Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Facebook-Virus (https://www.trojaner-board.de/104212-facebook-virus.html)

B4rkeeper 16.10.2011 16:49
Facebook-Virus
 
Hallo,

ich habe vor kurzem folgenden Link aus einer Facebook-Nachricht versehentlich geöffnet:

[Link entfernt von cosinus]

Nun öffnen sich in meinem Browser häufiger falsche Seiten. Die, die ich auswähle erscheinen oft erst beim 2ten oder 3ten Versuch.

Hier meine Ergebnisse aus Systemprüfungen:


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 7957

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

16.10.2011 17:25:00
mbam-log-2011-10-16 (17-24-52).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 335821
Laufzeit: 2 Stunde(n), 48 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 4
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 5
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 12

Infizierte Speicherprozesse:
c:\Users\b4rkeeper\AppData\Roaming\3E293\7B3C2.exe (Backdoor.Bot) -> 2568 -> No action taken.
c:\Users\b4rkeeper\AppData\Roaming\microsoft\C253\945.exe (Backdoor.Bot) -> 2760 -> No action taken.
c:\Users\b4rkeeper\AppData\Roaming\93566\lvvm.exe (Backdoor.Bot) -> 2948 -> No action taken.
c:\Users\b4rkeeper\m-1-52-5782-8752-5245\winsvc.exe (Trojan.Agent) -> 2252 -> No action taken.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bet365casino (PUP.Casino) -> No action taken.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\945.exe (Backdoor.Bot) -> Value: 945.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\945.exe (Backdoor.Bot) -> Value: 945.exe -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft® Windows Update (Trojan.Agent) -> Value: Microsoft® Windows Update -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Backdoor.CycBot) -> Value: Load -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> No action taken.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Backdoor.Bot) -> Bad: (C:\Users\B4rkeeper\AppData\Roaming\93566\lvvm.exe) Good: () -> No action taken.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\b4rkeeper\AppData\Roaming\3E293\7B3C2.exe (Backdoor.Bot) -> No action taken.
c:\Users\b4rkeeper\AppData\Roaming\microsoft\C253\945.exe (Backdoor.Bot) -> No action taken.
c:\Users\b4rkeeper\AppData\Roaming\93566\lvvm.exe (Backdoor.Bot) -> No action taken.
c:\program files\internet explorer\C253\945.exe (Backdoor.Bot) -> No action taken.
c:\Tom\Setup\setupcasino_a616b8.exe (PUP.Casino) -> No action taken.
c:\Tom\Setup\u99\u99.exe (Adware.WhenU) -> No action taken.
c:\Casino\casino at bet365\_setupcasino_a616b8.exe (PUP.Casino) -> No action taken.
c:\Users\b4rkeeper\AppData\Local\Temp\7269314.exe (Backdoor.Bot) -> No action taken.
c:\Users\b4rkeeper\AppData\Roaming\firefox.exe (Backdoor.Bot) -> No action taken.
c:\Users\b4rkeeper\AppData\Roaming\microsoft\C253\3590.tmp (Trojan.Agent) -> No action taken.
c:\Users\b4rkeeper\AppData\Roaming\microsoft\C253\3928.tmp (Trojan.Agent) -> No action taken.
c:\Users\b4rkeeper\m-1-52-5782-8752-5245\winsvc.exe (Trojan.Agent) -> No action taken.OTL Logfile:
Code:
OTL logfile created on: 16.10.2011 17:29:03 - Run 2
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Tom\Setup
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 64,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,95 Gb Total Space | 68,56 Gb Free Space | 46,03% Space Free | Partition Type: NTFS
 
Computer Name: B4RKEEPER-PC | User Name: B4rkeeper | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\B4rkeeper\AppData\Roaming\93566\lvvm.exe ()
PRC - C:\Users\B4rkeeper\AppData\Roaming\3E293\7B3C2.exe ()
PRC - C:\Users\B4rkeeper\AppData\Roaming\Microsoft\C253\945.exe ()
PRC - C:\Users\B4rkeeper\M-1-52-5782-8752-5245\winsvc.exe (  )
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Users\B4rkeeper\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Tom\Setup\OTL.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Windows\BisonCam\BisonAPP.exe (Bison Inc.)
PRC - C:\Windows\System32\lxctcoms.exe ( )
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Tom\Setup\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (SearchAnonymizer) -- C:\Users\B4rkeeper\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TeamViewer4) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (lxct_device) -- C:\Windows\System32\lxctcoms.exe ( )
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (Serial) -- C:\Windows\system32\DRIVERS\serial.sys (Brother Industries Ltd.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (Cam5603D) -- C:\Windows\System32\drivers\BisonCam.sys (Bison Electronics. Inc. )
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (SIS163u) -- C:\Windows\System32\drivers\sis163u.sys (Silicon Integrated Systems Corp.)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Tom\Downloads
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 FA BA D2 15 84 CB 01  [binary data]
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:59394
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=https%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=llya694le36z&ss=1&scc=1&ltmpl=googlemail&hl=de&from=logout"
FF - prefs.js..extensions.enabledItems: {5B52016C-D097-4aec-BE61-9F129D8FDDBA}:2.0
FF - prefs.js..extensions.enabledItems: adblockpopups@jessehakanen.net:0.2.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="
FF - prefs.js..network.proxy.gopher: ""
FF - prefs.js..network.proxy.gopher_port: 0
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 9666
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 59394
FF - prefs.js..network.proxy.type: 1
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.05.16 20:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.05.16 20:21:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.10.01 12:17:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.15 19:47:45 | 000,000,000 | ---D | M]
 
[2009.11.22 18:46:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\B4rkeeper\AppData\Roaming\mozilla\Extensions
[2011.10.16 09:52:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\B4rkeeper\AppData\Roaming\mozilla\Firefox\Profiles\y62ol1ts.default\extensions
[2010.01.20 21:57:42 | 000,000,000 | ---D | M] ("UltraSurf Firefox Tool") -- C:\Users\B4rkeeper\AppData\Roaming\mozilla\Firefox\Profiles\y62ol1ts.default\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}
[2011.08.28 14:56:17 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\B4rkeeper\AppData\Roaming\mozilla\Firefox\Profiles\y62ol1ts.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.08.29 14:41:38 | 000,000,000 | ---D | M] (FireJump) -- C:\Users\B4rkeeper\AppData\Roaming\mozilla\Firefox\Profiles\y62ol1ts.default\extensions\firejump@firejump.net
[2011.08.29 14:41:56 | 000,001,127 | ---- | M] () -- C:\Users\B4rkeeper\AppData\Roaming\Mozilla\Firefox\Profiles\y62ol1ts.default\searchplugins\conduit.xml
[2011.03.30 17:46:43 | 000,001,097 | ---- | M] () -- C:\Users\B4rkeeper\AppData\Roaming\Mozilla\Firefox\Profiles\y62ol1ts.default\searchplugins\icqplugin-1.xml
[2011.03.30 17:46:43 | 000,001,114 | ---- | M] () -- C:\Users\B4rkeeper\AppData\Roaming\Mozilla\Firefox\Profiles\y62ol1ts.default\searchplugins\icqplugin.xml
[2011.08.29 14:41:56 | 000,005,676 | ---- | M] () -- C:\Users\B4rkeeper\AppData\Roaming\Mozilla\Firefox\Profiles\y62ol1ts.default\searchplugins\webde-suche.xml
[2011.03.30 17:46:43 | 000,002,182 | ---- | M] () -- C:\Users\B4rkeeper\AppData\Roaming\Mozilla\Firefox\Profiles\y62ol1ts.default\searchplugins\{04F8EDDA-B68A-4F77-BDB4-83C306882040}.xml
[2011.03.30 17:46:43 | 000,002,071 | ---- | M] () -- C:\Users\B4rkeeper\AppData\Roaming\Mozilla\Firefox\Profiles\y62ol1ts.default\searchplugins\{2DB5A5DD-AAA8-49E1-89C8-880F2CA88E9A}.xml
[2011.03.30 17:46:43 | 000,001,864 | ---- | M] () -- C:\Users\B4rkeeper\AppData\Roaming\Mozilla\Firefox\Profiles\y62ol1ts.default\searchplugins\{3D4DA242-3393-4F75-A93A-4CFBC56F8A9D}.xml
[2011.06.20 20:27:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.05.23 10:21:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.07 11:51:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.06 17:15:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.16 23:42:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.06.20 20:27:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\EXTENSIONS\{DD05FD3D-18DF-4CE4-AE53-E795339C5F01}.XPI
() (No name found) -- C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI
() (No name found) -- C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2011.10.01 12:17:33 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2011.10.03 11:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Programme\Mozilla Firefox\plugins\npvsharetvplg.dll
[2011.07.11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll
[2011.08.29 14:41:56 | 000,001,678 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.08.29 14:41:56 | 000,001,929 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml
[2011.08.29 14:41:56 | 000,001,265 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.08.29 14:41:56 | 000,007,045 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.08.29 14:41:56 | 000,001,272 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.08.29 14:41:56 | 000,001,164 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.05.11 22:58:52 | 000,001,029 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 im.adtech.de
O1 - Hosts: 127.0.0.1 adserver.adtech.de
O1 - Hosts: 127.0.0.1 adtech.de
O1 - Hosts: 127.0.0.1 atwola.com
O1 - Hosts: 127.0.0.1 adserver.71i.de
O1 - Hosts: 127.0.0.1 adicqserver.71i.de
O1 - Hosts: 127.0.0.1 71i.de
O1 - Hosts: 127.0.0.1 ar.atwola.com
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll (facemoods.com)
O3 - HKCU\..\Toolbar\WebBrowser: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O4 - HKLM..\Run: [945.exe] C:\Programme\Internet Explorer\C253\945.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BisonAPP] C:\Windows\BisonCam\BisonAPP.exe (Bison Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [LXCTCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\LXCTtime.DLL (Lexmark International Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Ocs_SM] C:\Users\B4rkeeper\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4 - HKCU..\Run: [945.exe] C:\Users\B4rkeeper\AppData\Roaming\Microsoft\C253\945.exe ()
O4 - HKCU..\Run: [Microsoft® Windows Update] C:\Users\B4rkeeper\M-1-52-5782-8752-5245\winsvc.exe (  )
O4 - Startup: C:\Users\B4rkeeper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\B4rkeeper\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
F3 - HKCU WinNT: Load - (C:\Users\B4rkeeper\AppData\Roaming\93566\lvvm.exe) - C:\Users\B4rkeeper\AppData\Roaming\93566\lvvm.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\B4rkeeper\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} ms-its:C:\Program Files\The Tournament Director 2\TD.lib::/comdlg32.cab (Microsoft Common Dialog Control, version 5.0 (SP2))
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Users\B4rkeeper\AppData\Roaming\3E293\7B3C2.exe) - C:\Users\B4rkeeper\AppData\Roaming\3E293\7B3C2.exe ()
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.10.16 14:29:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.10.16 14:27:26 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.10.16 14:27:25 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.10.16 09:51:29 | 000,000,000 | ---D | C] -- C:\Users\B4rkeeper\AppData\Roaming\93566
[2011.10.16 09:51:05 | 000,000,000 | ---D | C] -- C:\Users\B4rkeeper\AppData\Roaming\3E293
[2011.10.16 09:51:00 | 000,000,000 | RHSD | C] -- C:\Users\B4rkeeper\M-1-52-5782-8752-5245
[2011.10.15 19:47:43 | 000,000,000 | ---D | C] -- C:\Programme\vShare.tv plugin
[2011.10.15 10:41:56 | 000,000,000 | ---D | C] -- C:\Users\B4rkeeper\AppData\Roaming\Avira
[2011.10.15 10:41:18 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011.10.15 10:41:17 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.10.15 10:41:17 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.10.15 10:41:17 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2011.10.15 10:41:12 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2011.10.15 10:41:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.10.15 08:33:46 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.10.15 08:33:44 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.10.15 08:33:44 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.10.15 08:33:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.10.15 08:33:44 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.10.15 08:33:42 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.10.13 22:32:18 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011.10.13 22:32:18 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011.10.13 22:32:03 | 002,334,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.10.13 19:23:24 | 000,000,000 | ---D | C] -- C:\Users\B4rkeeper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011.10.02 11:16:18 | 000,000,000 | ---D | C] -- C:\Users\B4rkeeper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zattoo4
[2011.09.25 21:33:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011.09.25 21:33:31 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2011.09.25 21:33:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010.07.21 19:43:00 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxctinpa.dll
[2010.07.21 19:43:00 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXCThcp.dll
[2010.07.21 19:42:59 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxctserv.dll
[2010.07.21 19:42:59 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxctusb1.dll
[2010.07.21 19:42:59 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxctpmui.dll
[2010.07.21 19:42:59 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxctlmpm.dll
[2010.07.21 19:42:59 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxctiesc.dll
[2010.07.21 19:42:59 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxctih.exe
[2010.07.21 19:42:59 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxctprox.dll
[2010.07.21 19:42:59 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxctpplc.dll
[2010.07.21 19:42:58 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxcthbn3.dll
[2010.07.21 19:42:58 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxctcomc.dll
[2010.07.21 19:42:58 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxctcoms.exe
[2010.07.21 19:42:58 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxctcomm.dll
[2010.07.21 19:42:58 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxctcfg.exe
[2009.12.04 14:49:17 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\B4rkeeper\AppData\Roaming\pcouffin.sys
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\B4rkeeper\AppData\Local\*.tmp files -> C:\Users\B4rkeeper\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.10.16 17:12:01 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.10.16 16:58:03 | 000,001,136 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3010885922-4294614956-1642056636-1000UA.job
[2011.10.16 14:38:52 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.10.16 14:38:52 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.10.16 14:32:06 | 000,027,715 | ---- | M] () -- C:\Users\B4rkeeper\AppData\Roaming\nvModes.001
[2011.10.16 14:31:52 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.10.16 14:31:35 | 000,000,322 | -HS- | M] () -- C:\Windows\tasks\jgldxm.job
[2011.10.16 14:31:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.10.16 14:31:14 | 1609,764,864 | -HS- | M] () -- C:\hiberfil.sys
[2011.10.16 09:53:00 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011.10.16 09:52:31 | 000,175,616 | ---- | M] () -- C:\Users\B4rkeeper\AppData\Roaming\firefox.exe
[2011.10.15 10:31:38 | 000,412,064 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.10.13 22:33:27 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.10.13 22:33:27 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.10.13 22:33:27 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.10.13 22:33:27 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.10.11 15:00:01 | 000,134,344 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.10.11 15:00:01 | 000,074,640 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2011.10.09 18:58:00 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3010885922-4294614956-1642056636-1000Core.job
[2011.10.02 11:18:14 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.10.02 11:01:24 | 000,017,408 | ---- | M] () -- C:\Users\B4rkeeper\AppData\Local\WebpageIcons.db
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\B4rkeeper\AppData\Local\*.tmp files -> C:\Users\B4rkeeper\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.10.16 09:52:36 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\At1.job
[2011.10.16 09:52:31 | 000,175,616 | ---- | C] () -- C:\Users\B4rkeeper\AppData\Roaming\firefox.exe
[2011.08.13 12:07:51 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.07.23 01:37:07 | 000,000,000 | ---- | C] () -- C:\Users\B4rkeeper\AppData\Local\{30EC4114-8E95-4F31-B24D-203CCFC48796}
[2011.05.26 20:54:20 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.05.26 20:51:00 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.04.27 14:10:55 | 000,029,151 | ---- | C] () -- C:\Users\B4rkeeper\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2011.04.13 23:20:08 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010.07.21 19:43:57 | 000,045,056 | ---- | C] () -- C:\Windows\System32\lxctpmon.dll
[2010.07.21 19:43:57 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXCTFXPU.DLL
[2010.07.21 19:43:37 | 000,012,288 | ---- | C] () -- C:\Windows\System32\lxctpmrc.dll
[2010.07.21 19:43:00 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXCTinst.dll
[2010.07.21 19:42:58 | 000,204,800 | ---- | C] () -- C:\Windows\System32\lxctgrd.dll
[2010.05.13 13:24:38 | 000,000,016 | ---- | C] () -- C:\Users\B4rkeeper\AppData\Roaming\qvjsge.dat
[2010.03.01 21:31:16 | 000,017,408 | ---- | C] () -- C:\Users\B4rkeeper\AppData\Local\WebpageIcons.db
[2010.02.28 15:25:26 | 000,015,190 | ---- | C] () -- C:\Windows\M2000Twn.ini
[2009.12.04 14:50:48 | 000,001,173 | ---- | C] () -- C:\Users\B4rkeeper\AppData\Roaming\vso_ts_preview.xml
[2009.12.04 14:49:17 | 000,087,608 | ---- | C] () -- C:\Users\B4rkeeper\AppData\Roaming\inst.exe
[2009.12.04 14:49:17 | 000,007,887 | ---- | C] () -- C:\Users\B4rkeeper\AppData\Roaming\pcouffin.cat
[2009.12.04 14:49:17 | 000,001,144 | ---- | C] () -- C:\Users\B4rkeeper\AppData\Roaming\pcouffin.inf
[2009.12.02 23:22:10 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.12.02 23:22:09 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.11.29 15:11:54 | 000,007,605 | ---- | C] () -- C:\Users\B4rkeeper\AppData\Local\Resmon.ResmonCfg
[2009.11.28 00:40:41 | 000,027,715 | ---- | C] () -- C:\Users\B4rkeeper\AppData\Roaming\nvModes.001
[2009.11.28 00:40:05 | 000,027,715 | ---- | C] () -- C:\Users\B4rkeeper\AppData\Roaming\nvModes.dat
[2009.11.26 21:20:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.11.22 18:23:48 | 000,009,216 | ---- | C] () -- C:\Windows\System32\unwlsdrv.exe
[2009.07.14 10:47:43 | 000,654,166 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,130,006 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,412,064 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,616,008 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,106,388 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.11.07 12:30:48 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxctcoin.dll
[2006.08.14 17:17:14 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxctcaps.dll
[2006.08.08 15:58:04 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxctdrs.dll
[2006.05.03 14:31:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxctcnv4.dll
[2006.04.25 03:11:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxctvs.dll

< End of report >
--- --- ---
OTL Logfile:
Code:
OTL Extras logfile created on: 16.10.2011 17:29:03 - Run 2
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Tom\Setup
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 64,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,95 Gb Total Space | 68,56 Gb Free Space | 46,03% Space Free | Partition Type: NTFS
 
Computer Name: B4RKEEPER-PC | User Name: B4rkeeper | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.6 Build #5617 Banner Remover 1.0
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = Bison WebCam
"{4C796567-1FDC-430F-91EC-FEA7AAA0C251}" = BlackBerry Device Software v6.0.0 für das BlackBerry 9300-Smartphone
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{82705358-3BD6-3CD5-AA9A-B8F058BE3A29}" = Google Talk Plugin
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B8F28542-1668-4D61-ACE1-BC32894F5612}" = Badoo Desktop
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1" = FireJump 1.0
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.3.313
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1489-3350-5074-6281" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ashampoo Burning Studio 2010_is1" = Ashampoo Burning Studio 2010
"Avira AntiVir Desktop" = Avira Free Antivirus
"bet365poker" = Poker at bet365
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0
"CCleaner" = CCleaner
"conduitEngine" = Conduit Engine
"DesktopIconAmazon" = Desktop Icon für Amazon
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"dradio-Recorder_is1" = dradio-Recorder Version 3.02.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"facemoods" = Facemoods Toolbar
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"Freemake Video Converter_is1" = Freemake Video Converter Version 2.3.4
"Lexmark 5400 Series" = Lexmark 5400 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de)
"NVIDIA Drivers" = NVIDIA Drivers
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"Opera 11.50.1074" = Opera 11.50
"PokerStars.net" = PokerStars.net
"Revo Uninstaller" = Revo Uninstaller 1.92
"SearchAnonymizer" = SearchAnonymizer
"SiS163u" = Fujitsu Siemens Computers WLAN 802.11b/g (SiS163u)
"SmartToolsMusterbrief-Assistentv6.00" = SmartTools Publishing • Word Musterbrief-Assistent
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"SopCast" = SopCast 3.2.4
"TeamViewer 4" = TeamViewer 4
"Uninstall_is1" = Uninstall 1.0.0.1
"UP_screensaver_dug" = UP_screensaver_dug
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.0.1
"vShare.tv plugin" = vShare.tv plugin 1.3
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR
"Xvid_is1" = Xvid 1.2.2 final uninstall
"Zattoo4" = Zattoo4 4.0.5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"bet365casino" = Casino at bet365
"Dropbox" = Dropbox
"Game Organizer" = EasyBits GO
"Google Chrome" = Google Chrome
"Octoshape Streaming Services" = Octoshape Streaming Services
"Winamp Detect" = Winamp Anwendungserkennung
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
--- --- ---

Vielen Dank für Eure Hilfe!

cosinus 16.10.2011 17:40
Zitat:
-> No action taken.
Die Funde müssen mit Malwarebytes entfernt waren! Bitte nachholen falls noch nicht getan!

