Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Trojaner der alles verschwinden lässt (https://www.trojaner-board.de/105613-trojaner-alles-verschwinden-laesst.html)

mig2900 30.11.2011 17:58
Trojaner der alles verschwinden lässt
 
Hallo zusammen.

Ich brauche dringend eure Hilfe. Gestern hat sich ein Trojaner (glaube ich zumindest) auf meinem Rechner eingemistet. Erst sind tausende von Fehlermeldungen gekommen mit dem Text : "Ram Memory reliability is extremly low. This Problem may cause..."

Mehrmals wurde der Rechner herutnergefahren bis ich endlich Malwarebytes ausführen konnte. Hintergrundbild ist verschwunden, alles auf meinem Desktop ist weg, kann auch nicht mehr über den Arbeitsplatz auf meine Daten die auf dem Desktop sein sollten zugreiffen, Icons aus dem Startmenu alles WEG. Ich kann nur noch über die Suche verschiedene Programme öffnen.

Logdatei:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8276

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

30.11.2011 06:06:20
mbam-log-2011-11-30 (06-06-20).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 48874
Laufzeit: 23 Minute(n), 49 Sekunde(n)

Infizierte Speicherprozesse: 2
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
c:\Users\Aljoscha\rq13lpati5.exe (Spyware.Zbot) -> 3708 -> Unloaded process successfully.
c:\programdata\yknnwfxicrnj.exe (Trojan.FakeAlert) -> 3744 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rq13lpati5 (Spyware.Zbot) -> Value: rq13lpati5 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\YKNNWfXiCRNj.exe (Trojan.FakeAlert) -> Value: YKNNWfXiCRNj.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\KB00095981.exe (Trojan.Downloader) -> Value: KB00095981.exe -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Aljoscha\rq13lpati5.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
c:\programdata\yknnwfxicrnj.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Aljoscha\AppData\Roaming\kb00095981.exe (Trojan.Downloader) -> Quarantined and deleted successfully.


Mehr angaben habe ich leider nicht für euch im moment. (Windows 7 Premium, 64 bit)


Danke euch schon im vorraus!

cosinus 30.11.2011 22:09
Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


mig2900 01.12.2011 22:15
Ok vielen Dank ersteinmal für die sofortige Hilfe. Ich habe inzwischen die Symbole wieder und alle Dateien mit unhide sichtbar gemacht aber der PC verhält sich trotzdem sehr komisch teilweise.

Hier die Log-Datei :-)

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c48c78bbd5d76f409942bb6bd0357dd3
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-01 07:55:16
# local_time=2011-12-01 08:55:16 (+0100, Mitteleuropäische Zeit)
# country="Switzerland"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1797 16775165 100 94 448560 59291681 503451 0
# compatibility_mode=5893 16776573 100 94 4275 75160496 0 0
# compatibility_mode=8192 67108863 100 0 3931 3931 0 0
# scanned=236313
# found=16
# cleaned=0
# scan_time=14491
C:\$RECYCLE.BIN\S-1-5-21-3546249737-3821523701-249999015-1000\$R37CTPO.Internet\Tecktonik_Track a variant of Win32/Hoax.ArchSMS.MC application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Aljoscha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SWMJWI4I\calc[1].exe a variant of Win32/Kryptik.WIP trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Aljoscha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XSSG9DV8\contacts[1].exe a variant of Win32/Kryptik.WIZ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Aljoscha\AppData\Local\Temp\52E4.tmp a variant of Win32/Kryptik.WBP trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Aljoscha\AppData\Local\Temp\8192.tmp a variant of Win32/Kryptik.WBP trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Aljoscha\AppData\Local\Temp\googleupdate.exe a variant of Win32/Kryptik.WBP trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Aljoscha\AppData\Local\Temp\pKKIZVI0oTb7qc.exe.tmp a variant of Win32/Kryptik.WIP trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Aljoscha\AppData\Local\Temp\POS399F.tmp a variant of Win32/Kryptik.WIV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Aljoscha\AppData\Local\Temp\POS3CDB.tmp a variant of Win32/Kryptik.WKL trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Aljoscha\AppData\Local\Temp\y2IovIcJWgkIJI.exe.tmp a variant of Win32/Kryptik.WIP trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Aljoscha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\7be8bedd-49b0d913 a variant of Win32/Kryptik.WIZ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Aljoscha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\6ee196e5-2c4f2baf multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Users\Aljoscha\Desktop\Download.Internet\SoftonicDownloader_fuer_recuva.exe Win32/SoftonicDownloader application (unable to clean) 00000000000000000000000000000000 I
E:\ALJOSCHA-PC\Backup Set 2011-06-12 190000\Backup Files 2011-06-12 190000\Backup files 7.zip multiple threats (unable to clean) 00000000000000000000000000000000 I
E:\Backup Aljoscha PC-1\Backup 2011\Download.Internet\SoftonicDownloader_fuer_recuva.exe Win32/SoftonicDownloader application (unable to clean) 00000000000000000000000000000000 I
E:\Download.Internet\Tecktonik_Track a variant of Win32/Hoax.ArchSMS.MC application (unable to clean) 00000000000000000000000000000000 I



Beste Grüsse
mig2900

cosinus 02.12.2011 12:39
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

mig2900 02.12.2011 14:06
Hello ;-) ist aber ein langer text?!

Hier :
OTL Logfile:
Code:
OTL logfile created on: 02.12.2011 12:51:45 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Aljoscha\Desktop\Download.Internet
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
2,96 Gb Total Physical Memory | 1,82 Gb Available Physical Memory | 61,32% Memory free
5,92 Gb Paging File | 4,26 Gb Available in Paging File | 71,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218,20 Gb Total Space | 99,11 Gb Free Space | 45,42% Space Free | Partition Type: NTFS
 
Computer Name: ALJOSCHA-PC | User Name: Aljoscha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.02 12:49:55 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Aljoscha\Desktop\Download.Internet\OTL.exe
PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.06.28 23:36:35 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.29 16:12:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.02.25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.02.15 02:32:52 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.01.07 22:09:32 | 000,585,728 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2010.11.17 20:55:50 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.09.16 14:06:22 | 000,080,896 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2010.08.20 21:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
PRC - [2010.01.15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009.11.13 22:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009.10.15 09:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009.06.09 15:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DockLogin.exe
PRC - [2009.06.05 01:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.05 01:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2005.06.22 18:23:18 | 000,036,864 | ---- | M] () -- C:\WINDOWS\SysWOW64\LckFldService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.10.13 21:48:10 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cc6713be0e405d5a89a2783103f7e771\System.Management.ni.dll
MOD - [2011.10.13 21:08:46 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\7fb80e48899821b64471f8e7ac2d08b7\System.Web.Services.ni.dll
MOD - [2011.10.13 21:07:29 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll
MOD - [2011.10.13 21:07:14 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll
MOD - [2011.10.13 21:06:34 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll
MOD - [2011.10.13 21:06:26 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll
MOD - [2011.10.13 21:06:22 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll
MOD - [2011.10.13 21:06:04 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2011.09.27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.02.15 02:33:34 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.02.15 02:32:52 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.01.07 22:09:34 | 000,516,599 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll
MOD - [2011.01.07 22:09:32 | 000,585,728 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MOD - [2011.01.07 22:09:32 | 000,352,256 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\HtcDetect.dll
MOD - [2011.01.07 22:09:32 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll
MOD - [2011.01.07 22:09:32 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll
MOD - [2011.01.07 22:09:32 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll
MOD - [2009.11.13 22:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2009.11.13 22:15:00 | 000,365,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\de\DataSafeOnline.resources.dll
MOD - [2009.11.13 22:15:00 | 000,275,696 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
MOD - [2009.11.13 22:15:00 | 000,152,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2009.11.13 22:15:00 | 000,095,472 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
MOD - [2009.11.13 22:15:00 | 000,058,608 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
MOD - [2009.11.13 22:15:00 | 000,046,320 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\de\SdbUI.resources.dll
MOD - [2009.11.13 22:15:00 | 000,017,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll
MOD - [2009.10.15 09:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2009.07.14 18:58:13 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2009.07.14 18:58:12 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.07.17 02:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009.06.29 05:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\WINDOWS\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV)
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.06.28 23:36:35 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.29 16:12:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.02.28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.02.25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010.12.21 06:38:22 | 000,350,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010.09.16 14:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010.08.20 21:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.09 15:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2009.06.06 01:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009.06.05 01:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
SRV - [2005.06.22 18:23:18 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SysWOW64\LckFldService.exe -- (LckFldService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.08.31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.08.02 16:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.06.28 23:36:35 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.28 23:36:35 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.07.12 19:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010.06.25 16:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2009.12.26 08:41:32 | 000,280,624 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009.11.01 19:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009.07.17 02:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009.07.17 02:06:16 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.29 05:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.04 11:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.06.03 04:16:56 | 007,333,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.05.20 04:10:00 | 000,393,728 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.05.08 09:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2006.11.01 17:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2006.07.24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/17
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USCON/17
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.nzz.ch"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.02.27 10:48:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.02.27 10:48:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.30 05:26:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.13 17:52:25 | 000,000,000 | ---D | M]
 
