Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Avira meldet EXP/JAVA.Ternub.Gen - Yahoo Account verschickt Spam (https://www.trojaner-board.de/115403-avira-meldet-exp-java-ternub-gen-yahoo-account-verschickt-spam.html)

Ruppi 19.05.2012 08:22
Avira meldet EXP/JAVA.Ternub.Gen - Yahoo Account verschickt Spam
 
Hallo,
bei einem vollständigen Suchlauf meldet Avira AntiVir (Version 10.2.0.707) folgenden Fund:

Enthält Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen

Habe diese dann in Quarantäne verschoben

Mir war zuvor aufgefallen, dass mein Yahoo Mail Account Spam verschickt hat. Habe dann mein Kennwort geändert. Kurze Zeit später wurde aber schon wieder Spam von dort verschickt.

Nun habe ich noch einen Vollscan mit zuvor aktualisiertem Malewarebytes gemacht: kein Fund!

Rechner scheint sich wieder normal zu verhalten.

Muß ich noch was machen?

Danke für jeden Tip!


Hier der Scan von Malewarebytes:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.18.09

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Michael :: MICHAEL-PC [Administrator]

19.05.2012 04:33:07
mbam-log-2012-05-19 (04-33-07).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 419545
Laufzeit: 1 Stunde(n), 19 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


------

Anbei noch der Scan von Avira, bei dem zuvor der Exploit entdeckt wurde:



Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Freitag, 18. Mai 2012 23:15

Es wird nach 3716013 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows Vista
Windowsversion : (Service Pack 2) [6.0.6002]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : MICHAEL-PC

Versionsinformationen:
BUILD.DAT : 10.2.0.707 36070 Bytes 25.01.2012 12:53:00
AVSCAN.EXE : 10.3.0.7 484008 Bytes 14.07.2011 09:44:50
AVSCAN.DLL : 10.0.5.0 57192 Bytes 14.07.2011 09:44:50
LUKE.DLL : 10.3.0.5 45416 Bytes 14.07.2011 09:44:54
LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 10:59:48
AVSCPLR.DLL : 10.3.0.7 119656 Bytes 14.07.2011 09:44:54
AVREG.DLL : 10.3.0.9 88833 Bytes 14.07.2011 09:44:54
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 10:46:59
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 10:55:18
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 13:51:43
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 11:46:14
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 20:09:22
VBASE005.VDF : 7.11.29.136 2166272 Bytes 10.05.2012 19:32:01
VBASE006.VDF : 7.11.29.137 2048 Bytes 10.05.2012 19:32:01
VBASE007.VDF : 7.11.29.138 2048 Bytes 10.05.2012 19:32:01
VBASE008.VDF : 7.11.29.139 2048 Bytes 10.05.2012 19:32:01
VBASE009.VDF : 7.11.29.140 2048 Bytes 10.05.2012 19:32:01
VBASE010.VDF : 7.11.29.141 2048 Bytes 10.05.2012 19:32:01
VBASE011.VDF : 7.11.29.142 2048 Bytes 10.05.2012 19:32:01
VBASE012.VDF : 7.11.29.143 2048 Bytes 10.05.2012 19:32:01
VBASE013.VDF : 7.11.29.144 2048 Bytes 10.05.2012 19:32:01
VBASE014.VDF : 7.11.30.3 198144 Bytes 14.05.2012 14:43:17
VBASE015.VDF : 7.11.30.69 186368 Bytes 17.05.2012 21:15:30
VBASE016.VDF : 7.11.30.70 2048 Bytes 17.05.2012 21:15:30
VBASE017.VDF : 7.11.30.71 2048 Bytes 17.05.2012 21:15:30
VBASE018.VDF : 7.11.30.72 2048 Bytes 17.05.2012 21:15:30
VBASE019.VDF : 7.11.30.73 2048 Bytes 17.05.2012 21:15:30
VBASE020.VDF : 7.11.30.74 2048 Bytes 17.05.2012 21:15:30
VBASE021.VDF : 7.11.30.75 2048 Bytes 17.05.2012 21:15:30
VBASE022.VDF : 7.11.30.76 2048 Bytes 17.05.2012 21:15:30
VBASE023.VDF : 7.11.30.77 2048 Bytes 17.05.2012 21:15:30
VBASE024.VDF : 7.11.30.78 2048 Bytes 17.05.2012 21:15:30
VBASE025.VDF : 7.11.30.79 2048 Bytes 17.05.2012 21:15:30
VBASE026.VDF : 7.11.30.80 2048 Bytes 17.05.2012 21:15:30
VBASE027.VDF : 7.11.30.81 2048 Bytes 17.05.2012 21:15:30
VBASE028.VDF : 7.11.30.82 2048 Bytes 17.05.2012 21:15:30
VBASE029.VDF : 7.11.30.83 2048 Bytes 17.05.2012 21:15:30
VBASE030.VDF : 7.11.30.84 2048 Bytes 17.05.2012 21:15:30
VBASE031.VDF : 7.11.30.120 109056 Bytes 18.05.2012 21:15:30
Engineversion : 8.2.10.68
AEVDF.DLL : 8.1.2.2 106868 Bytes 27.10.2011 20:11:56
AESCRIPT.DLL : 8.1.4.19 455034 Bytes 12.05.2012 19:32:04
AESCN.DLL : 8.1.8.2 131444 Bytes 27.01.2012 10:46:45
AESBX.DLL : 8.2.5.5 606579 Bytes 13.03.2012 10:12:02
AERDL.DLL : 8.1.9.15 639348 Bytes 12.09.2011 09:29:52
AEPACK.DLL : 8.2.16.13 807287 Bytes 12.05.2012 19:32:04
AEOFFICE.DLL : 8.1.2.28 201082 Bytes 28.04.2012 20:45:03
AEHEUR.DLL : 8.1.4.28 4800886 Bytes 18.05.2012 21:15:31
AEHELP.DLL : 8.1.21.0 254326 Bytes 12.05.2012 19:32:03
AEGEN.DLL : 8.1.5.28 422260 Bytes 28.04.2012 20:45:02
AEEXP.DLL : 8.1.0.40 82292 Bytes 18.05.2012 21:15:31
AEEMU.DLL : 8.1.3.0 393589 Bytes 25.11.2010 10:00:31
AECORE.DLL : 8.1.25.6 201078 Bytes 16.03.2012 11:45:27
AEBB.DLL : 8.1.1.0 53618 Bytes 10.09.2010 18:48:35
AVWINLL.DLL : 10.0.0.0 19304 Bytes 14.01.2010 10:59:12
AVPREF.DLL : 10.0.3.2 44904 Bytes 14.07.2011 09:44:50
AVREP.DLL : 10.0.0.10 174120 Bytes 19.05.2011 08:05:30
AVARKT.DLL : 10.0.26.1 255336 Bytes 14.07.2011 09:44:48
AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 14.07.2011 09:44:49
SQLITE3.DLL : 3.6.19.0 355688 Bytes 28.01.2010 11:57:54
AVSMTP.DLL : 10.0.0.17 63848 Bytes 16.03.2010 14:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 19.02.2010 13:40:56
RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 14.07.2011 09:44:44
RCTEXT.DLL : 10.0.64.0 98664 Bytes 14.07.2011 09:44:44

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Freitag, 18. Mai 2012 23:15

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'iexplore.exe' - '124' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashUtil32_11_2_202_235_ActiveX.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'CCC.exe' - '190' Modul(e) wurden durchsucht
Durchsuche Prozess 'MOM.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '131' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '9' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'MSCamS32.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '94' Modul(e) wurden durchsucht
Durchsuche Prozess 'atieclxx.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '91' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'SLsvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '144' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '100' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'atiesrxx.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD1
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD2
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD3
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD4
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD5
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '598' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <System>
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\494389eb-3bc23395
[0] Archivtyp: ZIP
--> Sony.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen
Beginne mit der Suche in 'D:\' <DATA>

Beginne mit der Desinfektion:
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\494389eb-3bc23395
[FUND] Enthält Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '49ff5ac4.qua' verschoben!


Ende des Suchlaufs: Samstag, 19. Mai 2012 03:43
Benötigte Zeit: 1:32:49 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

26880 Verzeichnisse wurden überprüft
409967 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
409966 Dateien ohne Befall
4506 Archive wurden durchsucht
0 Warnungen
1 Hinweise
685650 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden

Der Klarkeit halber sollte ich vielleicht noch dazu sagen, dass der Avira Report von dem Zeitpunkt stammt, wo der Exploit gefunden wurde.
Dann wurde er in Quarantäne verschoben.
Danach habe ich den Malewarebites Scan gemacht.

Ich hoffe, so ist es besser verständlich.

cosinus 21.05.2012 12:13
Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

Ruppi 21.05.2012 15:26
Also erst mal vien herzlichen Dank für Deine Antwort!
Gerne poste ich den letzten scan mit Malewarebytes, der ist allerdings leider schon ewig her:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4404

Windows 6.0.6000
Internet Explorer 7.0.6000.17037

07.08.2010 22:23:41
mbam-log-2010-08-07 (22-23-41).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 261187
Laufzeit: 44 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus 21.05.2012 15:34
Hat MBAM nie was gefunden?

Ruppi 21.05.2012 16:58
Nein, kein Fund mit Malewarebytes, wahrscheinlich weil Avira vorher schon aufgeräumt hat.

cosinus 21.05.2012 18:37
Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Ruppi 21.05.2012 23:46
Hallo,

da stand dann nur folgendes:
Code:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
Darüber hinaus war ESET folgenden 8 Dateien gegenüber skeptisch:
Code:
C:\Program Files\Application Updater\ApplicationUpdater.exe        probably a variant of Win32/Toolbar.Widgi application
C:\Program Files\pdfforge Toolbar\SearchSettings.dll        Win32/Toolbar.Widgi application
C:\Program Files\pdfforge Toolbar\SearchSettings.exe        Win32/Toolbar.Widgi application
C:\Program Files\pdfforge Toolbar\SearchSettingsRes409.dll        Win32/Toolbar.Widgi application
C:\Program Files\pdfforge Toolbar\WidgiHelper.exe        Win32/Toolbar.Widgi application
C:\Program Files\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll        probably a variant of Win32/Toolbar.Widgi application
C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll        probably a variant of Win32/Toolbar.Widgi application
C:\Users\Michael\Setup_FreeVideoConverter.exe        Win32/Toolbar.Widgi application

cosinus 22.05.2012 12:39
Ist nur Toolbar-Müll aber keine Malware

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Ruppi 22.05.2012 12:55
Zitat:
Zitat von cosinus (Beitrag 831956)
Ist nur Toolbar-Müll aber keine Malware

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus uneingeschränkt?
Soweit ich das mit meinen bescheidenen Fähigkeiten feststellen kann, ja.

Zitat:
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
Da ist soweit alles drin. Der einzige leere Ordner ist der "Autostart"

cosinus 22.05.2012 13:21
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Ruppi 22.05.2012 16:15
Vielen Dank!
Anbei das OTL file:

OTL Logfile:
Code:
OTL logfile created on: 22.05.2012 16:45:58 - Run 3
OTL by OldTimer - Version 3.2.43.1    Folder = C:\Users\Michael
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,29 Gb Available Physical Memory | 64,43% Memory free
4,24 Gb Paging File | 3,15 Gb Available in Paging File | 74,29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 303,35 Gb Total Space | 125,07 Gb Free Space | 41,23% Space Free | Partition Type: NTFS
Drive D: | 150,69 Gb Total Space | 150,60 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
 
Computer Name: MICHAEL-PC | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Michael\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Windows\System32\ZSTATUS.EXE (Zenographics)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\ef684a2ee2f7276eec3973a0654d2bd4\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e4d54640bacd18e047a4573cb4611bd3\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5d8696f15e49aedf883dd945806a7049\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Windows\System32\atitmpxx.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (TestHandler) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\Michael\AppData\Local\Temp\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek                                            )
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvrd32) -- C:\Windows\System32\drivers\nvrd32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (JRAID) -- C:\Windows\System32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (VX1000) -- C:\Windows\System32\drivers\VX1000.sys (Microsoft Corporation)
DRV - (ElbyCDFL) -- C:\Windows\System32\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (ElbyDelay) -- C:\Windows\System32\drivers\ElbyDelay.sys (Elaborate Bytes AG)
DRV - (PID_0928) Logitech QuickCam Express(PID_0928) -- C:\Windows\System32\drivers\LV561AV.SYS (Logitech Inc.)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.n-tv.de/
IE - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B6 99 3E AB BD AD CC 01  [binary data]
IE - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\..\SearchScopes,DefaultScope = {57DCD1D0-1FE6-451D-8C1C-2F5A2D0BBF30}
IE - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\..\SearchScopes\{16E302D2-038D-4FCF-A19E-0C049AA00C59}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=867034&p={searchTerms}
IE - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\..\SearchScopes\{57DCD1D0-1FE6-451D-8C1C-2F5A2D0BBF30}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = www-proxy.t-online.de:80
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4
FF - prefs.js..keyword.URL: "hxxp://search.yahoo.com/search?ei=UTF-8&fr=vmn&type=vdio5&p="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@innoplus.de/ino3DViewer: C:\Program Files\innoplus\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.01.18 03:03:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.01.18 03:03:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.19 04:20:42 | 000,000,000 | ---D | M]
 
[2009.06.11 12:09:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\mozilla\Extensions
[2012.05.17 17:35:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\uhvu7q81.default\extensions
[2010.01.09 12:51:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\uhvu7q81.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.05.17 17:35:22 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\uhvu7q81.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.05.19 03:58:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.08.16 11:07:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.12 23:31:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.18 13:38:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.19 18:09:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.17 22:39:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012.05.19 03:58:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
[2008.11.03 01:25:00 | 000,000,000 | ---D | M] (Search Settings Plugin) -- C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com
[2009.06.11 12:08:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2011.01.18 03:03:03 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2009.06.11 12:08:56 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2009.06.11 12:08:56 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2009.06.11 12:08:56 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2009.06.11 12:08:56 | 000,000,986 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2009.06.11 12:08:56 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.08.02 01:16:56 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Reg Error: Value error.) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\..\Toolbar\WebBrowser: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube Download - C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O15 - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\..Trusted Domains: comdirect.de ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\..Trusted Domains: comdirect.de ([brokerage] https in Trusted sites)
O15 - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\..Trusted Domains: luderworld.de ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\..Trusted Domains: salsa-munich.de ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\..Trusted Domains: vcn-online.de ([www] http in Trusted sites)
O16 - DPF: {0F7A9297-7268-11D1-B81A-00A076C01B0A} hxxp://www.cartesianinc.com/Exec/CpcViewAX/CpcViewAX.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A21D5781-2D3B-4B48-8C3F-A4944A5F8470}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA2906CF-BD49-4D04-ADB1-B42889BB7389}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^Users^Michael^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^E-Mail - Verknüpfung.lnk -  - File not found
MsConfig - StartUpFolder: C:^Users^Michael^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Internet - Verknüpfung.lnk -  - File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: CanonSolutionMenu - hkey= - key= - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
MsConfig - StartUpReg: CloneCDTray - hkey= - key= - C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
MsConfig - StartUpReg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
MsConfig - StartUpReg: SearchSettings - hkey= - key= - C:\Program Files\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.)
MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
MsConfig - StartUpReg: Skytel - hkey= - key= - C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: VX1000 - hkey= - key= - C:\Windows\vVX1000.exe (Microsoft Corporation)
MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2
MsConfig - State: "bootini" - 2
 
SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.iv31 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation)
Drivers32: vidc.iv32 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation)
Drivers32: vidc.iv41 - C:\Windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\Windows\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.22 16:42:01 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Michael\OTL.exe
[2012.05.22 11:10:53 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2012.05.21 21:43:23 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.05.19 04:27:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.19 04:27:05 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.05.19 04:20:04 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.05.19 04:19:49 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.05.17 17:35:21 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.05.17 17:35:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2012.05.17 17:35:14 | 002,557,952 | ---- | C] (Nokia Corporation and/or its subsidiary(-ies)) -- C:\Windows\System32\QtCore4.dll
[2012.05.17 17:35:09 | 000,405,176 | ---- | C] (Newtonsoft) -- C:\Windows\System32\Newtonsoft.Json.Net20.dll
[2012.05.17 17:35:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2012.05.17 17:35:04 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2012.05.17 17:33:56 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\DVDVideoSoft
[2012.05.09 14:09:32 | 000,894,976 | ---- | C] (Tara Group, Inc.) -- C:\Users\Michael\cdsExplorer.exe
[9 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.22 16:42:01 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\OTL.exe
[2012.05.22 15:51:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.22 15:06:05 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.22 15:06:05 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.22 11:08:03 | 000,176,582 | ---- | M] () -- C:\Users\Michael\Documents\Rechnung_2026337432_402788102_22052012.pdf
[2012.05.22 11:06:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.19 04:27:07 | 000,000,872 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.05.19 04:20:42 | 000,001,853 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012.05.17 23:07:22 | 000,000,099 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\default.pls
[2012.05.17 17:35:16 | 000,000,998 | ---- | M] () -- C:\Users\Michael\Desktop\DVDVideoSoft Free Studio.lnk
[2012.05.17 17:35:15 | 000,001,061 | ---- | M] () -- C:\Users\Michael\Desktop\Free YouTube Download.lnk
[2012.05.11 11:58:31 | 000,270,736 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.05.11 10:40:01 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.05.11 10:40:01 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.11 10:40:01 | 000,126,054 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.05.11 10:40:01 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.09 14:09:32 | 000,894,976 | ---- | M] (Tara Group, Inc.) -- C:\Users\Michael\cdsExplorer.exe
[2012.04.23 18:06:01 | 000,002,032 | ---- | M] () -- C:\Users\Michael\AppData\Local\d3d9caps.dat
[9 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.05.22 11:08:03 | 000,176,582 | ---- | C] () -- C:\Users\Michael\Documents\Rechnung_2026337432_402788102_22052012.pdf
[2012.05.19 04:27:07 | 000,000,872 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.05.19 04:20:11 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012.05.19 04:20:11 | 000,001,853 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012.05.17 17:35:16 | 000,000,998 | ---- | C] () -- C:\Users\Michael\Desktop\DVDVideoSoft Free Studio.lnk
[2012.05.17 17:35:15 | 000,001,061 | ---- | C] () -- C:\Users\Michael\Desktop\Free YouTube Download.lnk
[2011.05.10 21:28:47 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.05.10 21:24:27 | 000,002,137 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010.08.25 13:39:46 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.08.16 02:42:21 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.08.16 02:40:44 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.08.16 02:40:44 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010.08.02 01:07:52 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010.08.02 01:07:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.08.02 01:07:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.08.02 01:07:52 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010.08.02 01:07:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.05.27 18:24:24 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
 