B4rkeeper 16.10.2011 17:45
Habe unter "Quarantäne -> Alles löschen" nun alles entfernt!

Hoffe das Problem ist nun gelöst! Vielen Dank!

cosinus 16.10.2011 17:46
Bitte das Log dazu posten

B4rkeeper 16.10.2011 19:19
Anbei das Log!

Übrigens ist das Problem wohl noch nicht ganz gelöst!

Ich kann zB meine Dropbox nicht mehr verwenden, auch eine Neuinstallation klappt nicht!

Danke!

cosinus 16.10.2011 20:00
Das ist eigentlich nicht das Log was ich sehen wollte. Sind die o.g. Funde von Malwarebytes wirklich entfernt?

B4rkeeper 22.10.2011 18:13
Hallo nochmal,

hier nun das gewünschte Log!

Die Funde müssten nun auch alle gelöscht sein!?


Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 7994

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

22.10.2011 19:06:43
mbam-log-2011-10-22 (19-06-43).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 335300
Laufzeit: 1 Stunde(n), 57 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 4
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 6
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 27

Infizierte Speicherprozesse:
c:\Users\b4rkeeper\AppData\Roaming\3E293\7B3C2.exe (Backdoor.Bot) -> 2832 -> Unloaded process successfully.
c:\Users\b4rkeeper\AppData\Roaming\93566\lvvm.exe (Backdoor.Bot) -> 3096 -> Unloaded process successfully.
c:\Users\b4rkeeper\m-1-52-5782-8752-5245\winsvc.exe (Backdoor.IRCBot) -> 4048 -> Unloaded process successfully.
c:\Users\b4rkeeper\AppData\Roaming\microsoft\C253\945.exe (Backdoor.CycBot.Gen) -> 2984 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bet365casino (PUP.Casino) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft® Windows Update (Backdoor.IRCBot) -> Value: Microsoft® Windows Update -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\945.exe (Backdoor.Bot) -> Value: 945.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Backdoor.CycBot) -> Value: Load -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\945.exe (Backdoor.CycBot.Gen) -> Value: 945.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Backdoor.Bot) -> Bad: (C:\Users\B4rkeeper\AppData\Roaming\93566\lvvm.exe) Good: () -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\b4rkeeper\AppData\Roaming\3E293\7B3C2.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Users\b4rkeeper\AppData\Roaming\93566\lvvm.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Users\b4rkeeper\m-1-52-5782-8752-5245\winsvc.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\program files\internet explorer\C253\945.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Tom\Setup\setupcasino_a616b8.exe (PUP.Casino) -> Quarantined and deleted successfully.
c:\Casino\casino at bet365\_setupcasino_a616b8.exe (PUP.Casino) -> Quarantined and deleted successfully.
c:\Users\b4rkeeper\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\BOO3NFGY\tt[1].exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Users\b4rkeeper\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\XQF4D0UN\g[1].exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Users\b4rkeeper\AppData\Local\Temp\23687.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Users\b4rkeeper\AppData\Local\Temp\25412.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Users\b4rkeeper\AppData\Local\Temp\32606.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Users\b4rkeeper\AppData\Local\Temp\5170668.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Users\b4rkeeper\AppData\Local\Temp\63048.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Users\b4rkeeper\AppData\Local\Temp\6939055.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Users\b4rkeeper\AppData\Local\Temp\70615.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Users\b4rkeeper\AppData\Local\Temp\7269314.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Users\b4rkeeper\AppData\Local\Temp\7557561.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Users\b4rkeeper\AppData\Local\Temp\83387.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Users\b4rkeeper\AppData\Local\Temp\8351612.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Users\b4rkeeper\AppData\Local\Temp\88257.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Users\b4rkeeper\AppData\Roaming\firefox.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Users\b4rkeeper\AppData\Roaming\microsoft\C253\3590.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\b4rkeeper\AppData\Roaming\microsoft\C253\3928.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\b4rkeeper\AppData\Roaming\microsoft\C253\9DF.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\b4rkeeper\AppData\Roaming\microsoft\C253\EFFA.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\b4rkeeper\AppData\Roaming\microsoft\C253\F0F2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\b4rkeeper\AppData\Roaming\microsoft\C253\945.exe (Backdoor.CycBot.Gen) -> Quarantined and deleted successfully.


Danke!

cosinus 22.10.2011 18:13
Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


B4rkeeper 27.10.2011 22:24
Vielen Dank!

Hier das Log:


ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=36ac9126f324c2469e45ef9164b4a650
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-27 09:20:49
# local_time=2011-10-27 11:20:49 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 1068382 1068382 0 0
# compatibility_mode=5893 16776638 100 94 13226744 71367645 0 0
# compatibility_mode=8192 67108863 100 0 185 185 0 0
# scanned=191666
# found=11
# cleaned=0
# scan_time=14016
C:\Tom\Setup\Everest Pokernet.exe a variant of Win32/Casino application (unable to clean) 00000000000000000000000000000000 I
C:\Tom\Setup\registrybooster.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Tom\Setup\SoftonicDownloader_fuer_oben-up-meet-dug-screensaver.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
C:\Tom\Setup\uusee_2008.exe probably a variant of Win32/Agent.HKUJHEL trojan (unable to clean) 00000000000000000000000000000000 I
C:\Tom\Setup\icq_7.0_build_1211_banner_remover\ICQ 7.0 Build #1211 Banner Remover 1.0 Setup.exe Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I
C:\Tom\Setup\icq_lite_7.0_build_1509_banner_remover\ICQ Lite 7.0 Build #1509 Banner Remover 1.0 Setup.exe Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I
C:\Users\B4rkeeper\AppData\Local\Temp\A285.exe Win32/Cycbot.AF trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\B4rkeeper\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\5b0c76db-3e43449d multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Users\B4rkeeper\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\5b66019e-7c38718a a variant of Java/Agent.DP trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\B4rkeeper\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\768559be-561bfd6a Java/Agent.DR trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\B4rkeeper\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\1ebc74c7-71a8186f Java/Agent.DM trojan (unable to clean) 00000000000000000000000000000000 I

cosinus 28.10.2011 09:58
Mach bitte ein neue OTL-Log:

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

B4rkeeper 28.10.2011 17:55
Biiteschön:OTL Logfile:
Code:
OTL logfile created on: 28.10.2011 16:40:22 - Run 3
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Tom\Setup
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 71,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,95 Gb Total Space | 65,42 Gb Free Space | 43,92% Space Free | Partition Type: NTFS
 
Computer Name: B4RKEEPER-PC | User Name: B4rkeeper | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Users\B4rkeeper\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Tom\Setup\OTL.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Windows\BisonCam\BisonAPP.exe (Bison Inc.)
PRC - C:\Windows\System32\lxctcoms.exe ( )
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Tom\Setup\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (SearchAnonymizer) -- C:\Users\B4rkeeper\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (TeamViewer4) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (lxct_device) -- C:\Windows\System32\lxctcoms.exe ( )
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (Serial) -- C:\Windows\system32\DRIVERS\serial.sys (Brother Industries Ltd.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (Cam5603D) -- C:\Windows\System32\drivers\BisonCam.sys (Bison Electronics. Inc. )
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (SIS163u) -- C:\Windows\System32\drivers\sis163u.sys (Silicon Integrated Systems Corp.)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Tom\Downloads
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 FA BA D2 15 84 CB 01  [binary data]
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=https%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=llya694le36z&ss=1&scc=1&ltmpl=googlemail&hl=de&from=logout"
FF - prefs.js..extensions.enabledItems: {5B52016C-D097-4aec-BE61-9F129D8FDDBA}:2.0
FF - prefs.js..extensions.enabledItems: adblockpopups@jessehakanen.net:0.2.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="
FF - prefs.js..network.proxy.gopher: ""
FF - prefs.js..network.proxy.gopher_port: 0
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 58505
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 9666
FF - prefs.js..network.proxy.type: 4
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.05.16 20:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.05.16 20:21:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.10.01 12:17:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.15 19:47:45 | 000,000,000 | ---D | M]
 
[2009.11.22 18:46:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\B4rkeeper\AppData\Roaming\mozilla\Extensions
[2011.10.16 09:52:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\B4rkeeper\AppData\Roaming\mozilla\Firefox\Profiles\y62ol1ts.default\extensions
[2010.01.20 21:57:42 | 000,000,000 | ---D | M] ("UltraSurf Firefox Tool") -- C:\Users\B4rkeeper\AppData\Roaming\mozilla\Firefox\Profiles\y62ol1ts.default\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}
[2011.08.28 14:56:17 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\B4rkeeper\AppData\Roaming\mozilla\Firefox\Profiles\y62ol1ts.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.08.29 14:41:38 | 000,000,000 | ---D | M] (FireJump) -- C:\Users\B4rkeeper\AppData\Roaming\mozilla\Firefox\Profiles\y62ol1ts.default\extensions\firejump@firejump.net
[2011.08.29 14:41:56 | 000,001,127 | ---- | M] () -- C:\Users\B4rkeeper\AppData\Roaming\Mozilla\Firefox\Profiles\y62ol1ts.default\searchplugins\conduit.xml
[2011.03.30 17:46:43 | 000,001,097 | ---- | M] () -- C:\Users\B4rkeeper\AppData\Roaming\Mozilla\Firefox\Profiles\y62ol1ts.default\searchplugins\icqplugin-1.xml
[2011.03.30 17:46:43 | 000,001,114 | ---- | M] () -- C:\Users\B4rkeeper\AppData\Roaming\Mozilla\Firefox\Profiles\y62ol1ts.default\searchplugins\icqplugin.xml
[2011.08.29 14:41:56 | 000,005,676 | ---- | M] () -- C:\Users\B4rkeeper\AppData\Roaming\Mozilla\Firefox\Profiles\y62ol1ts.default\searchplugins\webde-suche.xml
[2011.03.30 17:46:43 | 000,002,182 | ---- | M] () -- C:\Users\B4rkeeper\AppData\Roaming\Mozilla\Firefox\Profiles\y62ol1ts.default\searchplugins\{04F8EDDA-B68A-4F77-BDB4-83C306882040}.xml
[2011.03.30 17:46:43 | 000,002,071 | ---- | M] () -- C:\Users\B4rkeeper\AppData\Roaming\Mozilla\Firefox\Profiles\y62ol1ts.default\searchplugins\{2DB5A5DD-AAA8-49E1-89C8-880F2CA88E9A}.xml
[2011.03.30 17:46:43 | 000,001,864 | ---- | M] () -- C:\Users\B4rkeeper\AppData\Roaming\Mozilla\Firefox\Profiles\y62ol1ts.default\searchplugins\{3D4DA242-3393-4F75-A93A-4CFBC56F8A9D}.xml
[2011.10.20 18:02:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.05.23 10:21:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.07 11:51:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.06 17:15:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.16 23:42:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.06.20 20:27:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.10.20 18:02:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\EXTENSIONS\{DD05FD3D-18DF-4CE4-AE53-E795339C5F01}.XPI
() (No name found) -- C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI
() (No name found) -- C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2011.10.01 12:17:33 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2011.10.03 11:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Programme\Mozilla Firefox\plugins\npvsharetvplg.dll
[2011.07.11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll
[2011.08.29 14:41:56 | 000,001,678 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.08.29 14:41:56 | 000,001,929 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml
[2011.08.29 14:41:56 | 000,001,265 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.08.29 14:41:56 | 000,007,045 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.08.29 14:41:56 | 000,001,272 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.08.29 14:41:56 | 000,001,164 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.05.11 22:58:52 | 000,001,029 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 im.adtech.de
O1 - Hosts: 127.0.0.1 adserver.adtech.de
O1 - Hosts: 127.0.0.1 adtech.de
O1 - Hosts: 127.0.0.1 atwola.com
O1 - Hosts: 127.0.0.1 adserver.71i.de
O1 - Hosts: 127.0.0.1 adicqserver.71i.de
O1 - Hosts: 127.0.0.1 71i.de
O1 - Hosts: 127.0.0.1 ar.atwola.com
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll (facemoods.com)
O3 - HKCU\..\Toolbar\WebBrowser: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BisonAPP] C:\Windows\BisonCam\BisonAPP.exe (Bison Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [LXCTCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\LXCTtime.DLL (Lexmark International Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Ocs_SM] C:\Users\B4rkeeper\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4 - Startup: C:\Users\B4rkeeper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\B4rkeeper\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\B4rkeeper\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} ms-its:C:\Program Files\The Tournament Director 2\TD.lib::/comdlg32.cab (Microsoft Common Dialog Control, version 5.0 (SP2))
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^Users^B4rkeeper^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - C:\Users\B4RKEE~1\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.)
MsConfig - StartUpReg: dradio-RecorderTimer - hkey= - key= - C:\Programme\dradio-Recorder\phonostarTimer.exe ()
MsConfig - StartUpReg: EzPrint - hkey= - key= - C:\Program Files\Lexmark 5400 Series\ezprint.exe (Lexmark International Inc.)
MsConfig - StartUpReg: ICQ - hkey= - key= - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
MsConfig - StartUpReg: Lexmark 5400 Series Fax Server - hkey= - key= - C:\Program Files\Lexmark 5400 Series\fm3032.exe ()
MsConfig - StartUpReg: lxctmon.exe - hkey= - key= - C:\Program Files\Lexmark 5400 Series\lxctmon.exe ()
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\Microsoft
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\Microsoft
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: aux - wdmaud.drv (Microsoft Corporation)
Drivers32: midi - wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - midimap.dll (Microsoft Corporation)
Drivers32: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.XVID - xvidvfw.dll ()
Drivers32: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - DivX.dll (DivX, Inc.)
Drivers32: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32: wave - wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - msacm32.drv (Microsoft Corporation)

 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.10.27 19:24:29 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2011.10.23 10:47:07 | 000,000,000 | ---D | C] -- C:\Users\B4rkeeper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
[2011.10.20 18:03:03 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java
[2011.10.16 14:29:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.10.16 14:27:26 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.10.16 14:27:25 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.10.16 09:51:29 | 000,000,000 | ---D | C] -- C:\Users\B4rkeeper\AppData\Roaming\93566
[2011.10.16 09:51:05 | 000,000,000 | ---D | C] -- C:\Users\B4rkeeper\AppData\Roaming\3E293
[2011.10.16 09:51:00 | 000,000,000 | RHSD | C] -- C:\Users\B4rkeeper\M-1-52-5782-8752-5245
[2011.10.15 19:47:43 | 000,000,000 | ---D | C] -- C:\Programme\vShare.tv plugin
[2011.10.15 10:41:56 | 000,000,000 | ---D | C] -- C:\Users\B4rkeeper\AppData\Roaming\Avira
[2011.10.15 10:41:18 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011.10.15 10:41:17 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.10.15 10:41:17 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.10.15 10:41:17 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2011.10.15 10:41:12 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2011.10.15 10:41:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.10.13 19:23:24 | 000,000,000 | ---D | C] -- C:\Users\B4rkeeper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011.10.02 11:16:18 | 000,000,000 | ---D | C] -- C:\Users\B4rkeeper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zattoo4
[2010.07.21 19:43:00 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxctinpa.dll
[2010.07.21 19:43:00 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXCThcp.dll
[2010.07.21 19:42:59 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxctserv.dll
[2010.07.21 19:42:59 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxctusb1.dll
[2010.07.21 19:42:59 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxctpmui.dll
[2010.07.21 19:42:59 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxctlmpm.dll
[2010.07.21 19:42:59 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxctiesc.dll
[2010.07.21 19:42:59 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxctih.exe
[2010.07.21 19:42:59 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxctprox.dll
[2010.07.21 19:42:59 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxctpplc.dll
[2010.07.21 19:42:58 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxcthbn3.dll
[2010.07.21 19:42:58 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxctcomc.dll
[2010.07.21 19:42:58 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxctcoms.exe
[2010.07.21 19:42:58 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxctcomm.dll
[2010.07.21 19:42:58 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxctcfg.exe
[2009.12.04 14:49:17 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\B4rkeeper\AppData\Roaming\pcouffin.sys
[2 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.10.28 16:44:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cc928cfc1be8d0.job
[2011.10.28 16:38:47 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.10.28 16:38:47 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.10.28 16:31:36 | 000,027,715 | ---- | M] () -- C:\Users\B4rkeeper\AppData\Roaming\nvModes.001
[2011.10.28 16:31:30 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.10.28 16:31:28 | 000,000,322 | -HS- | M] () -- C:\Windows\tasks\jgldxm.job
[2011.10.28 16:31:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.10.28 16:31:09 | 1609,764,864 | -HS- | M] () -- C:\hiberfil.sys
[2011.10.27 23:03:01 | 000,001,136 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3010885922-4294614956-1642056636-1000UA.job
[2011.10.23 15:19:02 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.10.23 15:19:02 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.10.23 15:19:02 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.10.23 15:19:02 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.10.23 15:14:28 | 200,735,650 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.10.23 15:03:03 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3010885922-4294614956-1642056636-1000Core.job
[2011.10.18 19:51:01 | 000,027,715 | ---- | M] () -- C:\Users\B4rkeeper\AppData\Roaming\nvModes.dat
[2011.10.16 09:53:00 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011.10.15 10:31:38 | 000,412,064 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.10.11 15:00:01 | 000,134,344 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.10.11 15:00:01 | 000,074,640 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2011.10.02 11:01:24 | 000,017,408 | ---- | M] () -- C:\Users\B4rkeeper\AppData\Local\WebpageIcons.db
[2 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.10.24 22:39:10 | 000,001,098 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cc928cfc1be8d0.job
[2011.10.23 15:08:26 | 200,735,650 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.10.16 09:52:36 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\At1.job
[2011.08.13 12:07:51 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.07.23 01:37:07 | 000,000,000 | ---- | C] () -- C:\Users\B4rkeeper\AppData\Local\{30EC4114-8E95-4F31-B24D-203CCFC48796}
[2011.05.26 20:54:20 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.05.26 20:51:00 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.04.27 14:10:55 | 000,029,151 | ---- | C] () -- C:\Users\B4rkeeper\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2011.04.13 23:20:08 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010.07.21 19:43:57 | 000,045,056 | ---- | C] () -- C:\Windows\System32\lxctpmon.dll
[2010.07.21 19:43:57 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXCTFXPU.DLL
[2010.07.21 19:43:37 | 000,012,288 | ---- | C] () -- C:\Windows\System32\lxctpmrc.dll
[2010.07.21 19:43:00 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXCTinst.dll
[2010.07.21 19:42:58 | 000,204,800 | ---- | C] () -- C:\Windows\System32\lxctgrd.dll
[2010.05.13 13:24:38 | 000,000,016 | ---- | C] () -- C:\Users\B4rkeeper\AppData\Roaming\qvjsge.dat
[2010.03.01 21:31:16 | 000,017,408 | ---- | C] () -- C:\Users\B4rkeeper\AppData\Local\WebpageIcons.db
[2010.02.28 15:25:26 | 000,015,190 | ---- | C] () -- C:\Windows\M2000Twn.ini
[2009.12.04 14:50:48 | 000,001,173 | ---- | C] () -- C:\Users\B4rkeeper\AppData\Roaming\vso_ts_preview.xml
[2009.12.04 14:49:17 | 000,087,608 | ---- | C] () -- C:\Users\B4rkeeper\AppData\Roaming\inst.exe
[2009.12.04 14:49:17 | 000,007,887 | ---- | C] () -- C:\Users\B4rkeeper\AppData\Roaming\pcouffin.cat
[2009.12.04 14:49:17 | 000,001,144 | ---- | C] () -- C:\Users\B4rkeeper\AppData\Roaming\pcouffin.inf
[2009.12.02 23:22:10 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.12.02 23:22:09 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.11.29 15:11:54 | 000,007,605 | ---- | C] () -- C:\Users\B4rkeeper\AppData\Local\Resmon.ResmonCfg
[2009.11.28 00:40:41 | 000,027,715 | ---- | C] () -- C:\Users\B4rkeeper\AppData\Roaming\nvModes.001
[2009.11.28 00:40:05 | 000,027,715 | ---- | C] () -- C:\Users\B4rkeeper\AppData\Roaming\nvModes.dat
[2009.11.26 21:20:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.11.22 18:23:48 | 000,009,216 | ---- | C] () -- C:\Windows\System32\unwlsdrv.exe
[2009.07.14 10:47:43 | 000,654,166 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,130,006 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,412,064 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,616,008 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,106,388 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.11.07 12:30:48 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxctcoin.dll
[2006.08.14 17:17:14 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxctcaps.dll
[2006.08.08 15:58:04 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxctdrs.dll
[2006.05.03 14:31:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxctcnv4.dll
[2006.04.25 03:11:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxctvs.dll
 
