData\Tarma Installer
Ordner Gefunden : C:\Users\***\AppData\Local\TempDir
Ordner Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bu1cut1c.default\extensions\plugin@yontoo.com

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gefunden : HKLM\Software\Tarma Installer

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0 (de)

Profilname : default
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bu1cut1c.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v21.0.1180.89

Datei : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [3476 octets] - [05/09/2012 16:17:48]

########## EOF - C:\AdwCleaner[R1].txt - [3536 octets] ##########


cosinus 05.09.2012 15:36

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

berlinessa 05.09.2012 15:59

hier kommt die AdwCleaner Logdatei:

Code:

# AdwCleaner v2.000 - Datei am 09/05/2012 um 16:50:30 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : *** - CHARMIANATHOME
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\***\Documents\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Program Files\Yontoo
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\***\AppData\Local\TempDir
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bu1cut1c.default\extensions\plugin@yontoo.com

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\Software\Tarma Installer

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0 (de)

Profilname : default
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bu1cut1c.default\prefs.js

C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bu1cut1c.default\user.js ... Gelöscht !

[OK] Die Datei ist sauber.

-\\ Google Chrome v21.0.1180.89

Datei : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [3605 octets] - [05/09/2012 16:17:48]
AdwCleaner[S1].txt - [3901 octets] - [05/09/2012 16:50:30]

########## EOF - C:\AdwCleaner[S1].txt - [3961 octets] ##########


cosinus 06.09.2012 10:18

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

berlinessa 06.09.2012 13:59

zu 1. Windows hat zum Glück immer uneingeschränkt funktioniert
zu 2. im Startmenü ist alles vorhanden, soweit ich sehe

cosinus 06.09.2012 15:32

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT


berlinessa 06.09.2012 17:48

hier kommt das Log
Code:

OTL logfile created on: 06.09.2012 17:59:10 - Run 4
OTL by OldTimer - Version 3.2.61.0    Folder = C:\Users\***\Documents\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,64 Gb Available Physical Memory | 81,18% Memory free
6,50 Gb Paging File | 5,38 Gb Available in Paging File | 82,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 1397,17 Gb Total Space | 1138,73 Gb Free Space | 81,50% Space Free | Partition Type: NTFS
 
Computer Name: CHARMIANATHOME | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.06 17:54:11 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\***\Documents\Desktop\OTL.exe
PRC - [2012.08.14 10:52:28 | 001,014,624 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Programme\Evernote\Evernote\EvernoteClipper.exe
PRC - [2012.07.31 10:38:35 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.19 19:30:24 | 000,186,832 | ---- | M] (Google Inc.) -- C:\Programme\Google\Update\1.3.21.115\GoogleCrashHandler.exe
PRC - [2012.06.18 23:42:13 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.06.18 23:41:48 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012.06.18 23:41:48 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.06.18 23:41:44 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe
PRC - [2012.06.18 23:41:42 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.06.18 23:41:41 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.01.19 13:36:30 | 000,077,824 | ---- | M] (PFU LIMITED) -- C:\Programme\PFU\ScanSnap\CardMinder\CardLauncher.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.01.09 01:34:18 | 000,372,736 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010.01.09 01:33:48 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009.12.01 10:28:54 | 001,146,880 | ---- | M] (PFU LIMITED) -- C:\Programme\PFU\ScanSnap\Driver\PfuSsMon.exe
PRC - [2009.09.30 11:07:34 | 000,086,016 | ---- | M] (PFU LIMITED) -- C:\Windows\SSDriver\fi5110\SsWiaChecker.exe
PRC - [2008.06.11 23:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.03.16 15:42:58 | 000,315,392 | ---- | M] () -- C:\Programme\Evernote\Evernote\libtidy.dll
MOD - [2012.03.16 15:42:56 | 000,433,664 | ---- | M] () -- C:\Programme\Evernote\Evernote\libxml2.dll
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009.11.23 10:34:28 | 000,344,064 | ---- | M] () -- C:\Programme\PFU\ScanSnap\Driver\PfuSsConfig.dll
MOD - [2009.10.15 10:02:00 | 000,233,472 | ---- | M] () -- C:\Programme\PFU\ScanSnap\Driver\PfuSsExtention.dll
MOD - [2008.11.12 16:32:30 | 000,014,848 | ---- | M] () -- C:\Programme\PFU\ScanSnap\CardMinder\CardPath.dll
MOD - [2008.09.10 14:04:20 | 000,069,632 | ---- | M] () -- C:\Programme\PFU\ScanSnap\CardMinder\0407\CardConfig0407.dll
MOD - [2007.06.26 21:27:18 | 000,167,936 | ---- | M] () -- C:\Programme\PFU\ScanSnap\Driver\SSsltsa.dll
MOD - [2003.03.26 19:46:36 | 000,135,168 | ---- | M] () -- C:\Programme\PFU\ScanSnap\Driver\PfuSsImgIO.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.09.03 15:40:27 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.08.30 08:54:47 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.06.18 23:42:13 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.06.18 23:41:48 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.06.18 23:41:44 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012.06.18 23:41:42 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.06.18 23:41:41 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2012.01.25 00:57:57 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.01.09 01:33:48 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\JUDITH~1\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - [2012.06.18 23:42:28 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.06.18 23:42:28 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012.06.18 23:42:27 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.06.18 23:42:26 | 000,112,032 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avfwot.sys -- (avfwot)
DRV - [2012.06.18 23:42:26 | 000,091,968 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avfwim.sys -- (avfwim)
DRV - [2012.06.18 23:42:26 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.01.09 01:54:44 | 005,191,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag)
DRV - [2010.01.09 00:40:42 | 000,125,440 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2009.11.19 01:25:04 | 000,100,352 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009.09.22 15:34:44 | 000,579,072 | R--- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192su.sys -- (RTL8192su)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.07 23:48:14 | 000,011,832 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amdide.sys -- (amdide)
DRV - [2009.06.05 03:53:42 | 000,027,320 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2009.05.05 11:00:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2003.04.22 15:47:00 | 000,016,509 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PalmUSBD.sys -- (PalmUSBD)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-3099018591-4240011507-2240214865-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3099018591-4240011507-2240214865-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3099018591-4240011507-2240214865-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 84 05 6D 1D 22 7A CD 01  [binary data]
IE - HKU\S-1-5-21-3099018591-4240011507-2240214865-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3099018591-4240011507-2240214865-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3099018591-4240011507-2240214865-1000\..\SearchScopes\{6FDFE877-99EB-47A4-9D1A-F876293661E1}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-3099018591-4240011507-2240214865-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3099018591-4240011507-2240214865-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: isreaditlater@ideashower.com:3.0.0
FF - prefs.js..extensions.enabledAddons: lazarus@interclue.com:2.3
FF - prefs.js..extensions.enabledAddons: readable@evernote.com:6.3337.321.777
FF - prefs.js..extensions.enabledAddons: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.3.1
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9
FF - prefs.js..extensions.enabledAddons: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.68
FF - prefs.js..extensions.enabledAddons: {d9284e50-81fc-11da-a72b-0800200c9a66}:7.7.10
FF - prefs.js..extensions.enabledAddons: {E0B8C461-F8FB-49b4-8373-FE32E9252800}:5.1.0.252437
FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:1.0
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.106
FF - prefs.js..extensions.enabledItems: {E0B8C461-F8FB-49b4-8373-FE32E9252800}:4.0.0.138228
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.50
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: lazarus@interclue.com:2.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.1.1
FF - prefs.js..extensions.enabledItems: {fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3}:5.1.0.23
FF - prefs.js..extensions.enabledItems: {d9284e50-81fc-11da-a72b-0800200c9a66}:7.6.5
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.100
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@palmsource.com/installer,version=1.0: C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2011.04.14 12:19:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.30 08:54:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.16 07:30:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.07.14 09:43:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.30 08:54:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.16 07:30:48 | 000,000,000 | ---D | M]
 
[2010.06.28 10:45:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.06.28 10:45:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.09.05 16:50:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bu1cut1c.default\extensions
[2011.07.10 11:49:36 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bu1cut1c.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2011.02.13 12:58:59 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bu1cut1c.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.04.17 19:56:04 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bu1cut1c.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.06.08 12:32:24 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bu1cut1c.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2012.05.23 11:58:17 | 000,000,000 | ---D | M] (Diigo Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bu1cut1c.default\extensions\{fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3}
[2011.04.26 14:28:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bu1cut1c.default\extensions\nostmp
[2012.08.30 15:15:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bu1cut1c.default\extensions\trash
[2012.07.12 10:39:49 | 000,223,394 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\bu1cut1c.default\extensions\isreaditlater@ideashower.com.xpi
[2011.08.12 19:23:51 | 000,246,802 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\bu1cut1c.default\extensions\lazarus@interclue.com.xpi
[2012.07.02 08:53:52 | 000,382,926 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\bu1cut1c.default\extensions\readable@evernote.com.xpi
[2012.08.30 15:15:12 | 000,199,396 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\bu1cut1c.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2012.07.25 23:14:51 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\bu1cut1c.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.01.22 13:41:16 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\bu1cut1c.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2012.04.13 09:25:38 | 002,935,635 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\bu1cut1c.default\extensions\{d9284e50-81fc-11da-a72b-0800200c9a66}.xpi
[2012.08.25 09:01:35 | 000,270,021 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\bu1cut1c.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012.08.01 09:30:19 | 000,194,632 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\bu1cut1c.default\extensions\trash\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2012.09.01 02:25:13 | 000,002,533 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\bu1cut1c.default\searchplugins\diigo--google.xml
[2011.03.08 12:55:45 | 000,002,313 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\bu1cut1c.default\searchplugins\downloadhelper-safe-videos.xml
[2011.11.13 10:35:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.09.05 10:29:54 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012.08.30 08:54:48 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.05.14 07:33:26 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.30 08:54:47 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.05.14 07:33:26 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.05.14 07:33:26 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.05.14 07:33:26 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.05.14 07:33:26 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\11.0.696.77\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\11.0.696.77\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\11.0.696.77\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: PalmSource Package Installer (Enabled) = C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\***\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Dragosien Resourcenindikatoren = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpmeegekipmnabmgkbdbenggnmgnbefm\1.0_0\
CHR - Extension: Diigo Bookmark, Archive, Highlight & Sticky-Note = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\oojbgadfejifecebmdnhhkbhdjaphole\1.6.3.5_0\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3099018591-4240011507-2240214865-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [ScanSnap WIA Service Checker] C:\Windows\SSDriver\fi5110\SsWiaChecker.exe (PFU LIMITED)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Programme\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yammer.lnk = C:\Programme\Yammer\Yammer.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3099018591-4240011507-2240214865-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll File not found
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5ABE0942-33AB-42F7-BEA4-3076B88ABFB9}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{6c56a7de-390a-11e1-9208-4061869a0bfa}\Shell - "" = AutoRun
O33 - MountPoints2\{6c56a7de-390a-11e1-9208-4061869a0bfa}\Shell\AutoRun\command - "" = H:\AUTORUN.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: HotSync - hkey= - key= -  File not found
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2DDEBB37-EF4B-B65D-718F-9FE2382B3287} - Microsoft Windows Media Player 12.0
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.05 07:04:57 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.09.05 07:03:06 | 002,322,184 | ---- | C] (ESET) -- C:\Users\***\Documents\Desktop\esetsmartinstaller_enu.exe
[2012.09.05 03:01:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.09.05 03:01:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.09.03 15:31:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.09.02 14:02:17 | 000,599,040 | ---- | C] (OldTimer Tools) -- C:\Users\***\Documents\Desktop\OTL.exe
[2012.08.15 14:02:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
[2010.06.26 16:16:40 | 016,527,250 | ---- | C] (Palm, Inc.) -- C:\Program Files\PalmDesktop41SP03DEU.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.06 18:04:05 | 000,001,148 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3099018591-4240011507-2240214865-1000UA.job
[2012.09.06 17:58:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.06 17:54:11 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\***\Documents\Desktop\OTL.exe
[2012.09.06 17:36:40 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.06 17:36:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.06 16:04:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3099018591-4240011507-2240214865-1000Core.job
[2012.09.06 07:18:18 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.06 07:18:18 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.06 07:11:36 | 000,000,929 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yammer.lnk
[2012.09.06 07:10:48 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.06 07:10:37 | 2615,910,400 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.05 16:13:12 | 000,511,265 | ---- | M] () -- C:\Users\***\Documents\Desktop\adwcleaner.exe
[2012.09.05 07:02:41 | 002,322,184 | ---- | M] (ESET) -- C:\Users\***\Documents\Desktop\esetsmartinstaller_enu.exe
[2012.09.05 03:01:41 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.09.04 22:41:36 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.03 08:13:46 | 000,302,592 | ---- | M] () -- C:\Users\***\Documents\Desktop\t3x65s7e.exe
[2012.09.02 15:55:36 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.08.26 10:37:59 | 001,755,986 | ---- | M] () -- C:\Users\***\Documents\Desktop\Anlagen 1-19.pdf
[2012.08.22 13:16:55 | 000,627,715 | ---- | M] () -- C:\Users\***\Documents\Desktop\Inhaltsverzeichnis Antrag VHS Dahme Spreewald.pdf
[2012.08.16 12:54:54 | 002,163,010 | ---- | M] () -- C:\Users\***\Documents\Desktop\Kosten & Aufteilung.pdf
[2012.08.16 12:54:08 | 000,471,310 | ---- | M] () -- C:\Users\***\Documents\Desktop\Exposé (Objekt-Nr J9400).pdf
[2012.08.16 12:53:38 | 000,668,499 | ---- | M] () -- C:\Users\***\Documents\Desktop\Teilungserklärung.pdf
[2012.08.16 12:51:32 | 000,052,433 | ---- | M] () -- C:\Users\***\Documents\Desktop\Grüntaler Str. 81_Grundbuch.pdf
[2012.08.16 07:27:56 | 000,308,736 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.08.13 21:30:27 | 000,022,873 | ---- | M] () -- C:\Users\***\Documents\Desktop\Unbenannt.GIF
 
