Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Windows Verschlüsselungs Trojaner infiziert! (https://www.trojaner-board.de/116199-windows-verschluesselungs-trojaner-infiziert.html)

Hannes7 01.06.2012 16:47
Windows Verschlüsselungs Trojaner infiziert!
 
Guten Tag,
Ich bitte um Hilfe bei diesem Trojaner, da ich mich selbst nicht sehr gut damit auskenne.
Habe diesen auf meinen Win7 PC über eine E-Mail von "flirt-fever" bekommen, der Absender war "johann.calchera@ritz.edu". Bin dummerweise darauf reingefallen. War nur sehr empört darüber, dass ich 497€ zahlen sollte obwohl ich gar nicht da angemeldet war.

Zu meinem Problem:
Ich habe jetzt eine Systemwiederherstellung gemacht, sodass ich überhaupt wieder auf meinem Rechner zugreifen konnte.
Danach wollte ich wie beschrieben Malwarebytes Anti-Malware runterladen, wobei ich bemerkte, dass nun auch Firefox bei mir nicht mehr ging.
Habe mir anschließen Internet Explorer heruntergeladen, der nun auch ging, und nun das Malware Programm mit folgendem Ergebnis heruntergeladen und ausgeführt:


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.01.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Hannes :: HANNES-PC [Administrator]

01.06.2012 16:25:14
mbam-log-2012-06-01 (16-25-14).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 224203
Laufzeit: 5 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Hannes\AppData\Local\Temp\jnqojnqtdx.pre (Packer.ModifiedUPX) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Hannes\AppData\Local\Temp\zsrlnbhinb.pre (Packer.ModifiedUPX) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)




Daraufhin habe ich nun defogger ausgeführt, bei dem ich aber keine Fehlermeldung erhielt, aber zur Sicherheit auch hier die Log:




defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:55 on 01/06/2012 (Hannes)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed

Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-




Als nächstes habe ich OTL drüber laufen lassen. Zuerst die OTL.txt und dann die Extra.txt:



OTL logfile created on: 01.06.2012 17:12:04 - Run 1
OTL by OldTimer - Version 3.2.45.0 Folder = C:\Users\Hannes\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 57,23% Memory free
4,00 Gb Paging File | 2,78 Gb Available in Paging File | 69,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,19 Gb Total Space | 44,74 Gb Free Space | 40,24% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 70,65 Gb Free Space | 30,34% Space Free | Partition Type: NTFS
Drive E: | 110,95 Gb Total Space | 44,29 Gb Free Space | 39,92% Space Free | Partition Type: NTFS

Computer Name: HANNES-PC | User Name: Hannes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.06.01 17:10:34 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Hannes\Desktop\OTL.exe
PRC - [2012.05.04 07:37:10 | 000,021,392 | ---- | M] () -- D:\Handy rooten\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012.05.04 07:37:00 | 003,521,424 | ---- | M] (Samsung Electronics Co., Ltd.) -- D:\Handy rooten\Kies\KiesTrayAgent.exe
PRC - [2012.02.26 16:01:44 | 000,295,728 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
PRC - [2012.02.16 15:29:02 | 000,114,992 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
PRC - [2012.02.15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\Hannes\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.02.09 12:53:49 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.08.23 22:20:18 | 000,887,976 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2011.08.02 11:46:23 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.05.09 19:46:53 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.09 12:53:46 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009.10.28 05:31:14 | 000,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10d.exe
PRC - [2008.04.07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
PRC - [2008.02.28 19:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2008.02.22 10:11:02 | 000,120,320 | ---- | M] () -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2006.12.19 11:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe


========== Modules (No Company Name) ==========

MOD - [2012.05.14 17:23:54 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll
MOD - [2012.05.14 16:14:23 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\31fab24c51c0cfe8b8115f24545f169f\System.Runtime.Remoting.ni.dll
MOD - [2012.05.14 16:14:15 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll
MOD - [2012.05.13 20:39:59 | 018,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9b24ceabcec0e6585573eba2837ae0a5\PresentationFramework.ni.dll
MOD - [2012.05.13 20:39:44 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\0ada55b589d5afc9fbcece80a97ad64b\PresentationCore.ni.dll
MOD - [2012.05.13 20:39:43 | 013,197,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\d231b57b4658ef8ac5e04f0a38aea210\System.Windows.Forms.ni.dll
MOD - [2012.05.13 20:39:34 | 001,665,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\e5815f5d63d01768714c92c2decbf04c\System.Drawing.ni.dll
MOD - [2012.05.13 20:39:32 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\f750eaacd177ac6247919035d58643a5\WindowsBase.ni.dll
MOD - [2012.05.13 20:39:30 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll
MOD - [2012.05.13 20:39:29 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll
MOD - [2012.05.13 20:39:26 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll
MOD - [2012.05.13 20:39:22 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a84262e1224189f93e10cd3c403a9527\System.Configuration.ni.dll
MOD - [2012.05.13 20:39:20 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll
MOD - [2012.05.13 20:39:14 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll
MOD - [2012.05.13 20:38:53 | 000,115,137 | ---- | M] () -- C:\Users\Hannes\AppData\Local\Temp\c25e8b3d-33a7-42bf-85e6-6880c6753136\CliSecureRT.dll
MOD - [2012.05.04 07:37:10 | 000,021,392 | ---- | M] () -- D:\Handy rooten\Kies\External\FirmwareUpdate\KiesPDLR.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010.11.20 15:26:50 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
SRV:64bit: - [2009.07.14 03:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.02.09 13:58:15 | 000,481,064 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.02.09 12:53:49 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.08.02 11:46:23 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.09 19:46:53 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.07.14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008.04.07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2006.12.19 11:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.24 11:14:42 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
DRV:64bit: - [2012.02.24 11:14:42 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV:64bit: - [2011.08.02 11:46:28 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.08.02 11:46:28 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.08.01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.23 14:17:38 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.20 11:26:11 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs)
DRV:64bit: - [2010.02.11 22:16:58 | 000,036,864 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2009.08.28 10:33:48 | 000,292,400 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV:64bit: - [2009.07.14 02:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009.07.14 02:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009.07.14 02:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009.07.14 01:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)
DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 22:36:04 | 000,696,832 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fus2base.sys -- (FUS2BASE)
DRV:64bit: - [2009.06.10 22:36:02 | 000,079,872 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avmcowan.sys -- (AVMCOWAN)
DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.03.13 15:51:00 | 000,068,800 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2008.03.13 15:49:36 | 000,084,288 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2007.08.13 21:48:52 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
DRV:64bit: - [2007.07.31 19:04:48 | 000,090,112 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl)
DRV:64bit: - [2006.11.18 14:07:48 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2005.09.24 00:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.04.07 10:39:44 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2005.03.30 11:12:38 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Stopped] -- C:\Windows\SysWow64\drivers\TVicPort.sys -- (TVicPort)
DRV - [2004.07.14 12:54:42 | 000,676,864 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\hardlock.sys -- (Hardlock)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{03_TL-GOOGLE-DE-E1416B8B2E3A}: "URL" = hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q={searchTerms}&affid=1&uid=327FE2A8-7931-4E66-8DD5-CB1A16956775
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{745CBB2B-7D6B-42EE-BD3D-234ACE39FDB8}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=FA53FEE2-5D7D-49B1-81B7-CF139F383622&apn_sauid=E552C527-A743-49E4-BD1E-8686E67D5147&
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.de/search?q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://go.web.de/tb/mff_startpage_home"
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.5
FF - prefs.js..keyword.URL: "hxxp://www.google.de/search?q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.01 15:26:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.02.09 13:30:18 | 000,000,000 | ---D | M]