========== LOP Check ==========
 
[2011.10.19 18:34:15 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\3E293
[2010.08.09 18:24:30 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\5400 Series
[2011.10.22 19:06:43 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\93566
[2010.05.06 18:23:17 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\addwebcontent
[2009.12.03 17:04:25 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\Ashampoo
[2011.08.06 15:28:01 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\Babylon
[2010.12.13 20:34:00 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\CocoonSoftware
[2011.08.01 13:25:23 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\DAEMON Tools Lite
[2011.08.29 14:41:39 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\DesktopIconForAmazon
[2011.10.28 16:31:48 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\Dropbox
[2011.01.27 21:40:27 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.03.20 13:45:36 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\GetRightToGo
[2011.08.01 00:02:41 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\go
[2009.12.02 16:01:46 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\GrabPro
[2011.06.03 10:45:54 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\gtk-2.0
[2011.10.13 21:46:51 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\ICQ
[2011.03.30 17:46:34 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\OCS
[2011.08.06 15:46:53 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\Octoshape
[2010.08.07 13:41:24 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\Opera
[2009.12.02 12:27:30 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\Orbit
[2011.04.03 15:13:14 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\phonostar GmbH
[2010.12.05 17:11:52 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\Research In Motion
[2011.04.13 18:20:03 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\SmartTools
[2009.11.26 22:29:46 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\TeamViewer
[2010.03.23 20:38:49 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\Vso
[2011.10.16 09:53:00 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2011.10.28 16:31:28 | 000,000,322 | -HS- | M] () -- C:\Windows\Tasks\jgldxm.job
[2011.10.23 15:11:22 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.10.19 18:34:15 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\3E293
[2010.08.09 18:24:30 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\5400 Series
[2011.10.22 19:06:43 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\93566
[2010.05.06 18:23:17 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\addwebcontent
[2011.03.26 22:23:19 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\Adobe
[2010.06.20 10:36:16 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\Apple Computer
[2009.12.03 17:04:25 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\Ashampoo
[2011.10.15 10:41:56 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\Avira
[2011.08.06 15:28:01 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\Babylon
[2010.12.13 20:34:00 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\CocoonSoftware
[2011.08.01 13:25:23 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\DAEMON Tools Lite
[2011.08.29 14:41:39 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\DesktopIconForAmazon
[2010.12.13 20:23:09 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\DivX
[2011.10.28 16:31:48 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\Dropbox
[2011.01.27 00:14:39 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\dvdcss
[2011.01.27 21:40:27 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.03.20 13:45:36 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\GetRightToGo
[2011.08.01 00:02:41 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\go
[2009.12.02 16:01:46 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\GrabPro
[2011.06.03 10:45:54 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\gtk-2.0
[2011.10.13 21:46:51 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\ICQ
[2009.11.22 14:48:26 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\Identities
[2009.11.22 18:28:10 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\InstallShield
[2009.11.22 19:35:42 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\Macromedia
[2011.03.26 22:48:31 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\Malwarebytes
[2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\Media Center Programs
[2010.12.26 13:14:49 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\Media Player Classic
[2011.10.16 09:51:05 | 000,000,000 | --SD | M] -- C:\Users\B4rkeeper\AppData\Roaming\Microsoft
[2011.07.31 20:49:30 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\Mozilla
[2011.03.30 17:46:34 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\OCS
[2011.08.06 15:46:53 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\Octoshape
[2010.08.07 13:41:24 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\Opera
[2009.12.02 12:27:30 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\Orbit
[2011.04.03 15:13:14 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\phonostar GmbH
[2010.12.05 17:11:52 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\Research In Motion
[2011.10.23 18:41:44 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\Skype
[2011.06.12 12:43:41 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\skypePM
[2011.04.13 18:20:03 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\SmartTools
[2009.11.26 22:29:46 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\TeamViewer
[2011.10.27 20:40:44 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\vlc
[2010.03.23 20:38:49 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\Vso
[2011.10.16 15:54:52 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\Winamp
[2009.11.22 21:09:11 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2009.12.04 14:49:17 | 000,087,608 | ---- | M] () -- C:\Users\B4rkeeper\AppData\Roaming\inst.exe
[2009.11.06 08:04:40 | 010,377,728 | ---- | M] () -- C:\Users\B4rkeeper\AppData\Roaming\CocoonSoftware\QMC\ffmpeg.exe
[2008.04.02 13:35:18 | 007,945,216 | ---- | M] () -- C:\Users\B4rkeeper\AppData\Roaming\CocoonSoftware\QMC\ffmpegHD.exe
[2011.08.29 14:41:36 | 000,753,664 | ---- | M] (Microsoft) -- C:\Users\B4rkeeper\AppData\Roaming\DesktopIconForAmazon\IconForAmazon.exe
[2011.05.25 22:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\B4rkeeper\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2011.05.25 22:07:42 | 000,174,784 | ---- | M] (Dropbox, Inc.) -- C:\Users\B4rkeeper\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2010.03.01 17:22:49 | 015,849,560 | ---- | M] () -- C:\Users\B4rkeeper\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airinstaller1x0\airinstaller1x0.exe
[2011.06.08 17:18:48 | 000,413,696 | R--- | M] (Acresso Software Inc.) -- C:\Users\B4rkeeper\AppData\Roaming\Microsoft\Installer\{4C796567-1FDC-430F-91EC-FEA7AAA0C251}\BlackBerry.exe
[2011.08.29 14:41:47 | 000,106,496 | ---- | M] (OCS) -- C:\Users\B4rkeeper\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
[2011.08.29 14:41:47 | 000,040,960 | ---- | M] () -- C:\Users\B4rkeeper\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
[2009.01.08 15:44:06 | 000,070,936 | ---- | M] (Octoshape ApS) -- C:\Users\B4rkeeper\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
 
< %SYSTEMDRIVE%\*.exe >
[2007.11.07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2 C:\*.tmp files -> C:\*.tmp -> ]
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: NVSTOR32.SYS  >
[2007.07.03 18:53:32 | 000,114,208 | ---- | M] (NVIDIA Corporation) MD5=2BB068C7600C206372D8269BE74C67BB -- C:\fsc.tmp\1014879\IDE\WinVista\sata_ide\nvstor32.sys
[2007.07.03 18:53:32 | 000,114,208 | ---- | M] (NVIDIA Corporation) MD5=2BB068C7600C206372D8269BE74C67BB -- C:\Windows\System32\drivers\nvstor32.sys
[2007.07.03 18:53:32 | 000,114,208 | ---- | M] (NVIDIA Corporation) MD5=2BB068C7600C206372D8269BE74C67BB -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_x86_neutral_a262bd835674b286\nvstor32.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.03.08 16:57:21 | 000,721,904 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2010.11.20 14:21:35 | 000,492,032 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\win32spl.dll
 
<          >

< End of report >
--- --- ---

P.S. Teilweise scheinen die Probleme durch den Malwarebytes-Scan schon gelöst, jedoch lässt dich zB mein Windows-Sicherheitscenter noch nicht öffnen!

B4rkeeper 28.10.2011 17:57
Hier das OTL Log:
OTL Logfile:
Code:
OTL logfile created on: 28.10.2011 16:40:22 - Run 3
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Tom\Setup
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 71,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,95 Gb Total Space | 65,42 Gb Free Space | 43,92% Space Free | Partition Type: NTFS
 
Computer Name: B4RKEEPER-PC | User Name: B4rkeeper | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Users\B4rkeeper\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Tom\Setup\OTL.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Windows\BisonCam\BisonAPP.exe (Bison Inc.)
PRC - C:\Windows\System32\lxctcoms.exe ( )
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Tom\Setup\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (SearchAnonymizer) -- C:\Users\B4rkeeper\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (TeamViewer4) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (lxct_device) -- C:\Windows\System32\lxctcoms.exe ( )
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (Serial) -- C:\Windows\system32\DRIVERS\serial.sys (Brother Industries Ltd.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (Cam5603D) -- C:\Windows\System32\drivers\BisonCam.sys (Bison Electronics. Inc. )
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (SIS163u) -- C:\Windows\System32\drivers\sis163u.sys (Silicon Integrated Systems Corp.)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Tom\Downloads
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 FA BA D2 15 84 CB 01  [binary data]
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=https%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=llya694le36z&ss=1&scc=1&ltmpl=googlemail&hl=de&from=logout"
FF - prefs.js..extensions.enabledItems: {5B52016C-D097-4aec-BE61-9F129D8FDDBA}:2.0
FF - prefs.js..extensions.enabledItems: adblockpopups@jessehakanen.net:0.2.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="
FF - prefs.js..network.proxy.gopher: ""
FF - prefs.js..network.proxy.gopher_port: 0
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 58505
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 9666
FF - prefs.js..network.proxy.type: 4
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.05.16 20:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.05.16 20:21:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.10.01 12:17:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.15 19:47:45 | 000,000,000 | ---D | M]
 
[2009.11.22 18:46:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\B4rkeeper\AppData\Roaming\mozilla\Extensions
[2011.10.16 09:52:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\B4rkeeper\AppData\Roaming\mozilla\Firefox\Profiles\y62ol1ts.default\extensions
[2010.01.20 21:57:42 | 000,000,000 | ---D | M] ("UltraSurf Firefox Tool") -- C:\Users\B4rkeeper\AppData\Roaming\mozilla\Firefox\Profiles\y62ol1ts.default\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}
[2011.08.28 14:56:17 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\B4rkeeper\AppData\Roaming\mozilla\Firefox\Profiles\y62ol1ts.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.08.29 14:41:38 | 000,000,000 | ---D | M] (FireJump) -- C:\Users\B4rkeeper\AppData\Roaming\mozilla\Firefox\Profiles\y62ol1ts.default\extensions\firejump@firejump.net
[2011.08.29 14:41:56 | 000,001,127 | ---- | M] () -- C:\Users\B4rkeeper\AppData\Roaming\Mozilla\Firefox\Profiles\y62ol1ts.default\searchplugins\conduit.xml
[2011.03.30 17:46:43 | 000,001,097 | ---- | M] () -- C:\Users\B4rkeeper\AppData\Roaming\Mozilla\Firefox\Profiles\y62ol1ts.default\searchplugins\icqplugin-1.xml
[2011.03.30 17:46:43 | 000,001,114 | ---- | M] () -- C:\Users\B4rkeeper\AppData\Roaming\Mozilla\Firefox\Profiles\y62ol1ts.default\searchplugins\icqplugin.xml
[2011.08.29 14:41:56 | 000,005,676 | ---- | M] () -- C:\Users\B4rkeeper\AppData\Roaming\Mozilla\Firefox\Profiles\y62ol1ts.default\searchplugins\webde-suche.xml
[2011.03.30 17:46:43 | 000,002,182 | ---- | M] () -- C:\Users\B4rkeeper\AppData\Roaming\Mozilla\Firefox\Profiles\y62ol1ts.default\searchplugins\{04F8EDDA-B68A-4F77-BDB4-83C306882040}.xml
[2011.03.30 17:46:43 | 000,002,071 | ---- | M] () -- C:\Users\B4rkeeper\AppData\Roaming\Mozilla\Firefox\Profiles\y62ol1ts.default\searchplugins\{2DB5A5DD-AAA8-49E1-89C8-880F2CA88E9A}.xml
[2011.03.30 17:46:43 | 000,001,864 | ---- | M] () -- C:\Users\B4rkeeper\AppData\Roaming\Mozilla\Firefox\Profiles\y62ol1ts.default\searchplugins\{3D4DA242-3393-4F75-A93A-4CFBC56F8A9D}.xml
[2011.10.20 18:02:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.05.23 10:21:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.07 11:51:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.06 17:15:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.16 23:42:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.06.20 20:27:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.10.20 18:02:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\EXTENSIONS\{DD05FD3D-18DF-4CE4-AE53-E795339C5F01}.XPI
() (No name found) -- C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI
() (No name found) -- C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2011.10.01 12:17:33 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2011.10.03 11:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Programme\Mozilla Firefox\plugins\npvsharetvplg.dll
[2011.07.11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll
[2011.08.29 14:41:56 | 000,001,678 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.08.29 14:41:56 | 000,001,929 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml
[2011.08.29 14:41:56 | 000,001,265 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.08.29 14:41:56 | 000,007,045 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.08.29 14:41:56 | 000,001,272 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.08.29 14:41:56 | 000,001,164 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.05.11 22:58:52 | 000,001,029 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 im.adtech.de
O1 - Hosts: 127.0.0.1 adserver.adtech.de
O1 - Hosts: 127.0.0.1 adtech.de
O1 - Hosts: 127.0.0.1 atwola.com
O1 - Hosts: 127.0.0.1 adserver.71i.de
O1 - Hosts: 127.0.0.1 adicqserver.71i.de
O1 - Hosts: 127.0.0.1 71i.de
O1 - Hosts: 127.0.0.1 ar.atwola.com
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll (facemoods.com)
O3 - HKCU\..\Toolbar\WebBrowser: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BisonAPP] C:\Windows\BisonCam\BisonAPP.exe (Bison Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [LXCTCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\LXCTtime.DLL (Lexmark International Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Ocs_SM] C:\Users\B4rkeeper\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4 - Startup: C:\Users\B4rkeeper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\B4rkeeper\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\B4rkeeper\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} ms-its:C:\Program Files\The Tournament Director 2\TD.lib::/comdlg32.cab (Microsoft Common Dialog Control, version 5.0 (SP2))
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^Users^B4rkeeper^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - C:\Users\B4RKEE~1\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.)
MsConfig - StartUpReg: dradio-RecorderTimer - hkey= - key= - C:\Programme\dradio-Recorder\phonostarTimer.exe ()
MsConfig - StartUpReg: EzPrint - hkey= - key= - C:\Program Files\Lexmark 5400 Series\ezprint.exe (Lexmark International Inc.)
MsConfig - StartUpReg: ICQ - hkey= - key= - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
MsConfig - StartUpReg: Lexmark 5400 Series Fax Server - hkey= - key= - C:\Program Files\Lexmark 5400 Series\fm3032.exe ()
MsConfig - StartUpReg: lxctmon.exe - hkey= - key= - C:\Program Files\Lexmark 5400 Series\lxctmon.exe ()
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\Microsoft
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\Microsoft
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: aux - wdmaud.drv (Microsoft Corporation)
Drivers32: midi - wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - midimap.dll (Microsoft Corporation)
Drivers32: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.XVID - xvidvfw.dll ()
Drivers32: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - DivX.dll (DivX, Inc.)
Drivers32: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32: wave - wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - msacm32.drv (Microsoft Corporation)