[2010.06.16 19:33:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aljoscha\AppData\Roaming\mozilla\Extensions
[2011.11.29 23:19:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aljoscha\AppData\Roaming\mozilla\Firefox\Profiles\0ozbl8j0.default\extensions
[2011.11.29 23:21:22 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Aljoscha\AppData\Roaming\mozilla\Firefox\Profiles\0ozbl8j0.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011.11.30 05:26:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
() (No name found) -- C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\EXTENSIONS\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.XPI
[2011.11.30 05:26:04 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.11.03 17:37:25 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.03 17:37:25 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.11.03 17:37:25 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.03 17:37:25 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.03 17:37:25 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.03 17:37:25 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.11.29 22:33:53 | 000,001,392 | RHS- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O1 - Hosts: 217.23.4.166 www.google-analytics.com.
O1 - Hosts: 217.23.4.166 ad-emea.doubleclick.net.
O1 - Hosts: 217.23.4.166 www.statcounter.com.
O1 - Hosts: 69.72.252.254 www.google-analytics.com.
O1 - Hosts: 69.72.252.254 ad-emea.doubleclick.net.
O1 - Hosts: 69.72.252.254 www.statcounter.com.
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.2.17.61 62.2.24.158 62.2.17.60
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03498BA3-4DE9-4622-9EF0-8B4178EB8A68}: DhcpNameServer = 10.13.0.11 10.13.0.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42957C6A-F384-4280-ACAF-851E11AD9217}: DhcpNameServer = 62.2.17.61 62.2.24.158 62.2.17.60
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.10.02 12:57:47 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS - Reg Error: Value error.
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: McMPFSvc - Service
SafeBootNet:64bit: MCODS - Reg Error: Value error.
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: McMPFSvc - Service
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.iyuv - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.uyvy - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yuy2 - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvu9 - tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvyu - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
Drivers32: midi - wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - midimap.dll (Microsoft Corporation)
Drivers32: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - DivX.dll (DivX, Inc.)
Drivers32: vidc.yvu9 - tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - msyuv.dll (Microsoft Corporation)
Drivers32: wave - wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.02 12:15:01 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{5929301D-FFEF-47AC-8638-9CFB5391A8A6}
[2011.12.02 12:14:38 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{41CBBFE0-FF25-4C72-9168-F097EAADECF3}
[2011.12.02 05:39:51 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{3CA00811-4DC0-4DAD-AA25-266283D1EA25}
[2011.12.02 05:39:01 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{7BF4FD0C-87E1-4740-ADD1-E847E07ABF6A}
[2011.12.02 05:32:18 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{B49873D7-562F-4923-913E-7F5550865F8F}
[2011.12.02 05:29:18 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{CB4C6CF4-9950-4D40-8179-AC0F6CEADF57}
[2011.12.02 05:29:06 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{F7DC60E5-8F51-4694-9A3A-DD8F923BB4ED}
[2011.12.01 16:48:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011.12.01 16:41:37 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{8D444F4D-20E8-4230-B329-9E18ABD6C1A6}
[2011.12.01 16:41:10 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{27523C21-A829-4FD5-9D07-03AD7429F8DC}
[2011.11.30 23:04:42 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{9F4ED6C2-8895-4E2A-81F0-80139B29F183}
[2011.11.30 23:04:29 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{0E97EF2A-C1FE-46CB-894A-9CB15AE3D185}
[2011.11.30 17:40:43 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{C8C5C892-0EAF-4FEE-BE8E-3B0E600F1879}
[2011.11.30 17:40:27 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{80671B4A-4323-4C1D-AE4F-1E5924F22329}
[2011.11.30 06:34:29 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{A6034760-894D-4F66-9814-3FE41155C3C1}
[2011.11.30 06:16:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
[2011.11.30 06:16:45 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2011.11.30 06:09:28 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{22809BD4-247C-452A-BAF7-CCE5C56D8EA2}
[2011.11.30 05:38:20 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{4102EDD6-AE70-4E64-92D8-5E851CAF6AA7}
[2011.11.30 05:38:05 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{64F3F6DE-B902-4302-A9F6-6DEDFB1C5A9A}
[2011.11.29 23:24:40 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{34B019C6-0BF2-40E7-B60E-0A0C878050BF}
[2011.11.29 22:56:49 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{72BF4062-5495-4EBC-83A0-B0FD2C3F77F7}
[2011.11.29 22:54:03 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{6D4142CD-03DD-4E62-8A4F-C8B806D9B09F}
[2011.11.29 22:53:50 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{378CC933-4E67-4F3B-8C75-6E2B888F3004}
[2011.11.29 22:39:08 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{E03459B9-B97D-4DB5-9893-AA3C92373D9D}
[2011.11.29 22:33:52 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Roaming\Avira
[2011.11.29 22:31:28 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Roaming\DE0AF22F
[2011.11.29 21:57:29 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2011.11.29 21:57:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2011.11.29 21:57:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2011.11.29 18:34:44 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{D6793A46-B941-4A9D-965C-66E786FE1494}
[2011.11.29 18:34:31 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{21961260-38DB-4B73-97A4-6046F4BD59CA}
[2011.11.28 23:13:52 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{97CE90C9-BD92-4795-B922-8B44240DC37D}
[2011.11.28 23:13:40 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{D462392A-3317-4294-8F23-9A490D28151A}
[2011.11.28 18:22:01 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{47186F47-D824-4AA5-936E-22DF7D775A33}
[2011.11.28 18:21:49 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{F3A69E64-6413-40B0-9B5A-9B73F67B15BB}
[2011.11.28 15:56:35 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{F6864713-59AE-4DCA-8798-87BEEDAA478A}
[2011.11.28 15:53:29 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{AE43D275-5BEE-4A96-8B35-4FA063611DB0}
[2011.11.28 05:58:49 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{608211EC-D477-457C-98EB-035C497ABBDD}
[2011.11.28 05:58:37 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{AA732E5A-919D-4D50-86B6-D76E2F9BDC72}
[2011.11.27 12:32:06 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{1D521699-AB48-4206-9E78-D9CEDD2E80C1}
[2011.11.27 12:31:55 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{86F114EF-6433-47DD-9E4B-8104C0340BD4}
[2011.11.26 13:18:58 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{2E24101D-01E8-467C-83CE-F4CCD0837323}
[2011.11.26 13:18:46 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{294E12E4-B688-49A1-A26A-505A23939D23}
[2011.11.25 19:51:37 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{F8E233B9-AA8D-472B-AC0D-3D52C84DA443}
[2011.11.25 19:51:26 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{F5E58C33-8B63-4ADA-81D1-5825703C0729}
[2011.11.24 19:06:44 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{29A59DF4-1105-44B6-A19C-F6DDDB4A163A}
[2011.11.24 19:06:33 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{EAF81ACD-598B-48A1-97D8-D0EE3D1DF731}
[2011.11.23 22:24:50 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{72EDF034-2673-4A10-AA83-C9239B1501B0}
[2011.11.23 22:24:37 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{8C361C8F-4632-4F34-91D7-2428C30E9516}
[2011.11.23 17:58:22 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{767BAA6C-9C3A-4CA3-BF4B-C3A251247E0B}
[2011.11.23 17:58:10 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{9B40557F-6C85-4A3F-BB9C-2CEB357E1A78}
[2011.11.22 18:15:13 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{7D033375-4BD5-4317-B44A-CB58B846F2E8}
[2011.11.22 18:15:02 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{5C09484A-CD2B-4357-AB8E-56C5435C295D}
[2011.11.21 18:09:04 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{252284D2-C8AB-4AC2-B798-AD924E325ABC}
[2011.11.21 18:08:52 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{3AD35CF6-1A1C-4243-B700-E10F375A2ACA}
[2011.11.20 20:32:01 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{0D17D9E5-AC9E-452A-BD98-109B6D55F9FC}
[2011.11.20 20:31:50 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{E53FACAE-B990-4C23-933A-3B52C3093F96}
[2011.11.20 14:44:09 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{CEB33404-31A9-49F6-AE89-D70E8ABA59D8}
[2011.11.19 14:40:24 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{A1BE4F3A-E2FB-47CC-BA1B-CDB89BCBE9B2}
[2011.11.19 14:40:13 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{BF3CFA26-3DAE-4961-9638-7248F4B9372C}
[2011.11.18 19:53:40 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{AD590832-62ED-4F87-A3C0-A1E2E8E200C6}
[2011.11.18 19:53:29 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{03138988-61B3-4FBB-A2FF-39D4070D54A0}
[2011.11.18 18:21:17 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{38DA45FC-A1ED-4665-B010-750C6135B666}
[2011.11.18 18:21:05 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{DE832595-DAC0-46D0-B122-64FFC6A3F84A}
[2011.11.18 15:53:59 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{3CCF3E89-4DFC-44D0-B7AD-BD7433D29064}
[2011.11.18 15:53:46 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{DBBCFA39-E6A7-4382-9048-BB9A8BA56BA4}
[2011.11.17 16:58:30 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{B907E21F-AA69-460B-8442-D324D759F062}
[2011.11.17 16:58:07 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{E905CFE9-9DE5-4656-832B-E835BE977A00}
[2011.11.17 06:52:02 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{5AAB5C16-B174-47D7-84D7-3F621F419A1B}
[2011.11.17 06:51:49 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{841BA071-5642-4FD8-A09D-7BB15576CEE4}
[2011.11.16 16:59:14 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{3F86EB81-5E26-4328-9541-1E3D9639D111}
[2011.11.16 16:59:02 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{FDAAFBC9-4857-4683-9F58-5CCDFAA8BCB5}
[2011.11.15 18:55:09 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{810034A3-0C62-4569-8DE5-8C3DF4B1215B}
[2011.11.15 18:54:32 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{DF3B8766-437D-4B7C-A967-CD21865647DC}
[2011.11.15 07:45:37 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{069C0EB2-A274-42DE-AD26-E893FC33C3A7}
[2011.11.15 07:45:01 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{2D9F37C7-9027-44BE-AB1B-9AF907410AC5}
[2011.11.14 18:01:38 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{7A178E96-2CE1-4489-A6B6-6315D0390AA0}
[2011.11.14 18:01:27 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{869607E5-6E36-4B32-A1EB-8B895A706172}
[2011.11.13 16:23:50 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{862C0113-ACC0-40B4-A781-10CF6DC6578F}
[2011.11.13 16:23:39 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{CA78A8C7-1231-4429-9242-0FB517C7BD6B}
[2011.11.13 13:05:07 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{3442E2D1-4D3D-4EFD-BC81-CA616243D776}
[2011.11.13 13:04:45 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{DB1712E5-BB06-437F-B7ED-AA5B0ABD119F}
[2011.11.13 02:27:06 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{90F91779-CF9D-462D-8515-FE340AD95822}
[2011.11.13 02:26:54 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{19FB0B54-BC8E-4115-B7D3-D48ED6DFA7CA}
[2011.11.12 17:03:08 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{07F7162E-51A2-46BC-ADD5-C056939A97D5}
[2011.11.12 17:02:56 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{E2501CF0-6178-447A-84D4-F03618EC700F}
[2011.11.12 12:30:09 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{75E9F813-4C56-441E-9C4C-5ED7A6E46C83}
[2011.11.12 12:29:58 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{206DAEAF-0441-4606-990A-D0898CA6DDED}
[2011.11.12 05:08:20 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{1B414B82-B0DA-4C99-9C51-292A2FA26C73}
[2011.11.12 05:08:09 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{A1A22CA7-3FCD-40B9-BEC7-9823D9D44104}
[2011.11.11 15:14:46 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{80AFB001-9060-4ADA-AD27-927CDE974576}
[2011.11.10 17:24:29 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{ECE1DBBE-9AE4-429A-9387-059AAF7B8C4B}
[2011.11.10 17:24:18 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{43B2523E-B11D-4CA4-9E1E-81DFE2CF2800}
[2011.11.10 06:39:45 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{3A7238B2-587C-4A31-89BF-01AF1FA8BADC}
[2011.11.10 06:39:34 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{BE7CCE2D-8EBA-4323-99CB-5D9750E3D69C}
[2011.11.09 16:48:00 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{FD55A7C7-15E5-45D6-B0BF-79FBEF16E87B}
[2011.11.09 06:31:48 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{ABD5B9D7-0821-47C1-AE8F-4EDF562D5953}
[2011.11.09 06:31:37 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{1A04B7F5-A9FD-4990-B0A7-45F2B33B6908}
[2011.11.08 17:54:20 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{9EA81844-77F8-4229-A049-48CFD85563F0}
[2011.11.08 17:54:09 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{3684A44C-E5B2-4FD3-8040-F91F26AB60C0}
[2011.11.08 06:03:07 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{70EDD2F0-6BB3-4007-B877-2E3903B7ECBE}
[2011.11.08 06:02:43 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{ED6D04BC-C40A-4ED7-8C35-89B7E5384AD7}
[2011.11.07 18:13:03 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{29A75E74-D975-49B7-AC1F-E4754F9EBE79}
[2011.11.07 18:12:47 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{DBBDFE68-E985-4EB6-B006-99C6F8191708}
[2011.11.07 18:08:56 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{4029D343-EB6E-4554-A2EB-2A4A650E92C5}
[2011.11.07 18:06:41 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{2135FBC3-F684-403D-BC2B-C3E5152E60C6}
[2011.11.07 18:06:29 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{2675EB04-41B9-4882-B963-68637A2B5D8E}
[2011.11.06 22:49:47 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{AB4C57D0-048B-456A-BF88-4B3ABDBD9C65}
[2011.11.06 12:56:03 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{133BADEF-9198-465F-BFFD-8D572BDC3638}
[2011.11.06 12:55:51 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{98C7CF9D-91CA-45F5-B8DA-E65A2CBBE245}
[2011.11.06 01:29:30 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{0588E47C-6449-4C47-8AF2-EBB44C8A9621}
[2011.11.05 16:56:58 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{ACF33DA4-9A16-49AA-91C3-0CA0F8AD78C1}
[2011.11.05 16:56:33 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{581DA47B-4745-4411-80E1-CB3205ABE9A6}
[2011.11.04 22:57:15 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{09DCAA58-6268-4597-9C6E-DB4B9FA98B42}
[2011.11.03 17:18:29 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{F317D3BD-8EDF-444C-9473-26D8F919C856}
[2011.11.03 06:29:01 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{E5051F29-8F12-4C1C-A9D9-F79C4E57393C}
[2011.11.03 06:28:37 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{419136A2-C5F5-4EA1-9E0C-3CE03038F9E7}
[2011.11.02 18:27:30 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{60C3B1A3-6796-4FCA-91F8-72D151517065}
[2011.11.02 18:27:07 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{084EE57B-188E-4409-AA61-27C13FF7A2C6}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.02 12:20:19 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.02 12:20:19 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.02 12:16:46 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.12.02 12:16:46 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.12.02 12:16:46 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.12.02 12:16:46 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.12.02 12:16:46 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.12.02 12:12:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.02 12:12:13 | 2384,744,448 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.02 05:42:35 | 000,051,624 | ---- | M] () -- C:\Users\Aljoscha\Desktop\41090_1530787345736_1116315650_31553000_2290625_n.jpg
[2011.12.02 05:28:11 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011.11.30 23:29:22 | 000,158,773 | ---- | M] () -- C:\Users\Aljoscha\Desktop\376477_10150493975490519_751125518_11020556_1807657921_n.jpg
[2011.11.30 18:18:35 | 000,012,526 | ---- | M] () -- C:\Users\Aljoscha\Desktop\Computer - Verknüpfung.lnk
[2011.11.29 22:33:53 | 000,001,392 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011.11.29 21:57:28 | 000,001,936 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011.11.27 12:01:32 | 000,376,960 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.11.19 14:39:20 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.02 05:42:26 | 000,051,624 | ---- | C] () -- C:\Users\Aljoscha\Desktop\41090_1530787345736_1116315650_31553000_2290625_n.jpg
[2011.11.30 23:29:19 | 000,158,773 | ---- | C] () -- C:\Users\Aljoscha\Desktop\376477_10150493975490519_751125518_11020556_1807657921_n.jpg
[2011.11.30 18:18:35 | 000,012,526 | ---- | C] () -- C:\Users\Aljoscha\Desktop\Computer - Verknüpfung.lnk
[2011.11.30 18:11:58 | 000,001,936 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011.11.30 18:11:56 | 000,001,803 | ---- | C] () -- C:\Users\Aljoscha\Desktop\iTunes.lnk
[2011.11.30 18:11:52 | 000,002,569 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
[2011.11.30 18:11:52 | 000,002,536 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011.11.30 18:11:52 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011.11.30 18:11:52 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011.11.30 18:11:52 | 000,001,975 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hilfedokumentation von Dell.lnk
[2011.11.30 18:11:52 | 000,001,968 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2011.11.30 18:11:52 | 000,001,947 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2011.11.30 18:11:52 | 000,001,926 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2011.11.30 18:11:52 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011.11.30 18:11:52 | 000,001,492 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2011.11.30 18:11:52 | 000,001,376 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011.11.30 18:11:52 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2011.11.30 18:11:52 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011.11.30 18:11:52 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2011.11.30 18:11:52 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011.11.30 18:11:52 | 000,001,307 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011.11.30 18:11:52 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2011.11.30 18:11:52 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2011.11.30 18:11:52 | 000,001,191 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works-Start.lnk
[2011.11.30 18:11:52 | 000,001,152 | ---- | C] () -- C:\Users\Aljoscha\Desktop\Mozilla Firefox.lnk
[2011.05.16 22:29:21 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\LckFldService.exe
[2011.03.22 23:19:41 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2011.03.22 23:18:18 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2010.12.26 21:28:17 | 000,000,617 | ---- | C] () -- C:\Windows\eReg.dat
[2010.06.19 14:01:58 | 000,000,000 | ---- | C] () -- C:\Users\Aljoscha\AppData\Roaming\wklnhst.dat
[2010.05.04 08:21:53 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010.05.04 08:21:52 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2010.05.04 08:21:52 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010.05.04 08:21:50 | 000,433,024 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2002.09.18 00:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe
 