========== LOP Check ==========
 
[2010.10.15 23:55:06 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Canon
[2010.09.07 10:16:08 | 000,000,000 | ---D | M] -- C:\Users\Gast2\AppData\Roaming\Canon
[2009.06.22 13:23:10 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Broad Intelligence
[2010.04.10 15:56:08 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Canon
[2012.05.17 17:35:46 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DVDVideoSoft
[2012.05.17 17:35:21 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.04.19 23:22:01 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\FileZilla
[2010.07.29 22:39:16 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Goasv
[2010.07.29 09:11:31 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Heixy
[2009.07.20 21:26:41 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\NCH Swift Sound
[2008.08.20 15:04:13 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\SlySoft
[2008.03.01 17:59:30 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\T-Online
[2010.07.12 17:41:52 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Wienerberger18599 Standard
[2012.05.22 01:10:31 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2008.03.27 21:28:21 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Adobe
[2009.06.20 22:18:49 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Ahead
[2010.04.18 21:41:31 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ArcSoft
[2011.05.10 21:31:27 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ATI
[2010.09.10 20:47:20 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Avira
[2009.06.29 17:48:00 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\AVS4YOU
[2009.06.22 13:23:10 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Broad Intelligence
[2010.04.10 15:56:08 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Canon
[2010.01.12 13:00:41 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\dvdcss
[2012.05.17 17:35:46 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DVDVideoSoft
[2012.05.17 17:35:21 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.04.19 23:22:01 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\FileZilla
[2010.07.29 22:39:16 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Goasv
[2010.07.29 09:11:31 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Heixy
[2008.03.03 13:08:15 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Hewlett-Packard
[2008.01.30 13:27:55 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Identities
[2008.03.02 02:34:16 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Macromedia
[2010.05.20 12:36:29 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Media Center Programs
[2008.06.23 19:06:23 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Media Player Classic
[2012.02.01 12:56:27 | 000,000,000 | --SD | M] -- C:\Users\Michael\AppData\Roaming\Microsoft
[2009.11.19 03:15:56 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\mIRC
[2009.06.11 12:09:08 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Mozilla
[2009.07.20 21:26:41 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\NCH Swift Sound
[2008.04.04 16:31:49 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Nero
[2009.07.03 10:18:46 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\NeroDigital™
[2011.01.18 14:37:56 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Real
[2009.10.03 14:58:29 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Skype
[2009.10.03 14:39:03 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\skypePM
[2008.08.20 15:04:13 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\SlySoft
[2008.03.14 21:51:14 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Sony Corporation
[2008.03.01 17:59:30 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\T-Online
[2008.03.13 13:23:46 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Talkback
[2010.10.01 21:52:24 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\vlc
[2010.07.12 17:41:52 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Wienerberger18599 Standard
[2009.12.07 01:05:36 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Yahoo!
 
< %APPDATA%\*.exe /s >
[2011.05.07 15:39:34 | 000,010,134 | R--- | M] () -- C:\Users\Michael\AppData\Roaming\Microsoft\Installer\{B96DB037-DBEA-4186-9081-9CBD537F82E8}\ARPPRODUCTICON.exe
[2010.05.20 02:45:40 | 000,738,824 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Michael\AppData\Roaming\Real\RealPlayer\setup\AU_setup20100217.exe
[2011.01.18 02:59:52 | 000,510,120 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Michael\AppData\Roaming\Real\RealPlayer\setup\AU_setup20101108.exe
[2009.12.07 02:02:37 | 000,439,816 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Michael\AppData\Roaming\Real\Update\setup3.09\setup.exe
[2009.12.07 10:55:51 | 000,079,368 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Michael\AppData\Roaming\Real\Update\setup3.09\RUP\vista.exe
[2011.01.18 02:59:24 | 000,510,120 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Michael\AppData\Roaming\Real\Update\setup3.13\setup.exe
[2011.07.14 15:51:34 | 000,310,400 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Michael\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\8.00\rnupgagent.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2007.10.23 13:14:05 | 000,056,504 | ---- | M] (Microsoft Corporation) MD5=198636E76971EBC96404547EC0FD5E75 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_cb7c81c7\AGP440.sys
[2007.10.23 13:14:05 | 000,056,504 | ---- | M] (Microsoft Corporation) MD5=198636E76971EBC96404547EC0FD5E75 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20598_none_b85cfa98dae9b436\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\ERDNT\cache\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2007.10.23 14:05:24 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=28D0C21DB4FFED1BBFB42E9AA34E0C0D -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_37a5f048\atapi.sys
[2007.10.23 14:05:24 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=28D0C21DB4FFED1BBFB42E9AA34E0C0D -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20658_none_dbad770d3da236bb\atapi.sys
[2008.01.18 23:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.18 23:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.03.02 01:03:35 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.03.02 01:03:35 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.03.02 01:03:35 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\ERDNT\cache\atapi.sys
[2008.03.02 01:03:35 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys
[2008.03.02 01:03:35 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2007.07.12 16:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\drivers\iaStor.sys
[2007.07.12 16:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_ec8a8d1b\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.18 23:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.18 23:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\ERDNT\cache\netlogon.dll
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.18 23:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.18 23:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.18 23:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: NVSTOR32.SYS  >
[2007.07.02 17:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) MD5=703E3A7093B0FAC0EEBADBB8E931ECAF -- C:\Windows\System32\drivers\nvstor32.sys
[2007.07.02 17:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) MD5=703E3A7093B0FAC0EEBADBB8E931ECAF -- C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_bbf77119\nvstor32.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.18 23:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\ERDNT\cache\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.10.23 12:39:55 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=3322B167C8F76319C991B851514DFAC9 -- C:\Windows\ERDNT\cache\user32.dll
[2007.10.23 12:39:55 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=3322B167C8F76319C991B851514DFAC9 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20587_none_cb8c4940898e24a6\user32.dll
[2008.01.18 23:36:48 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\ERDNT\cache\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: VIAMRAID.SYS  >
[2006.11.08 15:23:52 | 000,102,912 | ---- | M] (VIA Technologies inc,.ltd) MD5=7DC3E1DC6E4F8BE381C31BFEA578412A -- C:\Windows\System32\drivers\viamraid.sys
[2006.11.08 15:23:52 | 000,102,912 | ---- | M] (VIA Technologies inc,.ltd) MD5=7DC3E1DC6E4F8BE381C31BFEA578412A -- C:\Windows\System32\DriverStore\FileRepository\viamraid.inf_74a36694\viamraid.sys
 
< MD5 for: WININIT.EXE  >
[2008.01.18 23:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.18 23:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2007.10.23 12:43:12 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=39D959CD9F3BC44F78DB3C6588AAC3FE -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.20593_none_2f37c4ba208e02ab\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2007.10.23 12:43:12 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=A3FEA6ED9FD3CF07219A632E4A716226 -- C:\Windows\ERDNT\cache\winlogon.exe
[2007.10.23 12:43:12 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=A3FEA6ED9FD3CF07219A632E4A716226 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.20593_none_6e080d01f12ed7fe\winlogon.exe
[2008.01.18 23:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.18 21:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.18 21:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2007.10.19 17:59:42 | 006,664,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2007.10.19 17:59:40 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2007.10.19 17:59:42 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2007.10.19 17:59:48 | 015,720,448 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2007.10.19 17:59:49 | 006,021,120 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >
--- --- ---

cosinus 22.05.2012 18:57
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Reg Error: Value error.) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\..\Toolbar\WebBrowser: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Ruppi 28.05.2012 20:10
Sorry, hat etwas gedauert, weil ich verhindert war.
Also jetzt das file:

Code:
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found.
File C:\Program Files\pdfforge Toolbar\SearchSettings.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll not found.
Registry value HKEY_USERS\S-1-5-21-3433261542-1180962297-3002301301-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives not found.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-3433261542-1180962297-3002301301-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry value HKEY_USERS\S-1-5-21-3433261542-1180962297-3002301301-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-21-3433261542-1180962297-3002301301-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Gast
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Gast2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Michael
->Temp folder emptied: 758265226 bytes
->Temporary Internet Files folder emptied: 1154302971 bytes
->Java cache emptied: 14937830 bytes
->FireFox cache emptied: 24827121 bytes
->Flash cache emptied: 95084 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 194232 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 387229607 bytes
RecycleBin emptied: 3342084 bytes
 
Total Files Cleaned = 2.235,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Gast
->Flash cache emptied: 0 bytes
 
User: Gast2
->Flash cache emptied: 0 bytes
 
User: Michael
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.43.1 log created on 05282012_194950