 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.10.27 19:24:29 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2011.10.23 10:47:07 | 000,000,000 | ---D | C] -- C:\Users\B4rkeeper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
[2011.10.20 18:03:03 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java
[2011.10.16 14:29:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.10.16 14:27:26 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.10.16 14:27:25 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.10.16 09:51:29 | 000,000,000 | ---D | C] -- C:\Users\B4rkeeper\AppData\Roaming\93566
[2011.10.16 09:51:05 | 000,000,000 | ---D | C] -- C:\Users\B4rkeeper\AppData\Roaming\3E293
[2011.10.16 09:51:00 | 000,000,000 | RHSD | C] -- C:\Users\B4rkeeper\M-1-52-5782-8752-5245
[2011.10.15 19:47:43 | 000,000,000 | ---D | C] -- C:\Programme\vShare.tv plugin
[2011.10.15 10:41:56 | 000,000,000 | ---D | C] -- C:\Users\B4rkeeper\AppData\Roaming\Avira
[2011.10.15 10:41:18 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011.10.15 10:41:17 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.10.15 10:41:17 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.10.15 10:41:17 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2011.10.15 10:41:12 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2011.10.15 10:41:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.10.13 19:23:24 | 000,000,000 | ---D | C] -- C:\Users\B4rkeeper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011.10.02 11:16:18 | 000,000,000 | ---D | C] -- C:\Users\B4rkeeper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zattoo4
[2010.07.21 19:43:00 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxctinpa.dll
[2010.07.21 19:43:00 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXCThcp.dll
[2010.07.21 19:42:59 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxctserv.dll
[2010.07.21 19:42:59 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxctusb1.dll
[2010.07.21 19:42:59 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxctpmui.dll
[2010.07.21 19:42:59 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxctlmpm.dll
[2010.07.21 19:42:59 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxctiesc.dll
[2010.07.21 19:42:59 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxctih.exe
[2010.07.21 19:42:59 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxctprox.dll
[2010.07.21 19:42:59 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxctpplc.dll
[2010.07.21 19:42:58 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxcthbn3.dll
[2010.07.21 19:42:58 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxctcomc.dll
[2010.07.21 19:42:58 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxctcoms.exe
[2010.07.21 19:42:58 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxctcomm.dll
[2010.07.21 19:42:58 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxctcfg.exe
[2009.12.04 14:49:17 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\B4rkeeper\AppData\Roaming\pcouffin.sys
[2 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.10.28 16:44:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cc928cfc1be8d0.job
[2011.10.28 16:38:47 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.10.28 16:38:47 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.10.28 16:31:36 | 000,027,715 | ---- | M] () -- C:\Users\B4rkeeper\AppData\Roaming\nvModes.001
[2011.10.28 16:31:30 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.10.28 16:31:28 | 000,000,322 | -HS- | M] () -- C:\Windows\tasks\jgldxm.job
[2011.10.28 16:31:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.10.28 16:31:09 | 1609,764,864 | -HS- | M] () -- C:\hiberfil.sys
[2011.10.27 23:03:01 | 000,001,136 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3010885922-4294614956-1642056636-1000UA.job
[2011.10.23 15:19:02 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.10.23 15:19:02 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.10.23 15:19:02 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.10.23 15:19:02 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.10.23 15:14:28 | 200,735,650 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.10.23 15:03:03 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3010885922-4294614956-1642056636-1000Core.job
[2011.10.18 19:51:01 | 000,027,715 | ---- | M] () -- C:\Users\B4rkeeper\AppData\Roaming\nvModes.dat
[2011.10.16 09:53:00 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011.10.15 10:31:38 | 000,412,064 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.10.11 15:00:01 | 000,134,344 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.10.11 15:00:01 | 000,074,640 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2011.10.02 11:01:24 | 000,017,408 | ---- | M] () -- C:\Users\B4rkeeper\AppData\Local\WebpageIcons.db
[2 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.10.24 22:39:10 | 000,001,098 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cc928cfc1be8d0.job
[2011.10.23 15:08:26 | 200,735,650 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.10.16 09:52:36 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\At1.job
[2011.08.13 12:07:51 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.07.23 01:37:07 | 000,000,000 | ---- | C] () -- C:\Users\B4rkeeper\AppData\Local\{30EC4114-8E95-4F31-B24D-203CCFC48796}
[2011.05.26 20:54:20 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.05.26 20:51:00 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.04.27 14:10:55 | 000,029,151 | ---- | C] () -- C:\Users\B4rkeeper\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2011.04.13 23:20:08 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010.07.21 19:43:57 | 000,045,056 | ---- | C] () -- C:\Windows\System32\lxctpmon.dll
[2010.07.21 19:43:57 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXCTFXPU.DLL
[2010.07.21 19:43:37 | 000,012,288 | ---- | C] () -- C:\Windows\System32\lxctpmrc.dll
[2010.07.21 19:43:00 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXCTinst.dll
[2010.07.21 19:42:58 | 000,204,800 | ---- | C] () -- C:\Windows\System32\lxctgrd.dll
[2010.05.13 13:24:38 | 000,000,016 | ---- | C] () -- C:\Users\B4rkeeper\AppData\Roaming\qvjsge.dat
[2010.03.01 21:31:16 | 000,017,408 | ---- | C] () -- C:\Users\B4rkeeper\AppData\Local\WebpageIcons.db
[2010.02.28 15:25:26 | 000,015,190 | ---- | C] () -- C:\Windows\M2000Twn.ini
[2009.12.04 14:50:48 | 000,001,173 | ---- | C] () -- C:\Users\B4rkeeper\AppData\Roaming\vso_ts_preview.xml
[2009.12.04 14:49:17 | 000,087,608 | ---- | C] () -- C:\Users\B4rkeeper\AppData\Roaming\inst.exe
[2009.12.04 14:49:17 | 000,007,887 | ---- | C] () -- C:\Users\B4rkeeper\AppData\Roaming\pcouffin.cat
[2009.12.04 14:49:17 | 000,001,144 | ---- | C] () -- C:\Users\B4rkeeper\AppData\Roaming\pcouffin.inf
[2009.12.02 23:22:10 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.12.02 23:22:09 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.11.29 15:11:54 | 000,007,605 | ---- | C] () -- C:\Users\B4rkeeper\AppData\Local\Resmon.ResmonCfg
[2009.11.28 00:40:41 | 000,027,715 | ---- | C] () -- C:\Users\B4rkeeper\AppData\Roaming\nvModes.001
[2009.11.28 00:40:05 | 000,027,715 | ---- | C] () -- C:\Users\B4rkeeper\AppData\Roaming\nvModes.dat
[2009.11.26 21:20:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.11.22 18:23:48 | 000,009,216 | ---- | C] () -- C:\Windows\System32\unwlsdrv.exe
[2009.07.14 10:47:43 | 000,654,166 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,130,006 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,412,064 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,616,008 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,106,388 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.11.07 12:30:48 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxctcoin.dll
[2006.08.14 17:17:14 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxctcaps.dll
[2006.08.08 15:58:04 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxctdrs.dll
[2006.05.03 14:31:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxctcnv4.dll
[2006.04.25 03:11:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxctvs.dll
 
========== LOP Check ==========
 
[2011.10.19 18:34:15 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\3E293
[2010.08.09 18:24:30 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\5400 Series
[2011.10.22 19:06:43 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\93566
[2010.05.06 18:23:17 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\addwebcontent
[2009.12.03 17:04:25 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\Ashampoo
[2011.08.06 15:28:01 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\Babylon
[2010.12.13 20:34:00 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\CocoonSoftware
[2011.08.01 13:25:23 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\DAEMON Tools Lite
[2011.08.29 14:41:39 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\DesktopIconForAmazon
[2011.10.28 16:31:48 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\Dropbox
[2011.01.27 21:40:27 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.03.20 13:45:36 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\GetRightToGo
[2011.08.01 00:02:41 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\go
[2009.12.02 16:01:46 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\GrabPro
[2011.06.03 10:45:54 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\gtk-2.0
[2011.10.13 21:46:51 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\ICQ
[2011.03.30 17:46:34 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\OCS
[2011.08.06 15:46:53 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\Octoshape
[2010.08.07 13:41:24 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\Opera
[2009.12.02 12:27:30 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\Orbit
[2011.04.03 15:13:14 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\phonostar GmbH
[2010.12.05 17:11:52 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\Research In Motion
[2011.04.13 18:20:03 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\SmartTools
[2009.11.26 22:29:46 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\TeamViewer
[2010.03.23 20:38:49 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\Vso
[2011.10.16 09:53:00 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2011.10.28 16:31:28 | 000,000,322 | -HS- | M] () -- C:\Windows\Tasks\jgldxm.job
[2011.10.23 15:11:22 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.10.19 18:34:15 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\3E293
[2010.08.09 18:24:30 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\5400 Series
[2011.10.22 19:06:43 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\93566
[2010.05.06 18:23:17 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\addwebcontent
[2011.03.26 22:23:19 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\Adobe
[2010.06.20 10:36:16 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\Apple Computer
[2009.12.03 17:04:25 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\Ashampoo
[2011.10.15 10:41:56 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\Avira
[2011.08.06 15:28:01 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\Babylon
[2010.12.13 20:34:00 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\CocoonSoftware
[2011.08.01 13:25:23 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\DAEMON Tools Lite
[2011.08.29 14:41:39 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\DesktopIconForAmazon
[2010.12.13 20:23:09 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\DivX
[2011.10.28 16:31:48 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\Dropbox
[2011.01.27 00:14:39 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\dvdcss
[2011.01.27 21:40:27 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.03.20 13:45:36 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\GetRightToGo
[2011.08.01 00:02:41 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\go
[2009.12.02 16:01:46 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\GrabPro
[2011.06.03 10:45:54 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\gtk-2.0
[2011.10.13 21:46:51 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\ICQ
[2009.11.22 14:48:26 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\Identities
[2009.11.22 18:28:10 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\InstallShield
[2009.11.22 19:35:42 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\Macromedia
[2011.03.26 22:48:31 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\Malwarebytes
[2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\Media Center Programs
[2010.12.26 13:14:49 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\Media Player Classic
[2011.10.16 09:51:05 | 000,000,000 | --SD | M] -- C:\Users\B4rkeeper\AppData\Roaming\Microsoft
[2011.07.31 20:49:30 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\Mozilla
[2011.03.30 17:46:34 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\OCS
[2011.08.06 15:46:53 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\Octoshape
[2010.08.07 13:41:24 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\Opera
[2009.12.02 12:27:30 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\Orbit
[2011.04.03 15:13:14 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\phonostar GmbH
[2010.12.05 17:11:52 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\Research In Motion
[2011.10.23 18:41:44 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\Skype
[2011.06.12 12:43:41 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\skypePM
[2011.04.13 18:20:03 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\SmartTools
[2009.11.26 22:29:46 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\TeamViewer
[2011.10.27 20:40:44 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\vlc
[2010.03.23 20:38:49 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\Vso
[2011.10.16 15:54:52 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\Winamp
[2009.11.22 21:09:11 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2009.12.04 14:49:17 | 000,087,608 | ---- | M] () -- C:\Users\B4rkeeper\AppData\Roaming\inst.exe
[2009.11.06 08:04:40 | 010,377,728 | ---- | M] () -- C:\Users\B4rkeeper\AppData\Roaming\CocoonSoftware\QMC\ffmpeg.exe
[2008.04.02 13:35:18 | 007,945,216 | ---- | M] () -- C:\Users\B4rkeeper\AppData\Roaming\CocoonSoftware\QMC\ffmpegHD.exe
[2011.08.29 14:41:36 | 000,753,664 | ---- | M] (Microsoft) -- C:\Users\B4rkeeper\AppData\Roaming\DesktopIconForAmazon\IconForAmazon.exe
[2011.05.25 22:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\B4rkeeper\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2011.05.25 22:07:42 | 000,174,784 | ---- | M] (Dropbox, Inc.) -- C:\Users\B4rkeeper\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2010.03.01 17:22:49 | 015,849,560 | ---- | M] () -- C:\Users\B4rkeeper\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airinstaller1x0\airinstaller1x0.exe
[2011.06.08 17:18:48 | 000,413,696 | R--- | M] (Acresso Software Inc.) -- C:\Users\B4rkeeper\AppData\Roaming\Microsoft\Installer\{4C796567-1FDC-430F-91EC-FEA7AAA0C251}\BlackBerry.exe
[2011.08.29 14:41:47 | 000,106,496 | ---- | M] (OCS) -- C:\Users\B4rkeeper\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
[2011.08.29 14:41:47 | 000,040,960 | ---- | M] () -- C:\Users\B4rkeeper\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
[2009.01.08 15:44:06 | 000,070,936 | ---- | M] (Octoshape ApS) -- C:\Users\B4rkeeper\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
 
< %SYSTEMDRIVE%\*.exe >
[2007.11.07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2 C:\*.tmp files -> C:\*.tmp -> ]
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: NVSTOR32.SYS  >
[2007.07.03 18:53:32 | 000,114,208 | ---- | M] (NVIDIA Corporation) MD5=2BB068C7600C206372D8269BE74C67BB -- C:\fsc.tmp\1014879\IDE\WinVista\sata_ide\nvstor32.sys
[2007.07.03 18:53:32 | 000,114,208 | ---- | M] (NVIDIA Corporation) MD5=2BB068C7600C206372D8269BE74C67BB -- C:\Windows\System32\drivers\nvstor32.sys
[2007.07.03 18:53:32 | 000,114,208 | ---- | M] (NVIDIA Corporation) MD5=2BB068C7600C206372D8269BE74C67BB -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_x86_neutral_a262bd835674b286\nvstor32.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.03.08 16:57:21 | 000,721,904 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2010.11.20 14:21:35 | 000,492,032 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\win32spl.dll
 
<          >

< End of report >
--- --- ---


P.S. Teilweise scheinen die Probleme durch den Malwarebytes-Scan schon gelöst, jedoch lässt dich zB mein Windows-Sicherheitscenter noch nicht öffnen!

cosinus 28.10.2011 20:15
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 FA BA D2 15 84 CB 01  [binary data]
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}"
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="
FF - prefs.js..network.proxy.gopher: ""
FF - prefs.js..network.proxy.gopher_port: 0
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 58505
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 9666
FF - prefs.js..network.proxy.type: 4
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll (facemoods.com)
O3 - HKCU\..\Toolbar\WebBrowser: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe (facemoods.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
[2011.10.16 09:51:29 | 000,000,000 | ---D | C] -- C:\Users\B4rkeeper\AppData\Roaming\93566
[2011.10.16 09:51:05 | 000,000,000 | ---D | C] -- C:\Users\B4rkeeper\AppData\Roaming\3E293
[2011.10.16 09:51:00 | 000,000,000 | RHSD | C] -- C:\Users\B4rkeeper\M-1-52-5782-8752-5245
[2011.08.06 15:28:01 | 000,000,000 | ---D | M] -- C:\Users\B4rkeeper\AppData\Roaming\Babylon
:Files
C:\Windows\tasks\*.job
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

B4rkeeper 29.10.2011 00:00
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ deleted successfully.
C:\Programme\softonic-de3\tbsoft.dll moved successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File C:\Programme\softonic-de3\tbsoft.dll not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "softonic-de3 Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=" removed from keyword.URL
Prefs.js: "" removed from network.proxy.gopher
Prefs.js: 0 removed from network.proxy.gopher_port
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 58505 removed from network.proxy.http_port
Prefs.js: "localhost" removed from network.proxy.socks
Prefs.js: 9050 removed from network.proxy.socks_port
Prefs.js: true removed from network.proxy.socks_remote_dns
Prefs.js: "localhost" removed from network.proxy.ssl
Prefs.js: 9666 removed from network.proxy.ssl_port
Prefs.js: 4 removed from network.proxy.type
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Programme\ConduitEngine\ConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}\ deleted successfully.
C:\Programme\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.
C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}\ deleted successfully.
C:\Programme\vShare.tv plugin\BarLcher.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File C:\Programme\softonic-de3\tbsoft.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Programme\ConduitEngine\ConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}\ deleted successfully.
File C:\Programme\vShare.tv plugin\BarLcher.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File de3\tbsoft.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\ deleted successfully.
C:\Programme\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}\ not found.
File C:\Programme\vShare.tv plugin\BarLcher.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\facemoods deleted successfully.
C:\Programme\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
C:\Users\B4rkeeper\AppData\Roaming\93566 folder moved successfully.
C:\Users\B4rkeeper\AppData\Roaming\3E293 folder moved successfully.
C:\Users\B4rkeeper\M-1-52-5782-8752-5245 folder moved successfully.
C:\Users\B4rkeeper\AppData\Roaming\Babylon folder moved successfully.
========== FILES ==========
C:\Windows\tasks\At1.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineUA1cc928cfc1be8d0.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3010885922-4294614956-1642056636-1000Core.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3010885922-4294614956-1642056636-1000UA.job moved successfully.
C:\Windows\tasks\jgldxm.job moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: B4rkeeper
->Temp folder emptied: 24831550 bytes
->Temporary Internet Files folder emptied: 33634914 bytes
->Java cache emptied: 796551 bytes
->FireFox cache emptied: 85559388 bytes
->Google Chrome cache emptied: 367955984 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 15875972 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 111997044 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7904 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 611,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.22.3 log created on 10292011_005631

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus 29.10.2011 15:57
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