========== Files Created - No Company Name ==========
 
[2012.09.05 16:13:11 | 000,511,265 | ---- | C] () -- C:\Users\***\Documents\Desktop\adwcleaner.exe
[2012.09.03 08:13:45 | 000,302,592 | ---- | C] () -- C:\Users\***\Documents\Desktop\t3x65s7e.exe
[2012.09.02 15:55:36 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.08.26 10:33:09 | 001,755,986 | ---- | C] () -- C:\Users\***\Documents\Desktop\Anlagen 1-19.pdf
[2012.08.22 13:16:54 | 000,627,715 | ---- | C] () -- C:\Users\***\Documents\Desktop\Inhaltsverzeichnis Antrag VHS Dahme Spreewald.pdf
[2012.08.16 12:44:59 | 000,471,310 | ---- | C] () -- C:\Users\***\Documents\Desktop\Exposé (Objekt-Nr J9400).pdf
[2012.08.16 12:44:29 | 000,052,433 | ---- | C] () -- C:\Users\***\Documents\Desktop\Grüntaler Str. 81_Grundbuch.pdf
[2012.08.16 12:44:02 | 002,163,010 | ---- | C] () -- C:\Users\***\Documents\Desktop\Kosten & Aufteilung.pdf
[2012.08.16 12:43:38 | 000,668,499 | ---- | C] () -- C:\Users\***\Documents\Desktop\Teilungserklärung.pdf
[2012.08.13 21:30:27 | 000,022,873 | ---- | C] () -- C:\Users\***\Documents\Desktop\Unbenannt.GIF
[2012.01.24 23:25:05 | 000,000,161 | ---- | C] () -- C:\Windows\DISPARAM.INI
[2011.04.26 13:49:52 | 000,000,807 | ---- | C] () -- C:\Users\***\.recently-used.xbel
[2011.02.11 12:55:07 | 000,002,528 | ---- | C] () -- C:\Windows\FCIC.INI
[2010.12.20 18:21:09 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2010.09.05 10:33:14 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.08.10 11:45:54 | 000,002,264 | ---- | C] () -- C:\Users\***\.powerupdate.user.properties
[2010.08.05 15:30:52 | 000,003,584 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== LOP Check ==========
 
[2012.02.17 00:32:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2010.08.18 13:15:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2011.05.22 19:34:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CmapTools
[2010.06.27 14:15:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\dba2csv
[2012.09.06 07:11:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2011.02.13 13:08:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2011.02.13 13:08:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.01.19 20:03:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Elluminate
[2012.01.25 00:05:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Fujitsu
[2010.08.27 14:33:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GHISLER
[2011.03.20 13:25:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2010.06.27 14:07:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HotSync
[2010.09.19 14:06:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\inkscape
[2012.02.06 17:11:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2012.07.24 23:05:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\KeePass
[2010.12.20 18:48:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2011.04.13 18:05:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MindomoDesktop
[2011.04.30 13:16:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\org.gapminder.desktop.434684C0EEE0B6011903D7CB9F42374B4E5823E7.1
[2010.06.27 23:54:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\palm2google
[2012.06.30 11:20:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PFU
[2010.06.28 10:45:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2011.01.21 14:08:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2010.12.03 00:19:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WEB.DE
[2010.08.25 11:35:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Wimpomat2
[2011.01.08 21:10:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Xilisoft
[2011.03.10 16:49:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Yammer
[2011.10.14 11:05:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Yoono
[2012.06.03 12:31:45 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.02.07 12:22:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe
[2012.02.17 00:32:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2011.10.16 16:05:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Apple Computer
[2010.06.27 14:10:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Arcsoft
[2010.06.26 11:58:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ATI
[2012.06.19 08:06:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Avira
[2010.08.18 13:15:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2011.05.22 19:34:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CmapTools
[2010.06.27 14:15:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\dba2csv
[2012.09.06 07:11:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2011.02.13 13:08:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2011.02.13 13:08:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.01.19 20:03:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Elluminate
[2012.01.25 00:05:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Fujitsu
[2010.08.27 14:33:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GHISLER
[2011.03.20 13:25:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2010.06.27 14:07:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HotSync
[2010.06.26 11:12:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities
[2010.09.19 14:06:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\inkscape
[2011.02.11 12:54:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InstallShield
[2012.02.06 17:11:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2012.07.24 23:05:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\KeePass
[2010.06.26 12:58:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia
[2010.12.20 18:48:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2012.02.06 23:13:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs
[2011.05.08 21:07:38 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft
[2011.04.13 18:05:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MindomoDesktop
[2010.06.26 12:49:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla
[2011.04.30 13:16:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\org.gapminder.desktop.434684C0EEE0B6011903D7CB9F42374B4E5823E7.1
[2010.06.27 23:54:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\palm2google
[2012.06.30 11:20:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PFU
[2012.09.05 06:56:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skype
[2012.06.08 00:00:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\skypePM
[2010.06.28 10:45:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2011.01.21 14:08:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2010.12.03 00:19:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WEB.DE
[2010.08.25 11:35:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Wimpomat2
[2011.01.08 21:10:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Xilisoft
[2011.03.10 16:49:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Yammer
[2011.10.14 11:05:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Yoono
 
< %APPDATA%\*.exe /s >
[2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.05.24 20:39:24 | 000,872,144 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2012.05.24 20:39:56 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2012.08.29 07:20:49 | 000,053,664 | ---- | M] (Adobe Systems Inc.) -- C:\Users\***\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2010.06.27 13:57:21 | 000,004,286 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{33288D2D-FDA1-449C-B226-7ABBBA342EEA}\_2AF17B85DA90EC7D8E5141.exe
[2010.06.27 13:57:21 | 000,004,286 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{33288D2D-FDA1-449C-B226-7ABBBA342EEA}\_6C443FAACDF7E52BC0A168.exe
[2010.06.27 13:57:21 | 000,004,286 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{33288D2D-FDA1-449C-B226-7ABBBA342EEA}\_6FEFF9B68218417F98F549.exe
[2010.06.26 11:55:09 | 000,010,134 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{4D66F66A-D5FA-15A2-F6E5-5589BD7E29AA}\ARPPRODUCTICON.exe
[2010.06.26 16:19:22 | 000,065,536 | R--- | M] (InstallShield Software Corp.) -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{7DBBC522-F642-4D6C-A03F-22E49EB63437}\ARPPRODUCTICON.exe
[2010.06.26 16:19:22 | 000,065,536 | R--- | M] (InstallShield Software Corp.) -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{7DBBC522-F642-4D6C-A03F-22E49EB63437}\PalmDesktopShortcut.exe
[2011.03.01 09:59:14 | 000,034,592 | ---- | M] (NOS Microsystems Ltd.) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bu1cut1c.default\extensions\nostmp\content\getPlus_registrar.exe
[2012.02.09 10:05:08 | 048,342,589 | ---- | M] () -- C:\Users\***\AppData\Roaming\Xilisoft\iPad Magic\x-ipad-magic.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 03:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll

< End of report >


cosinus 06.09.2012 20:30

Hm, da ist immer noch Toolbar-Müll drin
Bitte mal den aktuellen adwCleaner runterladen, also die alte adwcleaner löschen und neu runterladen

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

berlinessa 06.09.2012 22:56

hier der neue AdwCleaner Log

Code:

# AdwCleaner v2.000 - Datei am 09/06/2012 um 23:54:38 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : *** - CHARMIANATHOME
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\***\Documents\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0 (de)

Profilname : default
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bu1cut1c.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v21.0.1180.89

Datei : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [3605 octets] - [05/09/2012 16:17:48]
AdwCleaner[S1].txt - [4030 octets] - [05/09/2012 16:50:30]
AdwCleaner[R2].txt - [1062 octets] - [06/09/2012 23:54:38]

########## EOF - C:\AdwCleaner[R2].txt - [1122 octets] ##########


cosinus 07.09.2012 10:58

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:

:OTL
FF - user.js - File not found
[2011.02.13 12:58:59 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bu1cut1c.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
O4 - HKLM..\Run: []  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{6c56a7de-390a-11e1-9208-4061869a0bfa}\Shell - "" = AutoRun
O33 - MountPoints2\{6c56a7de-390a-11e1-9208-4061869a0bfa}\Shell\AutoRun\command - "" = H:\AUTORUN.EXE
:Files
C:\Program Files\Yontoo
C:\ProgramData\Tarma Installer
C:\Users\All Users\Tarma Installer
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bu1cut1c.default\extensions\plugin@yontoo.com
C:\Users\***\Downloads\BestVideoDownloaderSetup-TurboUpgrade.exe
C:\Users\***\Downloads\SoftonicDownloader42591.exe
C:\Users\***\Downloads\SoftonicDownloader_for_pivot-stickfigure-animator.exe
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

berlinessa 07.09.2012 12:08

"all processes killed" klingt gut...
Hier das OTL-Fix-Log:

Code:

All processes killed
========== OTL ==========
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bu1cut1c.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bu1cut1c.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c56a7de-390a-11e1-9208-4061869a0bfa}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6c56a7de-390a-11e1-9208-4061869a0bfa}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c56a7de-390a-11e1-9208-4061869a0bfa}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6c56a7de-390a-11e1-9208-4061869a0bfa}\ not found.
File H:\AUTORUN.EXE not found.
========== FILES ==========
File\Folder C:\Program Files\Yontoo not found.
File\Folder C:\ProgramData\Tarma Installer not found.
File\Folder C:\Users\All Users\Tarma Installer not found.
File\Folder C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bu1cut1c.default\extensions\plugin@yontoo.com not found.
C:\Users\***\Downloads\BestVideoDownloaderSetup-TurboUpgrade.exe moved successfully.
C:\Users\***\Downloads\SoftonicDownloader42591.exe moved successfully.
C:\Users\***\Downloads\SoftonicDownloader_for_pivot-stickfigure-animator.exe moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\***\Documents\Desktop\cmd.bat deleted successfully.
C:\Users\***\Documents\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: ***
->Temp folder emptied: 776080596 bytes
->Temporary Internet Files folder emptied: 265112673 bytes
->Java cache emptied: 36 bytes
->FireFox cache emptied: 1091528818 bytes
->Google Chrome cache emptied: 9363819 bytes
->Flash cache emptied: 188837 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 167149062 bytes
RecycleBin emptied: 5840243106 bytes
 
Total Files Cleaned = 7.772,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: ***
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.61.0 log created on 09072012_121450

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


cosinus 09.09.2012 20:34

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtg4nzy0ywy5/settings_2012-09-04.png

berlinessa 09.09.2012 22:43

hier das Kaspersky Log:

Code:

23:38:25.0558 3268  TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
23:38:25.0946 3268  ============================================================
23:38:25.0946 3268  Current date / time: 2012/09/09 23:38:25.0946
23:38:25.0946 3268  SystemInfo:
23:38:25.0946 3268 
23:38:25.0947 3268  OS Version: 6.1.7601 ServicePack: 1.0
23:38:25.0947 3268  Product type: Workstation
23:38:25.0948 3268  ComputerName: CHARMIANATHOME
23:38:25.0948 3268  UserName: ***
23:38:25.0948 3268  Windows directory: C:\Windows
23:38:25.0948 3268  System windows directory: C:\Windows
23:38:25.0948 3268  Processor architecture: Intel x86
23:38:25.0948 3268  Number of processors: 4
23:38:25.0949 3268  Page size: 0x1000
23:38:25.0949 3268  Boot type: Normal boot
23:38:25.0949 3268  ============================================================
23:38:27.0284 3268  Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:38:27.0298 3268  ============================================================
23:38:27.0298 3268  \Device\Harddisk0\DR0:
23:38:27.0298 3268  MBR partitions:
23:38:27.0298 3268  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
23:38:27.0298 3268  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xAEA54800
23:38:27.0298 3268  ============================================================
23:38:27.0459 3268  C: <-> \Device\Harddisk0\DR0\Partition2
23:38:27.0464 3268  ============================================================
23:38:27.0464 3268  Initialize success
23:38:27.0464 3268  ============================================================
23:40:15.0907 1980  ============================================================
23:40:15.0907 1980  Scan started
23:40:15.0907 1980  Mode: Manual; SigCheck; TDLFS;
23:40:15.0907 1980  ============================================================
23:40:19.0444 1980  ================ Scan system memory ========================
23:40:19.0444 1980  System memory - ok
23:40:19.0444 1980  ================ Scan services =============================
23:40:19.0589 1980  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
23:40:19.0844 1980  1394ohci - ok
23:40:19.0889 1980  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
23:40:19.0924 1980  ACPI - ok
23:40:19.0964 1980  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi        C:\Windows\system32\drivers\acpipmi.sys
23:40:20.0054 1980  AcpiPmi - ok
23:40:20.0159 1980  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
23:40:20.0189 1980  AdobeARMservice - ok
23:40:20.0254 1980  [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:40:20.0284 1980  AdobeFlashPlayerUpdateSvc - ok
23:40:20.0324 1980  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx        C:\Windows\system32\DRIVERS\adp94xx.sys
23:40:20.0359 1980  adp94xx - ok
23:40:20.0379 1980  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci        C:\Windows\system32\DRIVERS\adpahci.sys
23:40:20.0399 1980  adpahci - ok
23:40:20.0419 1980  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320        C:\Windows\system32\DRIVERS\adpu320.sys
23:40:20.0434 1980  adpu320 - ok
23:40:20.0464 1980  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
23:40:20.0569 1980  AeLookupSvc - ok
23:40:20.0629 1980  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD            C:\Windows\system32\drivers\afd.sys
23:40:20.0724 1980  AFD - ok
23:40:20.0754 1980  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
23:40:20.0769 1980  agp440 - ok
23:40:20.0789 1980  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx        C:\Windows\system32\DRIVERS\djsvs.sys
23:40:20.0809 1980  aic78xx - ok
23:40:20.0894 1980  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG            C:\Windows\System32\alg.exe
23:40:20.0959 1980  ALG - ok
23:40:20.0979 1980  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
23:40:20.0994 1980  aliide - ok
23:40:21.0024 1980  [ 446A5644046B7C59C07221742C821A16 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
23:40:21.0119 1980  AMD External Events Utility - ok
23:40:21.0134 1980  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
23:40:21.0149 1980  amdagp - ok
23:40:21.0179 1980  [ 211FCE336502911EC03FC15A91344C98 ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
23:40:21.0219 1980  amdide - ok
23:40:21.0239 1980  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8          C:\Windows\system32\DRIVERS\amdk8.sys
23:40:21.0269 1980  AmdK8 - ok
23:40:21.0504 1980  [ 8B37D7DBF153CF029141C8D82B3F53BA ] amdkmdag        C:\Windows\system32\DRIVERS\atipmdag.sys
23:40:21.0579 1980  amdkmdag - ok
23:40:21.0609 1980  [ 2A20C0B5CFE4CFF706856A7B1BF14D72 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
23:40:21.0634 1980  amdkmdap - ok
23:40:21.0664 1980  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
23:40:21.0689 1980  AmdPPM - ok
23:40:21.0709 1980  [ 6F64C768A9A48FAB7C6D6CEE1B30F97F ] amdsata        C:\Windows\system32\DRIVERS\amdsata.sys
23:40:21.0714 1980  amdsata - ok
23:40:21.0719 1980  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
23:40:21.0729 1980  amdsbs - ok
23:40:21.0754 1980  [ E27866684780606BCCE640A57937D88A ] amdxata        C:\Windows\system32\DRIVERS\amdxata.sys
23:40:21.0759 1980  amdxata - ok
23:40:21.0859 1980  [ 6ACC11E9D2F01C88251123D26C1C5489 ] AntiVirFirewallService C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
23:40:21.0889 1980  AntiVirFirewallService - ok
23:40:21.0939 1980  [ B7FA28AEFA586FB5A04876C7B31D03E6 ] AntiVirMailService C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
23:40:21.0954 1980  AntiVirMailService - ok
23:40:22.0009 1980  [ 2E35310D600F4CC64624786A813A041E ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
23:40:22.0034 1980  AntiVirSchedulerService - ok
23:40:22.0094 1980  [ 984102B9E2F6513008ED4E0C5AC4151D ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
23:40:22.0124 1980  AntiVirService - ok
23:40:22.0179 1980  [ 9BC7247FD7379307BCFF92CF8EB64B87 ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
23:40:22.0214 1980  AntiVirWebService - ok
23:40:22.0239 1980  [ AEA177F783E20150ACE5383EE368DA19 ] AppID          C:\Windows\system32\drivers\appid.sys
23:40:22.0354 1980  AppID - ok
23:40:22.0389 1980  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
23:40:22.0449 1980  AppIDSvc - ok
23:40:22.0479 1980  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo        C:\Windows\System32\appinfo.dll
23:40:22.0519 1980  Appinfo - ok
23:40:22.0574 1980  [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:40:22.0594 1980  Apple Mobile Device - ok
23:40:22.0609 1980  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc            C:\Windows\system32\DRIVERS\arc.sys
23:40:22.0624 1980  arc - ok
23:40:22.0629 1980  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
23:40:22.0639 1980  arcsas - ok
23:40:22.0654 1980  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
23:40:22.0749 1980  AsyncMac - ok
23:40:22.0789 1980  [ 338C86357871C167A96AB976519BF59E ] atapi          C:\Windows\system32\drivers\atapi.sys
23:40:22.0804 1980  atapi - ok
23:40:22.0849 1980  [ 430449D04B05348879244C9090D405B4 ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
23:40:22.0894 1980  AtiHdmiService - ok
23:40:22.0929 1980  [ B73C832088DD54B55E04FF6F9646AD8C ] AtiPcie        C:\Windows\system32\DRIVERS\AtiPcie.sys
23:40:22.0949 1980  AtiPcie - ok
23:40:22.0984 1980  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:40:23.0049 1980  AudioEndpointBuilder - ok
23:40:23.0059 1980  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
23:40:23.0084 1980  Audiosrv - ok
23:40:23.0125 1980  [ E6263CDD0EF3B98CFA2A251A21D8BE2E ] avfwim          C:\Windows\system32\DRIVERS\avfwim.sys
23:40:23.0130 1980  avfwim - ok
23:40:23.0180 1980  [ 48929A52C039738C3193581F7FC483A5 ] avfwot          C:\Windows\system32\DRIVERS\avfwot.sys
23:40:23.0215 1980  avfwot - ok
23:40:23.0260 1980  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
23:40:23.0285 1980  avgntflt - ok
23:40:23.0325 1980  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
23:40:23.0345 1980  avipbb - ok
23:40:23.0360 1980  [ 53E56450DA16A1A7F0D002F511113F67 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
23:40:23.0375 1980  avkmgr - ok
23:40:23.0425 1980  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
23:40:23.0500 1980  AxInstSV - ok
23:40:23.0510 1980  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv        C:\Windows\system32\DRIVERS\bxvbdx.sys
23:40:23.0590 1980  b06bdrv - ok
23:40:23.0620 1980  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
23:40:23.0650 1980  b57nd60x - ok
23:40:23.0700 1980  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
23:40:23.0810 1980  BDESVC - ok
23:40:23.0835 1980  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
23:40:23.0875 1980  Beep - ok
23:40:23.0925 1980  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE            C:\Windows\System32\bfe.dll
23:40:23.0970 1980  BFE - ok
23:40:24.0005 1980  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
23:40:24.0040 1980  BITS - ok
23:40:24.0050 1980  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
23:40:24.0075 1980  blbdrive - ok
23:40:24.0150 1980  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:40:24.0185 1980  Bonjour Service - ok
23:40:24.0210 1980  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
23:40:24.0270 1980  bowser - ok
23:40:24.0285 1980  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:40:24.0360 1980  BrFiltLo - ok
23:40:24.0380 1980  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:40:24.0440 1980  BrFiltUp - ok
23:40:24.0475 1980  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser        C:\Windows\System32\browser.dll
23:40:24.0550 1980  Browser - ok
23:40:24.0565 1980  [ 845B8CE732E67F3B4133164868C666EA ] Brserid        C:\Windows\System32\Drivers\Brserid.sys
23:40:24.0635 1980  Brserid - ok
23:40:24.0655 1980  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
23:40:24.0675 1980  BrSerWdm - ok
23:40:24.0685 1980  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
23:40:24.0710 1980  BrUsbMdm - ok
23:40:24.0715 1980  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
23:40:24.0725 1980  BrUsbSer - ok
23:40:24.0775 1980  [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum        C:\Windows\system32\drivers\BthEnum.sys
23:40:24.0840 1980  BthEnum - ok
23:40:24.0845 1980  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
23:40:24.0870 1980  BTHMODEM - ok
23:40:24.0905 1980  [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
23:40:24.0935 1980  BthPan - ok
23:40:24.0970 1980  [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT        C:\Windows\System32\Drivers\BTHport.sys
23:40:25.0015 1980  BTHPORT - ok
23:40:25.0030 1980  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv        C:\Windows\system32\bthserv.dll
23:40:25.0055 1980  bthserv - ok
23:40:25.0080 1980  [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
23:40:25.0105 1980  BTHUSB - ok
23:40:25.0120 1980  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
23:40:25.0165 1980  cdfs - ok
23:40:25.0205 1980  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
23:40:25.0250 1980  cdrom - ok
23:40:25.0290 1980  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc    C:\Windows\System32\certprop.dll
23:40:25.0360 1980  CertPropSvc - ok
23:40:25.0375 1980  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
23:40:25.0395 1980  circlass - ok
23:40:25.0415 1980  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
23:40:25.0430 1980  CLFS - ok
23:40:25.0475 1980  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:40:25.0500 1980  clr_optimization_v2.0.50727_32 - ok
23:40:25.0555 1980  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:40:25.0586 1980  clr_optimization_v4.0.30319_32 - ok
23:40:25.0602 1980  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
23:40:25.0643 1980  CmBatt - ok
23:40:25.0663 1980  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
23:40:25.0673 1980  cmdide - ok
23:40:25.0713 1980  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG            C:\Windows\system32\Drivers\cng.sys
23:40:25.0763 1980  CNG - ok
23:40:25.0778 1980  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
23:40:25.0788 1980  Compbatt - ok
23:40:25.0818 1980  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
23:40:25.0838 1980  CompositeBus - ok
23:40:25.0843 1980  COMSysApp - ok
23:40:25.0933 1980  cpuz132 - ok
23:40:25.0938 1980  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk        C:\Windows\system32\DRIVERS\crcdisk.sys
23:40:25.0963 1980  crcdisk - ok
23:40:26.0003 1980  [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
23:40:26.0063 1980  CryptSvc - ok
23:40:26.0148 1980  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
23:40:26.0198 1980  DcomLaunch - ok
23:40:26.0223 1980  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc      C:\Windows\System32\defragsvc.dll
23:40:26.0253 1980  defragsvc - ok
23:40:26.0263 1980  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
23:40:26.0323 1980  DfsC - ok
23:40:26.0353 1980  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
23:40:26.0388 1980  Dhcp - ok
23:40:26.0403 1980  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
23:40:26.0428 1980  discache - ok
23:40:26.0433 1980  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
23:40:26.0443 1980  Disk - ok
23:40:26.0478 1980  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
23:40:26.0493 1980  Dnscache - ok
23:40:26.0513 1980  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc        C:\Windows\System32\dot3svc.dll