[2010.03.19 16:27:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hannes\AppData\Roaming\mozilla\Extensions
[2012.05.19 13:23:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hannes\AppData\Roaming\mozilla\Firefox\Profiles\h7r66vdw.default\extensions
[2012.04.18 18:45:39 | 000,000,000 | ---D | M] (PriceGong) -- C:\Users\Hannes\AppData\Roaming\mozilla\Firefox\Profiles\h7r66vdw.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
[2012.04.04 20:16:58 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Hannes\AppData\Roaming\mozilla\Firefox\Profiles\h7r66vdw.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.12.29 11:03:08 | 000,000,933 | ---- | M] () -- C:\Users\Hannes\AppData\Roaming\Mozilla\Firefox\Profiles\h7r66vdw.default\searchplugins\11-suche.xml
[2011.12.29 11:03:08 | 000,002,419 | ---- | M] () -- C:\Users\Hannes\AppData\Roaming\Mozilla\Firefox\Profiles\h7r66vdw.default\searchplugins\englische-ergebnisse.xml
[2011.12.29 11:03:08 | 000,010,525 | ---- | M] () -- C:\Users\Hannes\AppData\Roaming\Mozilla\Firefox\Profiles\h7r66vdw.default\searchplugins\gmx-suche.xml
[2011.12.29 11:03:08 | 000,002,457 | ---- | M] () -- C:\Users\Hannes\AppData\Roaming\Mozilla\Firefox\Profiles\h7r66vdw.default\searchplugins\lastminute.xml
[2012.04.18 18:45:32 | 000,003,915 | ---- | M] () -- C:\Users\Hannes\AppData\Roaming\Mozilla\Firefox\Profiles\h7r66vdw.default\searchplugins\sweetim.xml
[2011.12.29 11:03:08 | 000,005,508 | ---- | M] () -- C:\Users\Hannes\AppData\Roaming\Mozilla\Firefox\Profiles\h7r66vdw.default\searchplugins\webde-suche.xml
[2012.03.29 17:51:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.03.29 17:51:26 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.09 13:30:06 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.03.29 17:51:23 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.29 17:51:23 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.29 17:51:23 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.29 17:51:23 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.29 17:51:23 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.29 17:51:23 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.6.4\PriceGongIE.dll (PriceGong)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [KiesTrayAgent] D:\Handy rooten\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero Burning ROM 8\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKCU..\Run: [F:\SPECTRUM_3.0_setup.exe] F:\SPECTRUM_3.0_setup.exe File not found
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [KiesHelper] D:\Handy rooten\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] D:\Handy rooten\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [Steam] D:\Spiele\steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Hannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Hannes\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Hannes\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Hannes\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe File not found
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50B16190-951C-4789-BCFA-A6E94A8311E6}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E408DDA-6263-4A13-B2FE-2DFDB74DFBB3}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - Unable to obtain root file information for disk D:\
O32 - Unable to obtain root file information for disk E:\
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.06.01 17:10:08 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Hannes\Desktop\OTL.exe
[2012.06.01 16:22:38 | 000,000,000 | ---D | C] -- C:\Users\Hannes\AppData\Roaming\Malwarebytes
[2012.06.01 16:22:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.01 16:22:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.01 16:22:28 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.01 16:22:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.05.30 20:49:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.05.19 14:24:30 | 000,000,000 | ---D | C] -- C:\Users\Hannes\AppData\Roaming\TuneUp Software
[2012.05.19 14:23:21 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.05.19 14:22:45 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.05.19 14:22:45 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.05.14 13:08:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.05.14 13:07:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.05.13 20:37:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\System32
[2012.05.12 22:05:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.05.12 21:36:47 | 000,203,320 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys
[2012.05.12 21:36:47 | 000,099,384 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys
[2012.05.12 14:25:57 | 000,000,000 | -HSD | C] -- C:\Config.Msi

========== Files - Modified Within 30 Days ==========

[2012.06.01 17:10:34 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Hannes\Desktop\OTL.exe
[2012.06.01 17:05:32 | 000,013,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.01 17:05:32 | 000,013,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.01 16:59:51 | 000,001,525 | ---- | M] () -- C:\Users\Hannes\Desktop\iexplore - Verknüpfung.lnk
[2012.06.01 16:58:17 | 000,000,436 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2012.06.01 16:57:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.01 16:57:36 | 1609,043,968 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.01 16:55:31 | 000,000,188 | ---- | M] () -- C:\Users\Hannes\defogger_reenable
[2012.06.01 16:54:46 | 000,050,477 | ---- | M] () -- C:\Users\Hannes\Desktop\Defogger.exe
[2012.06.01 16:22:30 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.01 16:00:19 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.06.01 16:00:14 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012.06.01 15:58:20 | 001,512,418 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.01 15:58:20 | 000,659,238 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.01 15:58:20 | 000,620,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.01 15:58:20 | 000,132,776 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.01 15:58:20 | 000,108,566 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.05.30 14:14:55 | 000,124,899 | ---- | M] () -- C:\Users\Hannes\Desktop\476355_416282435049858_100000043157736_1615673_127329664_o.jpg
[2012.05.23 11:28:38 | 000,002,042 | -H-- | M] () -- C:\Users\Hannes\Documents\Default.rdp
[2012.05.14 13:16:01 | 000,211,945 | ---- | M] () -- C:\Users\Hannes\Desktop\VodafoneWillkommen_001925162666.pdf
[2012.05.14 13:15:40 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2012.05.13 21:17:32 | 000,481,560 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012.06.01 16:59:51 | 000,001,525 | ---- | C] () -- C:\Users\Hannes\Desktop\iexplore - Verknüpfung.lnk
[2012.06.01 16:55:30 | 000,000,188 | ---- | C] () -- C:\Users\Hannes\defogger_reenable
[2012.06.01 16:54:46 | 000,050,477 | ---- | C] () -- C:\Users\Hannes\Desktop\Defogger.exe
[2012.06.01 16:22:30 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.01 16:11:50 | 000,001,409 | ---- | C] () -- C:\Users\Hannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012.06.01 16:11:47 | 000,001,443 | ---- | C] () -- C:\Users\Hannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.06.01 16:00:19 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.06.01 16:00:14 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012.05.30 14:14:46 | 000,124,899 | ---- | C] () -- C:\Users\Hannes\Desktop\476355_416282435049858_100000043157736_1615673_127329664_o.jpg
[2012.05.14 13:15:52 | 000,211,945 | ---- | C] () -- C:\Users\Hannes\Desktop\VodafoneWillkommen_001925162666.pdf
[2012.03.28 22:11:08 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.03.28 22:11:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.03.28 22:11:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.03.28 22:11:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.03.28 22:11:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.01.04 15:32:58 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2011.02.11 17:42:01 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.02.11 17:41:58 | 002,601,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe
[2011.02.11 17:41:58 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.10.05 11:34:31 | 000,005,378 | ---- | C] () -- C:\Windows\PSPICEEV.INI