========== LOP Check ==========
 
[2011.11.29 22:33:02 | 000,000,000 | ---D | M] -- C:\Users\Aljoscha\AppData\Roaming\DE0AF22F
[2011.11.29 23:21:19 | 000,000,000 | ---D | M] -- C:\Users\Aljoscha\AppData\Roaming\GetRightToGo
[2011.11.29 23:19:43 | 000,000,000 | ---D | M] -- C:\Users\Aljoscha\AppData\Roaming\HTC
[2011.03.26 15:10:52 | 000,000,000 | ---D | M] -- C:\Users\Aljoscha\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2011.06.13 17:40:28 | 000,000,000 | ---D | M] -- C:\Users\Aljoscha\AppData\Roaming\PCDr
[2011.11.29 23:21:22 | 000,000,000 | ---D | M] -- C:\Users\Aljoscha\AppData\Roaming\PhotoScape
[2011.03.22 23:20:06 | 000,000,000 | ---D | M] -- C:\Users\Aljoscha\AppData\Roaming\Samsung
[2010.06.19 14:01:59 | 000,000,000 | ---D | M] -- C:\Users\Aljoscha\AppData\Roaming\Template
[2011.11.29 23:21:22 | 000,000,000 | ---D | M] -- C:\Users\Aljoscha\AppData\Roaming\uTorrent
[2010.06.16 19:27:57 | 000,000,000 | ---D | M] -- C:\Users\Aljoscha\AppData\Roaming\WildTangent
[2010.11.22 19:04:32 | 000,000,000 | ---D | M] -- C:\Users\Aljoscha\AppData\Roaming\Windows Live Writer
[2011.11.19 14:39:20 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011.10.30 11:41:46 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.12.02 05:28:11 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.11.29 23:19:43 | 000,000,000 | ---D | M] -- C:\Users\Aljoscha\AppData\Roaming\Adobe
[2011.05.27 18:36:08 | 000,000,000 | ---D | M] -- C:\Users\Aljoscha\AppData\Roaming\Apple Computer
[2011.11.29 22:33:52 | 000,000,000 | ---D | M] -- C:\Users\Aljoscha\AppData\Roaming\Avira
[2011.11.29 22:33:02 | 000,000,000 | ---D | M] -- C:\Users\Aljoscha\AppData\Roaming\DE0AF22F
[2011.06.13 17:43:35 | 000,000,000 | ---D | M] -- C:\Users\Aljoscha\AppData\Roaming\Dell
[2011.03.06 17:06:04 | 000,000,000 | ---D | M] -- C:\Users\Aljoscha\AppData\Roaming\DivX
[2011.11.29 23:21:19 | 000,000,000 | ---D | M] -- C:\Users\Aljoscha\AppData\Roaming\GetRightToGo
[2011.11.29 23:19:43 | 000,000,000 | ---D | M] -- C:\Users\Aljoscha\AppData\Roaming\HTC
[2011.03.26 15:10:52 | 000,000,000 | ---D | M] -- C:\Users\Aljoscha\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2010.06.16 18:40:09 | 000,000,000 | ---D | M] -- C:\Users\Aljoscha\AppData\Roaming\Identities
[2011.11.29 23:19:43 | 000,000,000 | ---D | M] -- C:\Users\Aljoscha\AppData\Roaming\Macromedia
[2011.11.29 23:21:20 | 000,000,000 | ---D | M] -- C:\Users\Aljoscha\AppData\Roaming\Macrovision
[2010.12.26 01:35:42 | 000,000,000 | ---D | M] -- C:\Users\Aljoscha\AppData\Roaming\Malwarebytes
[2009.07.14 19:18:18 | 000,000,000 | ---D | M] -- C:\Users\Aljoscha\AppData\Roaming\Media Center Programs
[2011.12.01 16:50:56 | 000,000,000 | --SD | M] -- C:\Users\Aljoscha\AppData\Roaming\Microsoft
[2011.11.29 23:19:52 | 000,000,000 | ---D | M] -- C:\Users\Aljoscha\AppData\Roaming\Mozilla
[2011.06.13 17:40:28 | 000,000,000 | ---D | M] -- C:\Users\Aljoscha\AppData\Roaming\PCDr
[2011.11.29 23:21:22 | 000,000,000 | ---D | M] -- C:\Users\Aljoscha\AppData\Roaming\PhotoScape
[2011.11.29 23:21:22 | 000,000,000 | ---D | M] -- C:\Users\Aljoscha\AppData\Roaming\Roxio
[2011.03.22 23:20:06 | 000,000,000 | ---D | M] -- C:\Users\Aljoscha\AppData\Roaming\Samsung
[2010.06.19 14:01:59 | 000,000,000 | ---D | M] -- C:\Users\Aljoscha\AppData\Roaming\Template
[2011.11.29 23:21:22 | 000,000,000 | ---D | M] -- C:\Users\Aljoscha\AppData\Roaming\uTorrent
[2011.11.29 23:21:22 | 000,000,000 | ---D | M] -- C:\Users\Aljoscha\AppData\Roaming\vlc
[2010.06.16 19:27:57 | 000,000,000 | ---D | M] -- C:\Users\Aljoscha\AppData\Roaming\WildTangent
[2010.11.22 19:04:32 | 000,000,000 | ---D | M] -- C:\Users\Aljoscha\AppData\Roaming\Windows Live Writer
[2010.10.28 21:23:28 | 000,000,000 | ---D | M] -- C:\Users\Aljoscha\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.03.26 15:02:11 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Aljoscha\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.10.09 12:58:45 | 008,107,168 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Aljoscha\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\WINDOWS\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\WINDOWS\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_1a38e2b78a3fe5b8\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\WINDOWS\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\WINDOWS\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20575_none_39c1885e54505643\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\WINDOWS\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\WINDOWS\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\WINDOWS\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.06.04 11:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Drivers\storage\R228436\f6flpy64\IaStor.sys
[2009.06.05 00:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009.06.04 11:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\drivers\iaStor.sys
[2009.06.05 00:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys
[2009.06.04 11:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_c065a1006c648409\iaStor.sys
[2009.06.05 00:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\WINDOWS\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\WINDOWS\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\WINDOWS\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\WINDOWS\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\WINDOWS\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\WINDOWS\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\WINDOWS\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\WINDOWS\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\WINDOWS\SysWOW64\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\WINDOWS\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\WINDOWS\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\WINDOWS\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\WINDOWS\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\WINDOWS\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\WINDOWS\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\WINDOWS\SysWOW64\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\WINDOWS\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\WINDOWS\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\WINDOWS\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\WINDOWS\SysWOW64\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\WINDOWS\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\WINDOWS\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\WINDOWS\SysWOW64\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\WINDOWS\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\WINDOWS\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\WINDOWS\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\WINDOWS\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\WINDOWS\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\WINDOWS\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\WINDOWS\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\WINDOWS\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010.06.08 06:14:53 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\WINDOWS\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010.06.08 06:14:53 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2010.06.08 06:14:53 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\WINDOWS\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >
--- --- ---




Danke viel mal!

Beste Grüsse
mig2900

cosinus 02.12.2011 19:33
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/17
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/USCON/17
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.10.02 12:57:47 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
[2011.11.29 22:31:28 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Roaming\DE0AF22F
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

mig2900 03.12.2011 00:27
Ok habs gemacht :) Hier die Log Datei:


All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ deleted successfully.
File C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
C:\Users\Aljoscha\AppData\Roaming\DE0AF22F folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]


Gute nacht und danke!

cosinus 03.12.2011 14:23
Das Log ist leider nicht ganz vollständig

mig2900 03.12.2011 16:51
Was heisst unvollständig? ich glaube das ist alles was im Dokument geschrieben war. Was soll ich tun?

cosinus 04.12.2011 18:26
Dann fehlt aber der untere Teil. Bitte prüfen

mig2900 19.12.2011 21:38
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ not found.
File C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ not found.
File C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\autoexec.bat not found.
Folder C:\Users\Aljoscha\AppData\Roaming\DE0AF22F\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Aljoscha
->Temp folder emptied: 26203919 bytes
->Temporary Internet Files folder emptied: 4410491 bytes
->Java cache emptied: 4555 bytes
->FireFox cache emptied: 37253600 bytes
->Flash cache emptied: 456 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: TEMP

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1141208 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 5987756570 bytes

Total Files Cleaned = 5.776,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 12192011_213349

Files\Folders moved on Reboot...
C:\Users\Aljoscha\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...




das ist wirklich das ganze dokument!

Sorry für meine etwas längere Absenz.

beste Grüsse

cosinus 19.12.2011 21:42
Mach bitte ein neues OTL-Log. Und reagiere etwas schnelle, sonst wird das hier nichts

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

mig2900 19.12.2011 22:38
OTL Logfile:
Code:
OTL logfile created on: 19.12.2011 22:19:55 - Run 2
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Aljoscha\Desktop\Download.Internet
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
2,96 Gb Total Physical Memory | 1,92 Gb Available Physical Memory | 64,90% Memory free
5,92 Gb Paging File | 4,39 Gb Available in Paging File | 74,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218,20 Gb Total Space | 118,18 Gb Free Space | 54,16% Space Free | Partition Type: NTFS
 
Computer Name: ALJOSCHA-PC | User Name: Aljoscha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.19 21:33:05 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Aljoscha\Desktop\Download.Internet\OTL.exe
PRC - [2011.12.19 19:14:57 | 000,037,376 | ---- | M] (SanctionedMedia) -- C:\Users\Aljoscha\AppData\Local\SanctionedMedia\Smad\Smad.exe
PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.06.28 23:36:35 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.29 16:12:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.02.25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.02.15 02:32:52 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.01.07 22:09:32 | 000,585,728 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2010.11.17 20:55:50 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.10.14 09:11:39 | 000,487,424 | ---- | M] (Gadwin Systems, Inc) -- C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
PRC - [2010.09.16 14:06:22 | 000,080,896 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2010.08.20 21:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
PRC - [2010.01.15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009.11.13 22:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009.10.15 09:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009.06.09 15:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DockLogin.exe
PRC - [2009.06.05 01:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.05 01:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2005.06.22 18:23:18 | 000,036,864 | ---- | M] () -- C:\WINDOWS\SysWOW64\LckFldService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.10.13 21:48:10 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cc6713be0e405d5a89a2783103f7e771\System.Management.ni.dll
MOD - [2011.10.13 21:08:46 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\7fb80e48899821b64471f8e7ac2d08b7\System.Web.Services.ni.dll
MOD - [2011.10.13 21:08:43 | 011,807,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5a95ba97100404e2ab26b5a9ab9ef965\System.Web.ni.dll
MOD - [2011.10.13 21:07:29 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll
MOD - [2011.10.13 21:07:14 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll
MOD - [2011.10.13 21:07:08 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d71769228ebe7732ae31ac194fe00ff0\Accessibility.ni.dll
MOD - [2011.10.13 21:06:34 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll
MOD - [2011.10.13 21:06:26 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll
MOD - [2011.10.13 21:06:22 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll
MOD - [2011.10.13 21:06:04 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2011.09.27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.02.15 02:33:34 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.02.15 02:32:52 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.01.07 22:09:34 | 000,516,599 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll
MOD - [2011.01.07 22:09:32 | 000,585,728 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MOD - [2011.01.07 22:09:32 | 000,352,256 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\HtcDetect.dll
MOD - [2011.01.07 22:09:32 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll
MOD - [2011.01.07 22:09:32 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll
MOD - [2011.01.07 22:09:32 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll
MOD - [2009.11.13 22:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2009.11.13 22:15:00 | 000,365,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\de\DataSafeOnline.resources.dll
MOD - [2009.11.13 22:15:00 | 000,275,696 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
MOD - [2009.11.13 22:15:00 | 000,152,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2009.11.13 22:15:00 | 000,095,472 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
MOD - [2009.11.13 22:15:00 | 000,058,608 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
MOD - [2009.11.13 22:15:00 | 000,046,320 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\de\SdbUI.resources.dll
MOD - [2009.11.13 22:15:00 | 000,017,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll
MOD - [2009.10.15 09:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2009.07.14 18:58:15 | 000,167,936 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll
MOD - [2009.07.14 18:58:13 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2009.07.14 18:58:12 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.07.17 02:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009.06.29 05:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\WINDOWS\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV)
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.06.28 23:36:35 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.29 16:12:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.02.28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.02.25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010.12.21 06:38:22 | 000,350,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010.09.16 14:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010.08.20 21:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.09 15:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2009.06.06 01:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009.06.05 01:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
SRV - [2005.06.22 18:23:18 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SysWOW64\LckFldService.exe -- (LckFldService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.08.31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.08.02 16:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.06.28 23:36:35 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.28 23:36:35 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.07.12 19:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010.06.25 16:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2009.12.26 08:41:32 | 000,280,624 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009.11.01 19:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009.07.17 02:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009.07.17 02:06:16 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.29 05:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.04 11:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.06.03 04:16:56 | 007,333,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.05.20 04:10:00 | 000,393,728 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.05.08 09:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2006.11.01 17:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2006.07.24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.nzz.ch"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.02.27 10:48:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.02.27 10:48:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.30 05:26:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.13 17:52:25 | 000,000,000 | ---D | M]
 