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus 29.05.2012 08:28
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Ruppi 30.05.2012 23:14
Anbei das Log:
Code:
00:08:50.0583 5992        TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
00:08:50.0786 5992        ============================================================
00:08:50.0786 5992        Current date / time: 2012/05/31 00:08:50.0786
00:08:50.0786 5992        SystemInfo:
00:08:50.0786 5992       
00:08:50.0786 5992        OS Version: 6.0.6002 ServicePack: 2.0
00:08:50.0786 5992        Product type: Workstation
00:08:50.0786 5992        ComputerName: MICHAEL-PC
00:08:50.0786 5992        UserName: Michael
00:08:50.0786 5992        Windows directory: C:\Windows
00:08:50.0786 5992        System windows directory: C:\Windows
00:08:50.0786 5992        Processor architecture: Intel x86
00:08:50.0786 5992        Number of processors: 4
00:08:50.0786 5992        Page size: 0x1000
00:08:50.0786 5992        Boot type: Normal boot
00:08:50.0786 5992        ============================================================
00:08:51.0458 5992        Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
00:08:51.0489 5992        Drive \Device\Harddisk9\DR9 - Size: 0xF2E80000 (3.80 Gb), SectorSize: 0x200, Cylinders: 0x1EF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
00:08:51.0489 5992        ============================================================
00:08:51.0489 5992        \Device\Harddisk0\DR0:
00:08:51.0489 5992        MBR partitions:
00:08:51.0489 5992        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x25EB1800
00:08:51.0489 5992        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x27622000, BlocksNum 0x12D63800
00:08:51.0489 5992        \Device\Harddisk9\DR9:
00:08:51.0489 5992        MBR partitions:
00:08:51.0489 5992        \Device\Harddisk9\DR9\Partition0: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x795400
00:08:51.0489 5992        ============================================================
00:08:51.0520 5992        C: <-> \Device\Harddisk0\DR0\Partition0
00:08:51.0567 5992        D: <-> \Device\Harddisk0\DR0\Partition1
00:08:51.0567 5992        ============================================================
00:08:51.0567 5992        Initialize success
00:08:51.0567 5992        ============================================================
00:09:55.0458 0400        ============================================================
00:09:55.0458 0400        Scan started
00:09:55.0458 0400        Mode: Manual; SigCheck; TDLFS;
00:09:55.0458 0400        ============================================================
00:09:56.0786 0400        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
00:09:56.0895 0400        ACPI - ok
00:09:56.0989 0400        AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
00:09:56.0989 0400        AdobeFlashPlayerUpdateSvc - ok
00:09:57.0036 0400        adp94xx        (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
00:09:57.0083 0400        adp94xx - ok
00:09:57.0130 0400        adpahci        (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
00:09:57.0145 0400        adpahci - ok
00:09:57.0177 0400        adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
00:09:57.0192 0400        adpu160m - ok
00:09:57.0224 0400        adpu320        (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
00:09:57.0239 0400        adpu320 - ok
00:09:57.0255 0400        AeLookupSvc    (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
00:09:57.0536 0400        AeLookupSvc - ok
00:09:57.0599 0400        AFD            (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
00:09:57.0677 0400        AFD - ok
00:09:57.0708 0400        agp440          (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
00:09:57.0724 0400        agp440 - ok
00:09:57.0755 0400        aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
00:09:57.0770 0400        aic78xx - ok
00:09:57.0802 0400        ALG            (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
00:09:57.0911 0400        ALG - ok
00:09:57.0927 0400        aliide          (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
00:09:57.0942 0400        aliide - ok
00:09:57.0974 0400        AMD External Events Utility (60201ad353105d8c6796c1b69e6c49f0) C:\Windows\system32\atiesrxx.exe
00:09:58.0052 0400        AMD External Events Utility - ok
00:09:58.0083 0400        amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
00:09:58.0083 0400        amdagp - ok
00:09:58.0099 0400        amdide          (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
00:09:58.0114 0400        amdide - ok
00:09:58.0145 0400        AmdK7          (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
00:09:58.0270 0400        AmdK7 - ok
00:09:58.0286 0400        AmdK8          (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
00:09:58.0349 0400        AmdK8 - ok
00:09:58.0567 0400        amdkmdag        (51610b74a9a1d84dc86fce1019beaff4) C:\Windows\system32\DRIVERS\atikmdag.sys
00:09:58.0817 0400        amdkmdag - ok
00:09:58.0958 0400        amdkmdap        (cd1d86ab81eece67d7bd6f7ef9786ccc) C:\Windows\system32\DRIVERS\atikmpag.sys
00:09:59.0005 0400        amdkmdap - ok
00:09:59.0114 0400        AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Program Files\Avira\AntiVir Desktop\sched.exe
00:09:59.0114 0400        AntiVirSchedulerService - ok
00:09:59.0161 0400        AntiVirService  (72d90e56563165984224493069c69ed4) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
00:09:59.0177 0400        AntiVirService - ok
00:09:59.0224 0400        Appinfo        (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
00:09:59.0286 0400        Appinfo - ok
00:09:59.0333 0400        Application Updater (293e66aa529f0fba1aa56340e293a389) C:\Program Files\Application Updater\ApplicationUpdater.exe
00:09:59.0364 0400        Application Updater ( UnsignedFile.Multi.Generic ) - warning
00:09:59.0364 0400        Application Updater - detected UnsignedFile.Multi.Generic (1)
00:09:59.0427 0400        arc            (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
00:09:59.0442 0400        arc - ok
00:09:59.0489 0400        arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
00:09:59.0489 0400        arcsas - ok
00:09:59.0520 0400        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
00:09:59.0567 0400        AsyncMac - ok
00:09:59.0599 0400        atapi          (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
00:09:59.0614 0400        atapi - ok
00:09:59.0661 0400        AtiHdmiService  (e6530b7887652ad6ca32401483ae6766) C:\Windows\system32\drivers\AtiHdmi.sys
00:09:59.0708 0400        AtiHdmiService - ok
00:09:59.0755 0400        AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
00:09:59.0802 0400        AudioEndpointBuilder - ok
00:09:59.0802 0400        Audiosrv        (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
00:09:59.0817 0400        Audiosrv - ok
00:09:59.0911 0400        avgio          (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
00:09:59.0911 0400        avgio - ok
00:09:59.0942 0400        avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
00:09:59.0942 0400        avgntflt - ok
00:09:59.0989 0400        avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
00:10:00.0005 0400        avipbb - ok
00:10:00.0052 0400        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
00:10:00.0099 0400        Beep - ok
00:10:00.0145 0400        BFE            (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
00:10:00.0192 0400        BFE - ok
00:10:00.0270 0400        BITS            (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
00:10:00.0317 0400        BITS - ok
00:10:00.0317 0400        blbdrive - ok
00:10:00.0380 0400        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
00:10:00.0442 0400        bowser - ok
00:10:00.0474 0400        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
00:10:00.0505 0400        BrFiltLo - ok
00:10:00.0520 0400        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
00:10:00.0552 0400        BrFiltUp - ok
00:10:00.0583 0400        Browser        (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
00:10:00.0614 0400        Browser - ok
00:10:00.0661 0400        Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
00:10:00.0708 0400        Brserid - ok
00:10:00.0724 0400        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
00:10:00.0770 0400        BrSerWdm - ok
00:10:00.0786 0400        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
00:10:00.0817 0400        BrUsbMdm - ok
00:10:00.0833 0400        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
00:10:00.0895 0400        BrUsbSer - ok
00:10:00.0927 0400        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
00:10:00.0958 0400        BTHMODEM - ok
00:10:01.0083 0400        catchme - ok
00:10:01.0099 0400        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
00:10:01.0130 0400        cdfs - ok
00:10:01.0161 0400        cdrom          (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
00:10:01.0192 0400        cdrom - ok
00:10:01.0239 0400        CertPropSvc    (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
00:10:01.0270 0400        CertPropSvc - ok
00:10:01.0317 0400        circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
00:10:01.0349 0400        circlass - ok
00:10:01.0395 0400        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
00:10:01.0411 0400        CLFS - ok
00:10:01.0474 0400        clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:10:01.0474 0400        clr_optimization_v2.0.50727_32 - ok
00:10:01.0552 0400        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:10:01.0567 0400        clr_optimization_v4.0.30319_32 - ok
00:10:01.0583 0400        cmdide          (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
00:10:01.0599 0400        cmdide - ok
00:10:01.0599 0400        Compbatt        (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
00:10:01.0614 0400        Compbatt - ok
00:10:01.0614 0400        COMSysApp - ok
00:10:01.0630 0400        crcdisk        (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
00:10:01.0645 0400        crcdisk - ok
00:10:01.0661 0400        Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
00:10:01.0692 0400        Crusoe - ok
00:10:01.0739 0400        CryptSvc        (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
00:10:01.0770 0400        CryptSvc - ok
00:10:01.0849 0400        DcomLaunch      (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
00:10:01.0911 0400        DcomLaunch - ok
00:10:01.0958 0400        DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
00:10:02.0005 0400        DfsC - ok
00:10:02.0114 0400        DFSR            (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
00:10:02.0270 0400        DFSR - ok
00:10:02.0645 0400        Dhcp            (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
00:10:02.0677 0400        Dhcp - ok
00:10:02.0724 0400        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
00:10:02.0739 0400        disk - ok
00:10:02.0786 0400        Dnscache        (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
00:10:02.0817 0400        Dnscache - ok
00:10:02.0849 0400        dot3svc        (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
00:10:02.0880 0400        dot3svc - ok
00:10:02.0911 0400        DPS            (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
00:10:02.0958 0400        DPS - ok
00:10:02.0989 0400        drmkaud        (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
00:10:03.0020 0400        drmkaud - ok
00:10:03.0099 0400        DXGKrnl        (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
00:10:03.0130 0400        DXGKrnl - ok
00:10:03.0161 0400        E1G60          (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
00:10:03.0255 0400        E1G60 - ok
00:10:03.0349 0400        EapHost        (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
00:10:03.0380 0400        EapHost - ok
00:10:03.0411 0400        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
00:10:03.0427 0400        Ecache - ok
00:10:03.0474 0400        ehRecvr        (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
00:10:03.0505 0400        ehRecvr - ok
00:10:03.0536 0400        ehSched        (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
00:10:03.0614 0400        ehSched - ok
00:10:03.0630 0400        ehstart        (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
00:10:03.0661 0400        ehstart - ok
00:10:03.0724 0400        ElbyCDFL        (ce37e3d51912e59c80c6d84337c0b4cd) C:\Windows\system32\Drivers\ElbyCDFL.sys
00:10:03.0739 0400        ElbyCDFL - ok
00:10:03.0770 0400        ElbyCDIO        (178cc9403816c082d22a1d47fa1f9c85) C:\Windows\system32\Drivers\ElbyCDIO.sys
00:10:03.0786 0400        ElbyCDIO - ok
00:10:03.0786 0400        ElbyDelay      (e205c313417da6fa7afe85912a310a65) C:\Windows\system32\Drivers\ElbyDelay.sys
00:10:03.0802 0400        ElbyDelay - ok
00:10:03.0833 0400        elxstor        (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
00:10:03.0864 0400        elxstor - ok
00:10:03.0911 0400        EMDMgmt        (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
00:10:04.0020 0400        EMDMgmt - ok
00:10:04.0052 0400        EventSystem    (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
00:10:04.0083 0400        EventSystem - ok
00:10:04.0145 0400        ewusbnet        (4b36d96340200512c7974307d0f7d8b3) C:\Windows\system32\DRIVERS\ewusbnet.sys
00:10:04.0177 0400        ewusbnet - ok
00:10:04.0224 0400        exfat          (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
00:10:04.0286 0400        exfat - ok
00:10:04.0317 0400        fastfat        (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
00:10:04.0364 0400        fastfat - ok
00:10:04.0411 0400        fdc            (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
00:10:04.0458 0400        fdc - ok
00:10:04.0489 0400        fdPHost        (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
00:10:04.0536 0400        fdPHost - ok
00:10:04.0567 0400        FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
00:10:04.0599 0400        FDResPub - ok
00:10:04.0630 0400        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
00:10:04.0630 0400        FileInfo - ok
00:10:04.0630 0400        Filetrace      (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
00:10:04.0677 0400        Filetrace - ok
00:10:04.0708 0400        flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
00:10:04.0739 0400        flpydisk - ok
00:10:04.0770 0400        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
00:10:04.0786 0400        FltMgr - ok
00:10:04.0864 0400        FontCache      (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
00:10:04.0958 0400        FontCache - ok
00:10:05.0020 0400        FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
00:10:05.0020 0400        FontCache3.0.0.0 - ok
00:10:05.0083 0400        Fs_Rec          (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
00:10:05.0130 0400        Fs_Rec - ok
00:10:05.0177 0400        gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
00:10:05.0177 0400        gagp30kx - ok
00:10:05.0224 0400        gpsvc          (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
00:10:05.0302 0400        gpsvc - ok
00:10:05.0349 0400        HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
00:10:05.0427 0400        HdAudAddService - ok
00:10:05.0489 0400        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
00:10:05.0520 0400        HDAudBus - ok
00:10:05.0567 0400        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
00:10:05.0614 0400        HidBth - ok
00:10:05.0630 0400        HidIr          (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
00:10:05.0677 0400        HidIr - ok
00:10:05.0692 0400        hidserv        (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
00:10:05.0724 0400        hidserv - ok
00:10:05.0739 0400        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
00:10:05.0770 0400        HidUsb - ok
00:10:05.0802 0400        hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
00:10:05.0849 0400        hkmsvc - ok
00:10:05.0895 0400        HpCISSs        (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
00:10:05.0942 0400        HpCISSs - ok
00:10:06.0020 0400        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
00:10:06.0099 0400        HTTP - ok
00:10:06.0161 0400        hwdatacard      (1fc7a63148e4f2bd831dab0dc732026d) C:\Windows\system32\DRIVERS\ewusbmdm.sys
00:10:06.0192 0400        hwdatacard - ok
00:10:06.0255 0400        hwusbdev        (a259d3619aa23d4562581067f85e2006) C:\Windows\system32\DRIVERS\ewusbdev.sys
00:10:06.0286 0400        hwusbdev - ok
00:10:06.0349 0400        i2omp          (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
00:10:06.0349 0400        i2omp - ok
00:10:06.0395 0400        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
00:10:06.0427 0400        i8042prt - ok
00:10:06.0474 0400        iaStor          (2358c53f30cb9dcd1d3843c4e2f299b2) C:\Windows\system32\drivers\iastor.sys
00:10:06.0505 0400        iaStor - ok
00:10:06.0536 0400        iaStorV        (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
00:10:06.0552 0400        iaStorV - ok
00:10:06.0661 0400        idsvc          (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:10:06.0708 0400        idsvc - ok
00:10:06.0739 0400        iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
00:10:06.0755 0400        iirsp - ok
00:10:06.0802 0400        IKEEXT          (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
00:10:06.0833 0400        IKEEXT - ok
00:10:06.0989 0400        IntcAzAudAddService (0f16d98c3af2138fabfa20adde4e01fe) C:\Windows\system32\drivers\RTKVHDA.sys
00:10:07.0145 0400        IntcAzAudAddService - ok
00:10:07.0286 0400        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
00:10:07.0302 0400        intelide - ok
00:10:07.0333 0400        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
00:10:07.0364 0400        intelppm - ok
00:10:07.0411 0400        IPBusEnum      (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
00:10:07.0458 0400        IPBusEnum - ok
00:10:07.0474 0400        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:10:07.0505 0400        IpFilterDriver - ok
00:10:07.0536 0400        iphlpsvc        (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
00:10:07.0599 0400        iphlpsvc - ok
00:10:07.0599 0400        IpInIp - ok
00:10:07.0630 0400        IPMIDRV        (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
00:10:07.0661 0400        IPMIDRV - ok
00:10:07.0692 0400        IPNAT          (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
00:10:07.0724 0400        IPNAT - ok
00:10:07.0755 0400        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
00:10:07.0770 0400        IRENUM - ok
00:10:07.0786 0400        isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
00:10:07.0786 0400        isapnp - ok
00:10:07.0833 0400        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
00:10:07.0849 0400        iScsiPrt - ok
00:10:07.0864 0400        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
00:10:07.0864 0400        iteatapi - ok
00:10:07.0880 0400        iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
00:10:07.0895 0400        iteraid - ok
00:10:07.0911 0400        JRAID          (c1632fe31d1824a43dea29725312e3fa) C:\Windows\system32\drivers\jraid.sys
00:10:07.0958 0400        JRAID - ok
00:10:07.0989 0400        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
00:10:08.0005 0400        kbdclass - ok
00:10:08.0020 0400        kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
00:10:08.0052 0400        kbdhid - ok
00:10:08.0083 0400        KeyIso          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
00:10:08.0145 0400        KeyIso - ok
00:10:08.0177 0400        KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
00:10:08.0208 0400        KSecDD - ok
00:10:08.0255 0400        KtmRm          (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
00:10:08.0302 0400        KtmRm - ok
00:10:08.0349 0400        LanmanServer    (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
00:10:08.0411 0400        LanmanServer - ok
00:10:08.0474 0400        LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
00:10:08.0520 0400        LanmanWorkstation - ok
00:10:08.0536 0400        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
00:10:08.0567 0400        lltdio - ok
00:10:08.0599 0400        lltdsvc        (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
00:10:08.0630 0400        lltdsvc - ok
00:10:08.0661 0400        lmhosts        (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
00:10:08.0708 0400        lmhosts - ok
00:10:08.0755 0400        LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
00:10:08.0770 0400        LSI_FC - ok
00:10:08.0786 0400        LSI_SAS        (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
00:10:08.0786 0400        LSI_SAS - ok
00:10:08.0833 0400        LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
00:10:08.0833 0400        LSI_SCSI - ok
00:10:08.0864 0400        luafv          (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
00:10:08.0895 0400        luafv - ok
00:10:08.0958 0400        LVUSBSta        (a730fc8671a60666d6e877c544dd7cd4) C:\Windows\system32\drivers\lvusbsta.sys
00:10:08.0989 0400        LVUSBSta - ok
00:10:09.0020 0400        Mcx2Svc        (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
00:10:09.0036 0400        Mcx2Svc - ok
00:10:09.0067 0400        megasas        (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
00:10:09.0099 0400        megasas - ok
00:10:09.0114 0400        MMCSS          (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
00:10:09.0145 0400        MMCSS - ok
00:10:09.0145 0400        Modem          (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
00:10:09.0192 0400        Modem - ok
00:10:09.0224 0400        monitor        (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
00:10:09.0270 0400        monitor - ok
00:10:09.0302 0400        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
00:10:09.0317 0400        mouclass - ok
00:10:09.0317 0400        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
00:10:09.0349 0400        mouhid - ok
00:10:09.0364 0400        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
00:10:09.0380 0400        MountMgr - ok
00:10:09.0411 0400        mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
00:10:09.0427 0400        mpio - ok
00:10:09.0442 0400        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
00:10:09.0458 0400        mpsdrv - ok
00:10:09.0505 0400        MpsSvc          (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
00:10:09.0552 0400        MpsSvc - ok
00:10:09.0567 0400        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
00:10:09.0583 0400        Mraid35x - ok
00:10:09.0614 0400        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
00:10:09.0645 0400        MRxDAV - ok
00:10:09.0677 0400        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:10:09.0724 0400        mrxsmb - ok
00:10:09.0755 0400        mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:10:09.0786 0400        mrxsmb10 - ok
00:10:09.0786 0400        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:10:09.0802 0400        mrxsmb20 - ok
00:10:09.0817 0400        msahci          (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
00:10:09.0833 0400        msahci - ok
00:10:09.0927 0400        MSCamSvc        (641199534871783dd74138fe0bcfdae7) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
00:10:09.0942 0400        MSCamSvc - ok
00:10:09.0958 0400        msdsm          (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
00:10:09.0974 0400        msdsm - ok
00:10:09.0989 0400        MSDTC          (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
00:10:10.0020 0400        MSDTC - ok
00:10:10.0052 0400        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
00:10:10.0083 0400        Msfs - ok
00:10:10.0114 0400        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
00:10:10.0114 0400        msisadrv - ok
00:10:10.0145 0400        MSiSCSI        (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
00:10:10.0192 0400        MSiSCSI - ok
00:10:10.0192 0400        msiserver - ok
00:10:10.0208 0400        MSKSSRV        (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
00:10:10.0239 0400        MSKSSRV - ok
00:10:10.0255 0400        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
00:10:10.0302 0400        MSPCLOCK - ok
00:10:10.0317 0400        MSPQM          (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
00:10:10.0333 0400        MSPQM - ok
00:10:10.0380 0400        MsRPC          (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
00:10:10.0395 0400        MsRPC - ok
00:10:10.0427 0400        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
00:10:10.0427 0400        mssmbios - ok
00:10:10.0458 0400        MSTEE          (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
00:10:10.0474 0400        MSTEE - ok
00:10:10.0489 0400        Mup            (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
00:10:10.0505 0400        Mup - ok
00:10:10.0536 0400        napagent        (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
00:10:10.0583 0400        napagent - ok
00:10:10.0614 0400        NativeWifiP    (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
00:10:10.0645 0400        NativeWifiP - ok
00:10:10.0708 0400        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
00:10:10.0755 0400        NDIS - ok
00:10:10.0802 0400        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
00:10:10.0833 0400        NdisTapi - ok
00:10:10.0864 0400        Ndisuio        (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
00:10:10.0895 0400        Ndisuio - ok
00:10:10.0895 0400        NdisWan        (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
00:10:10.0927 0400        NdisWan - ok
00:10:10.0942 0400        NDProxy        (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
00:10:10.0989 0400        NDProxy - ok
00:10:11.0161 0400        Nero BackItUp Scheduler 3 (2aae889742376edc5c3203dfb74f28fd) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
00:10:11.0208 0400        Nero BackItUp Scheduler 3 - ok
00:10:11.0270 0400        Net Driver HPZ12 (51c6d8bfbd4ea5b62a1ba7f4469250d3) C:\Windows\system32\HPZinw12.dll
00:10:11.0302 0400        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
00:10:11.0302 0400        Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
00:10:11.0333 0400        NetBIOS        (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
00:10:11.0364 0400        NetBIOS - ok
00:10:11.0395 0400        netbt          (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
00:10:11.0427 0400        netbt - ok
00:10:11.0489 0400        Netlogon        (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
00:10:11.0505 0400        Netlogon - ok
00:10:11.0536 0400        Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
00:10:11.0567 0400        Netman - ok
00:10:11.0614 0400        netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
00:10:11.0692 0400        netprofm - ok
00:10:11.0770 0400        NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:10:11.0786 0400        NetTcpPortSharing - ok
00:10:11.0817 0400        nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
00:10:11.0817 0400        nfrd960 - ok
00:10:11.0849 0400        NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
00:10:11.0895 0400        NlaSvc - ok
00:10:12.0020 0400        NMIndexingService (cb992ae1506985d9167e85883b4c3240) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
00:10:12.0067 0400        NMIndexingService - ok
00:10:12.0099 0400        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
00:10:12.0130 0400        Npfs - ok
00:10:12.0177 0400        nsi            (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
00:10:12.0208 0400        nsi - ok
00:10:12.0239 0400        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
00:10:12.0270 0400        nsiproxy - ok
00:10:12.0317 0400        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
00:10:12.0380 0400        Ntfs - ok
00:10:12.0427 0400        ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
00:10:12.0474 0400        ntrigdigi - ok
00:10:12.0505 0400        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
00:10:12.0536 0400        Null - ok
00:10:12.0802 0400        nvlddmkm        (e633e4e0e6a65fea569dc2773f1c6d58) C:\Windows\system32\DRIVERS\nvlddmkm.sys
00:10:13.0130 0400        nvlddmkm - ok
00:10:13.0255 0400        nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
00:10:13.0270 0400        nvraid - ok
00:10:13.0286 0400        nvrd32          (ed399014a8029de02ba5ae01da8cc9ee) C:\Windows\system32\drivers\nvrd32.sys
00:10:13.0302 0400        nvrd32 - ok
00:10:13.0317 0400        nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
00:10:13.0317 0400        nvstor - ok
00:10:13.0333 0400        nvstor32        (703e3a7093b0fac0eebadbb8e931ecaf) C:\Windows\system32\drivers\nvstor32.sys
00:10:13.0349 0400        nvstor32 - ok
00:10:13.0395 0400        nvsvc          (c1303870d5f9ead4beb68559aab7a87b) C:\Windows\system32\nvvsvc.exe
00:10:13.0411 0400        nvsvc - ok
00:10:13.0427 0400        nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
00:10:13.0442 0400        nv_agp - ok
00:10:13.0442 0400        NwlnkFlt - ok
00:10:13.0442 0400        NwlnkFwd - ok
00:10:13.0583 0400        odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
00:10:13.0614 0400        odserv - ok
00:10:13.0677 0400        ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
00:10:13.0708 0400        ohci1394 - ok
00:10:13.0755 0400        ose            (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:10:13.0770 0400        ose - ok
00:10:13.0833 0400        p2pimsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
00:10:13.0927 0400        p2pimsvc - ok
00:10:13.0927 0400        p2psvc          (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
00:10:13.0942 0400        p2psvc - ok
00:10:13.0989 0400        Parport        (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
00:10:14.0020 0400        Parport - ok
00:10:14.0052 0400        partmgr        (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
00:10:14.0067 0400        partmgr - ok
00:10:14.0099 0400        Parvdm          (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
00:10:14.0145 0400        Parvdm - ok
00:10:14.0177 0400        PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
00:10:14.0239 0400        PcaSvc - ok
00:10:14.0270 0400        pci            (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
00:10:14.0286 0400        pci - ok
00:10:14.0302 0400        pciide          (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
00:10:14.0317 0400        pciide - ok
00:10:14.0333 0400        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
00:10:14.0349 0400        pcmcia - ok
00:10:14.0411 0400        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
00:10:14.0505 0400        PEAUTH - ok
00:10:14.0552 0400        PID_0928        (5bd2c6d982481d548107c602e7ccfbbc) C:\Windows\system32\DRIVERS\LV561AV.SYS
00:10:14.0567 0400        PID_0928 - ok
00:10:14.0645 0400        pla            (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
00:10:14.0739 0400        pla - ok
00:10:14.0864 0400        PLFlash DeviceIoControl Service (875e4e0661f3a5994df9e5e3a0a4f96b) C:\Windows\system32\IoctlSvc.exe
00:10:14.0880 0400        PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
00:10:14.0880 0400        PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
00:10:14.0927 0400        PlugPlay        (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
00:10:14.0974 0400        PlugPlay - ok
00:10:15.0036 0400        Pml Driver HPZ12 (79834aa2fbf9fe81eebb229024f6f7fc) C:\Windows\system32\HPZipm12.dll
00:10:15.0036 0400        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
00:10:15.0036 0400        Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
00:10:15.0083 0400        PNRPAutoReg    (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
00:10:15.0114 0400        PNRPAutoReg - ok
00:10:15.0130 0400        PNRPsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
00:10:15.0145 0400        PNRPsvc - ok
00:10:15.0208 0400        PolicyAgent    (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
00:10:15.0286 0400        PolicyAgent - ok
00:10:15.0349 0400        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
00:10:15.0364 0400        PptpMiniport - ok
00:10:15.0395 0400        Processor      (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
00:10:15.0442 0400        Processor - ok
00:10:15.0474 0400        ProfSvc        (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
00:10:15.0505 0400        ProfSvc - ok
00:10:15.0536 0400        ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
00:10:15.0552 0400        ProtectedStorage - ok
00:10:15.0567 0400        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
00:10:15.0599 0400        PSched - ok
00:10:15.0661 0400        PxHelp20        (1962166e0ceb740704f30fa55ad3d509) C:\Windows\system32\Drivers\PxHelp20.sys
00:10:15.0677 0400        PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
00:10:15.0677 0400        PxHelp20 - detected UnsignedFile.Multi.Generic (1)
00:10:15.0739 0400        ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
00:10:15.0802 0400        ql2300 - ok
00:10:15.0849 0400        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
00:10:15.0864 0400        ql40xx - ok
00:10:15.0895 0400        QWAVE          (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
00:10:15.0911 0400        QWAVE - ok
00:10:15.0927 0400        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
00:10:15.0927 0400        QWAVEdrv - ok
00:10:15.0942 0400        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
00:10:15.0989 0400        RasAcd - ok
00:10:16.0005 0400        RasAuto        (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
00:10:16.0052 0400        RasAuto - ok
00:10:16.0067 0400        Rasl2tp        (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:10:16.0114 0400        Rasl2tp - ok
00:10:16.0145 0400        RasMan          (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
00:10:16.0177 0400        RasMan - ok
00:10:16.0177 0400        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
00:10:16.0208 0400        RasPppoe - ok
00:10:16.0208 0400        RasSstp        (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
00:10:16.0239 0400        RasSstp - ok
00:10:16.0270 0400        rdbss          (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
00:10:16.0302 0400        rdbss - ok
00:10:16.0302 0400        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:10:16.0333 0400        RDPCDD - ok
00:10:16.0380 0400        rdpdr          (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
00:10:16.0427 0400        rdpdr - ok
00:10:16.0427 0400        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
00:10:16.0458 0400        RDPENCDD - ok
00:10:16.0505 0400        RDPWD          (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
00:10:16.0567 0400        RDPWD - ok
00:10:16.0599 0400        RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
00:10:16.0645 0400        RemoteAccess - ok
00:10:16.0677 0400        RemoteRegistry  (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
00:10:16.0708 0400        RemoteRegistry - ok
00:10:16.0724 0400        RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
00:10:16.0770 0400        RpcLocator - ok
00:10:16.0802 0400        RpcSs          (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
00:10:16.0833 0400        RpcSs - ok
00:10:16.0880 0400        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
00:10:16.0911 0400        rspndr - ok
00:10:16.0958 0400        RTL8169        (17b1d7ce7af11fb24db1def9621c033b) C:\Windows\system32\DRIVERS\Rtlh86.sys
00:10:16.0974 0400        RTL8169 - ok
00:10:17.0005 0400        SamSs          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
00:10:17.0020 0400        SamSs - ok
00:10:17.0052 0400        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
00:10:17.0067 0400        sbp2port - ok
00:10:17.0099 0400        SCardSvr        (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
00:10:17.0130 0400        SCardSvr - ok
00:10:17.0177 0400        Schedule        (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
00:10:17.0255 0400        Schedule - ok
00:10:17.0286 0400        SCPolicySvc    (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
00:10:17.0302 0400        SCPolicySvc - ok
00:10:17.0317 0400        SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
00:10:17.0380 0400        SDRSVC - ok
00:10:17.0395 0400        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
00:10:17.0442 0400        secdrv - ok
00:10:17.0458 0400        seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
00:10:17.0505 0400        seclogon - ok
00:10:17.0536 0400        SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
00:10:17.0583 0400        SENS - ok
00:10:17.0614 0400        Serenum        (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
00:10:17.0630 0400        Serenum - ok
00:10:17.0661 0400        Serial          (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
00:10:17.0692 0400        Serial - ok
00:10:17.0708 0400        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
00:10:17.0724 0400        sermouse - ok
00:10:17.0755 0400        SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
00:10:17.0802 0400        SessionEnv - ok
00:10:17.0817 0400        sffdisk        (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
00:10:17.0880 0400        sffdisk - ok
00:10:17.0895 0400        sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
00:10:17.0942 0400        sffp_mmc - ok
00:10:17.0974 0400        sffp_sd        (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
00:10:18.0005 0400        sffp_sd - ok
00:10:18.0036 0400        sfloppy        (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
00:10:18.0067 0400        sfloppy - ok
00:10:18.0114 0400        SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
00:10:18.0161 0400        SharedAccess - ok
00:10:18.0208 0400        ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
00:10:18.0239 0400        ShellHWDetection - ok
00:10:18.0270 0400        sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
00:10:18.0270 0400        sisagp - ok
00:10:18.0286 0400        SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
00:10:18.0302 0400        SiSRaid2 - ok
00:10:18.0317 0400        SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
00:10:18.0333 0400        SiSRaid4 - ok
00:10:18.0458 0400        slsvc          (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
00:10:18.0630 0400        slsvc - ok
00:10:18.0739 0400        SLUINotify      (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
00:10:18.0755 0400        SLUINotify - ok
00:10:18.0786 0400        Smb            (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
00:10:18.0817 0400        Smb - ok
00:10:18.0833 0400        SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
00:10:18.0849 0400        SNMPTRAP - ok
00:10:18.0880 0400        spldr          (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
00:10:18.0895 0400        spldr - ok
00:10:18.0927 0400        Spooler        (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
00:10:18.0974 0400        Spooler - ok
00:10:19.0005 0400        srv            (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
00:10:19.0067 0400        srv - ok
00:10:19.0114 0400        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
00:10:19.0177 0400        srv2 - ok
00:10:19.0192 0400        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
00:10:19.0224 0400        srvnet - ok
00:10:19.0239 0400        SSDPSRV        (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
00:10:19.0286 0400        SSDPSRV - ok
00:10:19.0317 0400        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
00:10:19.0317 0400        ssmdrv - ok
00:10:19.0349 0400        SstpSvc        (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
00:10:19.0380 0400        SstpSvc - ok
00:10:19.0442 0400        stisvc          (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
00:10:19.0474 0400        stisvc - ok
00:10:19.0489 0400        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
00:10:19.0505 0400        swenum - ok
00:10:19.0552 0400        swprv          (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
00:10:19.0599 0400        swprv - ok
00:10:19.0614 0400        Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
00:10:19.0630 0400        Symc8xx - ok
00:10:19.0645 0400        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
00:10:19.0645 0400        Sym_hi - ok
00:10:19.0661 0400        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
00:10:19.0661 0400        Sym_u3 - ok
00:10:19.0708 0400        SysMain        (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
00:10:19.0739 0400        SysMain - ok
00:10:19.0755 0400        TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
00:10:19.0786 0400        TabletInputService - ok
00:10:19.0817 0400        TapiSrv        (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
00:10:19.0849 0400        TapiSrv - ok
00:10:19.0895 0400        TBS            (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
00:10:19.0927 0400        TBS - ok
00:10:19.0989 0400        Tcpip          (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
00:10:20.0020 0400        Tcpip - ok
00:10:20.0036 0400        Tcpip6          (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
00:10:20.0067 0400        Tcpip6 - ok
00:10:20.0099 0400        tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
00:10:20.0161 0400        tcpipreg - ok
00:10:20.0208 0400        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
00:10:20.0239 0400        TDPIPE - ok
00:10:20.0239 0400        TDTCP          (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
00:10:20.0286 0400        TDTCP - ok
00:10:20.0317 0400        tdx            (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
00:10:20.0349 0400        tdx - ok
00:10:20.0364 0400        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
00:10:20.0380 0400        TermDD - ok
00:10:20.0411 0400        TermService    (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
00:10:20.0505 0400        TermService - ok
00:10:20.0567 0400        TestHandler    (8c80a73a5d77b2208ca91e4fa269981d) C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
00:10:20.0583 0400        TestHandler ( UnsignedFile.Multi.Generic ) - warning
00:10:20.0583 0400        TestHandler - detected UnsignedFile.Multi.Generic (1)
00:10:20.0630 0400        Themes          (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
00:10:20.0645 0400        Themes - ok
00:10:20.0677 0400        THREADORDER    (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
00:10:20.0692 0400        THREADORDER - ok
00:10:20.0724 0400        TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
00:10:20.0770 0400        TrkWks - ok
00:10:20.0802 0400        TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
00:10:20.0817 0400        TrustedInstaller - ok
00:10:20.0833 0400        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:10:20.0880 0400        tssecsrv - ok
00:10:20.0911 0400        tunmp          (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
00:10:20.0942 0400        tunmp - ok
00:10:20.0942 0400        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
00:10:20.0974 0400        tunnel - ok
00:10:21.0005 0400        uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
00:10:21.0020 0400        uagp35 - ok
00:10:21.0052 0400        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
00:10:21.0083 0400        udfs - ok
00:10:21.0114 0400        UI0Detect      (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
00:10:21.0130 0400        UI0Detect - ok
00:10:21.0145 0400        uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
00:10:21.0161 0400        uliagpkx - ok
00:10:21.0192 0400        uliahci        (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
00:10:21.0208 0400        uliahci - ok
00:10:21.0239 0400        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
00:10:21.0255 0400        UlSata - ok
00:10:21.0270 0400        ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
00:10:21.0286 0400        ulsata2 - ok
00:10:21.0317 0400        umbus          (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
00:10:21.0349 0400        umbus - ok
00:10:21.0380 0400        upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
00:10:21.0427 0400        upnphost - ok
00:10:21.0458 0400        usbaudio        (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
00:10:21.0489 0400        usbaudio - ok
00:10:21.0520 0400        usbccgp        (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
00:10:21.0567 0400        usbccgp - ok
00:10:21.0599 0400        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
00:10:21.0645 0400        usbcir - ok
00:10:21.0677 0400        usbehci        (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
00:10:21.0692 0400        usbehci - ok
00:10:21.0708 0400        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
00:10:21.0739 0400        usbhub - ok
00:10:21.0755 0400        usbohci        (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
00:10:21.0802 0400        usbohci - ok
00:10:21.0817 0400        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
00:10:21.0849 0400        usbprint - ok
00:10:21.0880 0400        usbscan        (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
00:10:21.0911 0400        usbscan - ok
00:10:21.0942 0400        USBSTOR        (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:10:21.0974 0400        USBSTOR - ok
00:10:22.0005 0400        usbuhci        (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
00:10:22.0020 0400        usbuhci - ok
00:10:22.0052 0400        UxSms          (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
00:10:22.0067 0400        UxSms - ok
00:10:22.0114 0400        vds            (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
00:10:22.0161 0400        vds - ok
00:10:22.0177 0400        vga            (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
00:10:22.0208 0400        vga - ok
00:10:22.0239 0400        VgaSave        (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
00:10:22.0255 0400        VgaSave - ok
00:10:22.0270 0400        viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
00:10:22.0286 0400        viaagp - ok
00:10:22.0286 0400        ViaC7          (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
00:10:22.0333 0400        ViaC7 - ok
00:10:22.0333 0400        viaide          (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
00:10:22.0349 0400        viaide - ok
00:10:22.0364 0400        viamraid        (7dc3e1dc6e4f8be381c31bfea578412a) C:\Windows\system32\drivers\viamraid.sys
00:10:22.0380 0400        viamraid - ok
00:10:22.0411 0400        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
00:10:22.0427 0400        volmgr - ok
00:10:22.0458 0400        volmgrx        (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
00:10:22.0489 0400        volmgrx - ok
00:10:22.0520 0400        volsnap        (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
00:10:22.0536 0400        volsnap - ok
00:10:22.0552 0400        vsmraid        (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
00:10:22.0567 0400        vsmraid - ok
00:10:22.0645 0400        VSS            (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
00:10:22.0724 0400        VSS - ok
00:10:22.0817 0400        VX1000          (f4fab0b9d43a65f79fc838c94006f643) C:\Windows\system32\DRIVERS\VX1000.sys
00:10:22.0895 0400        VX1000 - ok
00:10:22.0989 0400        W32Time        (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
00:10:23.0020 0400        W32Time - ok
00:10:23.0052 0400        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
00:10:23.0099 0400        WacomPen - ok
00:10:23.0130 0400        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
00:10:23.0161 0400        Wanarp - ok
00:10:23.0161 0400        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
00:10:23.0177 0400        Wanarpv6 - ok
00:10:23.0208 0400        wcncsvc        (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
00:10:23.0239 0400        wcncsvc - ok
00:10:23.0286 0400        WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
00:10:23.0302 0400        WcsPlugInService - ok
00:10:23.0317 0400        Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
00:10:23.0333 0400        Wd - ok
00:10:23.0349 0400        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
00:10:23.0395 0400        Wdf01000 - ok
00:10:23.0411 0400        WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
00:10:23.0442 0400        WdiServiceHost - ok
00:10:23.0442 0400        WdiSystemHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
00:10:23.0458 0400        WdiSystemHost - ok
00:10:23.0505 0400        WebClient      (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
00:10:23.0520 0400        WebClient - ok
00:10:23.0552 0400        Wecsvc          (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
00:10:23.0583 0400        Wecsvc - ok
00:10:23.0599 0400        wercplsupport  (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
00:10:23.0614 0400        wercplsupport - ok
00:10:23.0661 0400        WerSvc          (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
00:10:23.0692 0400        WerSvc - ok
00:10:23.0739 0400        WinDefend      (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
00:10:23.0770 0400        WinDefend - ok
00:10:23.0770 0400        WinHttpAutoProxySvc - ok
00:10:23.0833 0400        Winmgmt        (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
00:10:23.0849 0400        Winmgmt - ok
00:10:23.0911 0400        WinRM          (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
00:10:24.0052 0400        WinRM - ok
00:10:24.0083 0400        Wlansvc        (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
00:10:24.0161 0400        Wlansvc - ok
00:10:24.0239 0400        WmiAcpi        (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
00:10:24.0286 0400        WmiAcpi - ok
00:10:24.0317 0400        wmiApSrv        (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
00:10:24.0333 0400        wmiApSrv - ok
00:10:24.0427 0400        WMPNetworkSvc  (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
00:10:24.0520 0400        WMPNetworkSvc - ok
00:10:24.0567 0400        WPCSvc          (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
00:10:24.0599 0400        WPCSvc - ok
00:10:24.0645 0400        WPDBusEnum      (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
00:10:24.0677 0400        WPDBusEnum - ok
00:10:24.0724 0400        WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
00:10:24.0739 0400        WpdUsb - ok
00:10:24.0864 0400        WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
00:10:24.0895 0400        WPFFontCache_v0400 - ok
00:10:24.0927 0400        ws2ifsl        (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
00:10:24.0974 0400        ws2ifsl - ok
00:10:25.0005 0400        wscsvc          (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
00:10:25.0020 0400        wscsvc - ok
00:10:25.0020 0400        WSearch - ok
00:10:25.0114 0400        wuauserv        (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
00:10:25.0208 0400        wuauserv - ok
00:10:25.0333 0400        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:10:25.0380 0400        WUDFRd - ok
00:10:25.0395 0400        wudfsvc        (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
00:10:25.0411 0400        wudfsvc - ok
00:10:25.0520 0400        YahooAUService  (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
00:10:25.0567 0400        YahooAUService - ok
00:10:25.0614 0400        MBR (0x1B8)    (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
00:10:25.0864 0400        \Device\Harddisk0\DR0 - ok
00:10:25.0864 0400        MBR (0x1B8)    (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk9\DR9
00:10:26.0036 0400        \Device\Harddisk9\DR9 - ok
00:10:26.0036 0400        Boot (0x1200)  (cf5de9159ffb1cb8eb6b55b583856064) \Device\Harddisk0\DR0\Partition0
00:10:26.0036 0400        \Device\Harddisk0\DR0\Partition0 - ok
00:10:26.0067 0400        Boot (0x1200)  (3753966672eaaec89d81e786665cec99) \Device\Harddisk0\DR0\Partition1
00:10:26.0067 0400        \Device\Harddisk0\DR0\Partition1 - ok
00:10:26.0067 0400        Boot (0x1200)  (33740cb783757988312b885debdb75eb) \Device\Harddisk9\DR9\Partition0
00:10:26.0067 0400        \Device\Harddisk9\DR9\Partition0 - ok
00:10:26.0083 0400        ============================================================
00:10:26.0083 0400        Scan finished
00:10:26.0083 0400        ============================================================
00:10:26.0083 4604        Detected object count: 6
00:10:26.0083 4604        Actual detected object count: 6
00:11:03.0036 4604        Application Updater ( UnsignedFile.Multi.Generic ) - skipped by user
00:11:03.0036 4604        Application Updater ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:11:03.0036 4604        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
00:11:03.0036 4604        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:11:03.0036 4604        PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
00:11:03.0036 4604        PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:11:03.0036 4604        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
00:11:03.0036 4604        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:11:03.0036 4604        PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
00:11:03.0036 4604        PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:11:03.0036 4604        TestHandler ( UnsignedFile.Multi.Generic ) - skipped by user
00:11:03.0036 4604        TestHandler ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 30.05.2012 23:18
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Ruppi 31.05.2012 00:31
Anbei das Log.
Ich check das ja nicht wirklich, aber ist das Programm "SUPERsetup.exe" echt gefährlich? Denn das steht bei "weitere Löschungen". Das ist nämlich ein von mir häufig benutztes Freeware Programm zum transkodieren von Videos.