========== LOP Check ==========

[2010.10.22 19:23:45 | 000,000,000 | -HSD | M] -- C:\Users\Hannes\AppData\Roaming\.#
[2011.01.15 23:58:37 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\algomahe.de
[2010.05.06 15:14:40 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\Canon
[2010.11.23 14:24:35 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\DAEMON Tools Lite
[2010.11.22 21:39:21 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\DAEMON Tools Pro
[2009.11.11 12:10:37 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\Dev-Cpp
[2012.06.01 16:58:57 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\Dropbox
[2012.04.04 20:17:40 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\DVDVideoSoft
[2012.04.04 20:16:57 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.11.10 22:16:57 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\FRITZ!
[2009.11.24 19:33:00 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\ICQ
[2010.11.10 15:15:12 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\McLoad
[2012.02.11 19:24:15 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\MCS Electronics
[2012.02.09 12:18:11 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\Origin
[2010.11.23 00:04:17 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\PC Suite
[2012.04.19 20:28:39 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\Samsung
[2012.05.13 20:43:12 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\Temp
[2012.05.19 14:24:30 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\TuneUp Software
[2009.12.14 21:46:58 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\ubi.com
[2012.04.12 19:31:45 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:0A73A758
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:A95A95AC
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:30A9E86A
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:7B212553

< End of report >










OTL Extras logfile created on: 01.06.2012 17:12:04 - Run 1
OTL by OldTimer - Version 3.2.45.0 Folder = C:\Users\Hannes\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 57,23% Memory free
4,00 Gb Paging File | 2,78 Gb Available in Paging File | 69,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,19 Gb Total Space | 44,74 Gb Free Space | 40,24% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 70,65 Gb Free Space | 30,34% Space Free | Partition Type: NTFS
Drive E: | 110,95 Gb Total Space | 44,29 Gb Free Space | 39,92% Space Free | Partition Type: NTFS