B4rkeeper 30.10.2011 11:17
11:13:47.0001 3104 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01
11:13:47.0308 3104 ============================================================
11:13:47.0308 3104 Current date / time: 2011/10/30 11:13:47.0308
11:13:47.0308 3104 SystemInfo:
11:13:47.0308 3104
11:13:47.0308 3104 OS Version: 6.1.7601 ServicePack: 1.0
11:13:47.0308 3104 Product type: Workstation
11:13:47.0309 3104 ComputerName: B4RKEEPER-PC
11:13:47.0312 3104 UserName: B4rkeeper
11:13:47.0312 3104 Windows directory: C:\Windows
11:13:47.0312 3104 System windows directory: C:\Windows
11:13:47.0312 3104 Processor architecture: Intel x86
11:13:47.0312 3104 Number of processors: 2
11:13:47.0312 3104 Page size: 0x1000
11:13:47.0312 3104 Boot type: Normal boot
11:13:47.0312 3104 ============================================================
11:13:48.0274 3104 Initialize success
11:14:58.0152 3744 ============================================================
11:14:58.0152 3744 Scan started
11:14:58.0152 3744 Mode: Manual; SigCheck; TDLFS;
11:14:58.0152 3744 ============================================================
11:14:59.0767 3744 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
11:15:00.0127 3744 1394ohci - ok
11:15:00.0305 3744 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
11:15:00.0351 3744 ACPI - ok
11:15:00.0456 3744 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
11:15:00.0625 3744 AcpiPmi - ok
11:15:00.0843 3744 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
11:15:00.0946 3744 adp94xx - ok
11:15:01.0035 3744 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
11:15:01.0131 3744 adpahci - ok
11:15:01.0224 3744 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
11:15:01.0313 3744 adpu320 - ok
11:15:01.0456 3744 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
11:15:01.0583 3744 AFD - ok
11:15:01.0682 3744 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
11:15:01.0754 3744 agp440 - ok
11:15:01.0822 3744 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
11:15:01.0894 3744 aic78xx - ok
11:15:01.0990 3744 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
11:15:02.0035 3744 aliide - ok
11:15:02.0124 3744 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
11:15:02.0177 3744 amdagp - ok
11:15:02.0258 3744 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
11:15:02.0324 3744 amdide - ok
11:15:02.0387 3744 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
11:15:02.0492 3744 AmdK8 - ok
11:15:02.0536 3744 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
11:15:02.0661 3744 AmdPPM - ok
11:15:02.0744 3744 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
11:15:02.0823 3744 amdsata - ok
11:15:02.0894 3744 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
11:15:02.0973 3744 amdsbs - ok
11:15:03.0015 3744 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
11:15:03.0095 3744 amdxata - ok
11:15:03.0264 3744 ApfiltrService (441b46afdea05fd8436f680eb41c4190) C:\Windows\system32\DRIVERS\Apfiltr.sys
11:15:03.0366 3744 ApfiltrService - ok
11:15:03.0431 3744 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
11:15:03.0617 3744 AppID - ok
11:15:03.0781 3744 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
11:15:03.0856 3744 arc - ok
11:15:03.0915 3744 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
11:15:04.0005 3744 arcsas - ok
11:15:04.0118 3744 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
11:15:04.0334 3744 AsyncMac - ok
11:15:04.0432 3744 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
11:15:04.0502 3744 atapi - ok
11:15:04.0648 3744 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
11:15:04.0842 3744 avgntflt - ok
11:15:04.0948 3744 avipbb (912d23140cd05980f6cdae790ddafc8d) C:\Windows\system32\DRIVERS\avipbb.sys
11:15:05.0032 3744 avipbb - ok
11:15:05.0116 3744 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
11:15:05.0181 3744 avkmgr - ok
11:15:05.0292 3744 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
11:15:05.0435 3744 b06bdrv - ok
11:15:05.0476 3744 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
11:15:05.0573 3744 b57nd60x - ok
11:15:05.0666 3744 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
11:15:05.0794 3744 Beep - ok
11:15:05.0864 3744 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
11:15:05.0988 3744 blbdrive - ok
11:15:06.0058 3744 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
11:15:06.0203 3744 bowser - ok
11:15:06.0241 3744 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:15:06.0403 3744 BrFiltLo - ok
11:15:06.0454 3744 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:15:06.0545 3744 BrFiltUp - ok
11:15:06.0608 3744 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
11:15:06.0759 3744 Brserid - ok
11:15:06.0801 3744 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
11:15:06.0928 3744 BrSerWdm - ok
11:15:06.0964 3744 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:15:07.0069 3744 BrUsbMdm - ok
11:15:07.0096 3744 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
11:15:07.0218 3744 BrUsbSer - ok
11:15:07.0250 3744 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
11:15:07.0367 3744 BTHMODEM - ok
11:15:07.0540 3744 Cam5603D (eb5121a90c1e6859ed0ba2f60b8993bb) C:\Windows\system32\Drivers\BisonCam.sys
11:15:07.0689 3744 Cam5603D - ok
11:15:07.0764 3744 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
11:15:07.0885 3744 cdfs - ok
11:15:07.0965 3744 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
11:15:08.0090 3744 cdrom - ok
11:15:08.0155 3744 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
11:15:08.0264 3744 circlass - ok
11:15:08.0317 3744 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
11:15:08.0361 3744 CLFS - ok
11:15:08.0431 3744 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
11:15:08.0535 3744 CmBatt - ok
11:15:08.0591 3744 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
11:15:08.0663 3744 cmdide - ok
11:15:08.0729 3744 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
11:15:08.0888 3744 CNG - ok
11:15:08.0950 3744 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
11:15:08.0995 3744 Compbatt - ok
11:15:09.0064 3744 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
11:15:09.0178 3744 CompositeBus - ok
11:15:09.0233 3744 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
11:15:09.0277 3744 crcdisk - ok
11:15:09.0381 3744 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
11:15:09.0535 3744 CSC - ok
11:15:09.0630 3744 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
11:15:09.0705 3744 DfsC - ok
11:15:09.0752 3744 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
11:15:09.0801 3744 discache - ok
11:15:09.0836 3744 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
11:15:09.0874 3744 Disk - ok
11:15:09.0944 3744 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
11:15:09.0975 3744 drmkaud - ok
11:15:10.0054 3744 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
11:15:10.0129 3744 DXGKrnl - ok
11:15:10.0274 3744 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
11:15:10.0538 3744 ebdrv - ok
11:15:10.0591 3744 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
11:15:10.0648 3744 elxstor - ok
11:15:10.0693 3744 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
11:15:10.0719 3744 ErrDev - ok
11:15:10.0770 3744 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
11:15:10.0859 3744 exfat - ok
11:15:10.0896 3744 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
11:15:10.0989 3744 fastfat - ok
11:15:11.0028 3744 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
11:15:11.0086 3744 fdc - ok
11:15:11.0126 3744 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
11:15:11.0168 3744 FileInfo - ok
11:15:11.0196 3744 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
11:15:11.0288 3744 Filetrace - ok
11:15:11.0309 3744 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
11:15:11.0369 3744 flpydisk - ok
11:15:11.0405 3744 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
11:15:11.0466 3744 FltMgr - ok
11:15:11.0506 3744 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
11:15:11.0527 3744 FsDepends - ok
11:15:11.0550 3744 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
11:15:11.0587 3744 Fs_Rec - ok
11:15:11.0672 3744 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
11:15:11.0693 3744 fvevol - ok
11:15:11.0735 3744 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:15:11.0780 3744 gagp30kx - ok
11:15:11.0874 3744 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
11:15:11.0951 3744 hcw85cir - ok
11:15:12.0008 3744 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
11:15:12.0114 3744 HdAudAddService - ok
11:15:12.0201 3744 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
11:15:12.0233 3744 HDAudBus - ok
11:15:12.0282 3744 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
11:15:12.0344 3744 HidBatt - ok
11:15:12.0375 3744 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
11:15:12.0440 3744 HidBth - ok
11:15:12.0498 3744 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
11:15:12.0562 3744 HidIr - ok
11:15:12.0639 3744 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
11:15:12.0685 3744 HidUsb - ok
11:15:12.0750 3744 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
11:15:12.0826 3744 HpSAMD - ok
11:15:12.0923 3744 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
11:15:12.0986 3744 HTTP - ok
11:15:13.0058 3744 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
11:15:13.0071 3744 hwpolicy - ok
11:15:13.0132 3744 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
11:15:13.0196 3744 i8042prt - ok
11:15:13.0257 3744 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
11:15:13.0291 3744 iaStorV - ok
11:15:13.0344 3744 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
11:15:13.0385 3744 iirsp - ok
11:15:13.0534 3744 IntcAzAudAddService (0a0e3c041c20c4175e1cc6580138ca38) C:\Windows\system32\drivers\RTKVHDA.sys
11:15:13.0765 3744 IntcAzAudAddService - ok
11:15:13.0806 3744 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
11:15:13.0849 3744 intelide - ok
11:15:13.0900 3744 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
11:15:13.0943 3744 intelppm - ok
11:15:13.0977 3744 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:15:14.0060 3744 IpFilterDriver - ok
11:15:14.0127 3744 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
11:15:14.0151 3744 IPMIDRV - ok
11:15:14.0185 3744 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
11:15:14.0238 3744 IPNAT - ok
11:15:14.0281 3744 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
11:15:14.0333 3744 IRENUM - ok
11:15:14.0390 3744 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
11:15:14.0410 3744 isapnp - ok
11:15:14.0469 3744 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
11:15:14.0516 3744 iScsiPrt - ok
11:15:14.0572 3744 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
11:15:14.0616 3744 kbdclass - ok
11:15:14.0680 3744 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
11:15:14.0746 3744 kbdhid - ok
11:15:14.0803 3744 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
11:15:14.0856 3744 KSecDD - ok
11:15:14.0899 3744 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
11:15:14.0945 3744 KSecPkg - ok
11:15:15.0015 3744 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
11:15:15.0067 3744 lltdio - ok
11:15:15.0120 3744 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:15:15.0162 3744 LSI_FC - ok
11:15:15.0202 3744 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:15:15.0250 3744 LSI_SAS - ok
11:15:15.0265 3744 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:15:15.0300 3744 LSI_SAS2 - ok
11:15:15.0334 3744 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:15:15.0375 3744 LSI_SCSI - ok
11:15:15.0434 3744 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
11:15:15.0552 3744 luafv - ok
11:15:15.0617 3744 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
11:15:15.0636 3744 MBAMProtector - ok
11:15:15.0679 3744 MBAMSwissArmy - ok
11:15:15.0723 3744 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
11:15:15.0762 3744 megasas - ok
11:15:15.0816 3744 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
11:15:15.0865 3744 MegaSR - ok
11:15:15.0907 3744 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
11:15:15.0962 3744 Modem - ok
11:15:15.0998 3744 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
11:15:16.0031 3744 monitor - ok
11:15:16.0084 3744 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
11:15:16.0127 3744 mouclass - ok
11:15:16.0171 3744 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
11:15:16.0203 3744 mouhid - ok
11:15:16.0261 3744 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
11:15:16.0276 3744 mountmgr - ok
11:15:16.0327 3744 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
11:15:16.0372 3744 mpio - ok
11:15:16.0405 3744 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
11:15:16.0496 3744 mpsdrv - ok
11:15:16.0553 3744 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
11:15:16.0667 3744 MRxDAV - ok
11:15:16.0747 3744 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:15:16.0793 3744 mrxsmb - ok
11:15:16.0856 3744 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:15:16.0918 3744 mrxsmb10 - ok
11:15:16.0958 3744 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:15:17.0023 3744 mrxsmb20 - ok
11:15:17.0067 3744 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
11:15:17.0109 3744 msahci - ok
11:15:17.0157 3744 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
11:15:17.0205 3744 msdsm - ok
11:15:17.0269 3744 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
11:15:17.0328 3744 Msfs - ok
11:15:17.0373 3744 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
11:15:17.0426 3744 mshidkmdf - ok
11:15:17.0482 3744 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
11:15:17.0501 3744 msisadrv - ok
11:15:17.0568 3744 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
11:15:17.0650 3744 MSKSSRV - ok
11:15:17.0665 3744 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
11:15:17.0739 3744 MSPCLOCK - ok
11:15:17.0764 3744 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
11:15:17.0842 3744 MSPQM - ok
11:15:17.0869 3744 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
11:15:17.0893 3744 MsRPC - ok
11:15:17.0942 3744 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
11:15:17.0955 3744 mssmbios - ok
11:15:17.0982 3744 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
11:15:18.0037 3744 MSTEE - ok
11:15:18.0070 3744 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
11:15:18.0132 3744 MTConfig - ok
11:15:18.0157 3744 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
11:15:18.0196 3744 Mup - ok
11:15:18.0244 3744 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
11:15:18.0306 3744 NativeWifiP - ok
11:15:18.0374 3744 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
11:15:18.0407 3744 NDIS - ok
11:15:18.0450 3744 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
11:15:18.0533 3744 NdisCap - ok
11:15:18.0560 3744 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
11:15:18.0639 3744 NdisTapi - ok
11:15:18.0700 3744 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
11:15:18.0754 3744 Ndisuio - ok
11:15:18.0804 3744 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
11:15:18.0884 3744 NdisWan - ok
11:15:18.0939 3744 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
11:15:19.0016 3744 NDProxy - ok
11:15:19.0070 3744 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
11:15:19.0188 3744 NetBIOS - ok
11:15:19.0245 3744 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
11:15:19.0297 3744 NetBT - ok
11:15:19.0363 3744 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
11:15:19.0411 3744 nfrd960 - ok
11:15:19.0454 3744 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
11:15:19.0539 3744 Npfs - ok
11:15:19.0571 3744 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
11:15:19.0614 3744 nsiproxy - ok
11:15:19.0702 3744 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
11:15:19.0801 3744 Ntfs - ok
11:15:19.0826 3744 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
11:15:19.0902 3744 Null - ok
11:15:19.0960 3744 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
11:15:20.0027 3744 NVENETFD - ok
11:15:20.0286 3744 nvlddmkm (fe6bebb8fc2a1e50426624025d7c30d6) C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:15:20.0827 3744 nvlddmkm - ok
11:15:20.0966 3744 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
11:15:20.0989 3744 nvraid - ok
11:15:21.0055 3744 nvsmu (9aebc32f9d6e02ebee0369ab296fe7c8) C:\Windows\system32\DRIVERS\nvsmu.sys
11:15:21.0098 3744 nvsmu - ok
11:15:21.0151 3744 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
11:15:21.0197 3744 nvstor - ok
11:15:21.0241 3744 nvstor32 (2bb068c7600c206372d8269be74c67bb) C:\Windows\system32\DRIVERS\nvstor32.sys
11:15:21.0251 3744 nvstor32 - ok
11:15:21.0297 3744 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
11:15:21.0339 3744 nv_agp - ok
11:15:21.0402 3744 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
11:15:21.0444 3744 ohci1394 - ok
11:15:21.0491 3744 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
11:15:21.0555 3744 Parport - ok
11:15:21.0615 3744 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
11:15:21.0638 3744 partmgr - ok
11:15:21.0669 3744 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
11:15:21.0725 3744 Parvdm - ok
11:15:21.0780 3744 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
11:15:21.0833 3744 pci - ok
11:15:21.0870 3744 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
11:15:21.0915 3744 pciide - ok
11:15:21.0954 3744 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
11:15:21.0982 3744 pcmcia - ok
11:15:22.0073 3744 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
11:15:22.0149 3744 pcouffin - ok
11:15:22.0195 3744 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
11:15:22.0233 3744 pcw - ok
11:15:22.0290 3744 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
11:15:22.0408 3744 PEAUTH - ok
11:15:22.0491 3744 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
11:15:22.0549 3744 PptpMiniport - ok
11:15:22.0576 3744 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
11:15:22.0645 3744 Processor - ok
11:15:22.0698 3744 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
11:15:22.0764 3744 Psched - ok
11:15:22.0829 3744 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
11:15:22.0949 3744 ql2300 - ok
11:15:22.0979 3744 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
11:15:23.0020 3744 ql40xx - ok
11:15:23.0063 3744 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
11:15:23.0109 3744 QWAVEdrv - ok
11:15:23.0139 3744 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
11:15:23.0227 3744 RasAcd - ok
11:15:23.0276 3744 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:15:23.0357 3744 RasAgileVpn - ok
11:15:23.0395 3744 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:15:23.0482 3744 Rasl2tp - ok
11:15:23.0536 3744 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
11:15:23.0623 3744 RasPppoe - ok
11:15:23.0654 3744 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
11:15:23.0738 3744 RasSstp - ok
11:15:23.0787 3744 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
11:15:23.0889 3744 rdbss - ok
11:15:23.0904 3744 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
11:15:23.0955 3744 rdpbus - ok
11:15:23.0998 3744 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:15:24.0062 3744 RDPCDD - ok
11:15:24.0115 3744 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
11:15:24.0152 3744 RDPDR - ok
11:15:24.0191 3744 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
11:15:24.0238 3744 RDPENCDD - ok
11:15:24.0263 3744 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
11:15:24.0311 3744 RDPREFMP - ok
11:15:24.0391 3744 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
11:15:24.0469 3744 RdpVideoMiniport - ok
11:15:24.0519 3744 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
11:15:24.0569 3744 RDPWD - ok
11:15:24.0648 3744 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
11:15:24.0740 3744 rdyboost - ok
11:15:24.0878 3744 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
11:15:24.0972 3744 RimUsb - ok
11:15:25.0058 3744 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
11:15:25.0163 3744 RimVSerPort - ok
11:15:25.0221 3744 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\Windows\system32\Drivers\RootMdm.sys
11:15:25.0351 3744 ROOTMODEM - ok
11:15:25.0424 3744 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
11:15:25.0573 3744 rspndr - ok
11:15:25.0615 3744 RTSTOR (6e7f2054faedbe766034aa8a185213ec) C:\Windows\system32\drivers\RTSTOR.SYS
11:15:25.0679 3744 RTSTOR - ok
11:15:25.0740 3744 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
11:15:25.0835 3744 s3cap - ok
11:15:25.0905 3744 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
11:15:25.0983 3744 sbp2port - ok
11:15:26.0051 3744 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
11:15:26.0202 3744 scfilter - ok
11:15:26.0341 3744 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
11:15:26.0453 3744 secdrv - ok
11:15:26.0526 3744 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
11:15:26.0613 3744 Serenum - ok
11:15:26.0659 3744 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
11:15:26.0773 3744 Serial - ok
11:15:26.0836 3744 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
11:15:26.0891 3744 sermouse - ok
11:15:26.0979 3744 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
11:15:27.0086 3744 sffdisk - ok
11:15:27.0123 3744 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
11:15:27.0250 3744 sffp_mmc - ok
11:15:27.0275 3744 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
11:15:27.0398 3744 sffp_sd - ok
11:15:27.0456 3744 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
11:15:27.0553 3744 sfloppy - ok
11:15:27.0652 3744 SIS163u (370ed82428657a2344aba98a76c06250) C:\Windows\system32\DRIVERS\sis163u.sys
11:15:27.0775 3744 SIS163u - ok
11:15:27.0854 3744 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
11:15:27.0939 3744 sisagp - ok
11:15:28.0006 3744 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:15:28.0112 3744 SiSRaid2 - ok
11:15:28.0167 3744 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
11:15:28.0219 3744 SiSRaid4 - ok
11:15:28.0267 3744 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
11:15:28.0397 3744 Smb - ok
11:15:28.0537 3744 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
11:15:28.0608 3744 spldr - ok
11:15:28.0762 3744 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\Windows\system32\Drivers\sptd.sys
11:15:28.0763 3744 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
11:15:28.0769 3744 sptd ( LockedFile.Multi.Generic ) - warning
11:15:28.0770 3744 sptd - detected LockedFile.Multi.Generic (1)
11:15:28.0852 3744 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
11:15:28.0987 3744 srv - ok
11:15:29.0059 3744 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
11:15:29.0220 3744 srv2 - ok
11:15:29.0286 3744 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
11:15:29.0401 3744 SrvHsfHDA - ok
11:15:29.0476 3744 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
11:15:29.0704 3744 SrvHsfV92 - ok
11:15:29.0769 3744 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
11:15:29.0927 3744 SrvHsfWinac - ok
11:15:29.0985 3744 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
11:15:30.0115 3744 srvnet - ok
11:15:30.0246 3744 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
11:15:30.0313 3744 ssmdrv - ok
11:15:30.0375 3744 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
11:15:30.0441 3744 stexstor - ok
11:15:30.0528 3744 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
11:15:30.0595 3744 storflt - ok
11:15:30.0651 3744 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
11:15:30.0701 3744 storvsc - ok
11:15:30.0866 3744 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
11:15:30.0978 3744 swenum - ok
11:15:31.0081 3744 Synth3dVsc - ok
11:15:31.0242 3744 Tcpip (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\drivers\tcpip.sys
11:15:31.0502 3744 Tcpip - ok
11:15:31.0582 3744 TCPIP6 (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\DRIVERS\tcpip.sys
11:15:31.0673 3744 TCPIP6 - ok
11:15:31.0754 3744 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
11:15:31.0886 3744 tcpipreg - ok
11:15:31.0960 3744 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
11:15:32.0081 3744 TDPIPE - ok
11:15:32.0145 3744 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
11:15:32.0251 3744 TDTCP - ok
11:15:32.0324 3744 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
11:15:32.0542 3744 tdx - ok
11:15:32.0677 3744 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
11:15:32.0729 3744 TermDD - ok
11:15:32.0857 3744 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:15:33.0017 3744 tssecsrv - ok
11:15:33.0104 3744 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
11:15:33.0198 3744 TsUsbFlt - ok
11:15:33.0218 3744 tsusbhub - ok
11:15:33.0308 3744 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
11:15:33.0411 3744 tunnel - ok
11:15:33.0461 3744 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
11:15:33.0525 3744 uagp35 - ok
11:15:33.0613 3744 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
11:15:33.0749 3744 udfs - ok
11:15:33.0856 3744 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
11:15:33.0908 3744 uliagpkx - ok
11:15:33.0977 3744 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
11:15:34.0056 3744 umbus - ok
11:15:34.0111 3744 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
11:15:34.0206 3744 UmPass - ok
11:15:34.0288 3744 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
11:15:34.0402 3744 usbccgp - ok
11:15:34.0479 3744 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
11:15:34.0554 3744 usbcir - ok
11:15:34.0589 3744 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
11:15:34.0738 3744 usbehci - ok
11:15:34.0810 3744 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
11:15:34.0978 3744 usbhub - ok
11:15:35.0007 3744 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
11:15:35.0102 3744 usbohci - ok
11:15:35.0184 3744 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
11:15:35.0354 3744 usbprint - ok
11:15:35.0440 3744 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
11:15:35.0579 3744 usbscan - ok
11:15:35.0644 3744 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:15:35.0772 3744 USBSTOR - ok
11:15:35.0838 3744 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
11:15:35.0911 3744 usbuhci - ok
11:15:35.0989 3744 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
11:15:36.0037 3744 vdrvroot - ok
11:15:36.0101 3744 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
11:15:36.0198 3744 vga - ok
11:15:36.0239 3744 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
11:15:36.0341 3744 VgaSave - ok
11:15:36.0381 3744 VGPU - ok
11:15:36.0469 3744 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
11:15:36.0539 3744 vhdmp - ok
11:15:36.0614 3744 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
11:15:36.0670 3744 viaagp - ok
11:15:36.0714 3744 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
11:15:36.0821 3744 ViaC7 - ok
11:15:36.0873 3744 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
11:15:36.0936 3744 viaide - ok
11:15:37.0001 3744 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
11:15:37.0069 3744 vmbus - ok
11:15:37.0120 3744 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
11:15:37.0226 3744 VMBusHID - ok
11:15:37.0264 3744 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
11:15:37.0345 3744 volmgr - ok
11:15:37.0410 3744 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
11:15:37.0468 3744 volmgrx - ok
11:15:37.0564 3744 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
11:15:37.0666 3744 volsnap - ok
11:15:37.0730 3744 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
11:15:37.0809 3744 vsmraid - ok
11:15:37.0854 3744 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
11:15:37.0958 3744 vwifibus - ok
11:15:38.0019 3744 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
11:15:38.0160 3744 WacomPen - ok
11:15:38.0252 3744 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
11:15:38.0462 3744 WANARP - ok
11:15:38.0487 3744 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
11:15:38.0579 3744 Wanarpv6 - ok
11:15:38.0691 3744 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
11:15:38.0814 3744 Wd - ok
11:15:38.0891 3744 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
11:15:39.0117 3744 Wdf01000 - ok
11:15:39.0332 3744 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
11:15:39.0542 3744 WfpLwf - ok
11:15:39.0624 3744 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
11:15:39.0659 3744 WIMMount - ok
11:15:39.0789 3744 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
11:15:39.0862 3744 WmiAcpi - ok
11:15:39.0920 3744 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
11:15:40.0005 3744 ws2ifsl - ok
11:15:40.0072 3744 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
11:15:40.0155 3744 WudfPf - ok
11:15:40.0213 3744 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:15:40.0256 3744 WUDFRd - ok
11:15:40.0324 3744 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
11:15:40.0704 3744 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
11:15:40.0704 3744 \Device\Harddisk0\DR0 - detected TDSS File System (1)
11:15:40.0709 3744 Boot (0x1200) (94ececeb7416306e4008fbb6bcfda31d) \Device\Harddisk0\DR0\Partition0
11:15:40.0710 3744 \Device\Harddisk0\DR0\Partition0 - ok
11:15:40.0747 3744 Boot (0x1200) (a97b6b34d574a115d613f6a6afd04130) \Device\Harddisk0\DR0\Partition1
11:15:40.0748 3744 \Device\Harddisk0\DR0\Partition1 - ok
11:15:40.0748 3744 ============================================================
11:15:40.0748 3744 Scan finished
11:15:40.0748 3744 ============================================================
11:15:40.0768 2448 Detected object count: 2
11:15:40.0768 2448 Actual detected object count: 2
11:15:59.0221 2448 sptd ( LockedFile.Multi.Generic ) - skipped by user
11:15:59.0222 2448 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
11:15:59.0230 2448 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
11:15:59.0231 2448 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

cosinus 30.10.2011 18:09
Zitat:
11:15:59.0230 2448 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
11:15:59.0231 2448 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
TDSS bitte mit dem TDSS-Killer entfernen lassen. Starte Windows danach neu und mach ein neues Log mit dem TDSS-Killer