[2010.06.16 19:33:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aljoscha\AppData\Roaming\mozilla\Extensions
[2011.12.19 18:54:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aljoscha\AppData\Roaming\mozilla\Firefox\Profiles\0ozbl8j0.default\extensions
[2011.11.29 23:21:22 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Aljoscha\AppData\Roaming\mozilla\Firefox\Profiles\0ozbl8j0.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011.11.30 05:26:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
() (No name found) -- C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\EXTENSIONS\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.XPI
[2011.11.30 05:26:04 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.11.03 17:37:25 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.03 17:37:25 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.11.03 17:37:25 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.03 17:37:25 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.03 17:37:25 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.03 17:37:25 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.12.19 21:34:13 | 000,000,098 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1      localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
O4 - HKCU..\Run: [Smad] C:\Users\Aljoscha\AppData\Local\SanctionedMedia\Smad\Smad.exe (SanctionedMedia)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.2.17.61 62.2.24.158 62.2.17.60
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03498BA3-4DE9-4622-9EF0-8B4178EB8A68}: DhcpNameServer = 10.13.0.11 10.13.0.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42957C6A-F384-4280-ACAF-851E11AD9217}: DhcpNameServer = 62.2.17.61 62.2.24.158 62.2.17.60
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS - Reg Error: Value error.
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: McMPFSvc - Service
SafeBootNet:64bit: MCODS - Reg Error: Value error.
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: McMPFSvc - Service
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.iyuv - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.uyvy - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yuy2 - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvu9 - tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvyu - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
Drivers32: midi - wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - midimap.dll (Microsoft Corporation)
Drivers32: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - DivX.dll (DivX, Inc.)
Drivers32: vidc.yvu9 - tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - msyuv.dll (Microsoft Corporation)
Drivers32: wave - wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.19 21:38:18 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{758B8275-7AA9-4FDA-AFC9-32A96AE1BDB2}
[2011.12.19 21:37:55 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{C7EAEDC0-4D3D-4B9B-BB0A-57399EB6ED8E}
[2011.12.19 19:14:57 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\SanctionedMedia
[2011.12.19 18:53:52 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{C9B27415-7A05-43CC-8DED-E1F8E605B3CC}
[2011.12.19 18:53:24 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{BBC4693A-C787-48A3-8E23-38FAB315A591}
[2011.12.18 13:25:03 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{BDF59F81-78A6-4C24-AC74-CCC7FCC9E646}
[2011.12.18 13:24:51 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{54502E9C-468E-4B7F-BB42-4B47EF75B790}
[2011.12.17 19:47:29 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2011.12.17 19:22:12 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{F2663BE3-00E9-4031-A711-1E50B5F5C99E}
[2011.12.17 19:21:37 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{69782684-2B2C-42C1-BE0A-B8BE1F569CCF}
[2011.12.17 12:27:28 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{D72CBDF3-9B7F-452D-867F-E7F4095ED2BE}
[2011.12.17 12:27:16 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{1C7C88BC-3D2D-4ED6-9F13-A29F74401C24}
[2011.12.16 16:54:12 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{5D6EE4FB-4A3B-47D0-B78B-7697824178E2}
[2011.12.16 16:53:49 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{61FE02E8-8F88-4986-BBCC-6E46C3948CA5}
[2011.12.14 12:26:59 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{3409CFD3-0CC0-4912-84D6-C4503E1098FD}
[2011.12.12 15:04:49 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{32B1C8B5-E438-4D0D-AED7-F33D9157789F}
[2011.12.12 15:02:32 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{5875EBB9-8FF1-45BD-A6CA-BCF71985F249}
[2011.12.11 15:36:01 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{BDA2351D-5F28-4DDE-8EF2-577A6A2E7CD8}
[2011.12.10 15:37:10 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{3EEA4E5D-7345-488D-BEEE-8DA1A1FA79C5}
[2011.12.10 15:36:56 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{5806E0C7-7268-41D0-8093-A61CBD1B162A}
[2011.12.09 17:41:06 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{A6087960-3500-401F-AE19-07940544224D}
[2011.12.09 17:40:55 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{3B423AF1-22BA-483B-A214-4FCD2B3F23A9}
[2011.12.09 11:04:33 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{4AF428DE-17F2-4925-8840-294152CC657B}
[2011.12.09 11:04:21 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{5F31A0C9-4F71-4818-A8D1-6B09ECC30CAB}
[2011.12.08 11:19:27 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{7A8D52F3-A5F5-477D-B731-5F43CD7A0B32}
[2011.12.08 11:19:15 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{06329C64-EF5C-42A7-895C-50E7EA055DEB}
[2011.12.06 18:10:55 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{FCB201CA-54B6-42A0-BFED-F5AC0D394A6B}
[2011.12.06 18:10:44 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{AB67B7EA-C2C7-40B7-A57C-630CF50B7D75}
[2011.12.05 18:07:23 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{2AA5262F-E0DD-44DD-B084-DE8D982D69DF}
[2011.12.05 18:07:11 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{CECCCE8B-57D1-40C0-B73E-0DE4E42526CC}
[2011.12.03 12:58:31 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{5079779A-93B2-4B66-A01A-A509E801E16D}
[2011.12.03 12:58:17 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{5258DC39-5BBE-4436-B1A5-193B2E58DD14}
[2011.12.03 08:18:21 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{C1ED00DD-B0D3-4583-9BDA-F028A78476B3}
[2011.12.03 08:18:09 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{E9F2C452-2552-4B66-8D2A-B34687DB8B28}
[2011.12.03 00:25:30 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{A244B222-CA4E-4864-91CE-C9EAA8DCBC41}
[2011.12.03 00:25:07 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{0F47F494-3EE7-4018-9B39-94DF2E6368F3}
[2011.12.03 00:19:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.12.03 00:12:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2011.12.03 00:02:59 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{FAA50038-85A0-4F11-98B9-F17E220AC978}
[2011.12.03 00:02:47 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{D844DD01-6FFD-402D-AFFC-F38776334D9C}
[2011.12.02 12:15:01 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{5929301D-FFEF-47AC-8638-9CFB5391A8A6}
[2011.12.02 12:14:38 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{41CBBFE0-FF25-4C72-9168-F097EAADECF3}
[2011.12.02 05:39:51 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{3CA00811-4DC0-4DAD-AA25-266283D1EA25}
[2011.12.02 05:39:01 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{7BF4FD0C-87E1-4740-ADD1-E847E07ABF6A}
[2011.12.02 05:32:18 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{B49873D7-562F-4923-913E-7F5550865F8F}
[2011.12.02 05:29:18 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{CB4C6CF4-9950-4D40-8179-AC0F6CEADF57}
[2011.12.02 05:29:06 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{F7DC60E5-8F51-4694-9A3A-DD8F923BB4ED}
[2011.12.01 16:48:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011.12.01 16:41:37 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{8D444F4D-20E8-4230-B329-9E18ABD6C1A6}
[2011.12.01 16:41:10 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{27523C21-A829-4FD5-9D07-03AD7429F8DC}
[2011.11.30 23:04:42 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{9F4ED6C2-8895-4E2A-81F0-80139B29F183}
[2011.11.30 23:04:29 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{0E97EF2A-C1FE-46CB-894A-9CB15AE3D185}
[2011.11.30 17:40:43 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{C8C5C892-0EAF-4FEE-BE8E-3B0E600F1879}
[2011.11.30 17:40:27 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{80671B4A-4323-4C1D-AE4F-1E5924F22329}
[2011.11.30 06:34:29 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{A6034760-894D-4F66-9814-3FE41155C3C1}
[2011.11.30 06:16:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
[2011.11.30 06:16:45 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2011.11.30 06:09:28 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{22809BD4-247C-452A-BAF7-CCE5C56D8EA2}
[2011.11.30 05:38:20 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{4102EDD6-AE70-4E64-92D8-5E851CAF6AA7}
[2011.11.30 05:38:05 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{64F3F6DE-B902-4302-A9F6-6DEDFB1C5A9A}
[2011.11.29 23:24:40 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{34B019C6-0BF2-40E7-B60E-0A0C878050BF}
[2011.11.29 22:56:49 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{72BF4062-5495-4EBC-83A0-B0FD2C3F77F7}
[2011.11.29 22:54:03 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{6D4142CD-03DD-4E62-8A4F-C8B806D9B09F}
[2011.11.29 22:53:50 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{378CC933-4E67-4F3B-8C75-6E2B888F3004}
[2011.11.29 22:39:08 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{E03459B9-B97D-4DB5-9893-AA3C92373D9D}
[2011.11.29 22:33:52 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Roaming\Avira
[2011.11.29 21:57:29 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2011.11.29 21:57:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2011.11.29 18:34:44 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{D6793A46-B941-4A9D-965C-66E786FE1494}
[2011.11.29 18:34:31 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{21961260-38DB-4B73-97A4-6046F4BD59CA}
[2011.11.28 23:13:52 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{97CE90C9-BD92-4795-B922-8B44240DC37D}
[2011.11.28 23:13:40 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{D462392A-3317-4294-8F23-9A490D28151A}
[2011.11.28 18:22:01 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{47186F47-D824-4AA5-936E-22DF7D775A33}
[2011.11.28 18:21:49 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{F3A69E64-6413-40B0-9B5A-9B73F67B15BB}
[2011.11.28 15:56:35 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{F6864713-59AE-4DCA-8798-87BEEDAA478A}
[2011.11.28 15:53:29 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{AE43D275-5BEE-4A96-8B35-4FA063611DB0}
[2011.11.28 05:58:49 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{608211EC-D477-457C-98EB-035C497ABBDD}
[2011.11.28 05:58:37 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{AA732E5A-919D-4D50-86B6-D76E2F9BDC72}
[2011.11.27 12:32:06 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{1D521699-AB48-4206-9E78-D9CEDD2E80C1}
[2011.11.27 12:31:55 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{86F114EF-6433-47DD-9E4B-8104C0340BD4}
[2011.11.26 13:18:58 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{2E24101D-01E8-467C-83CE-F4CCD0837323}
[2011.11.26 13:18:46 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{294E12E4-B688-49A1-A26A-505A23939D23}
[2011.11.25 19:51:37 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{F8E233B9-AA8D-472B-AC0D-3D52C84DA443}
[2011.11.25 19:51:26 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{F5E58C33-8B63-4ADA-81D1-5825703C0729}
[2011.11.24 19:06:44 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{29A59DF4-1105-44B6-A19C-F6DDDB4A163A}
[2011.11.24 19:06:33 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{EAF81ACD-598B-48A1-97D8-D0EE3D1DF731}
[2011.11.23 22:24:50 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{72EDF034-2673-4A10-AA83-C9239B1501B0}
[2011.11.23 22:24:37 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{8C361C8F-4632-4F34-91D7-2428C30E9516}
[2011.11.23 17:58:22 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{767BAA6C-9C3A-4CA3-BF4B-C3A251247E0B}
[2011.11.23 17:58:10 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{9B40557F-6C85-4A3F-BB9C-2CEB357E1A78}
[2011.11.22 18:15:13 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{7D033375-4BD5-4317-B44A-CB58B846F2E8}
[2011.11.22 18:15:02 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{5C09484A-CD2B-4357-AB8E-56C5435C295D}
[2011.11.21 18:09:04 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{252284D2-C8AB-4AC2-B798-AD924E325ABC}
[2011.11.21 18:08:52 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{3AD35CF6-1A1C-4243-B700-E10F375A2ACA}
[2011.11.20 20:32:01 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{0D17D9E5-AC9E-452A-BD98-109B6D55F9FC}
[2011.11.20 20:31:50 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{E53FACAE-B990-4C23-933A-3B52C3093F96}
[2011.11.20 14:44:09 | 000,000,000 | ---D | C] -- C:\Users\Aljoscha\AppData\Local\{CEB33404-31A9-49F6-AE89-D70E8ABA59D8}
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.19 21:44:10 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.19 21:44:10 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.19 21:36:21 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011.12.19 21:36:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.19 21:35:33 | 2384,744,448 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.19 21:34:13 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011.12.19 21:26:46 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.12.19 21:26:46 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.12.19 21:26:46 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.12.19 21:26:46 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.12.19 21:26:46 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.12.19 21:11:18 | 000,309,643 | ---- | M] () -- C:\Users\Aljoscha\Desktop\1v5.jpg
[2011.12.18 03:03:03 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011.12.15 19:56:28 | 000,376,960 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.12.03 00:12:13 | 000,001,864 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
 
========== Files Created - No Company Name ==========
 
[2011.12.19 21:11:17 | 000,309,643 | ---- | C] () -- C:\Users\Aljoscha\Desktop\1v5.jpg
[2011.12.17 19:47:35 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011.12.17 19:47:33 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011.11.30 18:11:58 | 000,001,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011.11.30 18:11:52 | 000,002,569 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
[2011.11.30 18:11:52 | 000,002,536 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011.11.30 18:11:52 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011.11.30 18:11:52 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011.11.30 18:11:52 | 000,001,975 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hilfedokumentation von Dell.lnk
[2011.11.30 18:11:52 | 000,001,968 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2011.11.30 18:11:52 | 000,001,947 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2011.11.30 18:11:52 | 000,001,926 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2011.11.30 18:11:52 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011.11.30 18:11:52 | 000,001,492 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2011.11.30 18:11:52 | 000,001,376 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011.11.30 18:11:52 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2011.11.30 18:11:52 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011.11.30 18:11:52 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2011.11.30 18:11:52 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011.11.30 18:11:52 | 000,001,307 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011.11.30 18:11:52 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2011.11.30 18:11:52 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2011.11.30 18:11:52 | 000,001,191 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works-Start.lnk
[2011.05.16 22:29:21 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\LckFldService.exe
[2011.03.22 23:19:41 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2011.03.22 23:18:18 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2010.12.26 21:28:17 | 000,000,617 | ---- | C] () -- C:\Windows\eReg.dat
[2010.06.19 14:01:58 | 000,000,000 | ---- | C] () -- C:\Users\Aljoscha\AppData\Roaming\wklnhst.dat
[2010.05.04 08:21:53 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010.05.04 08:21:52 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2010.05.04 08:21:52 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010.05.04 08:21:50 | 000,433,024 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2002.09.18 00:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe
 
========== LOP Check ==========
 
[2011.11.29 23:21:19 | 000,000,000 | ---D | M] -- C:\Users\Aljoscha\AppData\Roaming\GetRightToGo
[2011.11.29 23:19:43 | 000,000,000 | ---D | M] -- C:\Users\Aljoscha\AppData\Roaming\HTC
[2011.03.26 15:10:52 | 000,000,000 | ---D | M] -- C:\Users\Aljoscha\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2011.06.13 17:40:28 | 000,000,000 | ---D | M] -- C:\Users\Aljoscha\AppData\Roaming\PCDr
[2011.11.29 23:21:22 | 000,000,000 | ---D | M] -- C:\Users\Aljoscha\AppData\Roaming\PhotoScape
[2011.03.22 23:20:06 | 000,000,000 | ---D | M] -- C:\Users\Aljoscha\AppData\Roaming\Samsung
[2010.06.19 14:01:59 | 000,000,000 | ---D | M] -- C:\Users\Aljoscha\AppData\Roaming\Template
[2011.11.29 23:21:22 | 000,000,000 | ---D | M] -- C:\Users\Aljoscha\AppData\Roaming\uTorrent
[2010.06.16 19:27:57 | 000,000,000 | ---D | M] -- C:\Users\Aljoscha\AppData\Roaming\WildTangent
[2010.11.22 19:04:32 | 000,000,000 | ---D | M] -- C:\Users\Aljoscha\AppData\Roaming\Windows Live Writer
[2011.12.18 03:03:03 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011.10.30 11:41:46 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.12.19 21:36:21 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.11.29 23:19:43 | 000,000,000 | ---D | M] -- C:\Users\Aljoscha\AppData\Roaming\Adobe
[2011.05.27 18:36:08 | 000,000,000 | ---D | M] -- C:\Users\Aljoscha\AppData\Roaming\Apple Computer
[2011.11.29 22:33:52 | 000,000,000 | ---D | M] -- C:\Users\Aljoscha\AppData\Roaming\Avira
[2011.06.13 17:43:35 | 000,000,000 | ---D | M] -- C:\Users\Aljoscha\AppData\Roaming\Dell
[2011.03.06 17:06:04 | 000,000,000 | ---D | M] -- C:\Users\Aljoscha\AppData\Roaming\DivX
[2011.11.29 23:21:19 | 000,000,000 | ---D | M] -- C:\Users\Aljoscha\AppData\Roaming\GetRightToGo
[2011.11.29 23:19:43 | 000,000,000 | ---D | M] -- C:\Users\Aljoscha\AppData\Roaming\HTC
[2011.03.26 15:10:52 | 000,000,000 | ---D | M] -- C:\Users\Aljoscha\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2010.06.16 18:40:09 | 000,000,000 | ---D | M] -- C:\Users\Aljoscha\AppData\Roaming\Identities
[2011.11.29 23:19:43 | 000,000,000 | ---D | M] -- C:\Users\Aljoscha\AppData\Roaming\Macromedia
[2011.11.29 23:21:20 | 000,000,000 | ---D | M] -- C:\Users\Aljoscha\AppData\Roaming\Macrovision
[2010.12.26 01:35:42 | 000,000,000 | ---D | M] -- C:\Users\Aljoscha\AppData\Roaming\Malwarebytes
[2009.07.14 19:18:18 | 000,000,000 | ---D | M] -- C:\Users\Aljoscha\AppData\Roaming\Media Center Programs
[2011.12.01 16:50:56 | 000,000,000 | --SD | M] -- C:\Users\Aljoscha\AppData\Roaming\Microsoft
[2011.11.29 23:19:52 | 000,000,000 | ---D | M] -- C:\Users\Aljoscha\AppData\Roaming\Mozilla
[2011.06.13 17:40:28 | 000,000,000 | ---D | M] -- C:\Users\Aljoscha\AppData\Roaming\PCDr
[2011.11.29 23:21:22 | 000,000,000 | ---D | M] -- C:\Users\Aljoscha\AppData\Roaming\PhotoScape
[2011.11.29 23:21:22 | 000,000,000 | ---D | M] -- C:\Users\Aljoscha\AppData\Roaming\Roxio
[2011.03.22 23:20:06 | 000,000,000 | ---D | M] -- C:\Users\Aljoscha\AppData\Roaming\Samsung
[2010.06.19 14:01:59 | 000,000,000 | ---D | M] -- C:\Users\Aljoscha\AppData\Roaming\Template
[2011.11.29 23:21:22 | 000,000,000 | ---D | M] -- C:\Users\Aljoscha\AppData\Roaming\uTorrent
[2011.11.29 23:21:22 | 000,000,000 | ---D | M] -- C:\Users\Aljoscha\AppData\Roaming\vlc
[2010.06.16 19:27:57 | 000,000,000 | ---D | M] -- C:\Users\Aljoscha\AppData\Roaming\WildTangent
[2010.11.22 19:04:32 | 000,000,000 | ---D | M] -- C:\Users\Aljoscha\AppData\Roaming\Windows Live Writer
[2010.10.28 21:23:28 | 000,000,000 | ---D | M] -- C:\Users\Aljoscha\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.12.17 19:44:33 | 054,303,944 | ---- | M] (Dell Inc) -- C:\Users\Aljoscha\AppData\Roaming\PCDr\Update\Binaries\full_dsc_5907_16_64_02.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Aljoscha\AppData\Roaming\PCDr\Update\Rules\1cb5b1c8-adad-40ea-bb6f-ffa05a6fe21f\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Aljoscha\AppData\Roaming\PCDr\Update\Rules\2ce500b8-38a6-4f0b-acd2-5dd0a230e2ee\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Aljoscha\AppData\Roaming\PCDr\Update\Rules\660db76e-c732-46f9-bd86-748249498fbe\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Aljoscha\AppData\Roaming\PCDr\Update\Rules\6882126f-36e0-4a20-8285-d634302aa7b8\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Aljoscha\AppData\Roaming\PCDr\Update\Rules\6a3e426a-74ab-4c42-b0a4-a64cb5c1fed4\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Aljoscha\AppData\Roaming\PCDr\Update\Rules\7f66c738-7f5a-4d0c-ba36-c87119e51af2\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Aljoscha\AppData\Roaming\PCDr\Update\Rules\85a4e84d-359c-4a73-a575-b720009d15da\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Aljoscha\AppData\Roaming\PCDr\Update\Rules\95f5fa78-d023-49c4-878e-7761c1e535cc\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Aljoscha\AppData\Roaming\PCDr\Update\Rules\ac056cc9-6101-4291-9727-5517e2ab673d\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Aljoscha\AppData\Roaming\PCDr\Update\Rules\eea291b6-cc08-40c1-a158-64fef67aa7c9\au_5899_rules\AddCertificate.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\WINDOWS\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\WINDOWS\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_1a38e2b78a3fe5b8\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\WINDOWS\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\WINDOWS\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20575_none_39c1885e54505643\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\WINDOWS\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\WINDOWS\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\WINDOWS\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.06.04 11:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Drivers\storage\R228436\f6flpy64\IaStor.sys
[2009.06.05 00:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009.06.04 11:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\drivers\iaStor.sys
[2009.06.05 00:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys
[2009.06.04 11:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_c065a1006c648409\iaStor.sys
[2009.06.05 00:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\WINDOWS\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\WINDOWS\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\WINDOWS\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\WINDOWS\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\WINDOWS\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\WINDOWS\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\WINDOWS\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\WINDOWS\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\WINDOWS\SysWOW64\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\WINDOWS\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\WINDOWS\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\WINDOWS\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\WINDOWS\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\WINDOWS\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\WINDOWS\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\WINDOWS\SysWOW64\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\WINDOWS\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\WINDOWS\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\WINDOWS\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\WINDOWS\SysWOW64\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\WINDOWS\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\WINDOWS\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\WINDOWS\SysWOW64\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\WINDOWS\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\WINDOWS\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\WINDOWS\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\WINDOWS\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\WINDOWS\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\WINDOWS\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\WINDOWS\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\WINDOWS\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010.06.08 06:14:53 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\WINDOWS\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010.06.08 06:14:53 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2010.06.08 06:14:53 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\WINDOWS\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >
--- --- ---


Hier das neue Logfile:)

Werde ab nun so schnell wie nur möglich antworten ;-)

Beste Grüsse

cosinus 19.12.2011 23:13
Ist rel. unauffällig...