Computer Name: HANNES-PC | User Name: Hannes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "E:\Photobuch\EDEKA Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [EDEKA Fotowelt] -- "E:\Photobuch\EDEKA Fotowelt\EDEKA Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "E:\Photobuch\EDEKA Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [EDEKA Fotowelt] -- "E:\Photobuch\EDEKA Fotowelt\EDEKA Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{092957BA-38A2-455B-BE44-F347A2A978AA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{133C38C2-E93F-4088-AAD7-B9837517C011}" = rport=2869 | protocol=6 | dir=out | app=system |
"{1AEE2CF4-D606-429F-9F59-0BDB26A95878}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2629A2AD-977A-4467-8052-A59112231FA2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2CEDA3F7-7C2E-4A5D-A575-9BC140862872}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{2D07D852-E8DD-4C41-9255-0794737CE398}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2EE986BF-BBA5-4468-9770-F1D34166B02B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3FD07F14-905E-415F-BC7F-5161128992D7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4D3FF37B-B384-4F64-ACF0-6AC5B418C43C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4D621769-D303-4073-A4E1-21211AF51194}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5B6FB1B0-6ECF-47B5-BC29-BC40CE97A206}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5B8E3190-2126-43DC-A671-AB65B2155C7E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{5D5817C0-1160-440A-8901-0148294BA85B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6014ADC4-5F83-4484-88DD-3B5A326220F1}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{70BB1314-6C7E-444F-9AE6-8456210CC300}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{7C015A54-D6CD-4D40-AA00-0D746229DE03}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{87565EC1-429A-4183-A657-C70673BFD8AB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{96C09DC7-6B15-4A64-9C17-3D4AB6131EBD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B407BBB0-8C44-4F26-9EF0-81E07B743B40}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B74015BE-6280-46A4-925B-8D1F85198A00}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C112AAAB-C961-43D5-AC50-122ED423A11C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{CD365FC2-8FE2-4A8B-8505-126C99C4CF86}" = rport=10243 | protocol=6 | dir=out | app=system |
"{CDB5940F-C9A3-4E0B-AA40-671D273843DB}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{D266AAA4-4E5A-4D45-AD35-316597A51E90}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D6D45455-2C4B-4176-8DCA-E1DC8A74C2CA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F01A72C2-F3A1-4519-BC11-91B9A5EB670C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0840FD14-0A8D-43CE-9A41-303141127E70}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{0977D08B-44B9-4208-8825-12E2916CC22A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0B1F952E-49C0-4A67-ADC6-CC87DC7DE4E0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0DE23B4E-3060-42C0-BCC0-04018D4D4674}" = protocol=17 | dir=in | app=d:\fussball manager 10\eadm\core.exe |
"{0E5FA11C-7753-48C2-B076-089E5EDFDD9D}" = protocol=17 | dir=in | app=e:\pinnacle studio\programs\umi.exe |
"{11566E2A-DD3C-4495-9578-57061DC091C8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{12FE553F-7D11-472F-8E7D-0F0E4CC5FB5F}" = protocol=17 | dir=in | app=d:\spiele\battlefield3\battlefield 3\bf3.exe |
"{18D7285C-0092-450C-949F-3CD5D8B6AD2A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{1912F5F3-67A7-4AFE-9CC8-4508635E0441}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1BFB3E61-9698-46FF-B5AF-65766BF398DC}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{2D1E0762-18B5-4982-8D23-F9B6AAE85C2F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{35B28ABC-951A-4D27-B4A4-2BBB6DDEEF00}" = protocol=6 | dir=out | app=system |
"{3785F6E6-F551-411D-97D0-A359869B812D}" = protocol=17 | dir=in | app=d:\spiele\steam\steam.exe |
"{3B86A21E-DC03-4C6C-9B91-15FD001D6DA9}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{46E789A1-1B63-4D5E-98C9-E6803CD5E59F}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe |
"{4998AE01-06D1-4726-8A11-1FB0041126D4}" = protocol=17 | dir=in | app=d:\spiele\cod_blackops\steam.exe |
"{591015CF-0996-4A02-8754-831C2287F651}" = protocol=17 | dir=in | app=e:\pinnacle studio\programs\studio.exe |
"{5C7ABE8D-5513-4D34-BCA8-19A729016F78}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{60307D34-E831-4965-A485-7BFD0F02C32A}" = protocol=6 | dir=in | app=d:\spiele\steam\steam.exe |
"{615D80B6-C141-4D47-B1A7-6134E3FC38CE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{66C26189-20B7-4CDC-9CCB-59B54C013FF6}" = protocol=6 | dir=in | app=e:\pinnacle studio\programs\rm.exe |
"{6D4CE6F3-527C-4C3F-8832-5221F08D9A5C}" = protocol=6 | dir=in | app=e:\pinnacle studio\programs\studio.exe |
"{7169EDB7-9B51-4D2B-80DA-A54EC66CDE1E}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{74D1B1F9-AFBB-4D86-BC36-BFC00BA028ED}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{7ADC6E84-F6CC-4E23-9644-5ECD7FD175EA}" = protocol=6 | dir=in | app=e:\pinnacle studio\programs\umi.exe |
"{86FC94E6-1BB9-48BF-9796-8E51508C7606}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{8E2ECD64-906F-4029-BC0C-EA7E3365A677}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{8F6CD606-BF7D-4E20-B08A-15A16C6531CF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{95D04D60-F2C9-4741-8133-0B67228C710A}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{A095AAFB-03D9-482D-B620-A8CD6E42C093}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{A0DFF1C0-12D4-403B-907D-81C9304744FD}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{A9ADC48C-CEC3-42BB-AD42-B99D7FF532D9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AFBF4A48-4115-43C6-A256-E8264BDF795B}" = protocol=6 | dir=in | app=d:\spiele\battlefield3\battlefield 3\bf3.exe |
"{B2E157C0-1BD5-4563-8202-D611D4A4087A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{B370FD9D-9527-461C-B29A-5225F22E487C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B382F3BA-C120-4438-A3B9-50827E03F633}" = protocol=17 | dir=in | app=e:\pinnacle studio\programs\rm.exe |
"{BBF4C220-0455-47BF-A524-14A41FEBAF39}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{BC43687B-73E7-4EAB-B4A8-C5F3859B6B06}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C4DC1E8B-83CC-43C8-8E36-590E2287E2FD}" = protocol=6 | dir=in | app=d:\spiele\cod_blackops\steam.exe |
"{CBD64028-8AA7-4510-B053-308D4D4C896F}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe |
"{CC4BB565-E920-4664-BE2A-43193CBB98F6}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{CEDA5165-4B17-4C1B-AFBC-B91FE7C74627}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D29454E1-1904-4B26-82B0-803935B41DDF}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{D393D0E8-24BB-466F-86F8-4CDB4139A54D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D58E0BE8-401F-4226-A225-1D24C0D6E8B9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E07E620C-2C95-44B1-A767-5CEC3E1BE8AA}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{E9436C6D-539A-42AA-84C5-9EDA5BB8BCB3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E9B61360-DB40-4D25-9AA1-0D73E6A63ECE}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{EB92B50C-9F89-446D-8495-71710029437E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F1F5B7A7-965D-4442-90E9-1575F0B2909B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FF6D304C-A2CF-4BDF-9C35-82CDD2C55B2E}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{FF8D3F9C-98B0-41BD-AF71-13961239FC13}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{45751A1A-4197-43AB-A14B-84B855FCA637}D:\fussball manager 10\eadm\core.exe" = protocol=6 | dir=in | app=d:\fussball manager 10\eadm\core.exe |
"TCP Query User{C172435E-86A9-4A00-A40D-B154079DE087}E:\atube catcher 2.0\yct.exe" = protocol=6 | dir=in | app=e:\atube catcher 2.0\yct.exe |
"TCP Query User{D71D410C-EF74-4A13-B9A8-74A19CDD55B2}G:\batz michael\spiele\call of duty\codmp.exe" = protocol=6 | dir=in | app=g:\batz michael\spiele\call of duty\codmp.exe |
"UDP Query User{86ABE9D4-62D5-4B8B-8E2A-EE7A87A9BA59}G:\batz michael\spiele\call of duty\codmp.exe" = protocol=17 | dir=in | app=g:\batz michael\spiele\call of duty\codmp.exe |
"UDP Query User{C1DFA0ED-4A2D-4280-954A-C7B6A41EFB4A}D:\fussball manager 10\eadm\core.exe" = protocol=17 | dir=in | app=d:\fussball manager 10\eadm\core.exe |
"UDP Query User{E25314FD-8297-414E-8C0E-7C1394D81D45}E:\atube catcher 2.0\yct.exe" = protocol=17 | dir=in | app=e:\atube catcher 2.0\yct.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{239A8D60-270B-42e8-82D3-60D70A2942E0}" = Canon MF4100-Serie
"{26A24AE4-039D-4CA4-87B4-2F86416018FF}" = Java(TM) 6 Update 18 (64-bit)
"{5EB90C06-964F-4195-B83E-BD7E55C88415}" = Pinnacle Video Treiber
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}" = SweetIM for Messenger 3.6
"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight
"{11A8473A-B793-4739-A3EC-78AC82DC03E5}" = .NET Api v3.30 for CodeMeter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{415030B8-3E8B-462A-8C03-41D95AA3AB3B}" = Medal of Honor (TM)
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{47F94730-ABD2-47F6-920E-EA8CDB6DD0C6}_is1" = BASCOM-AVR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5B58EF61-85F2-4977-97A5-84C19F926579}" = SweetPacks Toolbar for Internet Explorer 4.5
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6767DFEE-8909-453A-B553-C7693912B2EB}" = Canon MF Toolbox 4.9.1.1.mf09
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77077FFF-8831-470F-9627-E86F06A50CCD}" = Avery Wizard 3.1
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8FD73B28-7CB0-4009-9D7E-83E6A3AC695F}" = WatchPcLink
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}" = ubi.com
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{C1080852-065E-4991-9260-F3756E3CC182}" = CursorFX
"{C69405BB-27AF-4940-B3DA-04910B4DFD23}_is1" = aTube Catcher 1.0
"{D041EB9E-890A-4098-8F94-51DA194AC72A}" = Pinnacle Studio 12
"{E040012F-A895-482E-87EF-D747ABB0F1D6}" = CADdy++ - SEE Electrical
"{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}" = PL-2303 Vista Driver Installer
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FB697452-8CA4-46B4-98B1-165C922A2EF3}" = Update Manager for SweetPacks 1.0
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"aTube Catcher" = aTube Catcher
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CursorFX" = CursorFX
"Deutschlands Brettspiele Deluxe" = Deutschlands Brettspiele Deluxe 1.0
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"EDEKA Fotowelt" = EDEKA Fotowelt
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free YouTube Download_is1" = Free YouTube Download version 3.1.22.319
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"MatlabR2007a" = MATLAB Student R2007a
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"MProg 3.0a" = MProg 3.0a
"Origin" = Origin
"PriceGong" = PriceGong 2.6.4
"PSpice Student" = PSpice Student 9.1
"PunkBusterSvc" = PunkBuster Services
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server
"TUGZip_is1" = TUGZip 3.5
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.1