Combofix Logfile:
Code:
ComboFix 12-05-30.04 - Michael 31.05.2012  0:24.2.4 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.2047.1070 [GMT 2:00]
ausgeführt von:: c:\users\Michael\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Mozilla Firefox\extensions\searchsettings@spigot.com
c:\users\Michael\cdsExplorer.exe
c:\users\Michael\Desktop\Setup.exe
c:\users\Michael\msgr10de.exe
c:\users\Michael\OTL.exe
c:\users\Michael\SUPERsetup.exe
c:\users\Michael\vlc-1.0.1-win32.exe
c:\windows\IsUn0407.exe
c:\windows\system32\avisynth.dll
c:\windows\system32\devil.dll
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-04-28 bis 2012-05-30  ))))))))))))))))))))))))))))))
.
.
2012-05-30 22:30 . 2012-05-30 22:30        --------        d-----w-        c:\users\Public\AppData\Local\temp
2012-05-30 22:30 . 2012-05-30 22:30        --------        d-----w-        c:\users\Gast\AppData\Local\temp
2012-05-30 22:30 . 2012-05-30 22:30        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-05-30 14:07 . 2012-05-08 16:40        6737808        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{589E5323-701D-4297-A50B-A09B04E5BEC6}\mpengine.dll
2012-05-28 17:37 . 2012-05-28 17:37        --------        d-----w-        C:\_OTL
2012-05-22 09:10 . 2012-05-22 09:10        --------        d-----w-        c:\programdata\WindowsSearch
2012-05-21 19:43 . 2012-05-21 19:43        --------        d-----w-        c:\program files\ESET
2012-05-19 02:27 . 2012-04-04 13:56        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-05-19 01:58 . 2012-05-19 01:57        476960        ----a-w-        c:\windows\system32\npdeployJava1.dll
2012-05-17 15:35 . 2012-03-22 11:43        2557952        ----a-w-        c:\windows\system32\QtCore4.dll
2012-05-17 15:35 . 2012-04-18 11:49        405176        ----a-w-        c:\windows\system32\Newtonsoft.Json.Net20.dll
2012-05-17 15:35 . 2012-05-17 15:35        --------        d-----w-        c:\program files\Common Files\DVDVideoSoft
2012-05-17 15:35 . 2012-03-06 13:43        772248        ----a-w-        c:\windows\system32\msvcr100.dll
2012-05-17 15:35 . 2012-05-17 15:35        --------        d-----w-        c:\program files\DVDVideoSoft
2012-05-17 15:35 . 2012-03-06 13:43        80024        ----a-w-        c:\windows\system32\mfcm100u.dll
2012-05-17 15:35 . 2012-03-06 13:43        4421272        ----a-w-        c:\windows\system32\mfc100u.dll
2012-05-17 15:35 . 2012-03-06 13:43        419480        ----a-w-        c:\windows\system32\msvcp100.dll
2012-05-17 15:35 . 2012-03-06 13:43        136344        ----a-w-        c:\windows\system32\atl100.dll
2012-05-17 15:33 . 2012-05-17 15:35        --------        d-----w-        c:\users\Michael\AppData\Roaming\DVDVideoSoft
2012-05-14 15:20 . 2012-05-14 16:13        --------        d-----w-        c:\users\Gast2\AppData\Local\Adobe
2012-05-10 08:54 . 2012-04-03 08:16        3602816        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2012-05-10 08:54 . 2012-04-03 08:16        3550080        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-05-10 08:54 . 2012-04-02 13:36        2044928        ----a-w-        c:\windows\system32\win32k.sys
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-19 01:57 . 2010-08-16 09:07        472864        ----a-w-        c:\windows\system32\deployJava1.dll
2012-05-05 19:51 . 2012-04-10 19:04        419488        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-05-05 19:51 . 2011-05-19 08:05        70304        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2006-05-03 09:06        163328        --sh--r-        c:\windows\System32\flvDX.dll
2007-02-21 10:47        31232        --sh--r-        c:\windows\System32\msfDX.dll
2008-03-16 12:30        216064        --sh--r-        c:\windows\System32\nbDX.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-07-06 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-06 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-06 81920]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-27 98304]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^Users^Michael^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^E-Mail - Verknüpfung.lnk]
path=c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\E-Mail - Verknüpfung.lnk
backup=c:\windows\pss\E-Mail - Verknüpfung.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Michael^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Internet - Verknüpfung.lnk]
path=c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Internet - Verknüpfung.lnk
backup=c:\windows\pss\Internet - Verknüpfung.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 08:07        843712        ----a-r-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41        37296        ----a-w-        c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2008-03-11 01:20        689488        ----a-w-        c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2009-01-29 22:20        57344        ----a-w-        c:\program files\SlySoft\CloneCD\CloneCDTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-06-24 14:06        1840424        ----a-w-        c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-09-03 16:39        4702208        ----a-w-        c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
2010-01-07 23:36        974848        ----a-w-        c:\program files\pdfforge Toolbar\SearchSettings.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-10 21:28        1233920        ----a-w-        c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-08-03 11:22        1826816        ----a-w-        c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-01-18 01:02        274608        ----a-w-        c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
2007-04-10 21:46        709992        ----a-w-        c:\windows\vVX1000.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-18 21:33        202240        ----a-w-        c:\program files\Windows Media Player\wmpnscfg.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 38902551
*Deregistered* - 38902551
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 19:51]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.n-tv.de/
uInternet Settings,ProxyServer = www-proxy.t-online.de:80
IE: Free YouTube Download - c:\users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: comdirect.de
Trusted Zone: comdirect.de\brokerage
Trusted Zone: salsa-munich.de\www
TCP: DhcpNameServer = 192.168.2.1
DPF: {0F7A9297-7268-11D1-B81A-00A076C01B0A} - hxxp://www.cartesianinc.com/Exec/CpcViewAX/CpcViewAX.cab
FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\uhvu7q81.default\
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=vmn&type=vdio5&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-ArcSoft PhotoStudio 2000 - c:\windows\IsUn0407.exe
AddRemove-AVIConverter - c:\program files\AVIConverter\uninst.exe
AddRemove-HTTS 2.10 - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-05-31 00:30
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
 [0] 0x00600060
 [0] 0x00700040
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-05-31  00:33:16
ComboFix-quarantined-files.txt  2012-05-30 22:32
ComboFix2.txt  2010-08-01 23:19
.
Vor Suchlauf: 28 Verzeichnis(se), 133.806.813.184 Bytes frei
Nach Suchlauf: 32 Verzeichnis(se), 133.769.707.520 Bytes frei
.
- - End Of File - - A07A188615B4227F8A6B298ED761C272
--- --- ---