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

mig2900 20.12.2011 21:12
Ok fertig hier das Log des Kaperskyprogrammes:

21:08:59.0996 5024 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
21:09:00.0157 5024 ============================================================
21:09:00.0157 5024 Current date / time: 2011/12/20 21:09:00.0157
21:09:00.0157 5024 SystemInfo:
21:09:00.0157 5024
21:09:00.0157 5024 OS Version: 6.1.7600 ServicePack: 0.0
21:09:00.0157 5024 Product type: Workstation
21:09:00.0157 5024 ComputerName: ALJOSCHA-PC
21:09:00.0158 5024 UserName: Aljoscha
21:09:00.0158 5024 Windows directory: C:\Windows
21:09:00.0158 5024 System windows directory: C:\Windows
21:09:00.0158 5024 Running under WOW64
21:09:00.0158 5024 Processor architecture: Intel x64
21:09:00.0158 5024 Number of processors: 2
21:09:00.0158 5024 Page size: 0x1000
21:09:00.0158 5024 Boot type: Normal boot
21:09:00.0158 5024 ============================================================
21:09:00.0597 5024 Initialize success
21:10:00.0078 4804 ============================================================
21:10:00.0078 4804 Scan started
21:10:00.0078 4804 Mode: Manual; SigCheck; TDLFS;
21:10:00.0078 4804 ============================================================
21:10:00.0421 4804 1394ohci (69aa89a20dee08bfa650aab6ce37bd10) C:\Windows\system32\DRIVERS\1394ohci.sys
21:10:00.0640 4804 1394ohci - ok
21:10:00.0780 4804 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
21:10:00.0811 4804 ACPI - ok
21:10:00.0920 4804 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
21:10:01.0030 4804 AcpiPmi - ok
21:10:01.0170 4804 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:10:01.0217 4804 adp94xx - ok
21:10:01.0357 4804 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:10:01.0388 4804 adpahci - ok
21:10:01.0513 4804 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:10:01.0544 4804 adpu320 - ok
21:10:01.0716 4804 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
21:10:01.0841 4804 AFD - ok
21:10:01.0966 4804 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
21:10:01.0997 4804 agp440 - ok
21:10:02.0028 4804 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
21:10:02.0044 4804 aliide - ok
21:10:02.0059 4804 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
21:10:02.0075 4804 amdide - ok
21:10:02.0122 4804 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:10:02.0200 4804 AmdK8 - ok
21:10:02.0293 4804 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:10:02.0356 4804 AmdPPM - ok
21:10:02.0480 4804 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
21:10:02.0512 4804 amdsata - ok
21:10:02.0574 4804 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:10:02.0605 4804 amdsbs - ok
21:10:02.0652 4804 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
21:10:02.0699 4804 amdxata - ok
21:10:02.0855 4804 ApfiltrService (9b0b7fde049cb283fabe5877a49f2611) C:\Windows\system32\DRIVERS\Apfiltr.sys
21:10:02.0948 4804 ApfiltrService - ok
21:10:03.0011 4804 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
21:10:03.0120 4804 AppID - ok
21:10:03.0260 4804 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:10:03.0292 4804 arc - ok
21:10:03.0307 4804 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:10:03.0338 4804 arcsas - ok
21:10:03.0385 4804 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:10:03.0541 4804 AsyncMac - ok
21:10:03.0588 4804 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
21:10:03.0619 4804 atapi - ok
21:10:03.0697 4804 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
21:10:03.0713 4804 avgntflt - ok
21:10:03.0822 4804 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
21:10:03.0838 4804 avipbb - ok
21:10:03.0884 4804 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:10:03.0978 4804 b06bdrv - ok
21:10:04.0072 4804 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:10:04.0118 4804 b57nd60a - ok
21:10:04.0290 4804 BCM42RLY (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys
21:10:04.0321 4804 BCM42RLY - ok
21:10:04.0446 4804 BCM43XX (f4cd5f52850bf2c978de178f256ba372) C:\Windows\system32\DRIVERS\bcmwl664.sys
21:10:04.0540 4804 BCM43XX - ok
21:10:04.0711 4804 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:10:04.0805 4804 Beep - ok
21:10:04.0930 4804 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:10:04.0992 4804 blbdrive - ok
21:10:05.0117 4804 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
21:10:05.0195 4804 bowser - ok
21:10:05.0242 4804 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:10:05.0288 4804 BrFiltLo - ok
21:10:05.0304 4804 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:10:05.0320 4804 BrFiltUp - ok
21:10:05.0366 4804 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:10:05.0444 4804 Brserid - ok
21:10:05.0460 4804 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:10:05.0522 4804 BrSerWdm - ok
21:10:05.0554 4804 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:10:05.0600 4804 BrUsbMdm - ok
21:10:05.0616 4804 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:10:05.0647 4804 BrUsbSer - ok
21:10:05.0694 4804 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:10:05.0741 4804 BTHMODEM - ok
21:10:05.0881 4804 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:10:05.0959 4804 cdfs - ok
21:10:06.0084 4804 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
21:10:06.0131 4804 cdrom - ok
21:10:06.0178 4804 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:10:06.0209 4804 circlass - ok
21:10:06.0271 4804 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:10:06.0302 4804 CLFS - ok
21:10:06.0412 4804 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:10:06.0458 4804 CmBatt - ok
21:10:06.0490 4804 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
21:10:06.0505 4804 cmdide - ok
21:10:06.0552 4804 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
21:10:06.0646 4804 CNG - ok
21:10:06.0770 4804 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:10:06.0802 4804 Compbatt - ok
21:10:06.0833 4804 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
21:10:06.0880 4804 CompositeBus - ok
21:10:06.0911 4804 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:10:06.0926 4804 crcdisk - ok
21:10:07.0067 4804 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
21:10:07.0145 4804 DfsC - ok
21:10:07.0254 4804 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:10:07.0348 4804 discache - ok
21:10:07.0488 4804 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:10:07.0519 4804 Disk - ok
21:10:07.0582 4804 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:10:07.0644 4804 drmkaud - ok
21:10:07.0784 4804 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
21:10:07.0816 4804 DXGKrnl - ok
21:10:07.0972 4804 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:10:08.0174 4804 ebdrv - ok
21:10:08.0299 4804 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:10:08.0346 4804 elxstor - ok
21:10:08.0377 4804 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
21:10:08.0440 4804 ErrDev - ok
21:10:08.0564 4804 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:10:08.0642 4804 exfat - ok
21:10:08.0767 4804 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:10:08.0861 4804 fastfat - ok
21:10:08.0970 4804 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:10:09.0017 4804 fdc - ok
21:10:09.0126 4804 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:10:09.0157 4804 FileInfo - ok
21:10:09.0173 4804 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:10:09.0266 4804 Filetrace - ok
21:10:09.0376 4804 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:10:09.0407 4804 flpydisk - ok
21:10:09.0516 4804 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
21:10:09.0563 4804 FltMgr - ok
21:10:09.0641 4804 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:10:09.0672 4804 FsDepends - ok
21:10:09.0703 4804 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:10:09.0719 4804 Fs_Rec - ok
21:10:09.0812 4804 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:10:09.0859 4804 fvevol - ok
21:10:09.0906 4804 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:10:09.0922 4804 gagp30kx - ok
21:10:09.0984 4804 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:10:10.0000 4804 GEARAspiWDM - ok
21:10:10.0046 4804 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:10:10.0093 4804 hcw85cir - ok
21:10:10.0109 4804 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:10:10.0156 4804 HDAudBus - ok
21:10:10.0187 4804 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:10:10.0234 4804 HidBatt - ok
21:10:10.0265 4804 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:10:10.0343 4804 HidBth - ok
21:10:10.0374 4804 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:10:10.0421 4804 HidIr - ok
21:10:10.0452 4804 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
21:10:10.0499 4804 HidUsb - ok
21:10:10.0546 4804 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
21:10:10.0577 4804 HpSAMD - ok
21:10:10.0702 4804 HTCAND64 (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\ANDROIDUSB.sys
21:10:10.0780 4804 HTCAND64 - ok
21:10:10.0920 4804 htcnprot (b8b1b284362e1d8135112573395d5da5) C:\Windows\system32\DRIVERS\htcnprot.sys
21:10:10.0936 4804 htcnprot - ok
21:10:11.0029 4804 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
21:10:11.0138 4804 HTTP - ok
21:10:11.0232 4804 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
21:10:11.0263 4804 hwpolicy - ok
21:10:11.0294 4804 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
21:10:11.0326 4804 i8042prt - ok
21:10:11.0372 4804 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
21:10:11.0388 4804 iaStor - ok
21:10:11.0450 4804 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
21:10:11.0497 4804 iaStorV - ok
21:10:11.0778 4804 igfx (babd5f9b2bcc82ce556a0baf1ae208a7) C:\Windows\system32\DRIVERS\igdkmd64.sys
21:10:12.0043 4804 igfx - ok
21:10:12.0121 4804 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:10:12.0152 4804 iirsp - ok
21:10:12.0184 4804 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
21:10:12.0199 4804 intelide - ok
21:10:12.0230 4804 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:10:12.0277 4804 intelppm - ok
21:10:12.0308 4804 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:10:12.0386 4804 IpFilterDriver - ok
21:10:12.0418 4804 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
21:10:12.0464 4804 IPMIDRV - ok
21:10:12.0496 4804 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:10:12.0589 4804 IPNAT - ok
21:10:12.0667 4804 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:10:12.0745 4804 IRENUM - ok
21:10:12.0792 4804 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
21:10:12.0823 4804 isapnp - ok
21:10:12.0854 4804 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
21:10:12.0870 4804 iScsiPrt - ok
21:10:12.0995 4804 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:10:13.0026 4804 kbdclass - ok
21:10:13.0057 4804 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
21:10:13.0120 4804 kbdhid - ok
21:10:13.0229 4804 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
21:10:13.0260 4804 KSecDD - ok
21:10:13.0291 4804 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
21:10:13.0322 4804 KSecPkg - ok
21:10:13.0369 4804 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:10:13.0447 4804 ksthunk - ok
21:10:13.0588 4804 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:10:13.0666 4804 lltdio - ok
21:10:13.0697 4804 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:10:13.0728 4804 LSI_FC - ok
21:10:13.0759 4804 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:10:13.0775 4804 LSI_SAS - ok
21:10:13.0806 4804 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:10:13.0822 4804 LSI_SAS2 - ok
21:10:13.0837 4804 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:10:13.0868 4804 LSI_SCSI - ok
21:10:13.0915 4804 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:10:13.0993 4804 luafv - ok
21:10:14.0102 4804 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
21:10:14.0118 4804 MBAMProtector - ok
21:10:14.0180 4804 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:10:14.0212 4804 megasas - ok
21:10:14.0258 4804 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:10:14.0290 4804 MegaSR - ok
21:10:14.0321 4804 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:10:14.0399 4804 Modem - ok
21:10:14.0430 4804 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:10:14.0492 4804 monitor - ok
21:10:14.0555 4804 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:10:14.0586 4804 mouclass - ok
21:10:14.0602 4804 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:10:14.0633 4804 mouhid - ok
21:10:14.0664 4804 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
21:10:14.0695 4804 mountmgr - ok
21:10:14.0726 4804 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
21:10:14.0758 4804 mpio - ok
21:10:14.0789 4804 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:10:14.0882 4804 mpsdrv - ok
21:10:14.0914 4804 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
21:10:14.0960 4804 MRxDAV - ok
21:10:15.0007 4804 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:10:15.0054 4804 mrxsmb - ok
21:10:15.0101 4804 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:10:15.0163 4804 mrxsmb10 - ok
21:10:15.0194 4804 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:10:15.0241 4804 mrxsmb20 - ok
21:10:15.0272 4804 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys
21:10:15.0304 4804 msahci - ok
21:10:15.0319 4804 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
21:10:15.0350 4804 msdsm - ok
21:10:15.0382 4804 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:10:15.0444 4804 Msfs - ok
21:10:15.0460 4804 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:10:15.0522 4804 mshidkmdf - ok
21:10:15.0569 4804 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
21:10:15.0584 4804 msisadrv - ok
21:10:15.0616 4804 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:10:15.0694 4804 MSKSSRV - ok
21:10:15.0694 4804 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:10:15.0740 4804 MSPCLOCK - ok
21:10:15.0756 4804 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:10:15.0803 4804 MSPQM - ok
21:10:15.0834 4804 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
21:10:15.0881 4804 MsRPC - ok
21:10:15.0912 4804 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
21:10:15.0943 4804 mssmbios - ok
21:10:15.0959 4804 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:10:16.0037 4804 MSTEE - ok
21:10:16.0037 4804 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:10:16.0068 4804 MTConfig - ok
21:10:16.0099 4804 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:10:16.0130 4804 Mup - ok
21:10:16.0177 4804 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:10:16.0255 4804 NativeWifiP - ok
21:10:16.0318 4804 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
21:10:16.0380 4804 NDIS - ok
21:10:16.0396 4804 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:10:16.0458 4804 NdisCap - ok
21:10:16.0489 4804 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:10:16.0552 4804 NdisTapi - ok
21:10:16.0583 4804 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
21:10:16.0661 4804 Ndisuio - ok
21:10:16.0692 4804 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:10:16.0770 4804 NdisWan - ok
21:10:16.0817 4804 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
21:10:16.0879 4804 NDProxy - ok
21:10:16.0926 4804 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:10:17.0004 4804 NetBIOS - ok
21:10:17.0144 4804 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
21:10:17.0222 4804 NetBT - ok
21:10:17.0254 4804 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:10:17.0285 4804 nfrd960 - ok
21:10:17.0300 4804 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:10:17.0378 4804 Npfs - ok
21:10:17.0410 4804 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:10:17.0472 4804 nsiproxy - ok
21:10:17.0612 4804 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
21:10:17.0768 4804 Ntfs - ok
21:10:17.0846 4804 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:10:17.0940 4804 Null - ok
21:10:17.0971 4804 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
21:10:18.0002 4804 nvraid - ok
21:10:18.0049 4804 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
21:10:18.0080 4804 nvstor - ok
21:10:18.0112 4804 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
21:10:18.0143 4804 nv_agp - ok
21:10:18.0190 4804 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
21:10:18.0268 4804 ohci1394 - ok
21:10:18.0408 4804 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:10:18.0439 4804 Parport - ok
21:10:18.0455 4804 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
21:10:18.0486 4804 partmgr - ok
21:10:18.0517 4804 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
21:10:18.0533 4804 pci - ok
21:10:18.0548 4804 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
21:10:18.0564 4804 pciide - ok
21:10:18.0595 4804 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:10:18.0611 4804 pcmcia - ok
21:10:18.0642 4804 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:10:18.0658 4804 pcw - ok
21:10:18.0704 4804 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:10:18.0814 4804 PEAUTH - ok
21:10:18.0938 4804 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
21:10:19.0016 4804 PptpMiniport - ok
21:10:19.0048 4804 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:10:19.0110 4804 Processor - ok
21:10:19.0157 4804 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
21:10:19.0235 4804 Psched - ok
21:10:19.0266 4804 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
21:10:19.0297 4804 PxHlpa64 - ok
21:10:19.0375 4804 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:10:19.0484 4804 ql2300 - ok
21:10:19.0516 4804 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:10:19.0547 4804 ql40xx - ok
21:10:19.0578 4804 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:10:19.0640 4804 QWAVEdrv - ok
21:10:19.0656 4804 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:10:19.0734 4804 RasAcd - ok
21:10:19.0796 4804 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:10:19.0874 4804 RasAgileVpn - ok
21:10:19.0906 4804 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:10:19.0952 4804 Rasl2tp - ok
21:10:19.0999 4804 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:10:20.0077 4804 RasPppoe - ok
21:10:20.0186 4804 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:10:20.0264 4804 RasSstp - ok
21:10:20.0296 4804 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
21:10:20.0358 4804 rdbss - ok
21:10:20.0389 4804 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:10:20.0420 4804 rdpbus - ok
21:10:20.0436 4804 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:10:20.0514 4804 RDPCDD - ok
21:10:20.0561 4804 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:10:20.0639 4804 RDPENCDD - ok
21:10:20.0686 4804 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:10:20.0732 4804 RDPREFMP - ok
21:10:20.0764 4804 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
21:10:20.0826 4804 RDPWD - ok
21:10:20.0873 4804 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
21:10:20.0904 4804 rdyboost - ok
21:10:21.0029 4804 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:10:21.0107 4804 rspndr - ok
21:10:21.0154 4804 RSUSBSTOR (4a25dc970c58104602ed274dacafd784) C:\Windows\system32\Drivers\RtsUStor.sys
21:10:21.0200 4804 RSUSBSTOR - ok
21:10:21.0278 4804 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
21:10:21.0294 4804 sbp2port - ok
21:10:21.0325 4804 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
21:10:21.0403 4804 scfilter - ok
21:10:21.0528 4804 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:10:21.0622 4804 secdrv - ok
21:10:21.0668 4804 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:10:21.0700 4804 Serenum - ok
21:10:21.0715 4804 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:10:21.0762 4804 Serial - ok
21:10:21.0793 4804 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:10:21.0824 4804 sermouse - ok
21:10:21.0856 4804 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
21:10:21.0918 4804 sffdisk - ok
21:10:21.0918 4804 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
21:10:21.0965 4804 sffp_mmc - ok
21:10:21.0965 4804 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
21:10:21.0996 4804 sffp_sd - ok
21:10:22.0012 4804 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:10:22.0043 4804 sfloppy - ok
21:10:22.0136 4804 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:10:22.0168 4804 SiSRaid2 - ok
21:10:22.0199 4804 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:10:22.0230 4804 SiSRaid4 - ok
21:10:22.0246 4804 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:10:22.0339 4804 Smb - ok
21:10:22.0370 4804 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:10:22.0386 4804 spldr - ok
21:10:22.0464 4804 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
21:10:22.0542 4804 srv - ok
21:10:22.0651 4804 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
21:10:22.0729 4804 srv2 - ok
21:10:22.0838 4804 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
21:10:22.0901 4804 srvnet - ok
21:10:22.0994 4804 StarOpen - ok
21:10:23.0041 4804 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:10:23.0057 4804 stexstor - ok
21:10:23.0104 4804 STHDA (02e784fa49032f84964db90a3ed81890) C:\Windows\system32\DRIVERS\stwrt64.sys
21:10:23.0182 4804 STHDA - ok
21:10:23.0291 4804 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
21:10:23.0322 4804 swenum - ok
21:10:23.0416 4804 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
21:10:23.0556 4804 Tcpip - ok
21:10:23.0696 4804 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
21:10:23.0743 4804 TCPIP6 - ok
21:10:23.0852 4804 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
21:10:23.0930 4804 tcpipreg - ok
21:10:23.0962 4804 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:10:24.0008 4804 TDPIPE - ok
21:10:24.0024 4804 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
21:10:24.0086 4804 TDTCP - ok
21:10:24.0149 4804 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
21:10:24.0227 4804 tdx - ok
21:10:24.0305 4804 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
21:10:24.0336 4804 TermDD - ok
21:10:24.0367 4804 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:10:24.0430 4804 tssecsrv - ok
21:10:24.0523 4804 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
21:10:24.0601 4804 tunnel - ok
21:10:24.0632 4804 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:10:24.0664 4804 uagp35 - ok
21:10:24.0695 4804 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys
21:10:24.0773 4804 udfs - ok
21:10:24.0866 4804 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
21:10:24.0898 4804 uliagpkx - ok
21:10:24.0929 4804 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
21:10:24.0976 4804 umbus - ok
21:10:25.0007 4804 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:10:25.0069 4804 UmPass - ok
21:10:25.0163 4804 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
21:10:25.0241 4804 USBAAPL64 - ok
21:10:25.0272 4804 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\drivers\usbccgp.sys
21:10:25.0350 4804 usbccgp - ok
21:10:25.0381 4804 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
21:10:25.0428 4804 usbcir - ok
21:10:25.0522 4804 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\DRIVERS\usbehci.sys
21:10:25.0553 4804 usbehci - ok
21:10:25.0631 4804 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
21:10:25.0693 4804 usbhub - ok
21:10:25.0740 4804 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
21:10:25.0787 4804 usbohci - ok
21:10:25.0849 4804 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:10:25.0896 4804 usbprint - ok
21:10:25.0974 4804 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:10:26.0036 4804 USBSTOR - ok
21:10:26.0099 4804 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\DRIVERS\usbuhci.sys
21:10:26.0146 4804 usbuhci - ok
21:10:26.0192 4804 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
21:10:26.0224 4804 vdrvroot - ok
21:10:26.0255 4804 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:10:26.0286 4804 vga - ok
21:10:26.0317 4804 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:10:26.0395 4804 VgaSave - ok
21:10:26.0442 4804 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
21:10:26.0473 4804 vhdmp - ok
21:10:26.0489 4804 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
21:10:26.0504 4804 viaide - ok
21:10:26.0520 4804 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
21:10:26.0551 4804 volmgr - ok
21:10:26.0567 4804 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
21:10:26.0598 4804 volmgrx - ok
21:10:26.0614 4804 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
21:10:26.0645 4804 volsnap - ok
21:10:26.0660 4804 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:10:26.0692 4804 vsmraid - ok
21:10:26.0738 4804 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:10:26.0770 4804 vwifibus - ok
21:10:26.0801 4804 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:10:26.0863 4804 vwififlt - ok
21:10:26.0910 4804 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:10:26.0957 4804 WacomPen - ok
21:10:26.0988 4804 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
21:10:27.0066 4804 WANARP - ok
21:10:27.0066 4804 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
21:10:27.0097 4804 Wanarpv6 - ok
21:10:27.0222 4804 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:10:27.0238 4804 Wd - ok
21:10:27.0284 4804 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:10:27.0347 4804 Wdf01000 - ok
21:10:27.0378 4804 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:10:27.0409 4804 WfpLwf - ok
21:10:27.0456 4804 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
21:10:27.0487 4804 WimFltr - ok
21:10:27.0518 4804 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:10:27.0550 4804 WIMMount - ok
21:10:27.0643 4804 WinUsb (4d52c872018af7e18d078978dcc3f6f2) C:\Windows\system32\DRIVERS\WinUsb.sys
21:10:27.0721 4804 WinUsb - ok
21:10:27.0846 4804 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:10:27.0893 4804 WmiAcpi - ok
21:10:28.0018 4804 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:10:28.0096 4804 ws2ifsl - ok
21:10:28.0267 4804 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\Windows\system32\drivers\WudfPf.sys
21:10:28.0314 4804 WudfPf - ok
21:10:28.0439 4804 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:10:28.0486 4804 WUDFRd - ok
21:10:28.0579 4804 yukonw7 (79d9ce9614c955dd31aa2556b4014662) C:\Windows\system32\DRIVERS\yk62x64.sys
21:10:28.0626 4804 yukonw7 - ok
21:10:28.0657 4804 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:10:28.0751 4804 \Device\Harddisk0\DR0 - ok
21:10:28.0751 4804 Boot (0x1200) (e046e586dca1d3676f4e4c4c65941585) \Device\Harddisk0\DR0\Partition0
21:10:28.0766 4804 \Device\Harddisk0\DR0\Partition0 - ok
21:10:28.0798 4804 Boot (0x1200) (dee60f1d0cc5f6d446b2f63833a65db5) \Device\Harddisk0\DR0\Partition1
21:10:28.0798 4804 \Device\Harddisk0\DR0\Partition1 - ok
21:10:28.0798 4804 ============================================================
21:10:28.0798 4804 Scan finished
21:10:28.0798 4804 ============================================================
21:10:28.0829 3068 Detected object count: 0
21:10:28.0829 3068 Actual detected object count: 0