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 28.02.2011 15:13:03 | Computer Name = Hannes-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 01.03.2011 13:29:41 | Computer Name = Hannes-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 01.03.2011 14:06:00 | Computer Name = Hannes-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 04.03.2011 16:57:43 | Computer Name = Hannes-PC | Source = RasClient | ID = 20227
Description =

Error - 04.03.2011 16:58:37 | Computer Name = Hannes-PC | Source = RasClient | ID = 20227
Description =

Error - 04.03.2011 16:59:31 | Computer Name = Hannes-PC | Source = RasClient | ID = 20227
Description =

Error - 04.03.2011 17:03:57 | Computer Name = Hannes-PC | Source = RasClient | ID = 20227
Description =

Error - 04.03.2011 17:07:10 | Computer Name = Hannes-PC | Source = RasClient | ID = 20227
Description =

Error - 05.03.2011 05:03:36 | Computer Name = Hannes-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 05.03.2011 06:04:44 | Computer Name = Hannes-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

[ Media Center Events ]
Error - 07.03.2012 11:36:45 | Computer Name = Hannes-PC | Source = MCUpdate | ID = 0
Description = 16:36:45 - Fehler beim Herstellen der Internetverbindung. 16:36:45
- Serververbindung konnte nicht hergestellt werden..

Error - 07.03.2012 12:36:51 | Computer Name = Hannes-PC | Source = MCUpdate | ID = 0
Description = 17:36:50 - Fehler beim Herstellen der Internetverbindung. 17:36:50
- Serververbindung konnte nicht hergestellt werden..

Error - 07.03.2012 13:36:55 | Computer Name = Hannes-PC | Source = MCUpdate | ID = 0
Description = 18:36:55 - Fehler beim Herstellen der Internetverbindung. 18:36:55
- Serververbindung konnte nicht hergestellt werden..

Error - 23.03.2012 04:07:19 | Computer Name = Hannes-PC | Source = MCUpdate | ID = 0
Description = 09:07:18 - Fehler beim Herstellen der Internetverbindung. 09:07:19
- Serververbindung konnte nicht hergestellt werden..

Error - 27.03.2012 11:46:14 | Computer Name = Hannes-PC | Source = MCUpdate | ID = 0
Description = 17:46:13 - Fehler beim Herstellen der Internetverbindung. 17:46:13
- Serververbindung konnte nicht hergestellt werden..

Error - 27.03.2012 12:46:26 | Computer Name = Hannes-PC | Source = MCUpdate | ID = 0
Description = 18:46:25 - Fehler beim Herstellen der Internetverbindung. 18:46:26
- Serververbindung konnte nicht hergestellt werden..

Error - 28.03.2012 13:46:59 | Computer Name = Hannes-PC | Source = MCUpdate | ID = 0
Description = 19:46:58 - Fehler beim Herstellen der Internetverbindung. 19:46:58
- Serververbindung konnte nicht hergestellt werden..

Error - 02.04.2012 16:11:42 | Computer Name = Hannes-PC | Source = MCUpdate | ID = 0
Description = 22:11:41 - Fehler beim Herstellen der Internetverbindung. 22:11:42
- Serververbindung konnte nicht hergestellt werden..

Error - 08.04.2012 07:00:44 | Computer Name = Hannes-PC | Source = MCUpdate | ID = 0
Description = 13:00:43 - Fehler beim Herstellen der Internetverbindung. 13:00:43
- Serververbindung konnte nicht hergestellt werden..

Error - 19.05.2012 05:28:31 | Computer Name = Hannes-PC | Source = MCUpdate | ID = 0
Description = 11:28:30 - Fehler beim Herstellen der Internetverbindung. 11:28:30
- Serververbindung konnte nicht hergestellt werden..

[ OSession Events ]
Error - 17.04.2012 09:17:55 | Computer Name = Hannes-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 4142
seconds with 1500 seconds of active time. This session ended with a crash.

Error - 23.04.2012 09:16:24 | Computer Name = Hannes-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7082
seconds with 2820 seconds of active time. This session ended with a crash.

Error - 23.04.2012 09:16:48 | Computer Name = Hannes-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 01.06.2012 10:10:42 | Computer Name = Hannes-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\TVicPort.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.

Error - 01.06.2012 10:10:42 | Computer Name = Hannes-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TVicPort" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275

Error - 01.06.2012 10:10:42 | Computer Name = Hannes-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error - 01.06.2012 10:10:42 | Computer Name = Hannes-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\drivers\hardlock.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.

Error - 01.06.2012 10:10:42 | Computer Name = Hannes-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Hardlock" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275

Error - 01.06.2012 10:57:55 | Computer Name = Hannes-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\TVicPort.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.

Error - 01.06.2012 10:57:55 | Computer Name = Hannes-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TVicPort" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275

Error - 01.06.2012 10:57:56 | Computer Name = Hannes-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error - 01.06.2012 10:57:56 | Computer Name = Hannes-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\drivers\hardlock.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.

Error - 01.06.2012 10:57:56 | Computer Name = Hannes-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Hardlock" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275


< End of report >





Würde mich freuen wenn mir jemand helfen könnte, wie ich weiter verfahren sollte!
Im voraus schon ein rießen Dankeschön!!!