cosinus 31.05.2012 08:33
Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Ruppi 01.06.2012 11:03
Bevor ich die weiteren Schritte mache habe ich eine Frage.
Seitdem das Combofix gelaufen ist, habe ich nämlich ein Problem: Ich kann mit dem Windows Editor nichts mehr speichern. Da kommt jetzt immer folgende Fehlermeldung:

http://s1.directupload.net/images/120601/eooyog6j.jpg

cosinus 01.06.2012 14:12
Weiß ich nicht jetzt woran das liegt. Kannst du woanders mit notepad was abspeichern oder kommt die Meldung immer? Auch bei anderen Programmen?
Evtl seh ich den Fehler in den anderen Logs also von GMER, OSAM und aswMBR

Ruppi 01.06.2012 16:10
Danke für Deine Antwort, aber GMER, OSAM und aswMBR hab ich noch gar nicht ausgeführt.
Das Problem tritt seit dem Fix mit Combofix auf.
Es ist egal, wo ich etwas mit Notepad speichern möchte.
Ich bekomme die Meldung auch, wenn ich mit Notepad etwas öffnen möchte.
Was könnte man da tun?

Erst mal das GMER Log:

[code]
GMER Logfile:
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-02 01:29:09
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 ST3500630AS rev.3.AAD
Running: zwqwwuo7.exe; Driver: C:\Users\Michael\AppData\Local\Temp\uxtiifow.sys


---- System - GMER 1.0.15 ----

SSDT            8BC63B26                                                                                            ZwCreateSection
SSDT            8BC63B2B                                                                                            ZwSetContextThread
SSDT            8BC63AC7                                                                                            ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text          ntoskrnl.exe!KeInsertQueue + 405                                                                    82884A3C 4 Bytes  [26, 3B, C6, 8B]
.text          ntoskrnl.exe!KeInsertQueue + 75D                                                                    82884D94 4 Bytes  [2B, 3B, C6, 8B]
.text          ntoskrnl.exe!KeInsertQueue + 811                                                                    82884E48 4 Bytes  [C7, 3A, C6, 8B]
.text          C:\Windows\system32\DRIVERS\atikmdag.sys                                                            section is writeable [0x8D40F000, 0x2FBAB4, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text          C:\Users\Gast2\AppData\Local\Mozilla Firefox\firefox.exe[4708] ntdll.dll!LdrLoadDll                  77229378 5 Bytes  JMP 5F42C930 C:\Users\Gast2\AppData\Local\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text          C:\Users\Gast2\AppData\Local\Mozilla Firefox\firefox.exe[4708] kernel32.dll!MapViewOfFile            766A6B10 5 Bytes  JMP 5F65E083 C:\Users\Gast2\AppData\Local\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text          C:\Users\Gast2\AppData\Local\Mozilla Firefox\firefox.exe[4708] kernel32.dll!VirtualAlloc            766AAF75 5 Bytes  JMP 5F65E0AA C:\Users\Gast2\AppData\Local\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text          C:\Users\Gast2\AppData\Local\Mozilla Firefox\firefox.exe[4708] GDI32.dll!CreateDIBSection            76747461 5 Bytes  JMP 5F65E00D C:\Users\Gast2\AppData\Local\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\Windows\Explorer.EXE[3152] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                [73EE7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3152] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                [73F2B4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3152] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]            [73EEBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3152] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]      [73EDF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3152] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                [73EE75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3152] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]              [73EDE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3152] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]  [73F173F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3152] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]    [73EEDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3152] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]            [73EDFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3152] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]              [73EDFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3152] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]              [73ED71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3152] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]      [73F6CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3152] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]          [73F0C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3152] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]            [73EDD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3152] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                      [73ED6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3152] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                      [73ED687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3152] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]        [73EE2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3288] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                [73EE7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3288] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                [73F2B4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3288] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]            [73EEBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3288] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]      [73EDF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3288] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                [73EE75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3288] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]              [73EDE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3288] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]  [73F173F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3288] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]    [73EEDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3288] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]            [73EDFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3288] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]              [73EDFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3288] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]              [73ED71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3288] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]      [73F6CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3288] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]          [73F0C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3288] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]            [73EDD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3288] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                      [73ED6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3288] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                      [73ED687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3288] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]        [73EE2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\fastfat \Fat                                                                            fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
--- --- ---

Das Problem mit dem Notepad hat sich übrigens erledigt. Ich hatte da einen USB card reader dran, der war schuld.Sorry für die Verwirrung!

Hier der OSAM Log:

Code:
OSAM Logfile:

       
Code:

       
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 14:25:10 on 02.06.2012

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime Alternative\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\Michael\AppData\Local\Temp\catchme.sys  (File not found)
"ElbyCDFL" (ElbyCDFL) - "SlySoft, Inc." - C:\Windows\System32\Drivers\ElbyCDFL.sys
"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys
"ElbyDelay" (ElbyDelay) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyDelay.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{D3F9A525-8824-497A-BE36-B23E22F141FC} "ACShell Class" - "Romain Petges" - C:\Program Files\Attribute Changer\acshell.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll
{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\program files\real\realplayer\rpshell.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_32" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} "Java Plug-in 1.6.0_32" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_32" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_32.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab
{166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\Windows\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{0F7A9297-7268-11D1-B81A-00A076C01B0A} "{0F7A9297-7268-11D1-B81A-00A076C01B0A}" - ? -   (File not found | COM-object registry key not found) / hxxp://www.cartesianinc.com/Exec/CpcViewAX/CpcViewAX.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
{77BF5300-1474-4EC7-9980-D32B190E9B07} "ClsidExtension" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
{77BF5300-1474-4EC7-9980-D32B190E9B07} "Skype" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll
{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} "Skype add-on (mastermind)" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"MSCamSvc" (MSCamSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft LifeCam\MSCamS32.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
Un hier noch der aswMBR Log:

Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-02 14:29:14
-----------------------------
14:29:14.878    OS Version: Windows 6.0.6002 Service Pack 2
14:29:14.878    Number of processors: 4 586 0xF0B
14:29:14.878    ComputerName: MICHAEL-PC  UserName: Michael
14:29:51.160    Initialize success
14:30:49.524    AVAST engine defs: 12060200
14:31:04.743    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
14:31:04.758    Disk 0 Vendor: ST3500630AS 3.AAD Size: 476940MB BusType: 3
14:31:04.758    Disk 0 MBR read successfully
14:31:04.774    Disk 0 MBR scan
14:31:04.774    Disk 0 Windows VISTA default MBR code
14:31:04.774    Disk 0 Partition 1 00    27 Hidden NTFS WinRE NTFS        12000 MB offset 2048
14:31:04.789    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS      310627 MB offset 24578048
14:31:04.821    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS      154311 MB offset 660742144
14:31:04.821    Disk 0 scanning sectors +976771072
14:31:04.899    Disk 0 scanning C:\Windows\system32\drivers
14:31:13.289    Service scanning
14:31:30.274    Modules scanning
14:31:35.368    Disk 0 trace - called modules:
14:31:35.383    ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
14:31:35.383    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8599a6b0]
14:31:35.383    3 CLASSPNP.SYS[8336c8b3] -> nt!IofCallDriver -> [0x856c2918]
14:31:35.383    5 acpi.sys[8324a6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x856c0030]
14:31:36.102    AVAST engine scan C:\Windows
14:31:39.477    AVAST engine scan C:\Windows\system32
14:34:12.946    AVAST engine scan C:\Windows\system32\drivers
14:34:24.164    AVAST engine scan C:\Users\Michael
14:57:16.664    AVAST engine scan C:\ProgramData
14:58:46.289    Scan finished successfully
15:02:19.274    Disk 0 MBR has been saved successfully to "C:\Users\Michael\Desktop\MBR.dat"
15:02:19.321    The log file has been saved successfully to "C:\Users\Michael\Desktop\aswMBR.txt"

cosinus 02.06.2012 15:54
Zitat:
Ich bekomme die Meldung auch, wenn ich mit Notepad etwas öffnen möchte.
Was könnte man da tun?
Ich hab doch geschrieben, dass ich das so nicht weiß! Außerdem hast du nicht meine Frage ob das auch bei anderen Programm auftritt beantwortet

Ruppi 02.06.2012 19:30
Danke für Deine Antwort!
Ich hatte das so verstanden, dass Du wissen wolltest, ob das auch beim speichern in anderen Verzeichnissen ("wo anders") auftritt.