23:40:26.0533 1980  dot3svc - ok
23:40:26.0548 1980  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS            C:\Windows\system32\dps.dll
23:40:26.0593 1980  DPS - ok
23:40:26.0623 1980  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
23:40:26.0638 1980  drmkaud - ok
23:40:26.0673 1980  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
23:40:26.0713 1980  DXGKrnl - ok
23:40:26.0758 1980  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost        C:\Windows\System32\eapsvc.dll
23:40:26.0813 1980  EapHost - ok
23:40:26.0893 1980  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv          C:\Windows\system32\DRIVERS\evbdx.sys
23:40:27.0013 1980  ebdrv - ok
23:40:27.0033 1980  [ 81951F51E318AECC2D68559E47485CC4 ] EFS            C:\Windows\System32\lsass.exe
23:40:27.0098 1980  EFS - ok
23:40:27.0153 1980  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
23:40:27.0233 1980  ehRecvr - ok
23:40:27.0253 1980  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched        C:\Windows\ehome\ehsched.exe
23:40:27.0308 1980  ehSched - ok
23:40:27.0328 1980  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor        C:\Windows\system32\DRIVERS\elxstor.sys
23:40:27.0353 1980  elxstor - ok
23:40:27.0378 1980  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
23:40:27.0418 1980  ErrDev - ok
23:40:27.0448 1980  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem    C:\Windows\system32\es.dll
23:40:27.0483 1980  EventSystem - ok
23:40:27.0503 1980  [ 2DC9108D74081149CC8B651D3A26207F ] exfat          C:\Windows\system32\drivers\exfat.sys
23:40:27.0558 1980  exfat - ok
23:40:27.0573 1980  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat        C:\Windows\system32\drivers\fastfat.sys
23:40:27.0603 1980  fastfat - ok
23:40:27.0623 1980  [ 967EA5B213E9984CBE270205DF37755B ] Fax            C:\Windows\system32\fxssvc.exe
23:40:27.0654 1980  Fax - ok
23:40:27.0654 1980  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
23:40:27.0669 1980  fdc - ok
23:40:27.0684 1980  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost        C:\Windows\system32\fdPHost.dll
23:40:27.0719 1980  fdPHost - ok
23:40:27.0739 1980  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
23:40:27.0764 1980  FDResPub - ok
23:40:27.0779 1980  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
23:40:27.0789 1980  FileInfo - ok
23:40:27.0794 1980  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
23:40:27.0814 1980  Filetrace - ok
23:40:27.0854 1980  [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
23:40:27.0899 1980  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
23:40:27.0899 1980  FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
23:40:27.0904 1980  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
23:40:27.0919 1980  flpydisk - ok
23:40:27.0939 1980  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
23:40:27.0959 1980  FltMgr - ok
23:40:28.0014 1980  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache      C:\Windows\system32\FntCache.dll
23:40:28.0115 1980  FontCache - ok
23:40:28.0165 1980  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:40:28.0190 1980  FontCache3.0.0.0 - ok
23:40:28.0195 1980  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
23:40:28.0210 1980  FsDepends - ok
23:40:28.0245 1980  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
23:40:28.0260 1980  Fs_Rec - ok
23:40:28.0295 1980  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
23:40:28.0330 1980  fvevol - ok
23:40:28.0335 1980  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
23:40:28.0345 1980  gagp30kx - ok
23:40:28.0380 1980  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM    C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:40:28.0400 1980  GEARAspiWDM - ok
23:40:28.0455 1980  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc          C:\Windows\System32\gpsvc.dll
23:40:28.0505 1980  gpsvc - ok
23:40:28.0570 1980  [ F02A533F517EB38333CB12A9E8963773 ] gupdate        C:\Program Files\Google\Update\GoogleUpdate.exe
23:40:28.0595 1980  gupdate - ok
23:40:28.0605 1980  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
23:40:28.0620 1980  gupdatem - ok
23:40:28.0625 1980  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
23:40:28.0675 1980  hcw85cir - ok
23:40:28.0740 1980  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:40:28.0800 1980  HdAudAddService - ok
23:40:28.0825 1980  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
23:40:28.0855 1980  HDAudBus - ok
23:40:28.0870 1980  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt        C:\Windows\system32\DRIVERS\HidBatt.sys
23:40:28.0900 1980  HidBatt - ok
23:40:28.0905 1980  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
23:40:28.0930 1980  HidBth - ok
23:40:28.0945 1980  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr          C:\Windows\system32\DRIVERS\hidir.sys
23:40:28.0960 1980  HidIr - ok
23:40:28.0975 1980  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv        C:\Windows\system32\hidserv.dll
23:40:29.0000 1980  hidserv - ok
23:40:29.0010 1980  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
23:40:29.0020 1980  HidUsb - ok
23:40:29.0050 1980  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
23:40:29.0080 1980  hkmsvc - ok
23:40:29.0120 1980  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:40:29.0155 1980  HomeGroupListener - ok
23:40:29.0180 1980  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:40:29.0200 1980  HomeGroupProvider - ok
23:40:29.0220 1980  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
23:40:29.0240 1980  HpSAMD - ok
23:40:29.0280 1980  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
23:40:29.0330 1980  HTTP - ok
23:40:29.0350 1980  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
23:40:29.0360 1980  hwpolicy - ok
23:40:29.0385 1980  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
23:40:29.0395 1980  i8042prt - ok
23:40:29.0415 1980  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV        C:\Windows\system32\drivers\iaStorV.sys
23:40:29.0430 1980  iaStorV - ok
23:40:29.0505 1980  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
23:40:29.0525 1980  IDriverT ( UnsignedFile.Multi.Generic ) - warning
23:40:29.0525 1980  IDriverT - detected UnsignedFile.Multi.Generic (1)
23:40:29.0595 1980  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc          C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:40:29.0650 1980  idsvc - ok
23:40:29.0670 1980  [ 4173FF5708F3236CF25195FECD742915 ] iirsp          C:\Windows\system32\DRIVERS\iirsp.sys
23:40:29.0675 1980  iirsp - ok
23:40:29.0695 1980  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
23:40:29.0725 1980  IKEEXT - ok
23:40:29.0830 1980  [ 97FA95E4F486F37D60AD3744D86F3D7E ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
23:40:29.0930 1980  IntcAzAudAddService - ok
23:40:29.0940 1980  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
23:40:29.0950 1980  intelide - ok
23:40:29.0970 1980  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
23:40:29.0995 1980  intelppm - ok
23:40:30.0010 1980  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
23:40:30.0040 1980  IPBusEnum - ok
23:40:30.0055 1980  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:40:30.0090 1980  IpFilterDriver - ok
23:40:30.0105 1980  [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
23:40:30.0130 1980  iphlpsvc - ok
23:40:30.0145 1980  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV        C:\Windows\system32\drivers\IPMIDrv.sys
23:40:30.0170 1980  IPMIDRV - ok
23:40:30.0190 1980  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
23:40:30.0250 1980  IPNAT - ok
23:40:30.0320 1980  [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
23:40:30.0355 1980  iPod Service - ok
23:40:30.0375 1980  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
23:40:30.0435 1980  IRENUM - ok
23:40:30.0455 1980  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
23:40:30.0485 1980  isapnp - ok
23:40:30.0500 1980  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
23:40:30.0520 1980  iScsiPrt - ok
23:40:30.0540 1980  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
23:40:30.0555 1980  kbdclass - ok
23:40:30.0580 1980  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
23:40:30.0630 1980  kbdhid - ok
23:40:30.0640 1980  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
23:40:30.0665 1980  KeyIso - ok
23:40:30.0695 1980  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
23:40:30.0710 1980  KSecDD - ok
23:40:30.0725 1980  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
23:40:30.0745 1980  KSecPkg - ok
23:40:30.0770 1980  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm          C:\Windows\system32\msdtckrm.dll
23:40:30.0800 1980  KtmRm - ok
23:40:30.0840 1980  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
23:40:30.0890 1980  LanmanServer - ok
23:40:30.0900 1980  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:40:30.0935 1980  LanmanWorkstation - ok
23:40:30.0950 1980  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
23:40:30.0970 1980  lltdio - ok
23:40:31.0000 1980  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc        C:\Windows\System32\lltdsvc.dll
23:40:31.0040 1980  lltdsvc - ok
23:40:31.0060 1980  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts        C:\Windows\System32\lmhsvc.dll
23:40:31.0080 1980  lmhosts - ok
23:40:31.0095 1980  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
23:40:31.0105 1980  LSI_FC - ok
23:40:31.0120 1980  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS        C:\Windows\system32\DRIVERS\lsi_sas.sys
23:40:31.0130 1980  LSI_SAS - ok
23:40:31.0150 1980  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:40:31.0160 1980  LSI_SAS2 - ok
23:40:31.0165 1980  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:40:31.0175 1980  LSI_SCSI - ok
23:40:31.0180 1980  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv          C:\Windows\system32\drivers\luafv.sys
23:40:31.0200 1980  luafv - ok
23:40:31.0225 1980  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
23:40:31.0235 1980  Mcx2Svc - ok
23:40:31.0250 1980  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas        C:\Windows\system32\DRIVERS\megasas.sys
23:40:31.0260 1980  megasas - ok
23:40:31.0280 1980  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
23:40:31.0295 1980  MegaSR - ok
23:40:31.0305 1980  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS          C:\Windows\system32\mmcss.dll
23:40:31.0355 1980  MMCSS - ok
23:40:31.0400 1980  [ F001861E5700EE84E2D4E52C712F4964 ] Modem          C:\Windows\system32\drivers\modem.sys
23:40:31.0480 1980  Modem - ok
23:40:31.0490 1980  [ 79D10964DE86B292320E9DFE02282A23 ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
23:40:31.0515 1980  monitor - ok
23:40:31.0545 1980  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
23:40:31.0560 1980  mouclass - ok
23:40:31.0570 1980  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
23:40:31.0590 1980  mouhid - ok
23:40:31.0625 1980  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
23:40:31.0655 1980  mountmgr - ok
23:40:31.0735 1980  [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
23:40:31.0755 1980  MozillaMaintenance - ok
23:40:31.0775 1980  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
23:40:31.0790 1980  mpio - ok
23:40:31.0795 1980  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
23:40:31.0825 1980  mpsdrv - ok
23:40:31.0860 1980  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
23:40:31.0920 1980  MpsSvc - ok
23:40:31.0930 1980  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
23:40:31.0945 1980  MRxDAV - ok
23:40:31.0975 1980  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
23:40:32.0050 1980  mrxsmb - ok
23:40:32.0090 1980  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:40:32.0126 1980  mrxsmb10 - ok
23:40:32.0146 1980  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:40:32.0181 1980  mrxsmb20 - ok
23:40:32.0191 1980  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
23:40:32.0226 1980  msahci - ok
23:40:32.0246 1980  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
23:40:32.0261 1980  msdsm - ok
23:40:32.0281 1980  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC          C:\Windows\System32\msdtc.exe
23:40:32.0316 1980  MSDTC - ok
23:40:32.0351 1980  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
23:40:32.0376 1980  Msfs - ok
23:40:32.0391 1980  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
23:40:32.0411 1980  mshidkmdf - ok
23:40:32.0416 1980  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
23:40:32.0426 1980  msisadrv - ok
23:40:32.0441 1980  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
23:40:32.0476 1980  MSiSCSI - ok
23:40:32.0476 1980  msiserver - ok
23:40:32.0501 1980  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
23:40:32.0531 1980  MSKSSRV - ok
23:40:32.0566 1980  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
23:40:32.0591 1980  MSPCLOCK - ok
23:40:32.0596 1980  [ F456E973590D663B1073E9C463B40932 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
23:40:32.0611 1980  MSPQM - ok
23:40:32.0631 1980  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
23:40:32.0641 1980  MsRPC - ok
23:40:32.0661 1980  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
23:40:32.0666 1980  mssmbios - ok
23:40:32.0681 1980  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
23:40:32.0701 1980  MSTEE - ok
23:40:32.0721 1980  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