Beste Grüße

Hannes

cosinus 03.06.2012 14:38
Erstmal das hier vorweg als Hinweis:
Wann genau deine Daten entschlüsselt werden können wird dir niemand genau sagen können außer vllt einer :glaskugel: es kann sein, dass du eine neuere Variante hast, deren Verschlüsselungsalgorithmus noch unbekannt ist. Sowas kann man (noch) nicht entschlüsseln und ohne Schlüssel schon garnicht - ist ja auch logisch, sonst wär es ja keine vernünftige Verschlüsselung
Einfach hier nochmal reinsehen in regelmäßigen Abständen, obige Hinweise beachten. 8 Tools mitsamt hunderten Diskussionsbeiträgen stehen da schon

Entschlüsselungsversuche der verschlüsselten Dateien sind nur auf zusätzliche Kopien der verschlüsselten Dateien anzuwenden, sonst zerhackt man sich die noch weiter ohne die "original" verschlüsselte Datei mehr zu haben. Das willst du sicher nicht!

Und in Zukunft willst du sicher mal an ein besseres Backupkonzept denken. Hier ein Denkanstoß => http://www.trojaner-board.de/115678-...r-backups.html

--

Bitte jetzt routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

Hannes7 03.06.2012 18:04
Ok Malware habe ich nun aktualisiert und komplett drüberlaufen lassen. Hier das log:


Code:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.03.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Hannes :: HANNES-PC [Administrator]

03.06.2012 16:19:09
mbam-log-2012-06-03 (16-19-09).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 567996
Laufzeit: 1 Stunde(n), 42 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus 03.06.2012 18:25
Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

Hannes7 03.06.2012 19:37
ja den vorherigen log steht oben bei den ersten angaben von mir. vorher habe ich noch keinen gemacht... hier nochmal der obige:


[code]

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.01.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Hannes :: HANNES-PC [Administrator]

01.06.2012 16:25:14
mbam-log-2012-06-01 (16-25-14).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 224203
Laufzeit: 5 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Hannes\AppData\Local\Temp\jnqojnqtdx.pre (Packer.ModifiedUPX) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Hannes\AppData\Local\Temp\zsrlnbhinb.pre (Packer.ModifiedUPX) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)


[/code)


Eset müsste auch jeden moment fertig sein, dann stell ich dies auch nochmal rein...


Gruß

Hier nochmal da es oben nicht richtig geklappt hat...


Code:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.01.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Hannes :: HANNES-PC [Administrator]

01.06.2012 16:25:14
mbam-log-2012-06-01 (16-25-14).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 224203
Laufzeit: 5 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Hannes\AppData\Local\Temp\jnqojnqtdx.pre (Packer.ModifiedUPX) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Hannes\AppData\Local\Temp\zsrlnbhinb.pre (Packer.ModifiedUPX) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

cosinus 03.06.2012 20:59
Was ist mit ESET?

Hannes7 03.06.2012 21:04
Ist gerade endlich fertig geworden...
Zeigte sieben Funde an, aber im log war nur das:


Code:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
ach ja..
fünf davon war etwas mit virus dabei gestanden..

cosinus 03.06.2012 21:52
ESET hast du wahrscheinlich falsch gemacht, da gab es extra einen dicken Hinweis zu

Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen

Hannes7 03.06.2012 22:01
Ok ja shit...
lass ich gleich nochmal drüber, wird aber wieder ca. zweieinhalb std. dauern.
werde das ergebnis gleich morgen früh posten..

Danke und Gruß

So nun hier das eset log, wobei auch die sieben funde endlich aufgezeigt werden ;-)


Code:


ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=e4f1f2ddad6dcd468f9251f83ad79d7d
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-03 11:36:56
# local_time=2012-06-04 01:36:56 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 100 199409 113650382 192125 0
# compatibility_mode=5893 16776574 100 94 37950449 90387268 0 0
# compatibility_mode=8192 67108863 100 0 14135 14135 0 0
# scanned=358225
# found=7
# cleaned=0
# scan_time=9218
C:\Users\Hannes\AppData\Local\Mozilla\Firefox\Profiles\h7r66vdw.default\Cache\3\C8\0BDE0d01        HTML/ScrInject.B.Gen Virus (Säubern nicht möglich)        00000000000000000000000000000000        I
C:\Users\Hannes\AppData\Local\Mozilla\Firefox\Profiles\h7r66vdw.default\Cache\4\93\37EA2d01        HTML/ScrInject.B.Gen Virus (Säubern nicht möglich)        00000000000000000000000000000000        I
C:\Users\Hannes\AppData\Local\Mozilla\Firefox\Profiles\h7r66vdw.default\Cache\4\B5\D0BAEd01        HTML/ScrInject.B.Gen Virus (Säubern nicht möglich)        00000000000000000000000000000000        I
C:\Users\Hannes\AppData\Local\Mozilla\Firefox\Profiles\h7r66vdw.default\Cache\5\55\C8A3Cd01        HTML/ScrInject.B.Gen Virus (Säubern nicht möglich)        00000000000000000000000000000000        I
C:\Users\Hannes\AppData\Local\Mozilla\Firefox\Profiles\h7r66vdw.default\Cache\9\09\53D14d01        HTML/ScrInject.B.Gen Virus (Säubern nicht möglich)        00000000000000000000000000000000        I
C:\Users\Hannes\AppData\Local\Temp\aTube_Catcher_Installer_297.exe        Win32/Adware.ADON Anwendung (Säubern nicht möglich)        00000000000000000000000000000000        I
D:\Handy rooten\superoneclick\Exploits\psneuter        Android/Exploit.Lotoor.AK Trojaner (Säubern nicht möglich)        00000000000000000000000000000000        I

cosinus 04.06.2012 10:28
Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? (abgesehen von der Verschlüsselung)
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Hannes7 04.06.2012 11:16
Habe mal alle durchgeklickt im Starmenü. Der Ordner Stardock ist leer, kann aber da nicht sagen, ob da vorher was drin war, da ich den nicht kenne.
Gerade ist mir auch aufgefallen, dass nachdem ich meinen Virenscanner von Avira AntiVir wieder eingeschaltet habe, dieser nicht mehr rechts unten in dem Fenster bei der Uhr angezeigt wird. Wenn ich ihn im Startmenü öffne steht zwar dieser sei aktiviert, aber wenn ich unten bei der Uhr auf anpassen gehe steht da der "Antivirus System Tray Tool" und wenn ich da drauf gehe steht bei "Guard" inaktiv.
Desweiteren funktioniert mein Firefox überhaupt nicht mehr. Das einzige was da immer kommt wenn ich drauf klicke ist der "Mozilla Absturz-Melder", wo ich den Problembericht an Mozilla schicken kann.