B4rkeeper 30.10.2011 19:28
19:25:41.0505 3532 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01
19:25:41.0770 3532 ============================================================
19:25:41.0770 3532 Current date / time: 2011/10/30 19:25:41.0770
19:25:41.0770 3532 SystemInfo:
19:25:41.0770 3532
19:25:41.0770 3532 OS Version: 6.1.7601 ServicePack: 1.0
19:25:41.0770 3532 Product type: Workstation
19:25:41.0770 3532 ComputerName: B4RKEEPER-PC
19:25:41.0770 3532 UserName: B4rkeeper
19:25:41.0770 3532 Windows directory: C:\Windows
19:25:41.0770 3532 System windows directory: C:\Windows
19:25:41.0770 3532 Processor architecture: Intel x86
19:25:41.0770 3532 Number of processors: 2
19:25:41.0770 3532 Page size: 0x1000
19:25:41.0770 3532 Boot type: Normal boot
19:25:41.0770 3532 ============================================================
19:25:43.0003 3532 Initialize success
19:25:51.0146 2440 ============================================================
19:25:51.0146 2440 Scan started
19:25:51.0146 2440 Mode: Manual; SigCheck; TDLFS;
19:25:51.0146 2440 ============================================================
19:25:51.0941 2440 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
19:25:52.0238 2440 1394ohci - ok
19:25:52.0643 2440 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
19:25:52.0706 2440 ACPI - ok
19:25:52.0862 2440 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
19:25:52.0971 2440 AcpiPmi - ok
19:25:53.0174 2440 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
19:25:53.0283 2440 adp94xx - ok
19:25:53.0377 2440 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
19:25:53.0439 2440 adpahci - ok
19:25:53.0501 2440 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
19:25:53.0564 2440 adpu320 - ok
19:25:53.0798 2440 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
19:25:53.0954 2440 AFD - ok
19:25:54.0016 2440 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
19:25:54.0079 2440 agp440 - ok
19:25:54.0141 2440 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
19:25:54.0203 2440 aic78xx - ok
19:25:54.0281 2440 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
19:25:54.0375 2440 aliide - ok
19:25:54.0406 2440 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
19:25:54.0500 2440 amdagp - ok
19:25:54.0547 2440 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
19:25:54.0609 2440 amdide - ok
19:25:54.0703 2440 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
19:25:55.0061 2440 AmdK8 - ok
19:25:55.0171 2440 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
19:25:55.0264 2440 AmdPPM - ok
19:25:55.0342 2440 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
19:25:55.0451 2440 amdsata - ok
19:25:55.0498 2440 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
19:25:55.0607 2440 amdsbs - ok
19:25:55.0732 2440 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
19:25:55.0826 2440 amdxata - ok
19:25:56.0200 2440 ApfiltrService (441b46afdea05fd8436f680eb41c4190) C:\Windows\system32\DRIVERS\Apfiltr.sys
19:25:56.0278 2440 ApfiltrService - ok
19:25:57.0277 2440 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
19:25:57.0448 2440 AppID - ok
19:25:58.0135 2440 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
19:25:58.0306 2440 arc - ok
19:25:58.0415 2440 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
19:25:58.0478 2440 arcsas - ok
19:25:58.0525 2440 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
19:25:58.0774 2440 AsyncMac - ok
19:25:58.0915 2440 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
19:25:58.0946 2440 atapi - ok
19:25:59.0086 2440 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
19:25:59.0227 2440 avgntflt - ok
19:26:00.0007 2440 avipbb (912d23140cd05980f6cdae790ddafc8d) C:\Windows\system32\DRIVERS\avipbb.sys
19:26:00.0069 2440 avipbb - ok
19:26:00.0537 2440 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
19:26:00.0584 2440 avkmgr - ok
19:26:02.0391 2440 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
19:26:03.0396 2440 b06bdrv - ok
19:26:04.0327 2440 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
19:26:04.0393 2440 b57nd60x - ok
19:26:04.0810 2440 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
19:26:04.0945 2440 Beep - ok
19:26:05.0157 2440 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
19:26:05.0254 2440 blbdrive - ok
19:26:05.0493 2440 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
19:26:05.0562 2440 bowser - ok
19:26:05.0723 2440 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:26:05.0895 2440 BrFiltLo - ok
19:26:06.0070 2440 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:26:06.0120 2440 BrFiltUp - ok
19:26:06.0331 2440 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
19:26:06.0527 2440 Brserid - ok
19:26:06.0794 2440 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
19:26:06.0870 2440 BrSerWdm - ok
19:26:06.0958 2440 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:26:07.0023 2440 BrUsbMdm - ok
19:26:07.0076 2440 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
19:26:07.0119 2440 BrUsbSer - ok
19:26:07.0154 2440 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
19:26:07.0238 2440 BTHMODEM - ok
19:26:07.0725 2440 Cam5603D (eb5121a90c1e6859ed0ba2f60b8993bb) C:\Windows\system32\Drivers\BisonCam.sys
19:26:07.0796 2440 Cam5603D - ok
19:26:08.0054 2440 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
19:26:08.0114 2440 cdfs - ok
19:26:08.0289 2440 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
19:26:08.0331 2440 cdrom - ok
19:26:08.0419 2440 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
19:26:08.0544 2440 circlass - ok
19:26:08.0685 2440 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
19:26:08.0731 2440 CLFS - ok
19:26:08.0825 2440 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
19:26:08.0856 2440 CmBatt - ok
19:26:08.0919 2440 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
19:26:08.0934 2440 cmdide - ok
19:26:08.0997 2440 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
19:26:09.0059 2440 CNG - ok
19:26:09.0153 2440 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
19:26:09.0168 2440 Compbatt - ok
19:26:09.0246 2440 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
19:26:09.0293 2440 CompositeBus - ok
19:26:09.0340 2440 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
19:26:09.0355 2440 crcdisk - ok
19:26:09.0480 2440 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
19:26:09.0558 2440 CSC - ok
19:26:09.0683 2440 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
19:26:09.0761 2440 DfsC - ok
19:26:09.0792 2440 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
19:26:09.0839 2440 discache - ok
19:26:09.0870 2440 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
19:26:09.0901 2440 Disk - ok
19:26:09.0964 2440 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
19:26:09.0979 2440 drmkaud - ok
19:26:10.0057 2440 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
19:26:10.0104 2440 DXGKrnl - ok
19:26:10.0229 2440 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
19:26:10.0401 2440 ebdrv - ok
19:26:10.0463 2440 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
19:26:10.0494 2440 elxstor - ok
19:26:10.0557 2440 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
19:26:10.0588 2440 ErrDev - ok
19:26:10.0697 2440 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
19:26:10.0759 2440 exfat - ok
19:26:10.0791 2440 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
19:26:10.0837 2440 fastfat - ok
19:26:10.0884 2440 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
19:26:10.0915 2440 fdc - ok
19:26:10.0962 2440 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
19:26:10.0978 2440 FileInfo - ok
19:26:11.0009 2440 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
19:26:11.0071 2440 Filetrace - ok
19:26:11.0118 2440 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
19:26:11.0149 2440 flpydisk - ok
19:26:11.0212 2440 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
19:26:11.0243 2440 FltMgr - ok
19:26:11.0290 2440 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
19:26:11.0305 2440 FsDepends - ok
19:26:11.0352 2440 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
19:26:11.0368 2440 Fs_Rec - ok
19:26:11.0446 2440 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
19:26:11.0477 2440 fvevol - ok
19:26:11.0555 2440 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:26:11.0571 2440 gagp30kx - ok
19:26:11.0758 2440 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
19:26:11.0820 2440 hcw85cir - ok
19:26:11.0883 2440 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
19:26:11.0945 2440 HdAudAddService - ok
19:26:12.0023 2440 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
19:26:12.0070 2440 HDAudBus - ok
19:26:12.0101 2440 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
19:26:12.0132 2440 HidBatt - ok
19:26:12.0163 2440 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
19:26:12.0210 2440 HidBth - ok
19:26:12.0241 2440 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
19:26:12.0288 2440 HidIr - ok
19:26:12.0351 2440 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
19:26:12.0366 2440 HidUsb - ok
19:26:12.0444 2440 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
19:26:12.0475 2440 HpSAMD - ok
19:26:12.0553 2440 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
19:26:12.0694 2440 HTTP - ok
19:26:12.0741 2440 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
19:26:12.0756 2440 hwpolicy - ok
19:26:12.0819 2440 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
19:26:12.0865 2440 i8042prt - ok
19:26:12.0912 2440 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
19:26:12.0959 2440 iaStorV - ok
19:26:13.0021 2440 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
19:26:13.0037 2440 iirsp - ok
19:26:13.0224 2440 IntcAzAudAddService (0a0e3c041c20c4175e1cc6580138ca38) C:\Windows\system32\drivers\RTKVHDA.sys
19:26:13.0318 2440 IntcAzAudAddService - ok
19:26:13.0365 2440 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
19:26:13.0380 2440 intelide - ok
19:26:13.0411 2440 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
19:26:13.0443 2440 intelppm - ok
19:26:13.0474 2440 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:26:13.0536 2440 IpFilterDriver - ok
19:26:13.0599 2440 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
19:26:13.0661 2440 IPMIDRV - ok
19:26:13.0708 2440 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
19:26:13.0770 2440 IPNAT - ok
19:26:13.0817 2440 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
19:26:13.0864 2440 IRENUM - ok
19:26:13.0926 2440 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
19:26:13.0942 2440 isapnp - ok
19:26:14.0004 2440 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
19:26:14.0035 2440 iScsiPrt - ok
19:26:14.0082 2440 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
19:26:14.0098 2440 kbdclass - ok
19:26:14.0160 2440 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
19:26:14.0191 2440 kbdhid - ok
19:26:14.0254 2440 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
19:26:14.0269 2440 KSecDD - ok
19:26:14.0301 2440 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
19:26:14.0332 2440 KSecPkg - ok
19:26:14.0394 2440 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
19:26:14.0457 2440 lltdio - ok
19:26:14.0503 2440 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:26:14.0535 2440 LSI_FC - ok
19:26:14.0550 2440 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:26:14.0581 2440 LSI_SAS - ok
19:26:14.0628 2440 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:26:14.0659 2440 LSI_SAS2 - ok
19:26:14.0691 2440 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:26:14.0722 2440 LSI_SCSI - ok
19:26:14.0769 2440 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
19:26:14.0831 2440 luafv - ok
19:26:14.0893 2440 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
19:26:14.0909 2440 MBAMProtector - ok
19:26:14.0956 2440 MBAMSwissArmy - ok
19:26:15.0034 2440 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
19:26:15.0049 2440 megasas - ok
19:26:15.0096 2440 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
19:26:15.0143 2440 MegaSR - ok
19:26:15.0205 2440 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
19:26:15.0252 2440 Modem - ok
19:26:15.0299 2440 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
19:26:15.0330 2440 monitor - ok
19:26:15.0377 2440 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
19:26:15.0408 2440 mouclass - ok
19:26:15.0439 2440 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
19:26:15.0471 2440 mouhid - ok
19:26:15.0517 2440 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
19:26:15.0549 2440 mountmgr - ok
19:26:15.0642 2440 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
19:26:15.0658 2440 mpio - ok
19:26:15.0705 2440 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
19:26:15.0767 2440 mpsdrv - ok
19:26:15.0814 2440 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
19:26:15.0892 2440 MRxDAV - ok
19:26:15.0970 2440 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:26:16.0017 2440 mrxsmb - ok
19:26:16.0079 2440 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:26:16.0141 2440 mrxsmb10 - ok
19:26:16.0173 2440 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:26:16.0204 2440 mrxsmb20 - ok
19:26:16.0266 2440 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
19:26:16.0282 2440 msahci - ok
19:26:16.0344 2440 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
19:26:16.0375 2440 msdsm - ok
19:26:16.0438 2440 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
19:26:16.0469 2440 Msfs - ok
19:26:16.0500 2440 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
19:26:16.0547 2440 mshidkmdf - ok
19:26:16.0594 2440 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
19:26:16.0641 2440 msisadrv - ok
19:26:16.0703 2440 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
19:26:16.0765 2440 MSKSSRV - ok
19:26:16.0765 2440 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
19:26:16.0812 2440 MSPCLOCK - ok
19:26:16.0843 2440 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
19:26:16.0890 2440 MSPQM - ok
19:26:16.0906 2440 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
19:26:16.0937 2440 MsRPC - ok
19:26:16.0968 2440 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
19:26:16.0984 2440 mssmbios - ok
19:26:17.0015 2440 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
19:26:17.0062 2440 MSTEE - ok
19:26:17.0093 2440 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
19:26:17.0109 2440 MTConfig - ok
19:26:17.0140 2440 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
19:26:17.0171 2440 Mup - ok
19:26:17.0218 2440 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
19:26:17.0249 2440 NativeWifiP - ok
19:26:17.0343 2440 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
19:26:17.0421 2440 NDIS - ok
19:26:17.0452 2440 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
19:26:17.0499 2440 NdisCap - ok
19:26:17.0530 2440 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
19:26:17.0577 2440 NdisTapi - ok
19:26:17.0686 2440 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
19:26:17.0748 2440 Ndisuio - ok
19:26:17.0795 2440 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
19:26:17.0842 2440 NdisWan - ok
19:26:17.0904 2440 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
19:26:17.0951 2440 NDProxy - ok
19:26:18.0013 2440 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
19:26:18.0107 2440 NetBIOS - ok
19:26:18.0169 2440 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
19:26:18.0232 2440 NetBT - ok
19:26:18.0294 2440 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
19:26:18.0310 2440 nfrd960 - ok
19:26:18.0357 2440 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
19:26:18.0403 2440 Npfs - ok
19:26:18.0435 2440 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
19:26:18.0481 2440 nsiproxy - ok
19:26:18.0591 2440 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
19:26:18.0762 2440 Ntfs - ok
19:26:18.0778 2440 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
19:26:18.0840 2440 Null - ok
19:26:18.0903 2440 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
19:26:18.0965 2440 NVENETFD - ok
19:26:19.0293 2440 nvlddmkm (fe6bebb8fc2a1e50426624025d7c30d6) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:26:19.0963 2440 nvlddmkm - ok
19:26:20.0104 2440 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
19:26:20.0151 2440 nvraid - ok
19:26:20.0213 2440 nvsmu (9aebc32f9d6e02ebee0369ab296fe7c8) C:\Windows\system32\DRIVERS\nvsmu.sys
19:26:20.0291 2440 nvsmu - ok
19:26:20.0353 2440 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
19:26:20.0400 2440 nvstor - ok
19:26:20.0447 2440 nvstor32 (2bb068c7600c206372d8269be74c67bb) C:\Windows\system32\DRIVERS\nvstor32.sys
19:26:20.0478 2440 nvstor32 - ok
19:26:20.0525 2440 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
19:26:20.0572 2440 nv_agp - ok
19:26:20.0650 2440 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
19:26:20.0712 2440 ohci1394 - ok
19:26:20.0806 2440 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
19:26:20.0868 2440 Parport - ok
19:26:20.0931 2440 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
19:26:20.0977 2440 partmgr - ok
19:26:21.0024 2440 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
19:26:21.0102 2440 Parvdm - ok
19:26:21.0180 2440 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
19:26:21.0243 2440 pci - ok
19:26:21.0274 2440 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
19:26:21.0321 2440 pciide - ok
19:26:21.0367 2440 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
19:26:21.0430 2440 pcmcia - ok
19:26:21.0508 2440 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
19:26:21.0601 2440 pcouffin - ok
19:26:21.0664 2440 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
19:26:21.0711 2440 pcw - ok
19:26:21.0773 2440 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
19:26:21.0960 2440 PEAUTH - ok
19:26:22.0147 2440 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
19:26:22.0257 2440 PptpMiniport - ok
19:26:22.0288 2440 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
19:26:22.0366 2440 Processor - ok
19:26:22.0444 2440 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
19:26:22.0569 2440 Psched - ok
19:26:22.0725 2440 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
19:26:22.0912 2440 ql2300 - ok
19:26:22.0943 2440 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
19:26:23.0005 2440 ql40xx - ok
19:26:23.0052 2440 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
19:26:23.0099 2440 QWAVEdrv - ok
19:26:23.0130 2440 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
19:26:23.0239 2440 RasAcd - ok
19:26:23.0302 2440 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:26:23.0395 2440 RasAgileVpn - ok
19:26:23.0442 2440 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:26:23.0567 2440 Rasl2tp - ok
19:26:23.0676 2440 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
19:26:23.0801 2440 RasPppoe - ok
19:26:23.0832 2440 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
19:26:23.0941 2440 RasSstp - ok
19:26:24.0035 2440 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
19:26:24.0144 2440 rdbss - ok
19:26:24.0175 2440 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
19:26:24.0222 2440 rdpbus - ok
19:26:24.0285 2440 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:26:24.0409 2440 RDPCDD - ok
19:26:24.0472 2440 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
19:26:24.0565 2440 RDPDR - ok
19:26:24.0597 2440 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
19:26:24.0737 2440 RDPENCDD - ok
19:26:24.0784 2440 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
19:26:24.0877 2440 RDPREFMP - ok
19:26:24.0955 2440 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
19:26:25.0049 2440 RdpVideoMiniport - ok
19:26:25.0143 2440 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
19:26:25.0236 2440 RDPWD - ok
19:26:25.0314 2440 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
19:26:25.0377 2440 rdyboost - ok
19:26:25.0501 2440 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
19:26:25.0564 2440 RimUsb - ok
19:26:25.0704 2440 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
19:26:25.0767 2440 RimVSerPort - ok
19:26:25.0829 2440 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\Windows\system32\Drivers\RootMdm.sys
19:26:25.0938 2440 ROOTMODEM - ok
19:26:26.0016 2440 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
19:26:26.0125 2440 rspndr - ok
19:26:26.0188 2440 RTSTOR (6e7f2054faedbe766034aa8a185213ec) C:\Windows\system32\drivers\RTSTOR.SYS
19:26:26.0235 2440 RTSTOR - ok
19:26:26.0297 2440 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
19:26:26.0375 2440 s3cap - ok
19:26:26.0453 2440 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
19:26:26.0515 2440 sbp2port - ok
19:26:26.0578 2440 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
19:26:26.0718 2440 scfilter - ok
19:26:26.0827 2440 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:26:26.0937 2440 secdrv - ok
19:26:27.0015 2440 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
19:26:27.0061 2440 Serenum - ok
19:26:27.0093 2440 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
19:26:27.0171 2440 Serial - ok
19:26:27.0217 2440 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
19:26:27.0280 2440 sermouse - ok
19:26:27.0358 2440 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
19:26:27.0420 2440 sffdisk - ok
19:26:27.0467 2440 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
19:26:27.0529 2440 sffp_mmc - ok
19:26:27.0545 2440 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
19:26:27.0623 2440 sffp_sd - ok
19:26:27.0701 2440 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
19:26:27.0763 2440 sfloppy - ok
19:26:27.0857 2440 SIS163u (370ed82428657a2344aba98a76c06250) C:\Windows\system32\DRIVERS\sis163u.sys
19:26:27.0951 2440 SIS163u - ok
19:26:27.0997 2440 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
19:26:28.0060 2440 sisagp - ok
19:26:28.0153 2440 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:26:28.0200 2440 SiSRaid2 - ok
19:26:28.0247 2440 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
19:26:28.0309 2440 SiSRaid4 - ok
19:26:28.0372 2440 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
19:26:28.0481 2440 Smb - ok
19:26:28.0590 2440 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
19:26:28.0668 2440 spldr - ok
19:26:28.0809 2440 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
19:26:28.0933 2440 srv - ok
19:26:29.0011 2440 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
19:26:29.0121 2440 srv2 - ok
19:26:29.0183 2440 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
19:26:29.0261 2440 SrvHsfHDA - ok
19:26:29.0339 2440 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
19:26:29.0495 2440 SrvHsfV92 - ok
19:26:29.0557 2440 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
19:26:29.0698 2440 SrvHsfWinac - ok
19:26:29.0760 2440 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
19:26:29.0823 2440 srvnet - ok
19:26:29.0916 2440 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
19:26:29.0963 2440 ssmdrv - ok
19:26:30.0025 2440 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
19:26:30.0072 2440 stexstor - ok
19:26:30.0150 2440 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
19:26:30.0213 2440 storflt - ok
19:26:30.0244 2440 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
19:26:30.0291 2440 storvsc - ok
19:26:30.0353 2440 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
19:26:30.0384 2440 swenum - ok
19:26:30.0447 2440 Synth3dVsc - ok
19:26:30.0696 2440 Tcpip (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\drivers\tcpip.sys
19:26:30.0868 2440 Tcpip - ok
19:26:30.0946 2440 TCPIP6 (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\DRIVERS\tcpip.sys
19:26:31.0039 2440 TCPIP6 - ok
19:26:31.0117 2440 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
19:26:31.0227 2440 tcpipreg - ok
19:26:31.0305 2440 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
19:26:31.0398 2440 TDPIPE - ok
19:26:31.0429 2440 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
19:26:31.0539 2440 TDTCP - ok
19:26:31.0632 2440 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
19:26:31.0741 2440 tdx - ok
19:26:31.0835 2440 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
19:26:31.0882 2440 TermDD - ok
19:26:32.0007 2440 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:26:32.0100 2440 tssecsrv - ok
19:26:32.0194 2440 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
19:26:32.0287 2440 TsUsbFlt - ok
19:26:32.0303 2440 tsusbhub - ok
19:26:32.0397 2440 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
19:26:32.0506 2440 tunnel - ok
19:26:32.0553 2440 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
19:26:32.0599 2440 uagp35 - ok
19:26:32.0693 2440 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
19:26:32.0818 2440 udfs - ok
19:26:32.0927 2440 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
19:26:32.0974 2440 uliagpkx - ok
19:26:33.0067 2440 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
19:26:33.0114 2440 umbus - ok
19:26:33.0161 2440 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
19:26:33.0223 2440 UmPass - ok
19:26:33.0286 2440 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
19:26:33.0379 2440 usbccgp - ok
19:26:33.0426 2440 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
19:26:33.0504 2440 usbcir - ok
19:26:33.0551 2440 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
19:26:33.0629 2440 usbehci - ok
19:26:33.0707 2440 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
19:26:33.0785 2440 usbhub - ok
19:26:33.0832 2440 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
19:26:33.0879 2440 usbohci - ok
19:26:33.0925 2440 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
19:26:33.0972 2440 usbprint - ok
19:26:34.0019 2440 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
19:26:34.0066 2440 usbscan - ok
19:26:34.0113 2440 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:26:34.0175 2440 USBSTOR - ok
19:26:34.0222 2440 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
19:26:34.0269 2440 usbuhci - ok
19:26:34.0300 2440 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
19:26:34.0331 2440 vdrvroot - ok
19:26:34.0378 2440 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
19:26:34.0409 2440 vga - ok
19:26:34.0440 2440 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
19:26:34.0471 2440 VgaSave - ok
19:26:34.0518 2440 VGPU - ok
19:26:34.0581 2440 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
19:26:34.0596 2440 vhdmp - ok
19:26:34.0721 2440 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
19:26:34.0737 2440 viaagp - ok
19:26:34.0768 2440 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
19:26:34.0815 2440 ViaC7 - ok
19:26:34.0846 2440 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
19:26:34.0861 2440 viaide - ok
19:26:34.0924 2440 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
19:26:34.0955 2440 vmbus - ok
19:26:35.0002 2440 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
19:26:35.0033 2440 VMBusHID - ok
19:26:35.0064 2440 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
19:26:35.0080 2440 volmgr - ok
19:26:35.0111 2440 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
19:26:35.0142 2440 volmgrx - ok
19:26:35.0205 2440 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
19:26:35.0236 2440 volsnap - ok
19:26:35.0283 2440 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
19:26:35.0298 2440 vsmraid - ok
19:26:35.0329 2440 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
19:26:35.0361 2440 vwifibus - ok
19:26:35.0392 2440 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
19:26:35.0423 2440 WacomPen - ok
19:26:35.0485 2440 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
19:26:35.0532 2440 WANARP - ok
19:26:35.0548 2440 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
19:26:35.0579 2440 Wanarpv6 - ok
19:26:35.0657 2440 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
19:26:35.0688 2440 Wd - ok
19:26:35.0735 2440 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
19:26:35.0766 2440 Wdf01000 - ok
19:26:35.0844 2440 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
19:26:35.0891 2440 WfpLwf - ok
19:26:35.0907 2440 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
19:26:35.0922 2440 WIMMount - ok
19:26:36.0016 2440 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
19:26:36.0047 2440 WmiAcpi - ok
19:26:36.0109 2440 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
19:26:36.0156 2440 ws2ifsl - ok
19:26:36.0234 2440 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
19:26:36.0297 2440 WudfPf - ok
19:26:36.0359 2440 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:26:36.0406 2440 WUDFRd - ok
19:26:36.0468 2440 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
19:26:36.0905 2440 \Device\Harddisk0\DR0 - ok
19:26:36.0921 2440 Boot (0x1200) (94ececeb7416306e4008fbb6bcfda31d) \Device\Harddisk0\DR0\Partition0
19:26:36.0921 2440 \Device\Harddisk0\DR0\Partition0 - ok
19:26:36.0952 2440 Boot (0x1200) (a97b6b34d574a115d613f6a6afd04130) \Device\Harddisk0\DR0\Partition1
19:26:36.0952 2440 \Device\Harddisk0\DR0\Partition1 - ok
19:26:36.0952 2440 ============================================================
19:26:36.0952 2440 Scan finished
19:26:36.0952 2440 ============================================================
19:26:36.0983 3864 Detected object count: 0
19:26:36.0983 3864 Actual detected object count: 0