23:40:32.0726 1980  MTConfig - ok
23:40:32.0741 1980  [ 159FAD02F64E6381758C990F753BCC80 ] Mup            C:\Windows\system32\Drivers\mup.sys
23:40:32.0746 1980  Mup - ok
23:40:32.0761 1980  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
23:40:32.0786 1980  napagent - ok
23:40:32.0811 1980  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
23:40:32.0826 1980  NativeWifiP - ok
23:40:32.0876 1980  [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS            C:\Windows\system32\drivers\ndis.sys
23:40:32.0921 1980  NDIS - ok
23:40:32.0936 1980  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
23:40:32.0961 1980  NdisCap - ok
23:40:32.0976 1980  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
23:40:32.0991 1980  NdisTapi - ok
23:40:33.0031 1980  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
23:40:33.0071 1980  Ndisuio - ok
23:40:33.0106 1980  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
23:40:33.0136 1980  NdisWan - ok
23:40:33.0166 1980  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
23:40:33.0186 1980  NDProxy - ok
23:40:33.0196 1980  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
23:40:33.0216 1980  NetBIOS - ok
23:40:33.0241 1980  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
23:40:33.0276 1980  NetBT - ok
23:40:33.0281 1980  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
23:40:33.0291 1980  Netlogon - ok
23:40:33.0411 1980  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
23:40:33.0491 1980  Netman - ok
23:40:33.0511 1980  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
23:40:33.0536 1980  netprofm - ok
23:40:33.0566 1980  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:40:33.0571 1980  NetTcpPortSharing - ok
23:40:33.0586 1980  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960        C:\Windows\system32\DRIVERS\nfrd960.sys
23:40:33.0596 1980  nfrd960 - ok
23:40:33.0616 1980  [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc          C:\Windows\System32\nlasvc.dll
23:40:33.0641 1980  NlaSvc - ok
23:40:33.0656 1980  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
23:40:33.0676 1980  Npfs - ok
23:40:33.0701 1980  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi            C:\Windows\system32\nsisvc.dll
23:40:33.0726 1980  nsi - ok
23:40:33.0736 1980  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
23:40:33.0751 1980  nsiproxy - ok
23:40:33.0811 1980  [ 81189C3D7763838E55C397759D49007A ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
23:40:33.0886 1980  Ntfs - ok
23:40:33.0896 1980  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
23:40:33.0916 1980  Null - ok
23:40:33.0951 1980  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
23:40:33.0961 1980  nvraid - ok
23:40:33.0976 1980  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
23:40:33.0986 1980  nvstor - ok
23:40:34.0001 1980  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
23:40:34.0011 1980  nv_agp - ok
23:40:34.0096 1980  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:40:34.0126 1980  odserv - ok
23:40:34.0156 1980  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
23:40:34.0176 1980  ohci1394 - ok
23:40:34.0191 1980  [ 5A432A042DAE460ABE7199B758E8606C ] ose            C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:40:34.0206 1980  ose - ok
23:40:34.0221 1980  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
23:40:34.0311 1980  p2pimsvc - ok
23:40:34.0331 1980  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
23:40:34.0366 1980  p2psvc - ok
23:40:34.0411 1980  [ 803CF09C795290825607505D37819135 ] PalmUSBD        C:\Windows\system32\drivers\PalmUSBD.sys
23:40:34.0456 1980  PalmUSBD - ok
23:40:34.0471 1980  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport        C:\Windows\system32\DRIVERS\parport.sys
23:40:34.0486 1980  Parport - ok
23:40:34.0511 1980  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr        C:\Windows\system32\drivers\partmgr.sys
23:40:34.0526 1980  partmgr - ok
23:40:34.0551 1980  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
23:40:34.0566 1980  Parvdm - ok
23:40:34.0581 1980  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
23:40:34.0606 1980  PcaSvc - ok
23:40:34.0621 1980  [ 673E55C3498EB970088E812EA820AA8F ] pci            C:\Windows\system32\drivers\pci.sys
23:40:34.0641 1980  pci - ok
23:40:34.0681 1980  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
23:40:34.0696 1980  pciide - ok
23:40:34.0721 1980  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
23:40:34.0741 1980  pcmcia - ok
23:40:34.0751 1980  [ 250F6B43D2B613172035C6747AEEB19F ] pcw            C:\Windows\system32\drivers\pcw.sys
23:40:34.0761 1980  pcw - ok
23:40:34.0781 1980  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
23:40:34.0806 1980  PEAUTH - ok
23:40:34.0886 1980  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla            C:\Windows\system32\pla.dll
23:40:34.0961 1980  pla - ok
23:40:35.0006 1980  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
23:40:35.0066 1980  PlugPlay - ok
23:40:35.0076 1980  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
23:40:35.0091 1980  PNRPAutoReg - ok
23:40:35.0101 1980  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
23:40:35.0111 1980  PNRPsvc - ok
23:40:35.0131 1980  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
23:40:35.0161 1980  PolicyAgent - ok
23:40:35.0196 1980  [ F87D30E72E03D579A5199CCB3831D6EA ] Power          C:\Windows\system32\umpo.dll
23:40:35.0226 1980  Power - ok
23:40:35.0256 1980  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
23:40:35.0321 1980  PptpMiniport - ok
23:40:35.0336 1980  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor      C:\Windows\system32\DRIVERS\processr.sys
23:40:35.0356 1980  Processor - ok
23:40:35.0401 1980  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc        C:\Windows\system32\profsvc.dll
23:40:35.0471 1980  ProfSvc - ok
23:40:35.0476 1980  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:40:35.0501 1980  ProtectedStorage - ok
23:40:35.0526 1980  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
23:40:35.0556 1980  Psched - ok
23:40:35.0596 1980  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
23:40:35.0626 1980  ql2300 - ok
23:40:35.0631 1980  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
23:40:35.0641 1980  ql40xx - ok
23:40:35.0671 1980  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE          C:\Windows\system32\qwave.dll
23:40:35.0706 1980  QWAVE - ok
23:40:35.0716 1980  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
23:40:35.0736 1980  QWAVEdrv - ok
23:40:35.0736 1980  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
23:40:35.0771 1980  RasAcd - ok
23:40:35.0786 1980  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn    C:\Windows\system32\DRIVERS\AgileVpn.sys
23:40:35.0821 1980  RasAgileVpn - ok
23:40:35.0821 1980  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto        C:\Windows\System32\rasauto.dll
23:40:35.0853 1980  RasAuto - ok
23:40:35.0853 1980  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
23:40:35.0888 1980  Rasl2tp - ok
23:40:35.0933 1980  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
23:40:35.0963 1980  RasMan - ok
23:40:35.0983 1980  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
23:40:36.0013 1980  RasPppoe - ok
23:40:36.0023 1980  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
23:40:36.0053 1980  RasSstp - ok
23:40:36.0068 1980  [ D528BC58A489409BA40334EBF96A311B ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
23:40:36.0098 1980  rdbss - ok
23:40:36.0113 1980  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
23:40:36.0128 1980  rdpbus - ok
23:40:36.0158 1980  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
23:40:36.0178 1980  RDPCDD - ok
23:40:36.0193 1980  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
23:40:36.0213 1980  RDPENCDD - ok
23:40:36.0228 1980  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
23:40:36.0243 1980  RDPREFMP - ok
23:40:36.0283 1980  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
23:40:36.0348 1980  RDPWD - ok
23:40:36.0398 1980  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
23:40:36.0453 1980  rdyboost - ok
23:40:36.0473 1980  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
23:40:36.0498 1980  RemoteAccess - ok
23:40:36.0518 1980  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
23:40:36.0538 1980  RemoteRegistry - ok
23:40:36.0578 1980  [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
23:40:36.0618 1980  RFCOMM - ok
23:40:36.0658 1980  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
23:40:36.0713 1980  RpcEptMapper - ok
23:40:36.0733 1980  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
23:40:36.0748 1980  RpcLocator - ok
23:40:36.0768 1980  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs          C:\Windows\system32\rpcss.dll
23:40:36.0788 1980  RpcSs - ok
23:40:36.0798 1980  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
23:40:36.0833 1980  rspndr - ok
23:40:36.0868 1980  [ BCEBD5D1AABCE4EFB7597635E347C44B ] RTL8167        C:\Windows\system32\DRIVERS\Rt86win7.sys
23:40:36.0938 1980  RTL8167 - ok
23:40:36.0968 1980  [ 51ADEF77E4C929535FD50DA153774E79 ] RTL8192su      C:\Windows\system32\DRIVERS\RTL8192su.sys
23:40:37.0003 1980  RTL8192su - ok
23:40:37.0028 1980  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs          C:\Windows\system32\lsass.exe
23:40:37.0038 1980  SamSs - ok
23:40:37.0068 1980  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
23:40:37.0078 1980  sbp2port - ok
23:40:37.0098 1980  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
23:40:37.0123 1980  SCardSvr - ok
23:40:37.0128 1980  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
23:40:37.0148 1980  scfilter - ok
23:40:37.0188 1980  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
23:40:37.0223 1980  Schedule - ok
23:40:37.0238 1980  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc    C:\Windows\System32\certprop.dll
23:40:37.0258 1980  SCPolicySvc - ok
23:40:37.0293 1980  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
23:40:37.0378 1980  SDRSVC - ok
23:40:37.0393 1980  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
23:40:37.0418 1980  secdrv - ok
23:40:37.0433 1980  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
23:40:37.0468 1980  seclogon - ok
23:40:37.0488 1980  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
23:40:37.0543 1980  SENS - ok
23:40:37.0558 1980  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
23:40:37.0633 1980  SensrSvc - ok
23:40:37.0653 1980  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum        C:\Windows\system32\DRIVERS\serenum.sys
23:40:37.0683 1980  Serenum - ok
23:40:37.0698 1980  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
23:40:37.0718 1980  Serial - ok
23:40:37.0728 1980  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
23:40:37.0743 1980  sermouse - ok
23:40:37.0788 1980  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
23:40:37.0818 1980  SessionEnv - ok
23:40:37.0848 1980  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
23:40:37.0893 1980  sffdisk - ok
23:40:37.0923 1980  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
23:40:37.0968 1980  sffp_mmc - ok
23:40:37.0983 1980  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
23:40:37.0998 1980  sffp_sd - ok
23:40:38.0018 1980  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy        C:\Windows\system32\DRIVERS\sfloppy.sys
23:40:38.0038 1980  sfloppy - ok
23:40:38.0058 1980  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
23:40:38.0083 1980  SharedAccess - ok
23:40:38.0118 1980  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:40:38.0138 1980  ShellHWDetection - ok
23:40:38.0158 1980  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
23:40:38.0168 1980  sisagp - ok
23:40:38.0183 1980  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:40:38.0193 1980  SiSRaid2 - ok
23:40:38.0203 1980  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
23:40:38.0213 1980  SiSRaid4 - ok
23:40:38.0253 1980  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate    C:\Program Files\Skype\Updater\Updater.exe
23:40:38.0283 1980  SkypeUpdate - ok
23:40:38.0303 1980  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb            C:\Windows\system32\DRIVERS\smb.sys
23:40:38.0328 1980  Smb - ok
23:40:38.0333 1980  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
23:40:38.0348 1980  SNMPTRAP - ok
23:40:38.0363 1980  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr          C:\Windows\system32\drivers\spldr.sys
23:40:38.0373 1980  spldr - ok
23:40:38.0398 1980  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler        C:\Windows\System32\spoolsv.exe
23:40:38.0453 1980  Spooler - ok
23:40:38.0553 1980  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
23:40:38.0638 1980  sppsvc - ok
23:40:38.0668 1980  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify    C:\Windows\system32\sppuinotify.dll
23:40:38.0743 1980  sppuinotify - ok
23:40:38.0773 1980  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv            C:\Windows\system32\DRIVERS\srv.sys
23:40:38.0838 1980  srv - ok
23:40:38.0858 1980  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
23:40:38.0873 1980  srv2 - ok
23:40:38.0888 1980  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
23:40:38.0908 1980  srvnet - ok
23:40:38.0928 1980  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
23:40:38.0958 1980  SSDPSRV - ok