Aber das hat sich nun eh erledigt, weil ein angeschlossener USB card reader dran war, der offenbar gestört hat. Nach dem absöpeln hat sich das Notepadproblem erledigt.

Wie sieht es aus mit den Logs von GMER , OSAM und aswMBR? Passt da alles?

Danke für eine Antwort!
Viele Grüße
Ruppi

cosinus 02.06.2012 20:57
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Ruppi 02.06.2012 23:48
Malewarebytes:

Code:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.02.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Michael :: MICHAEL-PC [Administrator]

02.06.2012 22:23:26
mbam-log-2012-06-02 (22-23-26).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 394848
Laufzeit: 55 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
SUPERAntiSpyware Log:

ANM24I.ZIP ist allerdings ein Fehlalarm, weil ein harmloses Bildbearbeitungstool.

Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 06/03/2012 at 01:48 AM

Application Version : 5.0.1150

Core Rules Database Version : 8675
Trace Rules Database Version: 6487

Scan type      : Complete Scan
Total Scan Time : 00:52:00

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Administrator

Memory items scanned      : 930
Memory threats detected  : 0
Registry items scanned    : 37202
Registry threats detected : 0
File items scanned        : 45739
File threats detected    : 507

Adware.Tracking Cookie
        C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@ad.ad-srv[2].txt [ /ad.ad-srv ]
        C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@ad.adnet[1].txt [ /ad.adnet ]
        C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@ad.adserver01[2].txt [ /ad.adserver01 ]
        C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@ad.yieldmanager[2].txt [ /ad.yieldmanager ]
        C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@ad2.adfarm1.adition[1].txt [ /ad2.adfarm1.adition ]
        C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@ad3.adfarm1.adition[1].txt [ /ad3.adfarm1.adition ]
        C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@adinterax[2].txt [ /adinterax ]
        C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@ads.123recht[1].txt [ /ads.123recht ]
        C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@ads.creative-serving[2].txt [ /ads.creative-serving ]
        C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@ads5.wwe[2].txt [ /ads5.wwe ]
        C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@adserver[1].txt [ /adserver ]
        C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@adsrv.admediate[2].txt [ /adsrv.admediate ]
        C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@adtech[1].txt [ /adtech ]
        C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@adtech[2].txt [ /adtech ]
        C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@adviva[1].txt [ /adviva ]
        C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@adx.chip[1].txt [ /adx.chip ]
        C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@atdmt[2].txt [ /atdmt ]
        C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@collective-media[2].txt [ /collective-media ]
        C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@content.yieldmanager[1].txt [ /content.yieldmanager ]
        C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@doubleclick[1].txt [ /doubleclick ]
        C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@doubleclick[2].txt [ /doubleclick ]
        C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@eas4.emediate[2].txt [ /eas4.emediate ]
        C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@imrworldwide[2].txt [ /imrworldwide ]
        C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@msnportal.112.2o7[1].txt [ /msnportal.112.2o7 ]
        C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@revsci[1].txt [ /revsci ]
        C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@rotator.adjuggler[2].txt [ /rotator.adjuggler ]
        C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@specificclick[1].txt [ /specificclick ]
        C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@stats.viessmann[2].txt [ /stats.viessmann ]
        C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@tracking.mlsat02[1].txt [ /tracking.mlsat02 ]
        C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@tradedoubler[2].txt [ /tradedoubler ]
        C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@traffictrack[1].txt [ /traffictrack ]
        C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@unitymedia[2].txt [ /unitymedia ]
        C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@webmasterplan[2].txt [ /webmasterplan ]
        C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@webmasterplan[3].txt [ /webmasterplan ]
        C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@www.googleadservices[2].txt [ /www.googleadservices ]
        C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@www.humidordiscount[1].txt [ /www.humidordiscount ]
        C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@www.office-discount[1].txt [ /www.office-discount ]
        C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@www.office-discount[2].txt [ /www.office-discount ]
        C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@youporn[1].txt [ /youporn ]
        C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\QSKJ068A.txt [ /mediaplex.com ]
        C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\WSVST6R9.txt [ /yieldmanager.net ]
        C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\C6VR41S9.txt [ /liveperson.net ]
        C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\KZRKGDFA.txt [ /invitemedia.com ]
        C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\63P3IA15.txt [ /eas.apm.emediate.eu ]
        C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@de.sitestat[1].txt [ /de.sitestat.com ]
        C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\KJMHOZX7.txt [ /fastclick.net ]
        C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\E624IK0F.txt [ /ad.zanox.com ]
        C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\ZEXXFR42.txt [ /sales.liveperson.net ]
        C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\POFZZDBE.txt [ /ad.yieldmanager.com ]
        C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\UDT425GY.txt [ /zanox.com ]
        C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\W13J2TCU.txt [ /tracking.quisma.com ]
        C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\3NPE5P9F.txt [ /2o7.net ]
        C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\Q9TW2ULM.txt [ /im.banner.t-online.de ]
        C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\1TR66UWC.txt [ /serving-sys.com ]
        C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\50X5IDBR.txt [ /smartadserver.com ]
        C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\B9WGTU3C.txt [ /ad1.adfarm1.adition.com ]
        C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\OTTZMRPA.txt [ /content.yieldmanager.com ]
        C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\MLATPI78.txt [ /statcounter.com ]
        C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\7FQ2SCYS.txt [ /adfarm1.adition.com ]
        C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\BMW6AYPT.txt [ /apmebf.com ]
        C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\LW22SJI4.txt [ /liveperson.net ]
        C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\CHMO482N.txt [ /partypoker.com ]
        C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\5O0FM9Z1.txt [ /content.yieldmanager.com ]
        C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\R0FHNRDN.txt [ /bs.serving-sys.com ]
        C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\BI8XTOLW.txt [ /atdmt.com ]
        C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\VG0C1R6R.txt [ /dyntracker.com ]
        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\gast@tracking.quisma[2].txt [ Cookie:gast@tracking.quisma.com/ ]
        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\gast@statse.webtrendslive[2].txt [ Cookie:gast@statse.webtrendslive.com/ ]
        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\gast@invitemedia[1].txt [ Cookie:gast@invitemedia.com/ ]
        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\1J8YINT4.txt [ Cookie:gast@c.atdmt.com/ ]
        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\gast@msnportal.112.2o7[1].txt [ Cookie:gast@msnportal.112.2o7.net/ ]
        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\gast@de.sitestat[4].txt [ Cookie:gast@de.sitestat.com/karstadt-de/karstadt/ ]
        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\gast@adserver.traffictrack[2].txt [ Cookie:gast@adserver.traffictrack.de/ ]
        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\gast@de.sitestat[5].txt [ Cookie:gast@de.sitestat.com/karstadt-de/ ]
        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\gast@stat.aldi[1].txt [ Cookie:gast@stat.aldi.com/ ]
        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\gast@guj.122.2o7[1].txt [ Cookie:gast@guj.122.2o7.net/ ]
        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\gast@tracking.hannoversche[1].txt [ Cookie:gast@tracking.hannoversche.de/ ]
        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\gast@adfarm1.adition[1].txt [ Cookie:gast@adfarm1.adition.com/ ]
        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\KN6AYW1F.txt [ Cookie:gast@doubleclick.net/ ]
        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\gast@ad.adserver01[1].txt [ Cookie:gast@ad.adserver01.de/ ]
        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\gast@track.webtrekk[1].txt [ Cookie:gast@track.webtrekk.de/332313554893124/ ]
        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\gast@ad1.adfarm1.adition[1].txt [ Cookie:gast@ad1.adfarm1.adition.com/ ]
        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\gast@tracking.mlsat02[2].txt [ Cookie:gast@tracking.mlsat02.de/tmobile/ ]
        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\gast@ad.adition[2].txt [ Cookie:gast@ad.adition.net/ ]
        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\gast@clicks.pangora[2].txt [ Cookie:gast@clicks.pangora.com/ ]
        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\gast@traffictrack[2].txt [ Cookie:gast@traffictrack.de/ ]
        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\VM4QOUM7.txt [ Cookie:gast@adxpose.com/ ]
        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\gast@ad.yieldmanager[2].txt [ Cookie:gast@ad.yieldmanager.com/ ]
        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\gast@de.sitestat[1].txt [ Cookie:gast@de.sitestat.com/is24/is24/ ]
        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\gast@tradedoubler[1].txt [ Cookie:gast@tradedoubler.com/ ]
        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\gast@unitymedia[1].txt [ Cookie:gast@unitymedia.de/ ]
        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\gast@track.effiliation[3].txt [ Cookie:gast@track.effiliation.com/servlet/ ]
        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\gast@apmebf[1].txt [ Cookie:gast@apmebf.com/ ]
        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\gast@mediaplex[2].txt [ Cookie:gast@mediaplex.com/ ]
        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\gast@xiti[1].txt [ Cookie:gast@xiti.com/ ]
        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\gast@specificclick[1].txt [ Cookie:gast@specificclick.net/ ]
        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\gast@rotator.adjuggler[1].txt [ Cookie:gast@rotator.adjuggler.com/ ]
        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\gast@roitracking[1].txt [ Cookie:gast@roitracking.net/ ]
        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\gast@stat.dealtime[2].txt [ Cookie:gast@stat.dealtime.com/ ]
        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\gast@interclick[1].txt [ Cookie:gast@interclick.com/ ]
        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\gast@adserv.chirurgie-portal[2].txt [ Cookie:gast@adserv.chirurgie-portal.de/ ]
        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\gast@ad2.adfarm1.adition[2].txt [ Cookie:gast@ad2.adfarm1.adition.com/ ]
        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\gast@statcounter[1].txt [ Cookie:gast@statcounter.com/ ]
        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\gast@de.sitestat[2].txt [ Cookie:gast@de.sitestat.com/pm/muenchen-de/ ]
        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\gast@adtech[1].txt [ Cookie:gast@adtech.de/ ]
        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\gast@ads.quartermedia[2].txt [ Cookie:gast@ads.quartermedia.de/ ]
        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\gast@www.googleadservices[1].txt [ Cookie:gast@www.googleadservices.com/pagead/conversion/1044891729/ ]
        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\gast@advertising[2].txt [ Cookie:gast@advertising.com/ ]
        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\gast@imrworldwide[2].txt [ Cookie:gast@imrworldwide.com/cgi-bin ]
        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\gast@zanox-affiliate[1].txt [ Cookie:gast@zanox-affiliate.de/ ]
        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\7D12RNNB.txt [ Cookie:gast@serving-sys.com/ ]
        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\gast@ad.adnet[1].txt [ Cookie:gast@ad.adnet.de/ ]
        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\gast@www.googleadservices[2].txt [ Cookie:gast@www.googleadservices.com/pagead/conversion/1038913304/ ]
        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\gast@webmasterplan[1].txt [ Cookie:gast@webmasterplan.com/ ]
        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\gast@track.effiliation[2].txt [ Cookie:gast@track.effiliation.com/ ]
        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\gast@collective-media[2].txt [ Cookie:gast@collective-media.net/ ]
        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\gast@2o7[2].txt [ Cookie:gast@2o7.net/ ]
        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\gast@ru4[2].txt [ Cookie:gast@ru4.com/ ]
        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\gast@ad3.adfarm1.adition[2].txt [ Cookie:gast@ad3.adfarm1.adition.com/ ]
        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\gast@questionmarket[1].txt [ Cookie:gast@questionmarket.com/ ]
        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\gast@www.office-discount[2].txt [ Cookie:gast@www.office-discount.de/webapp/wcs/stores/servlet/ ]
        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\gast@www.office-discount[1].txt [ Cookie:gast@www.office-discount.de/ ]
        C:\USERS\GAST2\AppData\Roaming\Microsoft\Windows\Cookies\Low\LCZYR16T.txt [ Cookie:gast2@zanox.com/ ]
        C:\USERS\GAST2\AppData\Roaming\Microsoft\Windows\Cookies\Low\X95QYUN2.txt [ Cookie:gast2@ad2.adfarm1.adition.com/ ]
        C:\USERS\GAST2\AppData\Roaming\Microsoft\Windows\Cookies\Low\BV8XITW2.txt [ Cookie:gast2@apmebf.com/ ]
        C:\USERS\GAST2\AppData\Roaming\Microsoft\Windows\Cookies\Low\P9UGCIZY.txt [ Cookie:gast2@specificclick.net/ ]
        C:\USERS\GAST2\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y3AINT15.txt [ Cookie:gast2@webmasterplan.com/ ]
        C:\USERS\GAST2\AppData\Roaming\Microsoft\Windows\Cookies\Low\HIOVM0RE.txt [ Cookie:gast2@countomat.com/ ]
        C:\USERS\GAST2\AppData\Roaming\Microsoft\Windows\Cookies\Low\H4C6KI87.txt [ Cookie:gast2@ad.trendcounter.com/ ]
        C:\USERS\GAST2\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZNCYUPGX.txt [ Cookie:gast2@bs.serving-sys.com/ ]
        C:\USERS\GAST2\AppData\Roaming\Microsoft\Windows\Cookies\Low\DSQ4GBC3.txt [ Cookie:gast2@ad4.adfarm1.adition.com/ ]
        C:\USERS\GAST2\AppData\Roaming\Microsoft\Windows\Cookies\Low\6YR3U099.txt [ Cookie:gast2@doubleclick.net/ ]
        C:\USERS\GAST2\AppData\Roaming\Microsoft\Windows\Cookies\Low\8VVMSYTH.txt [ Cookie:gast2@quartermedia.de/ ]
        C:\USERS\GAST2\AppData\Roaming\Microsoft\Windows\Cookies\Low\K5DYLSJ4.txt [ Cookie:gast2@ad.zanox.com/ ]
        C:\USERS\GAST2\AppData\Roaming\Microsoft\Windows\Cookies\Low\QVZ2JYEQ.txt [ Cookie:gast2@adform.net/ ]
        C:\USERS\GAST2\AppData\Roaming\Microsoft\Windows\Cookies\Low\1NG8N53F.txt [ Cookie:gast2@imrworldwide.com/cgi-bin ]
        C:\USERS\GAST2\AppData\Roaming\Microsoft\Windows\Cookies\Low\CVEQ9CLI.txt [ Cookie:gast2@revsci.net/ ]
        C:\USERS\GAST2\AppData\Roaming\Microsoft\Windows\Cookies\Low\WKE6SMZR.txt [ Cookie:gast2@msnportal.112.2o7.net/ ]
        C:\USERS\GAST2\AppData\Roaming\Microsoft\Windows\Cookies\Low\8CDMJ369.txt [ Cookie:gast2@adviva.net/ ]
        C:\USERS\GAST2\AppData\Roaming\Microsoft\Windows\Cookies\Low\A1CMRUWS.txt [ Cookie:gast2@ad3.adfarm1.adition.com/ ]
        C:\USERS\GAST2\AppData\Roaming\Microsoft\Windows\Cookies\Low\RC2Y0QFG.txt [ Cookie:gast2@atdmt.com/ ]
        C:\USERS\GAST2\AppData\Roaming\Microsoft\Windows\Cookies\Low\6WZJDX0D.txt [ Cookie:gast2@track.adform.net/ ]
        C:\USERS\GAST2\AppData\Roaming\Microsoft\Windows\Cookies\Low\0URXLL9W.txt [ Cookie:gast2@tracking.quisma.com/ ]
        C:\USERS\GAST2\AppData\Roaming\Microsoft\Windows\Cookies\Low\927VZ6PP.txt [ Cookie:gast2@tradedoubler.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@wlw.122.2o7[1].txt [ Cookie:michael@wlw.122.2o7.net/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@de.sitestat[6].txt [ Cookie:michael@de.sitestat.com/tnm/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@ads1.moonchildmedia[1].txt [ Cookie:michael@ads1.moonchildmedia.de/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\BAXFFDLN.txt [ Cookie:michael@mediaplex.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@www.findstandards[2].txt [ Cookie:michael@www.findstandards.info/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@msnportal.112.2o7[2].txt [ Cookie:michael@msnportal.112.2o7.net/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\QWT1FOSQ.txt [ Cookie:michael@webmasterplan.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@tracking.klicktel[1].txt [ Cookie:michael@tracking.klicktel.de/dcsss9ls200000oevks2cey4q_8r3x ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\I613TTEV.txt [ Cookie:michael@eas.apm.emediate.eu/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\BYEQCDW9.txt [ Cookie:michael@fastclick.net/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@tracking.hannoversche[2].txt [ Cookie:michael@tracking.hannoversche.de/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@google[3].txt [ Cookie:michael@google.com/accounts/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@de.sitestat[3].txt [ Cookie:michael@de.sitestat.com/sueddeutscher/stuttgarter-nachrichten/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\UTSZ3C2X.txt [ Cookie:michael@banner.testberichte.de/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\T3ZZ3AAR.txt [ Cookie:michael@zanox-affiliate.de/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@dc.tremormedia[1].txt [ Cookie:michael@dc.tremormedia.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\ST7K8MRY.txt [ Cookie:michael@adinterax.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@de.sitestat[1].txt [ Cookie:michael@de.sitestat.com/sueddeutsche/sueddeutsche/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\9ZJ3JWZK.txt [ Cookie:michael@philips.112.2o7.net/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@www6.addfreestats[1].txt [ Cookie:michael@www6.addfreestats.com/cgi-bin ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@imrworldwide[2].txt [ Cookie:michael@imrworldwide.com/cgi-bin ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\WJ9FM2ZM.txt [ Cookie:michael@ad.adserver01.de/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\8LATMR20.txt [ Cookie:michael@clicks.pangora.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@go.dynamic-tracking[1].txt [ Cookie:michael@go.dynamic-tracking.de/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\DBQUJACR.txt [ Cookie:michael@deutschepostag.112.2o7.net/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\3IA0ZNOX.txt [ Cookie:michael@serving-sys.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\QJQYX1LP.txt [ Cookie:michael@smartadserver.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@humidordiscount[2].txt [ Cookie:michael@humidordiscount.de/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\2RIYOZGC.txt [ Cookie:michael@www.google.com/accounts ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\0E7HY60B.txt [ Cookie:michael@statcounter.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@microsoftsto.112.2o7[1].txt [ Cookie:michael@microsoftsto.112.2o7.net/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\YH6J7UW0.txt [ Cookie:michael@apmebf.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\II731IY9.txt [ Cookie:michael@ad.adnet.de/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@de.sitestat[5].txt [ Cookie:michael@de.sitestat.com/tnm/plus/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\VF7TWH8S.txt [ Cookie:michael@advertising.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@vodafonegroup.122.2o7[1].txt [ Cookie:michael@vodafonegroup.122.2o7.net/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@interclick[1].txt [ Cookie:michael@interclick.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\PPH2QPAE.txt [ Cookie:michael@track.adform.net/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\8UXXH1YR.txt [ Cookie:michael@zbox.zanox.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@fr.sitestat[2].txt [ Cookie:michael@fr.sitestat.com/eurosport/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\15Z8AQLS.txt [ Cookie:michael@atdmt.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\4EPRHH2O.txt [ Cookie:michael@bs.serving-sys.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\9V3E8JKV.txt [ Cookie:michael@pornografish.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\KWKRTSDC.txt [ Cookie:michael@ad1.emediate.dk/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\3Y6IE4JB.txt [ Cookie:michael@statse.webtrendslive.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\T4MYWM5R.txt [ Cookie:michael@tracking.3gnet.de/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\IJ4CYNUF.txt [ Cookie:michael@fl01.ct2.comclick.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@de.sitestat[9].txt [ Cookie:michael@de.sitestat.com/otto-de/otto-de/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@fr.sitestat[1].txt [ Cookie:michael@fr.sitestat.com/eurosport/yahoode/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\7X2ZK6SH.txt [ Cookie:michael@www.active-tracking.de/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@www.counter-gratis[2].txt [ Cookie:michael@www.counter-gratis.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@adsrv.admediate[1].txt [ Cookie:michael@adsrv.admediate.net/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\2QRC5E4H.txt [ Cookie:michael@dealtime.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@ads5.wwe[1].txt [ Cookie:michael@ads5.wwe.biz/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\YSZSKWG2.txt [ Cookie:michael@track.effiliation.com/servlet/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@snapfish.112.2o7[1].txt [ Cookie:michael@snapfish.112.2o7.net/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\LAGZT9T8.txt [ Cookie:michael@delivery.atkmedia.de/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@szmstat.sueddeutsche[2].txt [ Cookie:michael@szmstat.sueddeutsche.de/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@www.piwik.fell-media[1].txt [ Cookie:michael@www.piwik.fell-media.de/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@bluestreak[1].txt [ Cookie:michael@bluestreak.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\7X6TVSP7.txt [ Cookie:michael@pro-market.net/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@in.getclicky[1].txt [ Cookie:michael@in.getclicky.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\E0DFXMT2.txt [ Cookie:michael@casalemedia.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@cdn5.specificclick[1].txt [ Cookie:michael@cdn5.specificclick.net/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\IM239PJA.txt [ Cookie:michael@ad1.adfarm1.adition.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@weihnachtsmarkt-finder[1].txt [ Cookie:michael@weihnachtsmarkt-finder.de/admin/phpmv/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\KN7FGR8Y.txt [ Cookie:michael@ad3.adfarm1.adition.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@de.sitestat[7].txt [ Cookie:michael@de.sitestat.com/is24/is24/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@adserver.traffictrack[2].txt [ Cookie:michael@adserver.traffictrack.de/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@stat.heinze[2].txt [ Cookie:michael@stat.heinze.de/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@guj.122.2o7[1].txt [ Cookie:michael@guj.122.2o7.net/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\0XWQQYK4.txt [ Cookie:michael@www.usenext.de/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@vinvest.122.2o7[1].txt [ Cookie:michael@vinvest.122.2o7.net/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@adserver.yopi[1].txt [ Cookie:michael@adserver.yopi.de/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@tele2de.112.2o7[2].txt [ Cookie:michael@tele2de.112.2o7.net/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\PTY8KHN0.txt [ Cookie:michael@adform.net/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@www.trackingcenter[1].txt [ Cookie:michael@www.trackingcenter.de/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\08U4ZMRS.txt [ Cookie:michael@maxicounter.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\17TJBIKF.txt [ Cookie:michael@count.xhit.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\XFD7YN5N.txt [ Cookie:michael@adserver1.mokono.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@myhammer.122.2o7[1].txt [ Cookie:michael@myhammer.122.2o7.net/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\I7HCJL6E.txt [ Cookie:michael@invitemedia.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@track.effiliation[2].txt [ Cookie:michael@track.effiliation.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\VZ35XMDH.txt [ Cookie:michael@zedo.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@e-2dj6wjliqid5wco.stats.esomniture[2].txt [ Cookie:michael@e-2dj6wjliqid5wco.stats.esomniture.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@holidaycheckag.122.2o7[1].txt [ Cookie:michael@holidaycheckag.122.2o7.net/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@xiti[1].txt [ Cookie:michael@xiti.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\R2ZAMO6G.txt [ Cookie:michael@heizungsfinder.de/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\BO6B98ZU.txt [ Cookie:michael@yadro.ru/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@stats.testbericht[1].txt [ Cookie:michael@stats.testbericht.de/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@adserver.domainorganizer[2].txt [ Cookie:michael@adserver.domainorganizer.de/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@gostats[1].txt [ Cookie:michael@gostats.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\MVGN6NR1.txt [ Cookie:michael@microsoftwindows.112.2o7.net/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@legsex[1].txt [ Cookie:michael@legsex.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\IO8JRCUY.txt [ Cookie:michael@www.heizungsfinder.de/forum/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@thefind[1].txt [ Cookie:michael@thefind.