Liebe Grüsse

cosinus 20.12.2011 22:06
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

mig2900 21.12.2011 06:37
Wow, er hatte mehr als 1 Stunde für die Log Datei zu öffnen.

Hier ist sie:

Combofix Logfile:
Code:
ComboFix 11-12-20.04 - Aljoscha 20.12.2011  22:50:34.1.2 - x64
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.41.1031.18.3032.1774 [GMT 1:00]
ausgeführt von:: c:\users\Aljoscha\Desktop\Download.Internet\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Aljoscha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tool
c:\users\Aljoscha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tool\System Tool 2011.lnk
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-11-20 bis 2011-12-20  ))))))))))))))))))))))))))))))
.
.
2011-12-20 22:11 . 2011-12-20 22:11        69000        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{000511EA-D11E-4785-8373-DAAC9762B11D}\offreg.dll
2011-12-20 22:04 . 2011-12-20 22:04        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-12-19 18:14 . 2011-12-19 18:14        --------        d-----w-        c:\users\Aljoscha\AppData\Local\SanctionedMedia
2011-12-16 15:57 . 2011-11-21 11:40        8822856        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{000511EA-D11E-4785-8373-DAAC9762B11D}\mpengine.dll
2011-12-15 13:04 . 2011-11-24 05:00        3141632        ----a-w-        c:\windows\system32\win32k.sys
2011-12-15 13:04 . 2011-10-15 06:25        723456        ----a-w-        c:\windows\system32\EncDec.dll
2011-12-15 13:04 . 2011-10-15 05:48        534528        ----a-w-        c:\windows\SysWow64\EncDec.dll
2011-12-15 13:03 . 2011-11-05 05:17        2048        ----a-w-        c:\windows\system32\tzres.dll
2011-12-15 13:03 . 2011-11-05 04:30        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
2011-12-06 20:26 . 2011-12-06 20:26        414368        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-02 23:19 . 2011-12-02 23:19        --------        d-----w-        C:\_OTL
2011-12-01 15:48 . 2011-12-01 15:48        --------        d-----w-        c:\program files (x86)\ESET
2011-11-30 05:16 . 2011-11-30 05:16        --------        d-----w-        c:\program files\Recuva
2011-11-29 21:33 . 2011-11-29 21:33        --------        d-----w-        c:\users\Aljoscha\AppData\Roaming\Avira
2011-11-29 20:57 . 2011-11-29 22:21        --------        d-----w-        c:\programdata\McAfee Security Scan
2011-11-29 20:57 . 2011-12-02 23:12        --------        d-----w-        c:\program files (x86)\McAfee Security Scan
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-29 16:24 . 2011-11-09 16:14        1897328        ----a-w-        c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen"="c:\program files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe" [2010-10-14 487424]
"Regedit32"="c:\windows\system32\regedit.exe" [2009-07-14 398336]
"Smad"="c:\users\Aljoscha\AppData\Local\SanctionedMedia\Smad\Smad.exe" [2011-12-19 37376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-17 281768]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-02-15 1230704]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-01-07 585728]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-16 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-29 136360]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-12-18 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
2011-12-20 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-01-18 368640]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-07-02 3180624]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
mLocal Page =
IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 62.2.17.61 62.2.24.158 62.2.17.60
FF - ProfilePath - c:\users\Aljoscha\AppData\Roaming\Mozilla\Firefox\Profiles\0ozbl8j0.default\
FF - prefs.js: browser.startup.homepage - Startseite (NZZ Online, Neue Zürcher Zeitung)
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-DellSupportCenter - c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3546249737-3821523701-249999015-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3546249737-3821523701-249999015-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\LckFldService.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-12-20  23:41:30 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-12-20 22:41
.
Vor Suchlauf: 17 Verzeichnis(se), 126'362'079'232 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 126'013'595'648 Bytes frei
.
- - End Of File - - D198B0C8F53EA4E47857A873B081512D
--- --- ---

Schönen Tag !

cosinus 21.12.2011 10:12
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

mig2900 21.12.2011 20:01
Am Anfang hat sich der Laptop aufgehängt beim Scannen, als ich es ein zweites mal probierte hat es geklappt, hier das Logfile:

aswMBR version 0.9.9.1116 Copyright(c) 2011 AVAST Software
Run date: 2011-12-21 19:32:30
-----------------------------
19:32:30.122 OS Version: Windows x64 6.1.7600
19:32:30.122 Number of processors: 2 586 0x170A
19:32:30.122 ComputerName: ALJOSCHA-PC UserName: Aljoscha
19:32:31.464 Initialize success
19:32:40.044 AVAST engine defs: 11122101
19:32:57.796 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:32:57.796 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3
19:32:57.812 Disk 0 MBR read successfully
19:32:57.812 Disk 0 MBR scan
19:32:57.828 Disk 0 Windows 7 default MBR code
19:32:57.828 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
19:32:57.843 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
19:32:57.874 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 223434 MB offset 30801920
19:32:57.874 Service scanning
19:33:00.698 Modules scanning
19:33:00.698 Disk 0 trace - called modules:
19:33:00.729 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
19:33:00.729 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80031d0060]
19:33:00.745 3 CLASSPNP.SYS[fffff8800141743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8002e99050]
19:33:01.884 AVAST engine scan C:\Windows
19:33:08.841 AVAST engine scan C:\Windows\system32
19:36:10.079 AVAST engine scan C:\Windows\system32\drivers
19:36:20.718 AVAST engine scan C:\Users\Aljoscha
19:37:56.374 File: C:\Users\Aljoscha\AppData\Local\SanctionedMedia\Smad\Smad.exe **INFECTED** Win32:Dropper-gen [Drp]
19:53:10.926 AVAST engine scan C:\ProgramData
19:57:11.509 Scan finished successfully
19:57:45.991 Disk 0 MBR has been saved successfully to "C:\Users\Aljoscha\Desktop\MBR.dat"
19:57:45.998 The log file has been saved successfully to "C:\Users\Aljoscha\Desktop\aswMBR.txt"


Beste Grüsse & Danke

cosinus 21.12.2011 20:44
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":Files" muss mitkopiert werden!!!)