23:40:38.0988 1980  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
23:40:38.0993 1980  ssmdrv - ok
23:40:39.0003 1980  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc        C:\Windows\system32\sstpsvc.dll
23:40:39.0023 1980  SstpSvc - ok
23:40:39.0038 1980  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
23:40:39.0048 1980  stexstor - ok
23:40:39.0083 1980  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
23:40:39.0103 1980  StiSvc - ok
23:40:39.0128 1980  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
23:40:39.0133 1980  swenum - ok
23:40:39.0153 1980  [ A28BD92DF340E57B024BA433165D34D7 ] swprv          C:\Windows\System32\swprv.dll
23:40:39.0178 1980  swprv - ok
23:40:39.0223 1980  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain        C:\Windows\system32\sysmain.dll
23:40:39.0273 1980  SysMain - ok
23:40:39.0283 1980  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:40:39.0308 1980  TabletInputService - ok
23:40:39.0343 1980  [ 613BF4820361543956909043A265C6AC ] TapiSrv        C:\Windows\System32\tapisrv.dll
23:40:39.0363 1980  TapiSrv - ok
23:40:39.0383 1980  [ B799D9FDB26111737F58288D8DC172D9 ] TBS            C:\Windows\System32\tbssvc.dll
23:40:39.0418 1980  TBS - ok
23:40:39.0478 1980  [ 7FA2E0F8B072BD04B77B421480B6CC22 ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
23:40:39.0533 1980  Tcpip - ok
23:40:39.0553 1980  [ 7FA2E0F8B072BD04B77B421480B6CC22 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
23:40:39.0578 1980  TCPIP6 - ok
23:40:39.0583 1980  [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
23:40:39.0603 1980  tcpipreg - ok
23:40:39.0633 1980  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
23:40:39.0683 1980  TDPIPE - ok
23:40:39.0708 1980  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
23:40:39.0753 1980  TDTCP - ok
23:40:39.0783 1980  [ B459575348C20E8121D6039DA063C704 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
23:40:39.0828 1980  tdx - ok
23:40:39.0838 1980  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
23:40:39.0848 1980  TermDD - ok
23:40:39.0883 1980  [ 382C804C92811BE57829D8E550A900E2 ] TermService    C:\Windows\System32\termsrv.dll
23:40:39.0908 1980  TermService - ok
23:40:39.0928 1980  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
23:40:39.0938 1980  Themes - ok
23:40:39.0954 1980  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER    C:\Windows\system32\mmcss.dll
23:40:39.0969 1980  THREADORDER - ok
23:40:40.0005 1980  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
23:40:40.0025 1980  TrkWks - ok
23:40:40.0080 1980  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:40:40.0150 1980  TrustedInstaller - ok
23:40:40.0170 1980  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
23:40:40.0210 1980  tssecsrv - ok
23:40:40.0245 1980  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
23:40:40.0300 1980  TsUsbFlt - ok
23:40:40.0340 1980  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
23:40:40.0385 1980  tunnel - ok
23:40:40.0405 1980  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
23:40:40.0410 1980  uagp35 - ok
23:40:40.0435 1980  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
23:40:40.0455 1980  udfs - ok
23:40:40.0480 1980  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
23:40:40.0520 1980  UI0Detect - ok
23:40:40.0550 1980  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
23:40:40.0570 1980  uliagpkx - ok
23:40:40.0590 1980  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus          C:\Windows\system32\drivers\umbus.sys
23:40:40.0605 1980  umbus - ok
23:40:40.0625 1980  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
23:40:40.0640 1980  UmPass - ok
23:40:40.0660 1980  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
23:40:40.0690 1980  upnphost - ok
23:40:40.0720 1980  [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL        C:\Windows\system32\Drivers\usbaapl.sys
23:40:40.0740 1980  USBAAPL - ok
23:40:40.0755 1980  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
23:40:40.0770 1980  usbccgp - ok
23:40:40.0810 1980  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
23:40:40.0855 1980  usbcir - ok
23:40:40.0865 1980  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci        C:\Windows\system32\DRIVERS\usbehci.sys
23:40:40.0875 1980  usbehci - ok
23:40:40.0895 1980  [ 19999CA8E83F16D271AFC467B84718D7 ] usbfilter      C:\Windows\system32\DRIVERS\usbfilter.sys
23:40:40.0905 1980  usbfilter - ok
23:40:40.0950 1980  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
23:40:40.0980 1980  usbhub - ok
23:40:40.0995 1980  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci        C:\Windows\system32\DRIVERS\usbohci.sys
23:40:41.0005 1980  usbohci - ok
23:40:41.0015 1980  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
23:40:41.0025 1980  usbprint - ok
23:40:41.0060 1980  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan        C:\Windows\system32\DRIVERS\usbscan.sys
23:40:41.0070 1980  usbscan - ok
23:40:41.0080 1980  [ F991AB9CC6B908DB552166768176896A ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:40:41.0135 1980  USBSTOR - ok
23:40:41.0155 1980  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci        C:\Windows\system32\drivers\usbuhci.sys
23:40:41.0180 1980  usbuhci - ok
23:40:41.0210 1980  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms          C:\Windows\System32\uxsms.dll
23:40:41.0240 1980  UxSms - ok
23:40:41.0250 1980  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
23:40:41.0260 1980  VaultSvc - ok
23:40:41.0265 1980  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
23:40:41.0270 1980  vdrvroot - ok
23:40:41.0300 1980  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds            C:\Windows\System32\vds.exe
23:40:41.0340 1980  vds - ok
23:40:41.0360 1980  [ 17C408214EA61696CEC9C66E388B14F3 ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
23:40:41.0370 1980  vga - ok
23:40:41.0370 1980  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave        C:\Windows\System32\drivers\vga.sys
23:40:41.0390 1980  VgaSave - ok
23:40:41.0405 1980  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp          C:\Windows\system32\drivers\vhdmp.sys
23:40:41.0415 1980  vhdmp - ok
23:40:41.0425 1980  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
23:40:41.0435 1980  viaagp - ok
23:40:41.0445 1980  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7          C:\Windows\system32\DRIVERS\viac7.sys
23:40:41.0455 1980  ViaC7 - ok
23:40:41.0470 1980  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
23:40:41.0480 1980  viaide - ok
23:40:41.0485 1980  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
23:40:41.0495 1980  volmgr - ok
23:40:41.0510 1980  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
23:40:41.0525 1980  volmgrx - ok
23:40:41.0555 1980  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap        C:\Windows\system32\drivers\volsnap.sys
23:40:41.0590 1980  volsnap - ok
23:40:41.0645 1980  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid        C:\Windows\system32\DRIVERS\vsmraid.sys
23:40:41.0700 1980  vsmraid - ok
23:40:41.0755 1980  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS            C:\Windows\system32\vssvc.exe
23:40:41.0820 1980  VSS - ok
23:40:41.0830 1980  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
23:40:41.0840 1980  vwifibus - ok
23:40:41.0855 1980  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
23:40:41.0870 1980  vwififlt - ok
23:40:41.0895 1980  [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp        C:\Windows\system32\DRIVERS\vwifimp.sys
23:40:41.0935 1980  vwifimp - ok
23:40:41.0960 1980  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time        C:\Windows\system32\w32time.dll
23:40:41.0990 1980  W32Time - ok
23:40:42.0010 1980  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
23:40:42.0030 1980  WacomPen - ok
23:40:42.0055 1980  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
23:40:42.0105 1980  WANARP - ok
23:40:42.0110 1980  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
23:40:42.0135 1980  Wanarpv6 - ok
23:40:42.0165 1980  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
23:40:42.0250 1980  wbengine - ok
23:40:42.0265 1980  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
23:40:42.0290 1980  WbioSrvc - ok
23:40:42.0330 1980  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc        C:\Windows\System32\wcncsvc.dll
23:40:42.0370 1980  wcncsvc - ok
23:40:42.0385 1980  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:40:42.0450 1980  WcsPlugInService - ok
23:40:42.0465 1980  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
23:40:42.0480 1980  Wd - ok
23:40:42.0495 1980  [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
23:40:42.0515 1980  Wdf01000 - ok
23:40:42.0525 1980  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
23:40:42.0605 1980  WdiServiceHost - ok
23:40:42.0610 1980  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost  C:\Windows\system32\wdi.dll
23:40:42.0625 1980  WdiSystemHost - ok
23:40:42.0655 1980  [ A9D880F97530D5B8FEE278923349929D ] WebClient      C:\Windows\System32\webclnt.dll
23:40:42.0685 1980  WebClient - ok
23:40:42.0715 1980  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
23:40:42.0735 1980  Wecsvc - ok
23:40:42.0740 1980  [ AC804569BB2364FB6017370258A4091B ] wercplsupport  C:\Windows\System32\wercplsupport.dll
23:40:42.0760 1980  wercplsupport - ok
23:40:42.0785 1980  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
23:40:42.0820 1980  WerSvc - ok
23:40:42.0850 1980  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
23:40:42.0875 1980  WfpLwf - ok
23:40:42.0885 1980  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
23:40:42.0895 1980  WIMMount - ok
23:40:42.0940 1980  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend      C:\Program Files\Windows Defender\mpsvc.dll
23:40:42.0975 1980  WinDefend - ok
23:40:42.0980 1980  WinHttpAutoProxySvc - ok
23:40:43.0025 1980  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
23:40:43.0095 1980  Winmgmt - ok
23:40:43.0140 1980  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM          C:\Windows\system32\WsmSvc.dll
23:40:43.0215 1980  WinRM - ok
23:40:43.0255 1980  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
23:40:43.0270 1980  WinUsb - ok
23:40:43.0300 1980  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc        C:\Windows\System32\wlansvc.dll
23:40:43.0335 1980  Wlansvc - ok
23:40:43.0380 1980  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi        C:\Windows\system32\drivers\wmiacpi.sys
23:40:43.0460 1980  WmiAcpi - ok
23:40:43.0485 1980  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
23:40:43.0525 1980  wmiApSrv - ok
23:40:43.0620 1980  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc  C:\Program Files\Windows Media Player\wmpnetwk.exe
23:40:43.0735 1980  WMPNetworkSvc - ok
23:40:43.0755 1980  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
23:40:43.0810 1980  WPCSvc - ok
23:40:43.0845 1980  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
23:40:43.0890 1980  WPDBusEnum - ok
23:40:43.0900 1980  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
23:40:43.0940 1980  ws2ifsl - ok
23:40:43.0960 1980  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
23:40:43.0980 1980  wscsvc - ok
23:40:43.0985 1980  WSearch - ok
23:40:44.0055 1980  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
23:40:44.0167 1980  wuauserv - ok
23:40:44.0202 1980  [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
23:40:44.0222 1980  WudfPf - ok
23:40:44.0247 1980  [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
23:40:44.0292 1980  WUDFRd - ok
23:40:44.0307 1980  [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
23:40:44.0332 1980  wudfsvc - ok
23:40:44.0352 1980  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc        C:\Windows\System32\wwansvc.dll
23:40:44.0372 1980  WwanSvc - ok
23:40:44.0412 1980  ================ Scan global ===============================
23:40:44.0462 1980  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
23:40:44.0502 1980  [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
23:40:44.0522 1980  [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
23:40:44.0542 1980  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
23:40:44.0572 1980  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
23:40:44.0577 1980  [Global] - ok
23:40:44.0577 1980  ================ Scan MBR ==================================
23:40:44.0592 1980  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:40:44.0867 1980  \Device\Harddisk0\DR0 - ok
23:40:44.0867 1980  ================ Scan VBR ==================================
23:40:44.0872 1980  [ 61650723780ABDBE6C5402CADAC946F6 ] \Device\Harddisk0\DR0\Partition1
23:40:44.0872 1980  \Device\Harddisk0\DR0\Partition1 - ok
23:40:44.0882 1980  [ 63110D2C92DA81F1278908A663007E9A ] \Device\Harddisk0\DR0\Partition2
23:40:44.0882 1980  \Device\Harddisk0\DR0\Partition2 - ok
23:40:44.0887 1980  ============================================================
23:40:44.0887 1980  Scan finished
23:40:44.0887 1980  ============================================================
23:40:44.0897 5648  Detected object count: 2
23:40:44.0897 5648  Actual detected object count: 2
23:41:02.0209 5648  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:41:02.0209 5648  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:41:02.0214 5648  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
23:41:02.0214 5648  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip


cosinus 10.09.2012 16:13

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

berlinessa 13.09.2012 20:50

hier kommt endlich das Combofix Log

Code:

ComboFix 12-09-13.03 - *** 13.09.2012  21:28:53.1.4 - x86
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3326.2558 [GMT 2:00]
ausgeführt von:: c:\users\***\Documents\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: FireWall *Disabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\***\4.0
c:\users\***\4.0\.tfo4\.freemind\auto.mmfilter
c:\users\***\4.0\.tfo4\.freemind\auto.properties
c:\users\***\4.0\.tfo4\.freemind\log.0
c:\users\***\4.0\.tfo4\.freemind\log.1
c:\windows\IsUn0407.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\security\Database\tmp.edb
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-08-13 bis 2012-09-13  ))))))))))))))))))))))))))))))
.
.
2012-09-13 19:38 . 2012-09-13 19:38        --------        d-----w-        c:\users\***\AppData\Local\temp
2012-09-13 19:38 . 2012-09-13 19:38        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-09-12 05:24 . 2012-08-22 17:16        712048        ----a-w-        c:\windows\system32\drivers\ndis.sys
2012-09-12 05:24 . 2012-07-04 19:45        33280        ----a-w-        c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 05:24 . 2012-08-22 17:16        1292144        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-09-12 05:24 . 2012-08-22 17:16        240496        ----a-w-        c:\windows\system32\drivers\netio.sys
2012-09-12 05:24 . 2012-08-22 17:16        187760        ----a-w-        c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 05:24 . 2012-08-02 16:57        490496        ----a-w-        c:\windows\system32\d3d10level9.dll
2012-09-07 10:14 . 2012-09-07 10:14        --------        d-----w-        C:\_OTL
2012-09-05 05:04 . 2012-09-05 05:04        --------        d-----w-        c:\program files\ESET
2012-09-05 01:01 . 2012-09-05 01:01        --------        d-----w-        c:\program files\Common Files\Skype
2012-09-03 13:31 . 2012-09-03 13:31        --------        d-----w-        c:\program files\Common Files\Java
2012-09-03 13:30 . 2012-09-03 13:30        93672        ----a-w-        c:\windows\system32\WindowsAccessBridge.dll
2012-08-15 22:14 . 2012-07-06 19:23        393728        ----a-w-        c:\windows\system32\drivers\bthport.sys
2012-08-15 17:58 . 2012-05-05 07:46        400896        ----a-w-        c:\windows\system32\srcore.dll
2012-08-15 17:58 . 2012-07-18 17:47        2345984        ----a-w-        c:\windows\system32\win32k.sys
2012-08-15 17:58 . 2012-02-11 05:43        492032        ----a-w-        c:\windows\system32\win32spl.dll
2012-08-15 17:58 . 2012-02-11 05:37        317440        ----a-w-        c:\windows\system32\spoolsv.exe
2012-08-15 17:58 . 2012-07-04 21:14        41984        ----a-w-        c:\windows\system32\browcli.dll
2012-08-15 17:58 . 2012-07-04 21:14        102912        ----a-w-        c:\windows\system32\browser.dll
2012-08-15 17:58 . 2012-05-14 04:33        769024        ----a-w-        c:\windows\system32\localspl.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-03 13:40 . 2012-05-13 08:35        696520        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-09-03 13:40 . 2011-05-14 16:39        73416        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-03 13:30 . 2012-07-15 20:19        821736        ----a-w-        c:\windows\system32\npDeployJava1.dll
2012-09-03 13:30 . 2010-07-30 10:08        746984        ----a-w-        c:\windows\system32\deployJava1.dll
2012-07-03 11:46 . 2012-02-06 21:13        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-06-18 21:42 . 2012-06-19 06:05        36000        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2012-06-18 21:42 . 2012-06-19 06:05        137928        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-06-18 21:42 . 2012-06-19 06:05        91968        ----a-w-        c:\windows\system32\drivers\avfwim.sys
2012-06-18 21:42 . 2012-06-19 06:05        83392        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-06-18 21:42 . 2012-06-19 06:05        112032        ----a-w-        c:\windows\system32\drivers\avfwot.sys
2003-06-11 06:19 . 2010-06-26 14:16        16527250        ----a-w-        c:\program files\PalmDesktop41SP03DEU.exe
2012-09-07 14:16 . 2012-09-07 14:16        266720        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"ScanSnap WIA Service Checker"="c:\windows\SSDriver\fi5110\SsWiaChecker.exe" [2009-09-30 86016]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-07-31 348664]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"KeePass 2 PreLoad"="c:\program files\KeePass Password Safe 2\KeePass.exe" [2012-05-01 1895424]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2012-8-14 1014624]
Yammer.lnk - c:\program files\Yammer\Yammer.exe [2012-2-18 142336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CardMinder Viewer.lnk - c:\program files\PFU\ScanSnap\CardMinder\CardLauncher.exe [2012-1-24 77824]
In PDF-Datei mit ScanSnap Organizer konvertieren.lnk - c:\program files\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe [2012-1-24 15360]
ScanSnap Manager.lnk - c:\program files\PFU\ScanSnap\Driver\PfuSsMon.exe [2012-1-24 1146880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirFirewallService;Avira FireWall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [x]
S2 AntiVirMailService;Avira Email Schutz;c:\program files\Avira\AntiVir Desktop\avmailc.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-13 13:40]
.
2012-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-14 10:18]
.
2012-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-14 10:18]
.
2012-09-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3099018591-4240011507-2240214865-1000Core.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-26 10:56]
.
2012-09-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3099018591-4240011507-2240214865-1000UA.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-26 10:56]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Free YouTube Download - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bu1cut1c.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-HotSync - c:\program files\PalmSource\Desktop\HotSync.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-09-13  21:40:35
ComboFix-quarantined-files.txt  2012-09-13 19:40
.
Vor Suchlauf: 8 Verzeichnis(se), 1.228.433.219.584 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 1.228.093.394.944 Bytes frei
.
- - End Of File - - 9F828F700AA2090F0B3ABDD7DFDCD098


cosinus 14.09.2012 14:00

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

berlinessa 15.09.2012 09:41

also, GMER ist wirklich zweimal abgestürzt, bzw. der ganze Computer ist abgestürzt, und das nachdem das Ding schon fast zwei Stunden gescannt hatte - deswegen habe ich jetzt nur die beiden anderen Logfiles... Hoffe, das genügt erstmal...

OSAM Log:
Code:

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 21:11:06 on 14.09.2012

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 32-bit
Default Browser: Mozilla Corporation Firefox 15.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-3099018591-4240011507-2240214865-1000Core.job" - "Google Inc." - C:\Users\***\AppData\Local\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-3099018591-4240011507-2240214865-1000UA.job" - "Google Inc." - C:\Users\***\AppData\Local\Google\Update\GoogleUpdate.exe
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avfwot" (avfwot) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avfwot.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\Users\JUDITH~1\AppData\Local\Temp\catchme.sys  (File not found)
"cpuz132" (cpuz132) - ? - C:\Users\JUDITH~1\AppData\Local\Temp\cpuz132\cpuz132_x32.sys  (File not found)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Program Files\Adobe\Acrobat 9.0\Acrobat Elements\ContextMenu.dll
{872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll
{5FCD4425-CA3A-48F4-A57C-B8A75C32ACB1} "iPhone" - ? - C:\Program Files\Xilisoft\iPad Magic\IPhoneExplorer.dll
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -  (File not found | COM-object registry key not found)
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.7.0_07" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 10.7.2" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 10.7.2" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash32_11_3_300_271.ocx / hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@C:\Program Files\Evernote\Evernote\Resource.dll,-101" - ? - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204  (File not found)
{BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} "Add to Evernote" - ? - C:\Program Files\Evernote\Evernote3.5\enbar.dll  (File not found)
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
{0B4350D1-055F-47A3-B112-5F2F2B0D6F08} "ClsidExtension" - "Google Inc." - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} "Google Gears Helper" - "Google Inc." - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\ssv.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{F4971EE7-DAA0-4053-9964-665D8EE6A077} "SmartSelect Class" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Dropbox.lnk" - "Dropbox, Inc." - C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe  (Shortcut exists | File exists)
"EvernoteClipper.lnk" - "Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041" - C:\Program Files\Evernote\Evernote\EvernoteClipper.exe  (Shortcut exists | File exists)
"Yammer.lnk" - ? - C:\Program Files\Yammer\Yammer.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"CardMinder Viewer.lnk" - "PFU LIMITED" - C:\Program Files\PFU\ScanSnap\CardMinder\CardLauncher.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"In PDF-Datei mit ScanSnap Organizer konvertieren.lnk" - "PFU LIMITED" - C:\Program Files\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe  (Shortcut exists | File exists)
"ScanSnap Manager.lnk" - "PFU LIMITED" - C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Google Update" - "Google Inc." - "C:\Users\***\AppData\Local\Google\Update\GoogleUpdate.exe" /c
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Acrobat Assistant 8.0" - "Adobe Systems Inc." - "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
"Adobe Acrobat Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"KeePass 2 PreLoad" - "Dominik Reichl" - "C:\Program Files\KeePass Password Safe 2\KeePass.exe" --preload
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"ScanSnap WIA Service Checker" - "PFU LIMITED" - C:\Windows\SSDriver\fi5110\SsWiaChecker.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Adobe PDF Port Monitor" - "Adobe Systems Inc" - C:\Windows\system32\AdobePDF.dll
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll
"WEB.DE Fax Monitor" - "WEB.DE GmbH" - C:\Windows\system32\UIWEBMON.DLL

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Avira Browser Schutz" (AntiVirWebService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira Email Schutz" (AntiVirMailService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
"Avira FireWall" (AntiVirFirewallService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files\Skype\Updater\Updater.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"AVSDA" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avsda.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

das aswMBR Log:
Code:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-14 21:13:26
-----------------------------
21:13:26.901    OS Version: Windows 6.1.7601 Service Pack 1
21:13:26.901    Number of processors: 4 586 0x402
21:13:26.901    ComputerName: CHARMIANATHOME  UserName: ***
21:13:46.167    Initialize success
21:14:27.722    AVAST engine defs: 12091400
21:15:02.245    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000060
21:15:02.260    Disk 0 Vendor: WDC_WD15 80.0 Size: 1430799MB BusType: 11
21:15:02.276    Disk 0 MBR read successfully
21:15:02.292    Disk 0 MBR scan
21:15:02.307    Disk 0 Windows 7 default MBR code
21:15:02.307    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
21:15:02.338    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      1430697 MB offset 206848
21:15:02.401    Disk 0 scanning sectors +2930274304
21:15:02.572    Disk 0 scanning C:\Windows\system32\drivers
21:15:11.620    Service scanning
21:15:28.671    Modules scanning
21:15:34.646    Disk 0 trace - called modules:
21:15:34.677    ntkrnlpa.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys halmacpi.dll amdsata.sys
21:15:34.693    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x864e2ac8]
21:15:34.693    3 CLASSPNP.SYS[8bfae59e] -> nt!IofCallDriver -> [0x86499730]
21:15:34.708    5 amdxata.sys[8bb807b6] -> nt!IofCallDriver -> \Device\00000060[0x86495030]
21:15:38.702    AVAST engine scan C:\Windows
21:15:41.947    AVAST engine scan C:\Windows\system32
21:17:59.898    AVAST engine scan C:\Windows\system32\drivers
21:18:11.083    AVAST engine scan C:\Users\***
09:29:28.314    AVAST engine scan C:\ProgramData
09:37:06.708    Scan finished successfully
10:29:44.572    Disk 0 MBR has been saved successfully to "C:\Users\***\Documents\Desktop\MBR.dat"
10:29:44.588    The log file has been saved successfully to "C:\Users\***\Documents\Desktop\aswMBR.txt"


cosinus 15.09.2012 14:26

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

berlinessa 17.09.2012 11:40

das klingt ja hoffnungsvoll... Die beiden Logs, die du haben wolltest, kommen anbei. Bei SUPERAntiSpyware habe ich die Sachen, die es gefunden hat, vom Programm löschen lassen am Schluss, nachdem es mir versichert hatte, dass es die Dinger in Quarantäne verschiebt und nicht sofort ganz löscht. Ich hoffe, das war richtig...