Sonst ist mir bis jetzt nichts aufgefallen.
Schaue nachher nochmal durch und falls mir noch was auffällt dann poste ich es sofort.

Gruß

habe mir den IE wieder runtergeladen und gehe im Mom darüber wieder rein...

Ach ja und mein USB-Drucker der über meinen Router angebunden ist funktioniert nicht mehr, könnte aber auch mit der Systemwiederherstellung zu tun haben, die ich durchgeführt habe. Werde dies gleich mal checken.

Ok Drucker geht wieder. Den habe ich wohl erst nach dem Systemwiederherstellungspunkt installiert, da dieser erst ziemlich neu über mein Netzwerk läuft.

Folgende Ordner sind leer:

"C:/Programme/ATI Technologies"
Aber "C:/Programme/ATI" ist eine Config Datei vorhanden.

"C:/Programme(x86)/Mozilla Firefox" die Ordner "chrome", "greprefs" und "modules"

"C:/Windows/DigitalLocker" die Ordner "de-DE" und "en-US"

"C:/Windows/Logs/HomeGroup"

"C:/Windows/security" die Ordner "audit" und "templates"

"C:/Windows/System" ist auch leer aber "System32" steht was drin

"C:/Windows/tracing"



Auf folgende Ordner kann ich nicht zugreifen:


"C:/Windows/CSC/v2.0.6"

"C:/Windows/PLA" auf die Ordner "Reports", "Rules" und "Templates"


Tiefer bin ich in die Dateistruktur nicht gegangen und sonst ist mir bis jetzt nichts weiter aufgefallen.

Mein Avira AntiVir / Luke Filewalker hat bei einem Scan auch angeschlagen mit dem Text: "Es wurde ein Virus oder unerwünschtes Programm gefunden!"

Darunter sind vier Objekte aufgeführt.
Weiß aber nicht wo ich davon das log finde.

cosinus 04.06.2012 16:05
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Hannes7 04.06.2012 18:05
OTL.txt:

OTL Logfile:
Code:
OTL logfile created on: 04.06.2012 18:26:41 - Run 2
OTL by OldTimer - Version 3.2.45.0    Folder = C:\Users\Hannes\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,01 Gb Available Physical Memory | 50,40% Memory free
4,00 Gb Paging File | 2,44 Gb Available in Paging File | 61,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,19 Gb Total Space | 45,53 Gb Free Space | 40,95% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 70,59 Gb Free Space | 30,31% Space Free | Partition Type: NTFS
Drive E: | 110,95 Gb Total Space | 42,54 Gb Free Space | 38,34% Space Free | Partition Type: NTFS
 
Computer Name: HANNES-PC | User Name: Hannes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.02 22:01:25 | 000,351,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
PRC - [2012.06.02 18:55:56 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012.06.01 17:10:34 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Hannes\Desktop\OTL.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Hannes\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.02.09 12:53:49 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.02.07 00:40:15 | 001,242,448 | ---- | M] (Valve Corporation) -- D:\Spiele\steam\Steam.exe
PRC - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.08.02 11:46:23 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.05.09 19:46:53 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2008.04.07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
PRC - [2008.02.28 19:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2008.02.22 10:11:02 | 000,120,320 | ---- | M] () -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2006.12.19 11:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.02 18:55:55 | 020,313,384 | ---- | M] () -- D:\Spiele\steam\bin\libcef.dll
MOD - [2012.06.02 18:55:54 | 000,895,312 | ---- | M] () -- D:\Spiele\steam\bin\chromehtml.dll
MOD - [2012.06.02 18:55:54 | 000,190,776 | ---- | M] () -- D:\Spiele\steam\bin\avformat-53.dll
MOD - [2012.06.02 18:55:54 | 000,123,192 | ---- | M] () -- D:\Spiele\steam\bin\avutil-51.dll
MOD - [2012.06.02 18:55:53 | 001,099,576 | ---- | M] () -- D:\Spiele\steam\bin\avcodec-53.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.11.20 15:26:50 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
SRV:64bit: - [2009.07.14 03:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.06.02 22:01:27 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.02 18:55:56 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.02.09 12:53:49 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.08.02 11:46:23 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.09 19:46:53 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.07.14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008.04.07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2006.12.19 11:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.24 11:14:42 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.)
DRV:64bit: - [2012.02.24 11:14:42 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV:64bit: - [2011.08.02 11:46:28 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.08.02 11:46:28 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.08.01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.23 14:17:38 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.02.11 22:16:58 | 000,036,864 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2009.08.28 10:33:48 | 000,292,400 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV:64bit: - [2009.07.14 02:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009.07.14 02:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009.07.14 02:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009.07.14 01:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)
DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 22:36:04 | 000,696,832 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fus2base.sys -- (FUS2BASE)
DRV:64bit: - [2009.06.10 22:36:02 | 000,079,872 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avmcowan.sys -- (AVMCOWAN)
DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.03.13 15:51:00 | 000,068,800 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2008.03.13 15:49:36 | 000,084,288 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2007.08.13 21:48:52 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
DRV:64bit: - [2007.07.31 19:04:48 | 000,090,112 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl)
DRV:64bit: - [2006.11.18 14:07:48 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2005.09.24 00:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.04.07 10:39:44 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2005.03.30 11:12:38 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Stopped] -- C:\Windows\SysWow64\drivers\TVicPort.sys -- (TVicPort)
DRV - [2004.07.14 12:54:42 | 000,676,864 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\hardlock.sys -- (Hardlock)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-209052573-2804626970-400000205-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-209052573-2804626970-400000205-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de
IE - HKU\S-1-5-21-209052573-2804626970-400000205-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-209052573-2804626970-400000205-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-209052573-2804626970-400000205-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-209052573-2804626970-400000205-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-209052573-2804626970-400000205-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-209052573-2804626970-400000205-1000\..\SearchScopes\{03_TL-GOOGLE-DE-E1416B8B2E3A}: "URL" = hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q={searchTerms}&affid=1&uid=327FE2A8-7931-4E66-8DD5-CB1A16956775
IE - HKU\S-1-5-21-209052573-2804626970-400000205-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-209052573-2804626970-400000205-1000\..\SearchScopes\{745CBB2B-7D6B-42EE-BD3D-234ACE39FDB8}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=FA53FEE2-5D7D-49B1-81B7-CF139F383622&apn_sauid=E552C527-A743-49E4-BD1E-8686E67D5147&
IE - HKU\S-1-5-21-209052573-2804626970-400000205-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.de/search?q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://go.web.de/tb/mff_startpage_home"
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.5
FF - prefs.js..keyword.URL: "hxxp://www.google.de/search?q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.01 15:26:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.02.09 13:30:18 | 000,000,000 | ---D | M]
 