Ist nun alles wieder ok?

Danke!

cosinus 30.10.2011 19:39
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

B4rkeeper 30.10.2011 22:29
Combofix Logfile:
Code:
ComboFix 11-10-30.03 - B4rkeeper 30.10.2011  20:20:49.1.2 - x86
Microsoft Windows 7 Ultimate  6.1.7601.1.1252.49.1031.18.2047.1439 [GMT 1:00]
ausgeführt von:: c:\users\B4rkeeper\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files\facemoods.com
c:\program files\facemoods.com\facemoods\1.4.17.7\facemoods.crx
c:\program files\facemoods.com\facemoods\1.4.17.7\facemoods.png
c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodsApp.dll
c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodsEng.dll
c:\program files\facemoods.com\facemoods\1.4.17.7\uninstall.exe
c:\users\B4rkeeper\AppData\Roaming\inst.exe
c:\users\B4rkeeper\AppData\Roaming\vso_ts_preview.xml
c:\windows\system\BisonCam.dll
c:\windows\WindowsUpdate.log
.
Infizierte Kopie von c:\windows\system32\drivers\ntfs.sys wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.20921_none_a70e0489972fb38f\ntfs.sys wurde wiederhergestellt
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-09-28 bis 2011-10-30  ))))))))))))))))))))))))))))))
.
.
2011-10-30 19:32 . 2011-10-30 19:34        --------        d-----w-        c:\users\B4rkeeper\AppData\Local\temp
2011-10-30 19:32 . 2011-10-30 19:32        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-10-30 19:15 . 2011-10-30 19:15        --------        dc----w-        c:\users\B4rkeeper\AppData\Local\MigWiz
2011-10-28 22:56 . 2011-10-28 22:56        --------        d-----w-        C:\_OTL
2011-10-27 17:24 . 2011-10-27 17:24        --------        d-----w-        c:\program files\ESET
2011-10-20 16:03 . 2011-10-20 16:03        --------        d-----w-        c:\program files\Common Files\Java
2011-10-16 12:27 . 2011-08-31 15:00        22216        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-10-16 12:27 . 2011-10-16 12:31        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2011-10-15 17:47 . 2011-10-28 22:56        --------        d-----w-        c:\program files\vShare.tv plugin
2011-10-13 20:32 . 2011-08-17 04:24        465408        ----a-w-        c:\windows\system32\psisdecd.dll
2011-10-13 20:32 . 2011-08-17 04:19        75776        ----a-w-        c:\windows\system32\psisrndr.ax
2011-10-13 20:32 . 2011-08-27 04:26        233472        ----a-w-        c:\windows\system32\oleacc.dll
2011-10-13 20:32 . 2011-08-27 04:26        571904        ----a-w-        c:\windows\system32\oleaut32.dll
2011-10-13 20:32 . 2011-09-06 02:28        2334720        ----a-w-        c:\windows\system32\win32k.sys
2011-10-03 09:14 . 2011-10-03 09:14        83456        ----a-w-        c:\program files\Mozilla Firefox\plugins\npvsharetvplg.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-03 03:06 . 2010-05-23 08:21        472808        ----a-w-        c:\windows\system32\deployJava1.dll
2011-10-02 09:18 . 2011-05-13 13:37        404640        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-01 10:17 . 2011-06-19 13:20        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\B4rkeeper\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\B4rkeeper\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\B4rkeeper\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-07-19 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-19 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-19 81920]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-05-25 159744]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-10-28 7862816]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"BisonAPP"="c:\windows\BisonCam\BisonAPP.exe" [2007-05-17 49152]
"LXCTCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-11-21 106496]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"Ocs_SM"="c:\users\B4rkeeper\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2011-08-29 106496]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\users\B4rkeeper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\B4rkeeper\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
Trusted        2eab
.
[HKLM\~\startupfolder\C:^Users^B4rkeeper^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\B4rkeeper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dradio-RecorderTimer]
2010-11-23 17:26        39936        ----a-w-        c:\program files\dradio-Recorder\phonostarTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2006-11-22 08:11        82864        ----a-w-        c:\program files\Lexmark 5400 Series\ezprint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2010-11-16 19:37        133432        ----a-w-        c:\program files\ICQ7.2\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 5400 Series Fax Server]
2006-11-22 08:12        304048        ----a-w-        c:\program files\Lexmark 5400 Series\fm3032.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxctmon.exe]
2006-11-22 08:11        291760        ----a-w-        c:\program files\Lexmark 5400 Series\lxctmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-07-11 21:47        74752        ----a-w-        c:\program files\Winamp\winampa.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-04 136176]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-04 136176]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 SearchAnonymizer;SearchAnonymizer;c:\users\B4rkeeper\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [2011-08-29 40960]
S2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [2009-10-07 185640]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2009-12-04 47360]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\DRIVERS\sis163u.sys [2007-05-07 218624]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
.
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\B4rkeeper\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\B4rkeeper\AppData\Roaming\Mozilla\Firefox\Profiles\y62ol1ts.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=https%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=llya694le36z&ss=1&scc=1&ltmpl=googlemail&hl=de&from=logout
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
SafeBoot-47102691.sys
AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.7\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(2960)
c:\users\B4rkeeper\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\rundll32.exe
c:\windows\system32\lxctcoms.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-10-30  20:40:26 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-10-30 19:40
.
Vor Suchlauf: 12 Verzeichnis(se), 70.389.796.864 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 70.293.102.592 Bytes frei
.
- - End Of File - - B8D9F0493D7F66BD3E954A850470084A
--- --- ---

cosinus 30.10.2011 23:48
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

B4rkeeper 31.10.2011 15:00
Anbei die 3 Logs:

GMER Logfile:
Code:
GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-10-31 11:31:37
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\00000068 WDC_WD16 rev.04.0
Running: 70x1dpt7.exe; Driver: C:\Users\B4RKEE~1\AppData\Local\Temp\uwlyiuow.sys


---- System - GMER 1.0.15 ----

SSDT            8E708C2E                                                                                                ZwCreateSection
SSDT            8E708C38                                                                                                ZwRequestWaitReplyPort
SSDT            8E708C33                                                                                                ZwSetContextThread
SSDT            8E708C3D                                                                                                ZwSetSecurityObject
SSDT            8E708C42                                                                                                ZwSystemDebugControl
SSDT            8E708BCF                                                                                                ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!ZwSaveKey + 13D1                                                                            82C83349 1 Byte  [06]
.text          ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                  82CBCD52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text          ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                                      82CC3EAC 4 Bytes  [2E, 8C, 70, 8E]
.text          ntkrnlpa.exe!KeRemoveQueueEx + 1553                                                                      82CC4208 4 Bytes  [38, 8C, 70, 8E]
.text          ntkrnlpa.exe!KeRemoveQueueEx + 1597                                                                      82CC424C 4 Bytes  [33, 8C, 70, 8E]
.text          ntkrnlpa.exe!KeRemoveQueueEx + 1613                                                                      82CC42C8 4 Bytes  [3D, 8C, 70, 8E]
.text          ntkrnlpa.exe!KeRemoveQueueEx + 1667                                                                      82CC431C 4 Bytes  [42, 8C, 70, 8E]
.text          ...                                                                                                     
.text          C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                                section is writeable [0x9383A380, 0x3559E2, 0xE8000020]

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\Windows\system32\rundll32.exe[1444] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]    [74E7FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\system32\rundll32.exe[1444] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]    [74E7FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\system32\rundll32.exe[1444] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]  [74E7FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\system32\rundll32.exe[1444] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]  [74E7FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\System32\rundll32.exe[2320] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]    [74E7FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\System32\rundll32.exe[2320] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]    [74E7FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\System32\rundll32.exe[2320] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]  [74E7FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\System32\rundll32.exe[2320] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]  [74E7FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\System32\rundll32.exe[2336] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]    [74E7FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\System32\rundll32.exe[2336] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]    [74E7FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\System32\rundll32.exe[2336] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]  [74E7FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\System32\rundll32.exe[2336] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]  [74E7FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                  rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                  rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                  rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004e                                                                        halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread          System [4:3248]                                                                                          A7C2BF2E

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Events\lvvm_RASAPI32@EnableFileTracing              0
Reg            HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Events\lvvm_RASAPI32@EnableConsoleTracing          0
Reg            HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Events\lvvm_RASAPI32@FileTracingMask                -65536
Reg            HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Events\lvvm_RASAPI32@ConsoleTracingMask            -65536
Reg            HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Events\lvvm_RASAPI32@MaxFileSize                    1048576
Reg            HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Events\lvvm_RASAPI32@FileDirectory                  %windir%\tracing

---- EOF - GMER 1.0.15 ----
--- --- ---

OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
Online Solutions. Complex Protection for Information Systems
Saved at 11:38:09 on 31.10.2011

OS: Windows 7 Ultimate Edition Service Pack 1 (Build 7601), 32-bit
Default Browser: Google Inc. Google Chrome 15.0.874.106

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%SystemRoot%\system32\drivers\tsusbhub.sys,-1" (tsusbhub) - ? - C:\Windows\System32\drivers\tsusbhub.sys  (File not found)
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\Users\B4RKEE~1\AppData\Local\Temp\catchme.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"MBAMSwissArmy" (MBAMSwissArmy) - ? - C:\Windows\system32\drivers\mbamswissarmy.sys  (File not found)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"Synth3dVsc" (Synth3dVsc) - ? - C:\Windows\System32\drivers\synth3dvsc.sys  (File not found)
"uwlyiuow" (uwlyiuow) - ? - C:\Users\B4RKEE~1\AppData\Local\Temp\uwlyiuow.sys  (Hidden registry entry, rootkit activity | File not found)
"VGPU" (VGPU) - ? - C:\Windows\System32\drivers\rdvgkmd.sys  (File not found)

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - ? - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll
{83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - ? - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL  (File not found)
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - ? - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL  (File not found)
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - ? - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL  (File not found)
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - ? - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL  (File not found)
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - ? - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL  (File not found)
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - ? - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL  (File not found)
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - ? -  (File not found | COM-object registry key not found)
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - ? - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL  (File not found)
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - ? - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL  (File not found)
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - ? - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL  (File not found)
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - ? - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL  (File not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{BD88A479-9623-4897-8546-BC62B9628F44} "SPTHandler" - ? -  (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{F9043C85-F6F2-101A-A3C9-08002B2F49FB} "Microsoft Common Dialog Control, version 5.0 (SP2)" - "Microsoft Corporation" - C:\Windows\system32\comdlg32.OCX / ms-its:C:\Program Files\The Tournament Director 2\TD.lib::/comdlg32.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -  (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
"ICQ7.6" - "ICQ, LLC." - C:\Program Files\ICQ7.6\ICQ.exe
"PokerStars.net" - "PokerStars" - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{593DDEC6-7468-4cdd-90E1-42DADAA222E9} "DivX HiQ" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
{326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\B4rkeeper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Dropbox.lnk" - "Dropbox, Inc." - C:\Users\B4rkeeper\AppData\Roaming\Dropbox\bin\Dropbox.exe  (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"BisonAPP" - "Bison Inc." - C:\Windows\BisonCam\BisonAPP.exe
"DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"Ocs_SM" - "OCS" - C:\Users\B4rkeeper\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Fax Lexmark 5400 Series Port" - ? - C:\Windows\system32\lxctpmon.dll
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"SearchAnonymizer" (SearchAnonymizer) - ? - C:\Users\B4rkeeper\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
"TeamViewer 4" (TeamViewer4) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe

[Winlogon]
-----( HKCU\Control Panel\Desktop )-----
"SCRNSAVE.EXE" - ? - C:\Tom\DOWNLO~1\IMG056~1.SCR  (File not found)