Code:
:Files
C:\Users\Aljoscha\AppData\Local\SanctionedMedia
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!


Mach danach auch ein neues Log mit aswMBR bitte

mig2900 21.12.2011 23:10
Hey, beide Logs gemacht, hier erst einmal den OTL Log:

All processes killed
========== FILES ==========
C:\Users\Aljoscha\AppData\Local\SanctionedMedia\Smad folder moved successfully.
C:\Users\Aljoscha\AppData\Local\SanctionedMedia folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Aljoscha
->Temp folder emptied: 49420876 bytes
->Temporary Internet Files folder emptied: 50187196 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 37233811 bytes
->Flash cache emptied: 456 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: TEMP
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4286 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 309643 bytes

Total Files Cleaned = 131,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 12212011_223041

Files\Folders moved on Reboot...
C:\Users\Aljoscha\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...



Und hier das aswMBR Log:

aswMBR version 0.9.9.1116 Copyright(c) 2011 AVAST Software
Run date: 2011-12-21 22:40:33
-----------------------------
22:40:33.989 OS Version: Windows x64 6.1.7600
22:40:33.989 Number of processors: 2 586 0x170A
22:40:33.989 ComputerName: ALJOSCHA-PC UserName: Aljoscha
22:40:34.940 Initialize success
22:42:20.935 AVAST engine defs: 11122102
22:42:31.387 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:42:31.402 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3
22:42:31.418 Disk 0 MBR read successfully
22:42:31.418 Disk 0 MBR scan
22:42:31.434 Disk 0 Windows 7 default MBR code
22:42:31.434 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
22:42:31.449 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
22:42:31.465 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 223434 MB offset 30801920
22:42:31.480 Service scanning
22:42:37.830 Modules scanning
22:42:37.830 Disk 0 trace - called modules:
22:42:37.845 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
22:42:37.861 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003300060]
22:42:37.861 3 CLASSPNP.SYS[fffff8800145143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8002e72050]
22:42:39.109 AVAST engine scan C:\Windows
22:42:44.725 AVAST engine scan C:\Windows\system32
22:45:23.201 AVAST engine scan C:\Windows\system32\drivers
22:45:35.135 AVAST engine scan C:\Users\Aljoscha
23:02:07.689 AVAST engine scan C:\ProgramData
23:06:01.003 Scan finished successfully
23:07:03.138 Disk 0 MBR has been saved successfully to "C:\Users\Aljoscha\Desktop\MBR.dat"
23:07:03.169 The log file has been saved successfully to "C:\Users\Aljoscha\Desktop\aswMBR.txt"
23:07:34.179 Disk 0 MBR has been saved successfully to "C:\Users\Aljoscha\Desktop\MBR.dat"
23:07:34.179 The log file has been saved successfully to "C:\Users\Aljoscha\Desktop\aswMBRs.txt"




Schönen Abend & Danke

cosinus 22.12.2011 09:18
Ich brauch den Quarantäneordner von OTL. Bitte folgendes machen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinflussen!
2.) Ordner MovedFiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten!

4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten



Mach danach zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


mig2900 26.12.2011 18:34
Hi, alles gemacht.

1. Upload war erfolgreich

2. Malwarebyteslog :

Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 911122601

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

26.12.2011 12:31:03
mbam-log-2011-12-26 (12-30-52).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 370860
Laufzeit: 1 Stunde(n), 7 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> Value: Regedit32 -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Smad (Trojan.Agent) -> Value: Smad -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Aljoscha\Desktop\download.internet\softonicdownloader_fuer_recuva.exe (PUP.BundleOffer.Downloader.S) -> No action taken.
c:\WINDOWS\System32\regedit.exe (Trojan.Agent) -> No action taken.





3. SuperAntiSpyware Log:

SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 12/26/2011 at 03:06 PM

Application Version : 5.0.1142

Core Rules Database Version : 8087
Trace Rules Database Version: 5899

Scan type : Complete Scan
Total Scan Time : 02:27:12

Operating System Information
Windows 7 Home Premium 64-bit (Build 6.01.7600)
UAC On - Limited User

Memory items scanned : 592
Memory threats detected : 0
Registry items scanned : 74143
Registry threats detected : 0
File items scanned : 186546
File threats detected : 363

Adware.Tracking Cookie
C:\Users\Aljoscha\AppData\Roaming\Microsoft\Windows\Cookies\aljoscha@adx.chip[1].txt [ /adx.chip ]
C:\Users\Aljoscha\AppData\Roaming\Microsoft\Windows\Cookies\aljoscha@apmebf[1].txt [ /apmebf ]
C:\Users\Aljoscha\AppData\Roaming\Microsoft\Windows\Cookies\aljoscha@imrworldwide[2].txt [ /imrworldwide ]
C:\Users\Aljoscha\AppData\Roaming\Microsoft\Windows\Cookies\aljoscha@microsoftxbox.112.2o7[1].txt [ /microsoftxbox.112.2o7 ]
C:\Users\Aljoscha\AppData\Roaming\Microsoft\Windows\Cookies\aljoscha@msnportal.112.2o7[1].txt [ /msnportal.112.2o7 ]
C:\Users\Aljoscha\AppData\Roaming\Microsoft\Windows\Cookies\aljoscha@smartadserver[2].txt [ /smartadserver ]
C:\Users\Aljoscha\AppData\Roaming\Microsoft\Windows\Cookies\aljoscha@tradedoubler[2].txt [ /tradedoubler ]
C:\Users\Aljoscha\AppData\Roaming\Microsoft\Windows\Cookies\R7VF8S0A.txt [ /atdmt.com ]
C:\Users\Aljoscha\AppData\Roaming\Microsoft\Windows\Cookies\1CPS6QJX.txt [ /bs.serving-sys.com ]
C:\Users\Aljoscha\AppData\Roaming\Microsoft\Windows\Cookies\U3KYLX5F.txt [ /adform.net ]
C:\Users\Aljoscha\AppData\Roaming\Microsoft\Windows\Cookies\2EJ86257.txt [ /serving-sys.com ]
C:\Users\Aljoscha\AppData\Roaming\Microsoft\Windows\Cookies\O5DHE8U4.txt [ /mediaplex.com ]
C:\Users\Aljoscha\AppData\Roaming\Microsoft\Windows\Cookies\C7ZK501I.txt [ /microsoftwllivemkt.112.2o7.net ]
C:\Users\Aljoscha\AppData\Roaming\Microsoft\Windows\Cookies\SJA9BRA0.txt [ /dfg-store.trymedia.com ]
C:\Users\Aljoscha\AppData\Roaming\Microsoft\Windows\Cookies\HEUXPX7T.txt [ /track.adform.net ]
C:\Users\Aljoscha\AppData\Roaming\Microsoft\Windows\Cookies\BV4CQGWC.txt [ /zedo.com ]
C:\Users\Aljoscha\AppData\Roaming\Microsoft\Windows\Cookies\HSY0LER6.txt [ /adfarm1.adition.com ]
C:\Users\Aljoscha\AppData\Roaming\Microsoft\Windows\Cookies\BKT6WX6Z.txt [ /doubleclick.net ]
C:\USERS\ALJOSCHA\AppData\Roaming\Microsoft\Windows\Cookies\GCNAUJQQ.txt [ Cookie:aljoscha@clkads.com/adServe/banners/ ]
C:\USERS\ALJOSCHA\AppData\Roaming\Microsoft\Windows\Cookies\TL0Q55OD.txt [ Cookie:aljoscha@clkads.com/adServe/banners ]
C:\USERS\ALJOSCHA\AppData\Roaming\Microsoft\Windows\Cookies\Low\2XINU9KR.txt [ Cookie:aljoscha@atdmt.com/ ]
C:\USERS\ALJOSCHA\AppData\Roaming\Microsoft\Windows\Cookies\Low\J5L22ENQ.txt [ Cookie:aljoscha@c.atdmt.com/ ]
C:\USERS\ALJOSCHA\AppData\Roaming\Microsoft\Windows\Cookies\Low\aljoscha@adtech[1].txt [ Cookie:aljoscha@adtech.de/ ]
C:\USERS\ALJOSCHA\AppData\Roaming\Microsoft\Windows\Cookies\Low\aljoscha@apmebf[1].txt [ Cookie:aljoscha@apmebf.com/ ]
C:\USERS\ALJOSCHA\AppData\Roaming\Microsoft\Windows\Cookies\Low\aljoscha@bs.serving-sys[2].txt [ Cookie:aljoscha@bs.serving-sys.com/ ]
C:\USERS\ALJOSCHA\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z5363GNW.txt [ Cookie:aljoscha@zanox.com/ ]
C:\USERS\ALJOSCHA\AppData\Roaming\Microsoft\Windows\Cookies\Low\5I91T512.txt [ Cookie:aljoscha@mediaplex.com/ ]
C:\USERS\ALJOSCHA\AppData\Roaming\Microsoft\Windows\Cookies\Low\5X8G2Y3R.txt [ Cookie:aljoscha@ww251.smartadserver.com/ ]
C:\USERS\ALJOSCHA\AppData\Roaming\Microsoft\Windows\Cookies\Low\aljoscha@msnportal.112.2o7[2].txt [ Cookie:aljoscha@msnportal.112.2o7.net/ ]
C:\USERS\ALJOSCHA\AppData\Roaming\Microsoft\Windows\Cookies\Low\4DYNF648.txt [ Cookie:aljoscha@ad2.adfarm1.adition.com/ ]
C:\USERS\ALJOSCHA\AppData\Roaming\Microsoft\Windows\Cookies\Low\DIHEI95T.txt [ Cookie:aljoscha@smartadserver.com/ ]
C:\USERS\ALJOSCHA\AppData\Roaming\Microsoft\Windows\Cookies\Low\2ME13G13.txt [ Cookie:aljoscha@adfarm1.adition.com/ ]
C:\USERS\ALJOSCHA\Cookies\R7VF8S0A.txt [ Cookie:aljoscha@atdmt.com/ ]
C:\USERS\ALJOSCHA\Cookies\GCNAUJQQ.txt [ Cookie:aljoscha@clkads.com/adServe/banners/ ]
C:\USERS\ALJOSCHA\Cookies\TL0Q55OD.txt [ Cookie:aljoscha@clkads.com/adServe/banners ]
C:\USERS\ALJOSCHA\Cookies\aljoscha@microsoftxbox.112.2o7[1].txt [ Cookie:aljoscha@microsoftxbox.112.2o7.net/ ]
C:\USERS\ALJOSCHA\Cookies\aljoscha@apmebf[1].txt [ Cookie:aljoscha@apmebf.com/ ]
C:\USERS\ALJOSCHA\Cookies\1CPS6QJX.txt [ Cookie:aljoscha@bs.serving-sys.com/ ]
C:\USERS\ALJOSCHA\Cookies\O5DHE8U4.txt [ Cookie:aljoscha@mediaplex.com/ ]
C:\USERS\ALJOSCHA\Cookies\C7ZK501I.txt [ Cookie:aljoscha@microsoftwllivemkt.112.2o7.net/ ]
C:\USERS\ALJOSCHA\Cookies\SJA9BRA0.txt [ Cookie:aljoscha@dfg-store.trymedia.com/ ]
C:\USERS\ALJOSCHA\Cookies\aljoscha@msnportal.112.2o7[1].txt [ Cookie:aljoscha@msnportal.112.2o7.net/ ]
C:\USERS\ALJOSCHA\Cookies\aljoscha@adx.chip[1].txt [ Cookie:aljoscha@adx.chip.de/ ]
C:\USERS\ALJOSCHA\Cookies\HEUXPX7T.txt [ Cookie:aljoscha@track.adform.net/ ]
C:\USERS\ALJOSCHA\Cookies\HSY0LER6.txt [ Cookie:aljoscha@adfarm1.adition.com/ ]
C:\USERS\ALJOSCHA\Cookies\aljoscha@smartadserver[2].txt [ Cookie:aljoscha@smartadserver.com/ ]
C:\USERS\ALJOSCHA\Cookies\aljoscha@imrworldwide[2].txt [ Cookie:aljoscha@imrworldwide.com/cgi-bin ]
C:\USERS\ALJOSCHA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALJOSCHA@DOUBLECLICK[1].TXT [ /DOUBLECLICK ]
C:\USERS\ALJOSCHA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALJOSCHA@ADS.AERO[1].TXT [ /ADS.AERO ]
C:\USERS\ALJOSCHA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALJOSCHA@SERVING-SYS[1].TXT [ /SERVING-SYS ]
.adtech.de [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.xiti.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.lucidmedia.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.traffictrack.de [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.msnportal.112.2o7.net [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.naiadsystems.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.naiadsystems.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
ads.crakmedia.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
track.webtrekk.de [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
statse.webtrendslive.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.view.atdmt.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.f2network.112.2o7.net [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.adserver.adtechus.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.adserver.local.ch [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.friendfinder.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
adserver.devaki.ch [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
adfarm1.adition.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.adviva.net [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
stats.zkb.ch [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
ad.dc2.adtech.de [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.chitika.net [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.4stats.de [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.adecn.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.traffictrack.de [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.aka-cdn-ns.adtech.de [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.tns-counter.ru [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.yadro.ru [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.mediafire.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.mediafire.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
ad2.adfarm1.adition.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.eyewonder.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
like.fakeaccount.net [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
optimize.indieclick.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
optimize.indieclick.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.uphighmedia.ch [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.uphighmedia.ch [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.ehg-ctseventimag.hitbox.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.hitbox.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
ad1.adfarm1.adition.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.lfstmedia.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
stat.onestat.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
stat.onestat.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.libri.112.2o7.net [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
:: Crazy Sex Taxi :: [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
:: Crazy Sex Taxi :: [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.trvlnet.adbureau.net [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.traveladvertising.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.a.revenuemax.de [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.traffictrack.de [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
adv.acces-porno-gratuit.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
ads.zeusclicks.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.adnetxchange.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
in.getclicky.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.estat.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.gemoneysch.112.2o7.net [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
webcount.feratel.at [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.ad.adnet.de [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
tracker.pegsanalytics.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.vinvest.122.2o7.net [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.girls-fight.maxxx.to [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
stats.take-back-the-net.org [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
ad3.adfarm1.adition.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.ads.quartermedia.de [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.ads.quartermedia.de [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.ads.quartermedia.de [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.ads.quartermedia.de [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.partypoker.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
tracking.hostgator.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
media.fordvehicles.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
media.fordvehicles.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.media.fordvehicles.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.conrad.122.2o7.net [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.fuckbookdating.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
Teen bumsen Pornos geile nackte Teenies Sex junge Schlampen Arsch ficken Videos [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.teensexyvirgins.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.ero-advertising.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
adultmovieshow.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.e-shopdiscount.net [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.ehg-researchinmotion.hitbox.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.ehg-researchinmotion.hitbox.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.ehg-swisscom.hitbox.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.swisscom.122.2o7.net [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
de.like.fakeaccount.net [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
de.like.fakeaccount.net [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
rotator.adjuggler.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
rotator.adjuggler.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
adsrv.admediate.net [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
adsrv.admediate.net [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.xpornz.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.mofosex.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.porn101.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.adxpansion.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
ad.adition.net [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
ad.adition.net [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.kontera.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.clubseventeen.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
ads.ventivmedia.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.vip.clickzs.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.vip.clickzs.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.youporn.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.youporn.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
ads.youporn.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
ad.youporn.videobox.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.youporn.videobox.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.sexlist.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.lovefuckk.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
Petite 18-19 year old teenies [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.teensexmania.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.teensexmania.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.teensexmania.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.teensexmania.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.teensexmania.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
youngpornmovies.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.youngpornmovies.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
ads.weownthetraffic.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
Free YOUNG PORN VIDEOS - XXX Teen Porn, Young Sex Movies, & Teen Clips [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.junkieporn.net [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.emopornsluts.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
theemoporn.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.theemoporn.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.realgfsexposed.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.secure.realgfsexposed.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.porngreat.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
Porno Top 100 Sextopliste - Pornotopliste [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
losporno.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
SEXGOESMOBILE.COM - MAKE PROFIT WITH MOBILE EROTIC SERVICES [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
Kostenlose Pornofilme Täglich Neu und Unzensiert auf vagosex.com (gratis pornos sexo porno clips gratis ) [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
2009.untreueteens.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
2009.untreueteens.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
2009.untreueteens.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
2009.untreueteens.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
2009.untreueteens.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
2009.untreueteens.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
2009.untreueteens.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.untreueteens.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
2009.untreueteens.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
2009.untreueteens.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
2009.untreueteens.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.2009.untreueteens.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
www.elitepvpers.de [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
www.elitepvpers.de [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
www.elitepvpers.de [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.elitepvpers.de [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
adserver.mmoga.de [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.elitepvpers.de [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.rsswarez.org [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.hot-porn-ddl.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.trafficrevenue.net [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
stat.onestat.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
banner.testberichte.de [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
www.zanox-affiliate.de [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
stats.manor.ch [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
stat.mybottle24.de [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
ads5.wwe.biz [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.pornhub.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.pornhub.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.pornhub.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.partypoker.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.enter.pornhubpremium.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.enter.pornhubpremium.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.pornhubpremium.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.extrait-sexe.net [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.extrait-sexe.net [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.sexeautop.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.sexeautop.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.finder-x.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.finder-x.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
Teen Jill - Teen Porn Tube - Porno Tube - Free Teen Tube [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
Teen Jill - Teen Porn Tube - Porno Tube - Free Teen Tube [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
Teen Jill - Teen Porn Tube - Porno Tube - Free Teen Tube [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
Teen Jill - Teen Porn Tube - Porno Tube - Free Teen Tube [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
Teen Jill - Teen Porn Tube - Porno Tube - Free Teen Tube [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
Teen Jill - Teen Porn Tube - Porno Tube - Free Teen Tube [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.pornoxo.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.pornoxo.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
mynakedtube.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.sexnews.ch [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.sexnews.ch [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.media.acces-charme.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.media.acces-charme.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.monde-du-porno.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.monde-du-porno.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.matures-xxx.net [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.matures-xxx.net [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.beurette-sexe.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.beurette-sexe.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
freshsextv.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
freshsextv.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.freshsextv.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.freshsextv.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.hardsextube.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
adserver.hardsextube.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.hardsextube.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.hardsextube.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.facebookofsex.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.facebookofsex.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.hdporn.net [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.hdporn.net [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.originalpornmovies.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.originalpornmovies.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
ad4.adfarm1.adition.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.moviepilot.de [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.moviepilot.de [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
Interdiscount.ch [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.himedia.individuad.net [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
fl01.ct2.comclick.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
fl01.ct2.comclick.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.ad.adnet.de [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.overture.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.overture.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.efeducationfirst.112.2o7.net [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
fidelity.rotator.hadj7.adjuggler.net [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
fidelity.rotator.hadj7.adjuggler.net [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.yieldmanager.net [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
eas4.emediate.eu [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.d2.zedo.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]
.bs.serving-sys.com [ C:\USERS\ALJOSCHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0OZBL8J0.DEFAULT\COOKIES.SQLITE ]