Malwarebytes Log
Code:

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.16.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
*** :: CHARMIANATHOME [Administrator]

16.09.2012 13:09:55
mbam-log-2012-09-16 (13-09-55).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 531758
Laufzeit: 1 Stunde(n), 34 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

SUPERAntiSpyware Log
Code:

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 09/17/2012 at 02:41 AM

Application Version : 5.5.1016

Core Rules Database Version : 9236
Trace Rules Database Version: 7048

Scan type      : Complete Scan
Total Scan Time : 02:51:03

Operating System Information
Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 710
Memory threats detected  : 0
Registry items scanned    : 34778
Registry threats detected : 0
File items scanned        : 314323
File threats detected    : 339

Adware.Tracking Cookie
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\judith_egger@doubleclick[1].txt [ /doubleclick ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\8NC04QIO.txt [ /c.atdmt.com ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\5PPVB64U.txt [ /atdmt.com ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\judith_egger@msnportal.112.2o7[2].txt [ Cookie:***@msnportal.112.2o7.net/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\78Z55L2Y.txt [ Cookie:***@c.atdmt.com/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\XBDBY3AI.txt [ Cookie:***@atdmt.com/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\SLK0TI4S.txt [ Cookie:***@specificclick.net/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\69AIV9IG.txt [ Cookie:***@imrworldwide.com/cgi-bin ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\PHSG3N3K.txt [ Cookie:***@invitemedia.com/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\5739GQ4L.txt [ Cookie:***@ad2.adfarm1.adition.com/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\judith_egger@traffictrack[1].txt [ Cookie:***@traffictrack.de/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\judith_egger@track.webtrekk[2].txt [ Cookie:***@track.webtrekk.net/223128535705246/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\judith_egger@track.webtrekk[1].txt [ Cookie:***@track.webtrekk.net/523478367474333/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\judith_egger@zanox[2].txt [ Cookie:***@zanox.com/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\judith_egger@mediaplex[2].txt [ Cookie:***@mediaplex.com/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\judith_egger@apmebf[1].txt [ Cookie:***@apmebf.com/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\6UL06QU9.txt [ Cookie:***@serving-sys.com/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\M67YY9NO.txt [ Cookie:***@media6degrees.com/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\4MB2L8W1.txt [ Cookie:***@adfarm1.adition.com/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\judith_egger@microsoftinternetexplorer.112.2o7[1].txt [ Cookie:***@microsoftinternetexplorer.112.2o7.net/ ]
        C:\USERS\***\Cookies\8NC04QIO.txt [ Cookie:***@c.atdmt.com/ ]
        C:\USERS\***\Cookies\5PPVB64U.txt [ Cookie:***@atdmt.com/ ]
        .mediaplex.com [ C:\USERS\***\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .invitemedia.com [ C:\USERS\***\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .doubleclick.net [ C:\USERS\***\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .atdmt.com [ C:\USERS\***\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .serving-sys.com [ C:\USERS\***\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .serving-sys.com [ C:\USERS\***\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .serving-sys.com [ C:\USERS\***\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .serving-sys.com [ C:\USERS\***\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .bs.serving-sys.com [ C:\USERS\***\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\***\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\***\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .ad.adnet.de [ C:\USERS\***\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        track.adform.net [ C:\USERS\***\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        track.adform.net [ C:\USERS\***\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adform.net [ C:\USERS\***\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .zanox-affiliate.de [ C:\USERS\***\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.zanox-affiliate.de [ C:\USERS\***\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .atdmt.com [ C:\USERS\***\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .apmebf.com [ C:\USERS\***\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        eas.apm.emediate.eu [ C:\USERS\***\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        eas.apm.emediate.eu [ C:\USERS\***\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adtech.de [ C:\USERS\***\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .tradedoubler.com [ C:\USERS\***\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad3.adfarm1.adition.com [ C:\USERS\***\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        adfarm1.adition.com [ C:\USERS\***\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .fastclick.net [ C:\USERS\***\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .fastclick.net [ C:\USERS\***\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .fastclick.net [ C:\USERS\***\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .apmebf.com [ C:\USERS\***\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .ad.adnet.de [ C:\USERS\***\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .ad.adnet.de [ C:\USERS\***\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        adx.chip.de [ C:\USERS\***\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        adx.chip.de [ C:\USERS\***\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        adx.chip.de [ C:\USERS\***\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        adx.chip.de [ C:\USERS\***\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        adx.chip.de [ C:\USERS\***\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        adx.chip.de [ C:\USERS\***\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        adx.chip.de [ C:\USERS\***\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        adx.chip.de [ C:\USERS\***\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        adx.chip.de [ C:\USERS\***\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad.yieldmanager.com [ C:\USERS\***\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .invitemedia.com [ C:\USERS\***\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .tradedoubler.com [ C:\USERS\***\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .zanox.com [ C:\USERS\***\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .tradedoubler.com [ C:\USERS\***\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .tradedoubler.com [ C:\USERS\***\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .traffictrack.de [ C:\USERS\***\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad2.adfarm1.adition.com [ C:\USERS\***\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .invitemedia.com [ C:\USERS\***\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad.yieldmanager.com [ C:\USERS\***\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad.zanox.com [ C:\USERS\***\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .collective-media.net [ C:\USERS\***\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .collective-media.net [ C:\USERS\***\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .collective-media.net [ C:\USERS\***\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .collective-media.net [ C:\USERS\***\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .collective-media.net [ C:\USERS\***\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .collective-media.net [ C:\USERS\***\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .collective-media.net [ C:\USERS\***\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .collective-media.net [ C:\USERS\***\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .collective-media.net [ C:\USERS\***\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .collective-media.net [ C:\USERS\***\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .collective-media.net [ C:\USERS\***\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        C:\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\JUDITH_EGGER@2O7[2].TXT [ /2O7 ]
        C:\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\JUDITH_EGGER@AD.AD-SRV[2].TXT [ /AD.AD-SRV ]
        C:\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\JUDITH_EGGER@TRADEDOUBLER[1].TXT [ /TRADEDOUBLER ]
        C:\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\JUDITH_EGGER@AD.ZANOX[1].TXT [ /AD.ZANOX ]
        .tribalfusion.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .tribalfusion.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .tribalfusion.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .tribalfusion.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .tribalfusion.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        track.webtrekk.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .ad.adnet.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .adxpose.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .eyewonder.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .usenext.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .xiti.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .112.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .getclicky.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .amazon-adsystem.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .122.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .122.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        ads.adxvalue.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .a.revenuemax.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .legolas-media.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .amazon-adsystem.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .googleads.g.doubleclick.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        in.getclicky.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .ad.yieldmanager.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .yieldmanager.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        ads.adxvalue.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        ads.adxvalue.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        ads.adxvalue.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        ads.adxvalue.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        media.gan-online.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .ad.adnet.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .eyewonder.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .liveperson.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .server.cpmstar.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .ru4.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .adnet.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .adviva.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .adviva.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .socialmediatoday.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .socialmediatoday.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .socialmediatoday.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .adxvalue.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .adxvalue.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .adxvalue.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .adxvalue.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .statcounter.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .adxvalue.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .jeetyetmedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .paypal.112.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .unrulymedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .mediavideoconverter.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        www.mediavideoconverter.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .deutschepostag.112.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .hightraffic.hugoboss.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .overture.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .statcounter.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .legolas-media.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .ads.pointroll.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .pointroll.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .mohg.112.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .dmtracker.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        www.flightstats.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .adviva.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .weborama.fr [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .lucidmedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        adserver.twitpic.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        s04.flagcounter.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        ad4.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        edge.jeetyetmedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .at.atwola.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .at.atwola.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .tacoda.at.atwola.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .tacoda.at.atwola.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .at.atwola.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .tacoda.at.atwola.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .tacoda.at.atwola.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .tacoda.at.atwola.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .ads.pointroll.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .pointroll.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .ads.pointroll.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .ads.pointroll.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .ads.pointroll.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .ads.pointroll.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .ads.pointroll.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .ads.pointroll.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .insightexpressai.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .insightexpressai.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .insightexpressai.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .questionmarket.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .questionmarket.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .insightexpressai.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .adnet.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .traffictrack.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .ad.adnet.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .ad.adnet.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        ad1.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        media.gan-online.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        media.gan-online.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        media.gan-online.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        media.gan-online.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .adinterax.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .sexologicalbodywork.ch [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .sexologicalbodywork.ch [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .sexologicalbodywork.ch [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        ad3.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        ad2.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .fastclick.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        openx.jeetyetmedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        statse.webtrendslive.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .liveperson.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .wgfinden.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .wgfinden.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .bdsmhandel.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .bdsmhandel.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        accounts.google.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .bwr-media.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .bwr-media.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .marriedmansexlife.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .marriedmansexlife.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .acronymfinder.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        track.webstatistik-bw.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        track.webstatistik-bw.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        accounts.youtube.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .accounts.google.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .accounts.google.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .liveperson.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        cpmediaload.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        traffic.brand-wall.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .socialentrepreneurempowerment.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .socialentrepreneurempowerment.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        armundsexy.posterous.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        armundsexy.posterous.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .berlinfolgen.2470media.eu [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .berlinfolgen.2470media.eu [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        berlinfolgen.2470media.eu [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        traffic.brand-wall.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        www.entrepreneurship.info [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        www.entrepreneurship.info [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        www.entrepreneurship.info [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .entrepreneurship.info [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .entrepreneurship.info [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        .entrepreneurship.info [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        www.entrepreneurship.info [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        accounts.google.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]
        accounts.google.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]


cosinus 17.09.2012 12:20

Code:

UAC On - Limited User
Wie hast du sasw gestartet? Einfach per Doppelklick?

berlinessa 17.09.2012 13:25

ja, einfach per Doppelklick - ich bin nach der Anleitung vorgegangen, da war nichts Spezielles beschrieben zum Starten des Programms...

oh shit - sorry... doch, da steht natürlich schon was für Windows 7 Nutzer zum Starten des Programms... Ich lass es nochmal laufen, diesmal als Administrator und poste dann das Log

hier kommt jetzt also das neue SUPERAntiSpyware Log, diesmal als Administrator ausgeführt:
Code:

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 09/17/2012 at 07:05 PM

Application Version : 5.5.1016

Core Rules Database Version : 9238
Trace Rules Database Version: 7050

Scan type      : Complete Scan
Total Scan Time : 03:12:06

Operating System Information
Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator

Memory items scanned      : 807
Memory threats detected  : 0
Registry items scanned    : 34895
Registry threats detected : 0
File items scanned        : 316001
File threats detected    : 1

Adware.Tracking Cookie
        accounts.google.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\COOKIES.SQLITE ]


cosinus 17.09.2012 19:34

Sieht ok aus, da wurden nur Cookies gefunden.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )


Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

berlinessa 17.09.2012 19:52

Hallo Cosinus,

nein, keine weiteren Funde oder Probleme :-) Ganz ganz herzlichen Dank für deine unkomplizierte und kompetente Hilfe! Und vielen Dank auch für die Tipps im Umgang mit Cookies, das werde ich mir mal alles anschauen...
Eine letzte Frage noch - vermutlich sollte ich die ganzen Scanprogramme wieder deinstallieren? Und ich erinnere mich auch, dass ich bei Defogger, den ich ganz am Anfang gemacht habe, irgendwas zurückstellen muss. Gibts dabei noch irgendwas zu beachten?
Ansonsten werde ich euch wärmstens weiter empfehlen und hab auch eine Spende da gelassen...
Ich hoffe, ich brauche euch nicht so bald wieder, aber es ist beruhigend zu wissen, dass es euch gibt :-)
Vieloen Dank nochmal
Berlinessa

cosinus 18.09.2012 14:40

Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.


Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks => Adobe Flash Player Distribution | Adobe

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

berlinessa 18.09.2012 20:06

super - ganz herzlichen Dank nochmal, auch für die Tipps in deinem letzten Post - die werde ich alle mal systematisch durchgehen...
Keep up the good work und bis hoffentlich nicht so bald
Berlinessa


Alle Zeitangaben in WEZ +1. Es ist jetzt 13:59 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131