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---
If You have questions or want to get some help, You can visit Online Solutions :: Index




aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-31 11:40:23
-----------------------------
11:40:23.531 OS Version: Windows 6.1.7601 Service Pack 1
11:40:23.531 Number of processors: 2 586 0x6801
11:40:23.531 ComputerName: B4RKEEPER-PC UserName: B4rkeeper
11:40:24.467 Initialize success
11:41:54.922 AVAST engine defs: 11103100
11:42:41.597 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000068
11:42:41.613 Disk 0 Vendor: WDC_WD16 04.0 Size: 152627MB BusType: 6
11:42:43.797 Disk 0 MBR read successfully
11:42:43.812 Disk 0 MBR scan
11:42:43.828 Disk 0 Windows XP default MBR code
11:42:44.233 Disk 0 scanning sectors +312578048
11:42:45.154 Disk 0 scanning C:\Windows\system32\drivers
11:44:05.649 Service scanning
11:44:07.573 Modules scanning
11:47:01.467 Disk 0 trace - called modules:
11:47:01.482 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor32.sys VSTCNXT3.SYS
11:47:01.483 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85b65030]
11:47:01.483 3 CLASSPNP.SYS[8925659e] -> nt!IofCallDriver -> [0x84cab378]
11:47:01.485 5 ACPI.sys[88a2d3d4] -> nt!IofCallDriver -> \Device\00000068[0x85586030]
11:47:02.143 AVAST engine scan C:\Windows
11:48:17.396 AVAST engine scan C:\Windows\system32
11:59:54.722 AVAST engine scan C:\Windows\system32\drivers
12:02:31.692 AVAST engine scan C:\Users\B4rkeeper
13:00:51.152 AVAST engine scan C:\ProgramData
13:17:08.414 Scan finished successfully
14:56:47.270 Disk 0 MBR has been saved successfully to "C:\Users\B4rkeeper\Desktop\MBR.dat"
14:56:47.286 The log file has been saved successfully to "C:\Users\B4rkeeper\Desktop\aswMBR.txt"

cosinus 31.10.2011 15:34
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


B4rkeeper 02.11.2011 22:46
Abschließend nun die 3 Logs:


Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 8050

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

01.11.2011 19:44:34
mbam-log-2011-11-01 (19-44-34).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 336246
Laufzeit: 2 Stunde(n), 21 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)



SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 11/02/2011 at 06:23 PM

Application Version : 5.0.1134

Core Rules Database Version : 7885
Trace Rules Database Version: 5697

Scan type : Complete Scan
Total Scan Time : 02:22:59

Operating System Information
Windows 7 Ultimate 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 609
Memory threats detected : 0
Registry items scanned : 38264
Registry threats detected : 0
File items scanned : 160652
File threats detected : 535

Adware.Tracking Cookie
C:\Users\B4rkeeper\AppData\Roaming\Microsoft\Windows\Cookies\NDQPI89Q.txt [ /zedo.com ]
C:\Users\B4rkeeper\AppData\Roaming\Microsoft\Windows\Cookies\LQ1OHJ7P.txt [ /pro-market.net ]
C:\Users\B4rkeeper\AppData\Roaming\Microsoft\Windows\Cookies\CTI5W8K9.txt [ /adbrite.com ]
C:\Users\B4rkeeper\AppData\Roaming\Microsoft\Windows\Cookies\GAQSC1GE.txt [ /adserver.adtechus.com ]
C:\Users\B4rkeeper\AppData\Roaming\Microsoft\Windows\Cookies\8GPG574U.txt [ /ad3.adfarm1.adition.com ]
C:\Users\B4rkeeper\AppData\Roaming\Microsoft\Windows\Cookies\TG6E2LIQ.txt [ /anrtx.tacoda.net ]
C:\Users\B4rkeeper\AppData\Roaming\Microsoft\Windows\Cookies\63QUV2DN.txt [ /doubleclick.net ]
C:\Users\B4rkeeper\AppData\Roaming\Microsoft\Windows\Cookies\RDA0Y0RC.txt [ /adfarm1.adition.com ]
C:\Users\B4rkeeper\AppData\Roaming\Microsoft\Windows\Cookies\8OOZF92Y.txt [ /atdmt.com ]
C:\USERS\B4RKEEPER\AppData\Roaming\Microsoft\Windows\Cookies\Low\EINN2B1T.txt [ Cookie:b4rkeeper@clickbank.net/ ]
C:\USERS\B4RKEEPER\AppData\Roaming\Microsoft\Windows\Cookies\Low\O09NIW1X.txt [ Cookie:b4rkeeper@www.etracker.de/ ]
C:\USERS\B4RKEEPER\AppData\Roaming\Microsoft\Windows\Cookies\Low\J0G3NJ2Y.txt [ Cookie:b4rkeeper@adserver.adtechus.com/ ]
C:\USERS\B4RKEEPER\AppData\Roaming\Microsoft\Windows\Cookies\Low\R0VC135R.txt [ Cookie:b4rkeeper@ad.yieldmanager.com/ ]
C:\USERS\B4RKEEPER\AppData\Roaming\Microsoft\Windows\Cookies\Low\38WBHAEU.txt [ Cookie:b4rkeeper@doubleclick.net/ ]
C:\USERS\B4RKEEPER\AppData\Roaming\Microsoft\Windows\Cookies\Low\GHEEFWMI.txt [ Cookie:b4rkeeper@apmebf.com/ ]
C:\USERS\B4RKEEPER\Cookies\NDQPI89Q.txt [ Cookie:b4rkeeper@zedo.com/ ]
C:\USERS\B4RKEEPER\Cookies\LQ1OHJ7P.txt [ Cookie:b4rkeeper@pro-market.net/ ]
C:\USERS\B4RKEEPER\Cookies\CTI5W8K9.txt [ Cookie:b4rkeeper@adbrite.com/ ]
C:\USERS\B4RKEEPER\Cookies\GAQSC1GE.txt [ Cookie:b4rkeeper@adserver.adtechus.com/ ]
C:\USERS\B4RKEEPER\Cookies\TG6E2LIQ.txt [ Cookie:b4rkeeper@anrtx.tacoda.net/ ]
C:\USERS\B4RKEEPER\Cookies\63QUV2DN.txt [ Cookie:b4rkeeper@doubleclick.net/ ]
C:\USERS\B4RKEEPER\Cookies\RDA0Y0RC.txt [ Cookie:b4rkeeper@adfarm1.adition.com/ ]
C:\USERS\B4RKEEPER\Cookies\8OOZF92Y.txt [ Cookie:b4rkeeper@atdmt.com/ ]
.cunttt.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.cunttt.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.cunttt.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.im.banner.t-online.de [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.olympiaverlag.122.2o7.net [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.xiti.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificclick.net [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
CPCADV [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.cpcadnet.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.effiliation.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ADTECH Ad Server Solutions for Publishers, Ad Networks, Agencies and Advertisers - [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.traffichaus.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adultfriendfinder.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ero-advertising.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.ventivmedia.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads2.zeusclicks.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.hardsextube.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.hardsextube.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.hardsextube.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.hardsextube.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pornologo.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pornologo.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pornologo.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.histats.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
free porn - king of pornography at Pornologo [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
free porn - king of pornography at Pornologo [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
free porn - king of pornography at Pornologo [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
free porn - king of pornography at Pornologo [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
free porn - king of pornography at Pornologo [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
free porn - king of pornography at Pornologo [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
free porn - king of pornography at Pornologo [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
free porn - king of pornography at Pornologo [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.histats.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
free porn - king of pornography at Pornologo [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
FPCTraffic - turning traffic into cash [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
FPCTraffic - turning traffic into cash [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
free porn - king of pornography at Pornologo [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
delivery.trafficbroker.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficholder.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
de.sitestat.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
de.sitestat.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
filter.plusfind.net [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
edates.traffective-tracking.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
edates.traffective-tracking.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
edates.traffective-tracking.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
edates.traffective-tracking.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.yadro.ru [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tracking.oasis.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tracking.oasis.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clickbank.net [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clickbank.net [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
Google [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertise.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.vodafonegroup.122.2o7.net [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adserver.sevenload.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
etracker Home - forget log-file analysis, this is real-time Web Analytics and online market research [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ad.adnet.de [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
eas.apm.emediate.eu [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.adform.net [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.adxvalue.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.adxvalue.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.adxvalue.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.adxvalue.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.hardsextube.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.hardsextube.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.hardsextube.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.stats.ilivid.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adxpose.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.myroitracking.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clicksor.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clicksor.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clicksor.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rambler.ru [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.aim4media.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
fr.sitestat.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
fr.sitestat.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.hardsextube.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.hardsextube.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.hardsextube.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
Free Porn Movies | PornTube.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.porntube.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.porntube.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.porntube.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
Free Porn Movies | PornTube.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
Free Porn Movies | PornTube.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
Free Porn Movies | PornTube.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
Free Porn Movies | PornTube.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
Free Porn Movies | PornTube.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
Free Porn Movies | PornTube.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
Free Porn Movies | PornTube.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
Free Porn Movies | PornTube.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
Free Porn Movies | PornTube.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
Free Porn Movies | PornTube.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
Free Porn Movies | PornTube.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
Free Porn Movies | PornTube.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
Free Porn Movies | PornTube.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
Free Porn Movies | PornTube.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.porntube.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.porntube.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.porntube.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
Free Porn Movies | PornTube.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
FPCTraffic - turning traffic into cash [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pornoadler.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pornoadler.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
FPCTraffic - turning traffic into cash [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficholder.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
go.trafficshop.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
go.trafficshop.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.hardsextube.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.hardsextube.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.hardsextube.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.partypoker.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.partypoker.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.de.partypoker.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.partypoker.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
wmedia.rotator.hadj7.adjuggler.net [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
wmedia.rotator.hadj7.adjuggler.net [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
wmedia.rotator.hadj7.adjuggler.net [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.yieldmanager.net [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
network.realmedia.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
1.sharkadnetwork.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
1.sharkadnetwork.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adserver2.clipkit.de [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.girlsteachsex.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.toplist.eu [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
Hard Sex Tube - for every fan of hot porn videos and free porn [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.hardsextube.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.hardsextube.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.hardsextube.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
dev.hardsextube.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
Hard Sex Tube - for every fan of hot porn videos and free porn [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
Hard Sex Tube - for every fan of hot porn videos and free porn [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.hardsextube.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.hardsextube.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.hardsextube.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.hardsextube.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.hardsextube.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.hardsextube.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.hardsextube.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adserver.hardsextube.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.hardsextube.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.traffictrack.de [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.traffictrack.de [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tto2.traffictrack.de [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.deutschepostag.112.2o7.net [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
logging.ourstats.de [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
etracker Home - forget log-file analysis, this is real-time Web Analytics and online market research [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
etracker Home - forget log-file analysis, this is real-time Web Analytics and online market research [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
UseNeXT | In vollem DSL-Speed aus dem Usenet downloaden! [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ad.adnet.de [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.adxvalue.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ad.adnet.de [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
trekmedia.net [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.zanox.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.azjmp.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.aim4media.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.azjmp.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.azjmp.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.azjmp.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.azjmp.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.azjmp.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
count.asnetworks.de [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
eas.apm.emediate.eu [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
eas.apm.emediate.eu [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.markussexblog.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.markussexblog.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rambler.ru [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.h2porn.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.h2porn.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.h2porn.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.h2porn.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.h2porn.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.h2porn.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.h2porn.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.h2porn.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.h2porn.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracking.quisma.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracking.quisma.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tracking.quisma.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
de.sitestat.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.im.banner.t-online.de [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.im.banner.t-online.de [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ad.yieldmanager.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ad.yieldmanager.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad1.emediate.dk [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad1.emediate.dk [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad1.emediate.dk [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad1.adfarm1.adition.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adviva.net [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adfarm1.adition.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mmotraffic.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mmotraffic.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tracking.gameforge.de [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.quartermedia.de [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
newsclick.de - Braunschweiger Zeitung, Salzgitter-Zeitung, Wolfsburger Nachrichten, Peiner Nachrichten, Gifhorner Rundschau [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.newsclick.de [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.newsclick.de [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.newsclick.de [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracking.quisma.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.xm.xtendmedia.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www9.addfreestats.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracking.quisma.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
Comunio Statistiken [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adserver2.exgfnetwork.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.effiliation.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.effiliation.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.effiliation.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.effiliation.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.effiliation.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adx.chip.de [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracking.quisma.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracking.mindshare.de [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adx.chip.de [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracking.quisma.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
rts.pgmediaserve.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
rts.pgmediaserve.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
rts.pgmediaserve.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.partypoker.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.partypoker.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.partypoker.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.de.partypoker.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.de.partypoker.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.de.partypoker.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.de.partypoker.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracking.quisma.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exoclick.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
FPCTraffic - turning traffic into cash [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pornoxo.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pornoxo.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pornoxo.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
Porno tube - Adult Streaming Sex Tube Videos at PornoXO - page 1 [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
Porno tube - Adult Streaming Sex Tube Videos at PornoXO - page 1 [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.alphaporno.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.alphaporno.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.alphaporno.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.alphaporno.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.alphaporno.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.alphaporno.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.alphaporno.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.alphaporno.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pornoxo.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pornoxo.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pornoxo.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pornoxo.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.toplist.cz [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adxpansion.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad1.dyntracker.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.comstats.de [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.comstats.de [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.comstats.de [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.fastclick.net [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
Modelabel Shopsuche Labelverzeichnis und Shopverzeichnis - TheLabelFinder.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
TLDAdserv.com - Ihr Partner für seriöse Auszahlungen [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ww251.smartadserver.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracking.quisma.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tribalfusion.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.statcounter.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.zanox-affiliate.de [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.weborama.fr [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.weborama.fr [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.xing.solution.weborama.fr [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.crakmedia.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.adform.net [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adform.net [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zanox-affiliate.de [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tracking.quisma.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.zanox.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracking.quisma.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.unitymedia.de [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.unitymedia.de [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracking.quisma.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad4.adfarm1.adition.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zanox.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.traffictrack.de [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.hightraffic.hugoboss.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.hightraffic.hugoboss.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.hightraffic.hugoboss.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exoclick.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adultfriendfinder.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adultfriendfinder.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adultfriendfinder.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adultfriendfinder.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adultfriendfinder.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adultfriendfinder.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adultfriendfinder.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adultfriendfinder.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
testtaketraffic.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
testtaketraffic.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
testtaketraffic.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
testtaketraffic.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
testtaketraffic.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.js.pixelrevenue.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bs.serving-sys.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad2.adfarm1.adition.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.youtube.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.stats.betradar.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.stats.betradar.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.stats.betradar.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad3.adfarm1.adition.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\B4RKEEPER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
imagesrv.adition.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\BECUN2NC ]
secure-uk.imrworldwide.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\BECUN2NC ]
Alpha Porno - Free XXX porn TUBE MOVIES. Free Sex Video [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\BECUN2NC ]
filter.plusfind.net [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
.xiti.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
ad1.adfarm1.adition.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
www9.addfreestats.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
.adserver.adtechus.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
.rambler.ru [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
.yadro.ru [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
.histats.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
.histats.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
banners.victor.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
banners.victor.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
.banners.victor.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
.content.yieldmanager.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
.olympiaverlag.122.2o7.net [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
ww251.smartadserver.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
ad4.adfarm1.adition.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
.mmotraffic.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
.mmotraffic.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
adfarm1.adition.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
.zanox-affiliate.de [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
.zanox.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
.traffictrack.de [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
tracking.quisma.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
tracking.quisma.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
.azjmp.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
.azjmp.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
.azjmp.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
.tribalfusion.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
.adform.net [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
tracking.gameforge.de [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
.rambler.ru [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
ad3.adfarm1.adition.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
ad2.adfarm1.adition.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
.exoclick.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\USERS\B4RKEEPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y62OL1TS.DEFAULT\COOKIES.SQLITE ]
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@BIZZCLICK[1].TXT [ /BIZZCLICK ]
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@CLICKSOR[2].TXT [ /CLICKSOR ]
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@WWW.CPCADNET[2].TXT [ /WWW.CPCADNET ]
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@WWW.CPCADNET[1].TXT [ /WWW.CPCADNET ]
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@AD.YIELDMANAGER[1].TXT [ /AD.YIELDMANAGER ]
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@TRADEDOUBLER[1].TXT [ /TRADEDOUBLER ]
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@BANNER.POKER770[2].TXT [ /BANNER.POKER770 ]
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@MYROITRACKING[1].TXT [ /MYROITRACKING ]
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@DOUBLECLICK[1].TXT [ /DOUBLECLICK ]
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@CONTENT.YIELDMANAGER[1].TXT [ /CONTENT.YIELDMANAGER ]



C:\Tom\Setup\Everest Pokernet.exe a variant of Win32/Casino application
C:\Tom\Setup\registrybooster.exe Win32/RegistryBooster application
C:\Tom\Setup\SoftonicDownloader_fuer_oben-up-meet-dug-screensaver.exe a variant of Win32/SoftonicDownloader.A application
C:\Tom\Setup\uusee_2008.exe probably a variant of Win32/Agent.HKUJHEL trojan
C:\Tom\Setup\icq_7.0_build_1211_banner_remover\ICQ 7.0 Build #1211 Banner Remover 1.0 Setup.exe Win32/Adware.ADON application
C:\Tom\Setup\icq_lite_7.0_build_1509_banner_remover\ICQ Lite 7.0 Build #1509 Banner Remover 1.0 Setup.exe Win32/Adware.ADON application

cosinus 02.11.2011 22:58
Zitat:
C:\Tom\Setup\registrybooster.exe Win32/RegistryBooster application
Finger weg von solchen Tools!!

Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich.
Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr booted.
  • Wie soll der Cleaner zu 100% wissen ob der Eintrag benötigt wird oder nicht ?
  • Es ist vollkommen egal ob ein paar verwaiste Registry Einträge am System sind oder nicht.
  • Auch die dauernd angepriesene Beschleunigung des Systems ist nur bedingt wahr. Du würdest es nicht merken.

Ein sogenanntes False Positive von einem Cleaner kann auch dein System unbootbar machen.
Zerstörst Du die Registry, zerstörst Du Windows.
Zitat:
C:\Tom\Setup\SoftonicDownloader_fuer_oben-up-meet-dug-screensaver.exe a variant of Win32/SoftonicDownloader.A application
Bitte nicht falsch verstehen, aber irgendwie hab ich den Eindruck es ist ein Volkssport geworden sich sämtlichen Kram von Softonic zu laden. Da ist immer irgendein Müll wie Toolbars oder der sinnlose Softonic Downloader drin. Warum lädst du die Software nicht von der Seite des Herstellers oder notfalls bei chip.de?

B4rkeeper 03.11.2011 12:18
Hallo,

danke erstmal für die nützlichen Tipps!

Ich habe die beiden angesprochenen exe-Dateien jetzt mal gelöscht.

Normalerweise besorge ich mir sämtliche Freeware über chip.de, jedoch kann es in der Vergangenheit durchaus passiert sein, dass ich auf anderen Plattformen aktiv war.


Noch 2 Fragen zum Schluss vielleicht:

In letzter Zeit erscheint bei mir öfters beim Surfen der blaue Bildschirm (Crash Dump). Da es gestern zuletzt passierte, hat es wohl nichts mit den bekannten Schädlingen zu tun!?

Und um nochmal auf das Windows-Sicherheitscenter (die weiße Flagge in der Leiste) zurückzukommen: Diese existiert bei mir nicht mehr! Brauche ich das überhaupt zwingend? Und wenn ja: Wie kann ich es wieder aktivieren?

Vielen Dank schonmal!

Gruß Tom

cosinus 03.11.2011 13:11
Abgesehen von den zwei weiteren Fragen: Rechner erstmal wieder im Lot?
Wenn ja, würde ich erstmal ein Update empfehlen, dann erübrigen sich diese vllt.


Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt.
Malwarebytes zu behalten ist kein Fehler. Kannst ja 1x im Monat damit scannen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink:

Mozilla und andere Browser => http://filepony.de/?q=Flash+Player
Internet Explorer => http://fpdownload.adobe.com/get/flas..._player_ax.exe

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:59 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131