PotentiallyUnwanted.SoftonicDownloader
C:\USERS\ALJOSCHA\DESKTOP\DOWNLOAD.INTERNET\SOFTONICDOWNLOADER_FUER_RECUVA.EXE


4. Eset Log:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c48c78bbd5d76f409942bb6bd0357dd3
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-01 07:55:16
# local_time=2011-12-01 08:55:16 (+0100, Mitteleuropäische Zeit)
# country="Switzerland"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1797 16775165 100 94 448560 59291681 503451 0
# compatibility_mode=5893 16776573 100 94 4275 75160496 0 0
# compatibility_mode=8192 67108863 100 0 3931 3931 0 0
# scanned=236313
# found=16
# cleaned=0
# scan_time=14491
C:\$RECYCLE.BIN\S-1-5-21-3546249737-3821523701-249999015-1000\$R37CTPO.Internet\Tecktonik_Track a variant of Win32/Hoax.ArchSMS.MC application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Aljoscha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SWMJWI4I\calc[1].exe a variant of Win32/Kryptik.WIP trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Aljoscha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XSSG9DV8\contacts[1].exe a variant of Win32/Kryptik.WIZ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Aljoscha\AppData\Local\Temp\52E4.tmp a variant of Win32/Kryptik.WBP trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Aljoscha\AppData\Local\Temp\8192.tmp a variant of Win32/Kryptik.WBP trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Aljoscha\AppData\Local\Temp\googleupdate.exe a variant of Win32/Kryptik.WBP trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Aljoscha\AppData\Local\Temp\pKKIZVI0oTb7qc.exe.tmp a variant of Win32/Kryptik.WIP trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Aljoscha\AppData\Local\Temp\POS399F.tmp a variant of Win32/Kryptik.WIV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Aljoscha\AppData\Local\Temp\POS3CDB.tmp a variant of Win32/Kryptik.WKL trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Aljoscha\AppData\Local\Temp\y2IovIcJWgkIJI.exe.tmp a variant of Win32/Kryptik.WIP trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Aljoscha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\7be8bedd-49b0d913 a variant of Win32/Kryptik.WIZ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Aljoscha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\6ee196e5-2c4f2baf multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Users\Aljoscha\Desktop\Download.Internet\SoftonicDownloader_fuer_recuva.exe Win32/SoftonicDownloader application (unable to clean) 00000000000000000000000000000000 I
E:\ALJOSCHA-PC\Backup Set 2011-06-12 190000\Backup Files 2011-06-12 190000\Backup files 7.zip multiple threats (unable to clean) 00000000000000000000000000000000 I
E:\Backup Aljoscha PC-1\Backup 2011\Download.Internet\SoftonicDownloader_fuer_recuva.exe Win32/SoftonicDownloader application (unable to clean) 00000000000000000000000000000000 I
E:\Download.Internet\Tecktonik_Track a variant of Win32/Hoax.ArchSMS.MC application (unable to clean) 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c48c78bbd5d76f409942bb6bd0357dd3
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-26 05:05:24
# local_time=2011-12-26 06:05:24 (+0100, Mitteleuropäische Zeit)
# country="Switzerland"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1797 16775165 100 94 587048 61447235 7749 0
# compatibility_mode=5893 16776573 100 94 111650 77316050 0 0
# compatibility_mode=8192 67108863 100 0 2159485 2159485 0 0
# scanned=200189
# found=2
# cleaned=0
# scan_time=8745
C:\$RECYCLE.BIN\S-1-5-21-3546249737-3821523701-249999015-1000\$RNUQ3IK.rar a variant of MSIL/Adware.SanctionedMedia.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Aljoscha\Desktop\Download.Internet\SoftonicDownloader_fuer_recuva.exe Win32/SoftonicDownloader application (unable to clean) 00000000000000000000000000000000 I



P.S: Hätte ich die gefundenen Objekte via Malwarebytes löschen sollen?


Mit Besten Grüssen

Mig2900

cosinus 26.12.2011 19:26
Zitat:
P.S: Hätte ich die gefundenen Objekte via Malwarebytes löschen sollen?
Ja, die Funde von Malwarebytes sollten immer gelöscht werden...

mig2900 26.12.2011 20:10
Ok sind gelöscht. Wie muss ich weiterfahren?

mig2900 26.12.2011 20:57
Zitat:
Zitat von mig2900 (Beitrag 741727)
Ok sind gelöscht. Wie muss ich weiterfahren?
Ich wollte nurnoch kurz eine Bemerkung hinzufügen:

Also ich bin nicht pädophil oder sowas inder art falls du die Logs etwas genauer angeschaut hast -.- Sieht selbst für mich etwas komisch aus "Teen-sex" etc.. nur damit dus weisst :P

cosinus 26.12.2011 20:57
Log dazu posten...

mig2900 26.12.2011 21:00
ich hab jetzt doch schon alle Logs gepostet, 2 Kommentare weiter oben.. ich respektiere deine Arbeit wirklich hier und weiss das zu schätzen aber du kannst mir auch gerne genauere Angaben machen was du brauchst.

Danke

cosinus 26.12.2011 21:07
Zitat:
aber du kannst mir auch gerne genauere Angaben machen was du brauchst.
Was meinst du wohl worauf sich das bezieht?! :balla:
Natürlich ging es um das Log von Malwarebytes oder sprach ich von einem anderen Tool? => Kontext beachten

mig2900 27.12.2011 10:26
Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 911122601

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

27.12.2011 10:21:09
mbam-log-2011-12-27 (10-21-09).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 368521
Laufzeit: 1 Stunde(n), 4 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> Value: Regedit32 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Smad (Trojan.Agent) -> Value: Smad -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Aljoscha\Desktop\download.internet\softonicdownloader_fuer_recuva.exe (PUP.BundleOffer.Downloader.S) -> Not selected for removal.
c:\WINDOWS\System32\regedit.exe (Trojan.Agent) -> Quarantined and deleted successfully.

cosinus 27.12.2011 16:49
Bitte nicht falsch verstehen, aber irgendwie hab ich den Eindruck es ist ein Volkssport geworden sich sämtlichen Kram von Softonic zu laden. Da ist immer irgendein Müll wie Toolbars oder der sinnlose Softonic Downloader drin. Warum lädst du die Software nicht von der Seite des Herstellers oder notfalls bei chip.de?

mig2900 27.12.2011 19:08
Bitte nicht falsch verstehen, aber was ist Softonic Downloader? ^^ ich weiss echt nicht was das für ein programm ist und wieso es überhaupt auf meinem rechner ist.

Ich lade via torrent oder filestube, rapidshare etc.. habe sowieso aufgehört seit ich den virus gehabt habe noch irgendwas ausser von musik von youtube zu laden..

cosinus 28.12.2011 03:23
Softonic ist eine in meinen Augen unseriöse Downloadplattform. Du bekommst da alles mögliche an Programmen zum Download, die aber bei Softonic mit irgendeinem Müll wie zB Toolbars bestückt sind.

Zitat:
Ich lade via torrent oder filestube, rapidshare etc..
Interessant, was lädst du denn da so? http://cheesebuerger.de/images/midi/froehlich/a048.gif

mig2900 28.12.2011 10:57
Wieso interessiert dich das eigentlich? Können wir nicht mit der Virenbekämpfung fortfahren? Schliesslich habe nicht ich den Virus programmiert...

p.s: falls es dich wirklich so interessiert: ich lade dort musik, pornos kann man auch im internet schauen... zufrieden?

cosinus 28.12.2011 17:02
Zitat:
Wieso interessiert dich das eigentlich? Können wir nicht mit der Virenbekämpfung fortfahren? Schliesslich habe nicht ich den Virus programmiert...
Weil viele dort für lauf ihre coolen gecrackten Programme und Spiele beziehen und sich dann wundern dass es auf vorbei ist mit einem funktionierenden Rechner... :pfeiff:

mig2900 28.12.2011 23:12
Ne ich bin nicht irgend ein nerd der spiele runterlädt, wenn ich n game will, gehe ich mir eins kaufen;-) ist die virenbekämpfung jetzt fertig?

cosinus 29.12.2011 00:01
Edit: Sofern du keine Probleme mehr hast,
Rechner wieder im Lot?

mig2900 29.12.2011 00:27
Ja der Rechner scheint sich prächtig erholt zu haben ;-)

Da hätte ich noch ne ganz kleine Frage nebenbei, falls zu etwas davon verstehst:

Seit ich den Laptop bekommen habe, funktioniert bei c.a jedem 50. Start das Mauspad nicht mehr, das heisst es zeigt keine Reaktion auf Berührungen etc, wenn ich ne Maus dranhänge gehts. Weisst du woran das liegen könnte?

Laptop: Dell, Inspiron 1545, jg. 2010

Ansonsten möchte ich mich wirklich ganz herzlich bedanken für deine grosszügige Hilfe und die Geduld, ich weiss deine und die Arbeit der anderen Autoren hier im Forum wirklich zu schätzen!

Danke!

Beste Grüsse und bereits jetzt ein schönes neues Jahr

cosinus 29.12.2011 00:42
Bei jedem 50. Start? :wtf: Sry das weiß ich nicht, ich würde mal nach einem neuen Treiber suchen. Ich bin eh ein Touchpad-Feind weil Touchpads imho indusktutabel unergomisch sind. Ich mag die nicht :nixda: und benutze immer eine USB-Maus auch am Notebook.

Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt.
Malwarebytes zu behalten ist kein Fehler. Kannst ja 1x im Monat damit scannen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:

Adobe - Andere Version des Adobe Flash Player installieren

Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 14:45 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131