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@vdwp.solution.weborama[2].txt [ Cookie:michael@vdwp.solution.weborama.fr/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\RUUVORMT.txt [ Cookie:michael@spylog.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@track.webtrekk[1].txt [ Cookie:michael@track.webtrekk.de/300002139009955/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@CA1S3ONI.txt [ Cookie:michael@de.sitestat.com/karstadt-de/karstadt/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@tracking.9flats[2].txt [ Cookie:michael@tracking.9flats.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@adxpose[1].txt [ Cookie:michael@adxpose.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\N3EUKJ3B.txt [ Cookie:michael@eyewonder.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\78GNA1EL.txt [ Cookie:michael@stats.viessmann.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZDL249XF.txt [ Cookie:michael@adviva.net/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@stats.lexisnexis[1].txt [ Cookie:michael@stats.lexisnexis.de/piwik/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@secmedia[1].txt [ Cookie:michael@secmedia.de/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\H0BJ1IUM.txt [ Cookie:michael@adcentriconline.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@yieldmanager[1].txt [ Cookie:michael@yieldmanager.net/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@mediathek.daserste[1].txt [ Cookie:michael@mediathek.daserste.de/daserste/servlet/content/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@verticaltechmedia[1].txt [ Cookie:michael@verticaltechmedia.de/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@stats.freak-search[1].txt [ Cookie:michael@stats.freak-search.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\SU6XEDOP.txt [ Cookie:michael@urbia.wwe-media.de/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@stats.iwu[1].txt [ Cookie:michael@stats.iwu.de/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@estat[1].txt [ Cookie:michael@estat.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@smileycentral[1].txt [ Cookie:michael@smileycentral.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\K3QELNCT.txt [ Cookie:michael@livestat.derstandard.at/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\DSK1AJ85.txt [ Cookie:michael@ads1.jurawelt.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@traffic.rankdesign[1].txt [ Cookie:michael@traffic.rankdesign.net/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\GSSR3VJA.txt [ Cookie:michael@ads.crakmedia.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@stat.aldi[1].txt [ Cookie:michael@stat.aldi.com/dcsfq2jxwixy5f1mioa8p9lnl_5x1d ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@mycounter.tinycounter[1].txt [ Cookie:michael@mycounter.tinycounter.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@CAJYW28H.txt [ Cookie:michael@de.sitestat.com/karstadt-de/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@azjmp[1].txt [ Cookie:michael@azjmp.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@adsrv1.admediate[1].txt [ Cookie:michael@adsrv1.admediate.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q8JH71QR.txt [ Cookie:michael@vogelservices.122.2o7.net/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@s3.trafficmaxx[1].txt [ Cookie:michael@s3.trafficmaxx.de/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\O3ZX1BMN.txt [ Cookie:michael@eas4.emediate.eu/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@partner.finanzexperten-finden[2].txt [ Cookie:michael@partner.finanzexperten-finden.de/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@www.layermedia-adserver[1].txt [ Cookie:michael@www.layermedia-adserver.de/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@www.tracking-service[1].txt [ Cookie:michael@www.tracking-service.net/analytics/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\8TTTYRRC.txt [ Cookie:michael@partypoker.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@conrad.122.2o7[1].txt [ Cookie:michael@conrad.122.2o7.net/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@xm.xtendmedia[2].txt [ Cookie:michael@xm.xtendmedia.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@ads2.medianord[2].txt [ Cookie:michael@ads2.medianord.de/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@c.trafficed[1].txt [ Cookie:michael@c.trafficed.de/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\OYLARLYW.txt [ Cookie:michael@kantarmedia.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@webstatistik.odav[1].txt [ Cookie:michael@webstatistik.odav.de/track/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\3DNQ3GV4.txt [ Cookie:michael@goldsammler.eu/counter/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\U3RADD45.txt [ Cookie:michael@de.partypoker.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@stat.aldi[2].txt [ Cookie:michael@stat.aldi.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@www.dgap[1].txt [ Cookie:michael@www.dgap.de/dgap/doaction/stats/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@www.ad-track[2].txt [ Cookie:michael@www.ad-track.de/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\P3DKR8YX.txt [ Cookie:michael@nextag.de/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@ads2.vrm[2].txt [ Cookie:michael@ads2.vrm.de/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@www.trafficrank[1].txt [ Cookie:michael@www.trafficrank.de/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\TO91PZ6J.txt [ Cookie:michael@stats.paypal.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\R5JM8JWN.txt [ Cookie:michael@euros4click.de/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@rgadvert[2].txt [ Cookie:michael@rgadvert.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@e-2dj6wnmyonc5wgo.stats.esomniture[2].txt [ Cookie:michael@e-2dj6wnmyonc5wgo.stats.esomniture.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\RVDUZ5B5.txt [ Cookie:michael@ads2.tipps24-netzwerk.de/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@ads.youporn[1].txt [ Cookie:michael@ads.youporn.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@e-2dj6wjkoapcpcco.stats.esomniture[2].txt [ Cookie:michael@e-2dj6wjkoapcpcco.stats.esomniture.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@count.asnetworks[1].txt [ Cookie:michael@count.asnetworks.de/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@mediabrandsww[1].txt [ Cookie:michael@mediabrandsww.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@indianapublicmedia[2].txt [ Cookie:michael@indianapublicmedia.org/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@tracking.tchibo[1].txt [ Cookie:michael@tracking.tchibo.de/683553670525906/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\XJXDZ0A1.txt [ Cookie:michael@girlsteachsex.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\A243SHYM.txt [ Cookie:michael@tracking.klicktel.de/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@youporn.videobox[1].txt [ Cookie:michael@youporn.videobox.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@hitbox[1].txt [ Cookie:michael@hitbox.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@naked[2].txt [ Cookie:michael@naked.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@sevenoneintermedia.112.2o7[1].txt [ Cookie:michael@sevenoneintermedia.112.2o7.net/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@revenue[2].txt [ Cookie:michael@revenue.net/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\V62LX7I9.txt [ Cookie:michael@www.burstnet.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\7OLS951D.txt [ Cookie:michael@generaltracking.de/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@www.adservspot[2].txt [ Cookie:michael@www.adservspot.de/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@sexkiste[2].txt [ Cookie:michael@sexkiste.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\ADGCGJO8.txt [ Cookie:michael@rts.pgmediaserve.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\9YDYL7H6.txt [ Cookie:michael@adultfriendfinder.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\6GHCPYEE.txt [ Cookie:michael@youporn.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@traveladvertising[2].txt [ Cookie:michael@traveladvertising.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\5A267169.txt [ Cookie:michael@adbrite.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@cheaptickets.122.2o7[1].txt [ Cookie:michael@cheaptickets.122.2o7.net/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@ehg-standardandpoors.hitbox[2].txt [ Cookie:michael@ehg-standardandpoors.hitbox.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@adserver.sevenload[2].txt [ Cookie:michael@adserver.sevenload.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\UBB3Y7S4.txt [ Cookie:michael@int.sitestat.com/panasonic/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\TZ22A5WX.txt [ Cookie:michael@www.sexsearchcom.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\OW4S773C.txt [ Cookie:michael@usenext.de/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\YM3LC1OR.txt [ Cookie:michael@amazon-adsystem.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@baudiscount-verblender[2].txt [ Cookie:michael@baudiscount-verblender.de/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\OG40J9AV.txt [ Cookie:michael@www.traffictrack.de/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@surveymonkey.122.2o7[1].txt [ Cookie:michael@surveymonkey.122.2o7.net/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@adservercentral[1].txt [ Cookie:michael@adservercentral.info/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\NV5IBLLZ.txt [ Cookie:michael@lfstmedia.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\31O6IQWE.txt [ Cookie:michael@insightexpressai.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\0VYOI4PW.txt [ Cookie:michael@www.youporn.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\KFXJT5Y2.txt [ Cookie:michael@ad.adition.net/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\ETUQ5LFS.txt [ Cookie:michael@adserver2.clipkit.de/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\INP24TKX.txt [ Cookie:michael@ero-advertising.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@microsoftinternetexplorer.112.2o7[1].txt [ Cookie:michael@microsoftinternetexplorer.112.2o7.net/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\RV8CAGSX.txt [ Cookie:michael@exoclick.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\7GIGD1FA.txt [ Cookie:michael@ctsde15.wiredminds.de/track/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\D262WSJU.txt [ Cookie:michael@web-stat.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@www.counter.radunet[1].txt [ Cookie:michael@www.counter.radunet.de/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@baurechtsexperte[2].txt [ Cookie:michael@baurechtsexperte.de/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@lokalportal24de.112.2o7[1].txt [ Cookie:michael@lokalportal24de.112.2o7.net/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@habitat.solution.weborama[2].txt [ Cookie:michael@habitat.solution.weborama.fr/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\B37AS599.txt [ Cookie:michael@radio.media-control.de/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\0WNOA8BV.txt [ Cookie:michael@my.brandwire.tv/Brandwire/deliverAd/flashBannerXml/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\A4JLFIS3.txt [ Cookie:michael@www.google.de/accounts ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\4MN2R51O.txt [ Cookie:michael@www.counterstatistik.de/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\P0VYC4O0.txt [ Cookie:michael@counter.sexsuche.tv/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\DY79K0DY.txt [ Cookie:michael@partneradserver.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\U5533BWL.txt [ Cookie:michael@nextag.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\IH3ERG9R.txt [ Cookie:michael@media-control.de/customer/47/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\MEQC6VN0.txt [ Cookie:michael@stat.ed.cupidplc.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\V1S9ZRKC.txt [ Cookie:michael@maximumpornpass.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\J9GIYI9U.txt [ Cookie:michael@briefkasten-discount.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\VUS10NRQ.txt [ Cookie:michael@e-2dj6aekysodpoap.stats.esomniture.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\6SJNURC9.txt [ Cookie:michael@c.atdmt.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\O6A8YWV6.txt [ Cookie:michael@server.adformdsp.net/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@www.adservercentral[1].txt [ Cookie:michael@www.adservercentral.info/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@adserver.adtechus[1].txt [ Cookie:michael@adserver.adtechus.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\CT24CS17.txt [ Cookie:michael@lande.solution.weborama.fr/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\2HI8D0LE.txt [ Cookie:michael@gsadserver.de/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\D0Z6QL98.txt [ Cookie:michael@realmedia.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@CAJS2KSS.txt [ Cookie:michael@de.sitestat.com/ndr/ts/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\JC8QK7EZ.txt [ Cookie:michael@siemens.112.2o7.net/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\S865M0NW.txt [ Cookie:michael@studivz.adfarm1.adition.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\V2TBBN3F.txt [ Cookie:michael@wt.sexsearchcom.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\XQC52VYG.txt [ Cookie:michael@adserver.trojaner-info.de/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\WZXAMHJK.txt [ Cookie:michael@teufel-media.de/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\PKIJ873J.txt [ Cookie:michael@ads3.vasmg.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\9FR4U8TH.txt [ Cookie:michael@at.atwola.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\D9L1Z6O3.txt [ Cookie:michael@b.dclick.ru/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\AVR6LJMD.txt [ Cookie:michael@mm.chitika.net/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\IJNZIO51.txt [ Cookie:michael@server.adform.net/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\0UOAAZEO.txt [ Cookie:michael@trinitymirror.112.2o7.net/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\1N9FW4X4.txt [ Cookie:michael@histats.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\ML4R2PQ7.txt [ Cookie:michael@zieltrack.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\XMM35RPA.txt [ Cookie:michael@www.piloh.de/stats/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\06M2YWUJ.txt [ Cookie:michael@adsonar.com/adserving ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\J7N60XTW.txt [ Cookie:michael@kaspersky.122.2o7.net/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\JTN2ZNTV.txt [ Cookie:michael@liveperson.net/hc/17621448 ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZU0IF5IB.txt [ Cookie:michael@lucidmedia.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\9FD8WLKC.txt [ Cookie:michael@accounts.youtube.com/accounts ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\DFJKVFBI.txt [ Cookie:michael@legolas-media.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\T2R2MKZ3.txt [ Cookie:michael@sales.liveperson.net/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\FS5PT477.txt [ Cookie:michael@click-licht.de/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\DXZX5LSV.txt [ Cookie:michael@www.googleadservices.com/pagead/conversion/1066198896/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\T8WT8M4E.txt [ Cookie:michael@kontera.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\NL932Y51.txt [ Cookie:michael@tto2.traffictrack.de/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\9TZB5NGS.txt [ Cookie:michael@hightraffic.hugoboss.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\UVDVGQCK.txt [ Cookie:michael@livesexwebshows.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\57LRYFTH.txt [ Cookie:michael@int.sitestat.com/panasonic/de/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\FGI34VSI.txt [ Cookie:michael@stat.inforotor.ru/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\5NXC3OTS.txt [ Cookie:michael@server.cpmstar.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\AYS21CLU.txt [ Cookie:michael@ad6media.fr/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\4L7KCV2Q.txt [ Cookie:michael@fondsdiscount.de/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\MQDM1OUN.txt [ Cookie:michael@mediaforge.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\88L22L1B.txt [ Cookie:michael@banners.trannydates.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\DKMU3GIJ.txt [ Cookie:michael@prepaid-discounter.de/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\4ECXLFRZ.txt [ Cookie:michael@www.hirntumor.de/cgi-bin/hirntumor/forum/counter/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\15AM21NC.txt [ Cookie:michael@aim4media.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\7G86UCKE.txt [ Cookie:michael@clicksor.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\9WEDW6W4.txt [ Cookie:michael@adfarm1.adition.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\YP6X4TG3.txt [ Cookie:michael@myroitracking.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q9RYOARI.txt [ Cookie:michael@liveperson.net/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\I6Y6GQFW.txt [ Cookie:michael@tradedoubler.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\3TYN08TS.txt [ Cookie:michael@accounts.google.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\NNHNIJN1.txt [ Cookie:michael@adxpansion.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\4OTZ7843.txt [ Cookie:michael@sexsearchcom.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\QIXB8297.txt [ Cookie:michael@adformdsp.net/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\QYDVG9WR.txt [ Cookie:michael@rambler.ru/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\GA70HCL8.txt [ Cookie:michael@overture.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\WEOD33V1.txt [ Cookie:michael@adserver.kino-zeit.de/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\8YVWXIZ2.txt [ Cookie:michael@tracking.hostgator.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\GM42Z46K.txt [ Cookie:michael@de.sitestat.com/ndr/ndr/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\TP0U3V6C.txt [ Cookie:michael@ad.zanox.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\EXLNT5NS.txt [ Cookie:michael@adserver.adreactor.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\5961IXF7.txt [ Cookie:michael@count.spring.de/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\3HPQ8S2N.txt [ Cookie:michael@support.google.com/accounts/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\9PTXM0E3.txt [ Cookie:michael@komtrack.com/tr ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\HS3NKZ6K.txt [ Cookie:michael@hearstmagazines.112.2o7.net/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\MQ8ZH57Y.txt [ Cookie:michael@quartermedia.de/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\DZEF6L2V.txt [ Cookie:michael@zanox.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\22FPO3M5.txt [ Cookie:michael@de.sitestat.com/tuev-sued/tuev-sued/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\YA56J1TG.txt [ Cookie:michael@beamer-discount.de/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\50F2XD1Z.txt [ Cookie:michael@im.banner.t-online.de/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\DOUN98VP.txt [ Cookie:michael@ads1.vtxnet.ch/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\CWPPWEQ3.txt [ Cookie:michael@komtrack.com/tr/101230 ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\7TX8TIX8.txt [ Cookie:michael@247realmedia.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\8Z2TQK7G.txt [ Cookie:michael@e2.emediate.se/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\5YPKTG2Q.txt [ Cookie:michael@c1.atdmt.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\EPNFQV52.txt [ Cookie:michael@www.googleadservices.com/pagead/conversion/1067847409/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\HS2DQWUG.txt [ Cookie:michael@traffictrack.de/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\FOIEFCAL.txt [ Cookie:michael@komtrack.com/tr/400030 ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\5KYXFT1C.txt [ Cookie:michael@www.tracktec.de/tracking ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\L8PY23US.txt [ Cookie:michael@tacoda.at.atwola.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\WODOO426.txt [ Cookie:michael@auslieferung.commindo-media-ressourcen.de/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\0KJNPY20.txt [ Cookie:michael@counter2.sexmoney.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\HBHDGRDI.txt [ Cookie:michael@thebestporn.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\H24ATT5H.txt [ Cookie:michael@doubleclick.net/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\V8AQIVZA.txt [ Cookie:michael@beiersdorf.122.2o7.net/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\2A8EARG4.txt [ Cookie:michael@tradefx.advertserve.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\9DLBOQL4.txt [ Cookie:michael@swrmediathek.de/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\EPN8MJEN.txt [ Cookie:michael@partners.webmasterplan.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\1N2SI5Y8.txt [ Cookie:michael@ar.atwola.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\GXU3JNYX.txt [ Cookie:michael@olympiaverlag.122.2o7.net/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\SJPTTUAU.txt [ Cookie:michael@avgtechnologies.112.2o7.net/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\8BQ82O3N.txt [ Cookie:michael@ipcmedia.122.2o7.net/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\HEPJELDF.txt [ Cookie:michael@www.googleadservices.com/pagead/conversion/1016929641/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\WUVV9ZGV.txt [ Cookie:michael@kanoodle.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\QFEQYK33.txt [ Cookie:michael@e-2dj6wjlooodjsko.stats.esomniture.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\D1A7XOC0.txt [ Cookie:michael@www.googleadservices.com/pagead/conversion/1066732035/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\G076CV0I.txt [ Cookie:michael@openx.examedia.ch/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\F24C7BZL.txt [ Cookie:michael@stat.www.fi/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\RS15PLV4.txt [ Cookie:michael@www.maximumpornpass.com/ ]
        C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\FAOIGWXJ.txt [ Cookie:michael@www.googleadservices.com/pagead/conversion/1070366514/ ]
        C:\USERS\MICHAEL\Cookies\QSKJ068A.txt [ Cookie:michael@mediaplex.com/ ]
        C:\USERS\MICHAEL\Cookies\WSVST6R9.txt [ Cookie:michael@yieldmanager.net/ ]
        C:\USERS\MICHAEL\Cookies\C6VR41S9.txt [ Cookie:michael@liveperson.net/hc/57472748 ]
        C:\USERS\MICHAEL\Cookies\KZRKGDFA.txt [ Cookie:michael@invitemedia.com/ ]
        C:\USERS\MICHAEL\Cookies\michael@webmasterplan[3].txt [ Cookie:michael@webmasterplan.com/ ]
        C:\USERS\MICHAEL\Cookies\63P3IA15.txt [ Cookie:michael@eas.apm.emediate.eu/ ]
        C:\USERS\MICHAEL\Cookies\michael@youporn[1].txt [ Cookie:michael@youporn.com/ ]
        C:\USERS\MICHAEL\Cookies\michael@adsrv.admediate[2].txt [ Cookie:michael@adsrv.admediate.net/ ]
        C:\USERS\MICHAEL\Cookies\KJMHOZX7.txt [ Cookie:michael@fastclick.net/ ]
        C:\USERS\MICHAEL\Cookies\E624IK0F.txt [ Cookie:michael@ad.zanox.com/ ]
        C:\USERS\MICHAEL\Cookies\michael@ads5.wwe[2].txt [ Cookie:michael@ads5.wwe.biz/ ]
        C:\USERS\MICHAEL\Cookies\ZEXXFR42.txt [ Cookie:michael@sales.liveperson.net/ ]
        C:\USERS\MICHAEL\Cookies\michael@doubleclick[1].txt [ Cookie:michael@doubleclick.net/ ]
        C:\USERS\MICHAEL\Cookies\michael@adinterax[2].txt [ Cookie:michael@adinterax.com/ ]
        C:\USERS\MICHAEL\Cookies\UDT425GY.txt [ Cookie:michael@zanox.com/ ]
        C:\USERS\MICHAEL\Cookies\michael@imrworldwide[2].txt [ Cookie:michael@imrworldwide.com/cgi-bin ]
        C:\USERS\MICHAEL\Cookies\Q9TW2ULM.txt [ Cookie:michael@im.banner.t-online.de/ ]
        C:\USERS\MICHAEL\Cookies\1TR66UWC.txt [ Cookie:michael@serving-sys.com/ ]
        C:\USERS\MICHAEL\Cookies\50X5IDBR.txt [ Cookie:michael@smartadserver.com/ ]
        C:\USERS\MICHAEL\Cookies\B9WGTU3C.txt [ Cookie:michael@ad1.adfarm1.adition.com/ ]
        C:\USERS\MICHAEL\Cookies\OTTZMRPA.txt [ Cookie:michael@content.yieldmanager.com/ ]
        C:\USERS\MICHAEL\Cookies\MLATPI78.txt [ Cookie:michael@statcounter.com/ ]
        C:\USERS\MICHAEL\Cookies\michael@ad3.adfarm1.adition[1].txt [ Cookie:michael@ad3.adfarm1.adition.com/ ]
        C:\USERS\MICHAEL\Cookies\7FQ2SCYS.txt [ Cookie:michael@adfarm1.adition.com/ ]
        C:\USERS\MICHAEL\Cookies\BMW6AYPT.txt [ Cookie:michael@apmebf.com/ ]
        C:\USERS\MICHAEL\Cookies\michael@ad.adnet[1].txt [ Cookie:michael@ad.adnet.de/ ]
        C:\USERS\MICHAEL\Cookies\LW22SJI4.txt [ Cookie:michael@liveperson.net/ ]
        C:\USERS\MICHAEL\Cookies\michael@eas4.emediate[2].txt [ Cookie:michael@eas4.emediate.eu/ ]
        C:\USERS\MICHAEL\Cookies\michael@traffictrack[1].txt [ Cookie:michael@traffictrack.de/ ]
        C:\USERS\MICHAEL\Cookies\michael@tradedoubler[2].txt [ Cookie:michael@tradedoubler.com/ ]
        C:\USERS\MICHAEL\Cookies\michael@www.googleadservices[2].txt [ Cookie:michael@www.googleadservices.com/pagead/conversion/1029876985/ ]
        C:\USERS\MICHAEL\Cookies\michael@stats.viessmann[2].txt [ Cookie:michael@stats.viessmann.com/ ]
        C:\USERS\MICHAEL\Cookies\michael@adviva[1].txt [ Cookie:michael@adviva.net/ ]
        C:\USERS\MICHAEL\Cookies\CHMO482N.txt [ Cookie:michael@partypoker.com/ ]
        C:\USERS\MICHAEL\Cookies\5O0FM9Z1.txt [ Cookie:michael@content.yieldmanager.com/ak/ ]
        C:\USERS\MICHAEL\Cookies\R0FHNRDN.txt [ Cookie:michael@bs.serving-sys.com/ ]
        C:\USERS\MICHAEL\Cookies\BI8XTOLW.txt [ Cookie:michael@atdmt.com/ ]
        C:\USERS\GAST\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\GAST@AD.ZANOX[2].TXT [ /AD.ZANOX ]
        C:\USERS\GAST\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\GAST@CONTENT.YIELDMANAGER[2].TXT [ /CONTENT.YIELDMANAGER ]
        C:\USERS\GAST\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\GAST@FASTCLICK[1].TXT [ /FASTCLICK ]
        C:\USERS\GAST\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\GAST@OVERTURE[2].TXT [ /OVERTURE ]
        C:\USERS\GAST\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\GAST@REVSCI[2].TXT [ /REVSCI ]
        C:\USERS\GAST\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\GAST@ZANOX[2].TXT [ /ZANOX ]
        delivery.ibanner.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\F6KZVRM6 ]
        C:\USERS\MICHAEL\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MICHAEL@AD1.ADFARM.ADTELLIGENCE[1].TXT [ /AD1.ADFARM.ADTELLIGENCE ]
        C:\USERS\MICHAEL\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MICHAEL@ADNETXCHANGE[2].TXT [ /ADNETXCHANGE ]
        C:\USERS\MICHAEL\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MICHAEL@ADS.CPXADROIT[2].TXT [ /ADS.CPXADROIT ]
        C:\USERS\MICHAEL\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MICHAEL@ADS.PRIVATIMMOBILIEN[1].TXT [ /ADS.PRIVATIMMOBILIEN ]
        C:\USERS\MICHAEL\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MICHAEL@ADS.WWE[1].TXT [ /ADS.WWE ]
        C:\USERS\MICHAEL\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MICHAEL@PHOTORECOVERY-FOR-DIGITAL-MEDIA.SOFTONIC[1].TXT [ /PHOTORECOVERY-FOR-DIGITAL-MEDIA.SOFTONIC ]
        C:\USERS\MICHAEL\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MICHAEL@STATS.ROLANDBERGER[1].TXT [ /STATS.ROLANDBERGER ]

Trojan.Agent/CDesc[Generic]
        ZIP ARCHIVE( C:\USERS\MICHAEL\DOCUMENTS\PROGRAMME ALTER RECHNER\ANM24I.ZIP )/ANTWAIN.DLL
        C:\USERS\MICHAEL\DOCUMENTS\PROGRAMME ALTER RECHNER\ANM24I.ZIP

cosinus 03.06.2012 13:18
Zitat:
Trojan.Agent/CDesc[Generic]
ZIP ARCHIVE( C:\USERS\MICHAEL\DOCUMENTS\PROGRAMME ALTER RECHNER\ANM24I.ZIP )/ANTWAIN.DLL
C:\USERS\MICHAEL\DOCUMENTS\PROGRAMME ALTER RECHNER\ANM24I.ZIP
Das sollten Fehlalarme sein.
Sieht ok aus, da wurden nur Cookies gefunden.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )


Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Ruppi 03.06.2012 13:41
Vielen herzlichen Dank Dir!
Ich bin echt begeistert, dass es Euch gibt und dass Ihr so toll, kompetent und auch noch kostenlos helft!
Vielen Dank nochmals!

Was den Rechner angeht, scheint alles ok zu sein, ich kann zumindest nichts auffälliges mehr beobachten.

--> Soll ich nun alles wieder deinstallieren?

Das einzige das micht wurmt ist, dass ich doch eh schon super vorsichtig surfe, bloß keine unseriösen Seiten aufrufe und bei eMails nie einen Anhang öffnen würde, der mir irgendwie komisch vorkommt.
System ist auch aktuell, alle Aktualisierungen eingeschaltet, flash, Java, Virenscanner, Adobe halte ich auch immer aktuell.

Was kann ich denn noch mehr tun? Vielleicht hast Du ja einen Tip für mich - Danke!

cosinus 03.06.2012 14:03
Halte Dich am besten grob an diese Regeln:
  1. Sei misstrauisch im Internet und v.a. bei unbekannten E-Mails, sei vorsichtig bei der Herausgabe persönlicher Daten!!
  2. Halte Windows und alle verwendeten Programme immer aktuell - unterstützen kann dich dabei Secunia PSI
  3. Führe regelmäßig Backups auf externe Medien durch
  4. Arbeite mit eingeschränkten Rechten
  5. Nutze sicherere Programme wie zB Opera oder Firefox zum Surfen statt den IE, zum Mailen Thunderbird statt Outlook Express - E-Mails nur als reinen text anzeigen lassen
  6. automatische Wiedergabe von allen Laufwerken komplett deaktivieren, denn das ist ein unnötiges Sicherheitsrisiko
  7. Bei der Installation von Software möglichst darauf achten, dass die Setups aus offiziellen Quellen stammen und du bei der Installation nach Möglichkeit die benutzerdefinierte Methode wählst - dann hast du die Möglichkeit etwaigen Schrott (wie Toolbars oder sowas wie RegistryBooster) abzuwählen, welcher sonst einfach mitinstalliert wird.
  8. Bösartige bzw. ungewollte Sites von vornherein blockieren lassen mit Hilfe der MVPS Hosts File => Blocking Unwanted Parasites with a Hosts File
  9. Finger weg von: TuneUp, Registry-Cleanern aller Art, Softonic sowie illegalen Cracks/Keygens oder anderen "Tools" um ein kommerzielles Programm ohne Lizenz nutzen zu können
  10. dubiose Seiten bzw. Kinofilm-Streaming-Portale ebenfalls sein lassen, erstens handelt man sich dort schnell Malware ein oder kann in Abofallen geraten und zweitens bewegen sich diese Seiten in einer rechtlichen Grauzone.


Alles noch genauer erklärt steht hier => Kompromittierung unvermeidbar?



Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.


Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:

Adobe - Andere Version des Adobe Flash Player installieren

Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:16 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131