[2010.03.19 16:27:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hannes\AppData\Roaming\mozilla\Extensions
[2012.05.19 13:23:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hannes\AppData\Roaming\mozilla\Firefox\Profiles\h7r66vdw.default\extensions
[2012.04.18 18:45:39 | 000,000,000 | ---D | M] (PriceGong) -- C:\Users\Hannes\AppData\Roaming\mozilla\Firefox\Profiles\h7r66vdw.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
[2012.04.04 20:16:58 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Hannes\AppData\Roaming\mozilla\Firefox\Profiles\h7r66vdw.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.12.29 11:03:08 | 000,000,933 | ---- | M] () -- C:\Users\Hannes\AppData\Roaming\Mozilla\Firefox\Profiles\h7r66vdw.default\searchplugins\11-suche.xml
[2011.12.29 11:03:08 | 000,002,419 | ---- | M] () -- C:\Users\Hannes\AppData\Roaming\Mozilla\Firefox\Profiles\h7r66vdw.default\searchplugins\englische-ergebnisse.xml
[2011.12.29 11:03:08 | 000,010,525 | ---- | M] () -- C:\Users\Hannes\AppData\Roaming\Mozilla\Firefox\Profiles\h7r66vdw.default\searchplugins\gmx-suche.xml
[2011.12.29 11:03:08 | 000,002,457 | ---- | M] () -- C:\Users\Hannes\AppData\Roaming\Mozilla\Firefox\Profiles\h7r66vdw.default\searchplugins\lastminute.xml
[2012.04.18 18:45:32 | 000,003,915 | ---- | M] () -- C:\Users\Hannes\AppData\Roaming\Mozilla\Firefox\Profiles\h7r66vdw.default\searchplugins\sweetim.xml
[2011.12.29 11:03:08 | 000,005,508 | ---- | M] () -- C:\Users\Hannes\AppData\Roaming\Mozilla\Firefox\Profiles\h7r66vdw.default\searchplugins\webde-suche.xml
[2012.03.29 17:51:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.03.29 17:51:26 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.09 13:30:06 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.03.29 17:51:23 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.29 17:51:23 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.29 17:51:23 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.29 17:51:23 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.29 17:51:23 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.29 17:51:23 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.6.4\PriceGongIE.dll (PriceGong)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKU\S-1-5-21-209052573-2804626970-400000205-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-209052573-2804626970-400000205-1000\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [KiesTrayAgent] D:\Handy rooten\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero Burning ROM 8\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-209052573-2804626970-400000205-1000..\Run: [F:\SPECTRUM_3.0_setup.exe] F:\SPECTRUM_3.0_setup.exe File not found
O4 - HKU\S-1-5-21-209052573-2804626970-400000205-1000..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-21-209052573-2804626970-400000205-1000..\Run: [KiesHelper] D:\Handy rooten\Kies\KiesHelper.exe (Samsung)
O4 - HKU\S-1-5-21-209052573-2804626970-400000205-1000..\Run: [KiesPDLR] D:\Handy rooten\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-209052573-2804626970-400000205-1000..\Run: [Steam] D:\Spiele\steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-209052573-2804626970-400000205-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-209052573-2804626970-400000205-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Hannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Hannes\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Hannes\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Hannes\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe File not found
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50B16190-951C-4789-BCFA-A6E94A8311E6}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E408DDA-6263-4A13-B2FE-2DFDB74DFBB3}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - Unable to obtain root file information for disk D:\
O32 - Unable to obtain root file information for disk E:\
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.mjpg - C:\Windows\SysWow64\pvmjpg30.dll (Pegasus Imaging Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.03 19:08:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.06.01 17:10:08 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Hannes\Desktop\OTL.exe
[2012.06.01 16:22:38 | 000,000,000 | ---D | C] -- C:\Users\Hannes\AppData\Roaming\Malwarebytes
[2012.06.01 16:22:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.01 16:22:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.01 16:22:28 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.01 16:22:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.05.30 20:49:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.05.19 14:24:30 | 000,000,000 | ---D | C] -- C:\Users\Hannes\AppData\Roaming\TuneUp Software
[2012.05.19 14:23:21 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.05.19 14:22:45 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.05.19 14:22:45 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.05.14 13:08:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.05.14 13:07:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.05.13 20:37:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\System32
[2012.05.12 22:05:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.05.12 21:36:47 | 000,203,320 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys
[2012.05.12 21:36:47 | 000,099,384 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys
[2012.05.12 14:25:57 | 000,000,000 | -HSD | C] -- C:\Config.Msi
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.04 17:55:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.04 16:58:21 | 000,142,310 | ---- | M] () -- C:\Users\Hannes\Desktop\virus.jpg
[2012.06.04 13:27:12 | 000,002,042 | -H-- | M] () -- C:\Users\Hannes\Documents\Default.rdp
[2012.06.04 10:24:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.03 14:12:30 | 000,013,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.03 14:12:30 | 000,013,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.03 14:05:17 | 000,000,435 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2012.06.03 14:04:38 | 1609,043,968 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.02 20:36:18 | 000,001,016 | ---- | M] () -- C:\Users\Hannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.06.02 20:36:02 | 000,000,986 | ---- | M] () -- C:\Users\Hannes\Desktop\Dropbox.lnk
[2012.06.01 17:10:34 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Hannes\Desktop\OTL.exe
[2012.06.01 16:59:51 | 000,001,525 | ---- | M] () -- C:\Users\Hannes\Desktop\iexplore - Verknüpfung.lnk
[2012.06.01 16:55:31 | 000,000,188 | ---- | M] () -- C:\Users\Hannes\defogger_reenable
[2012.06.01 16:54:46 | 000,050,477 | ---- | M] () -- C:\Users\Hannes\Desktop\Defogger.exe
[2012.06.01 16:22:30 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.01 16:00:19 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.06.01 16:00:14 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012.06.01 15:58:20 | 001,512,418 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.01 15:58:20 | 000,659,238 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.01 15:58:20 | 000,620,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.01 15:58:20 | 000,132,776 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.01 15:58:20 | 000,108,566 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.05.30 14:14:55 | 000,124,899 | ---- | M] () -- C:\Users\Hannes\Desktop\476355_416282435049858_100000043157736_1615673_127329664_o.jpg
[2012.05.14 13:16:01 | 000,211,945 | ---- | M] () -- C:\Users\Hannes\Desktop\VodafoneWillkommen_001925162666.pdf
[2012.05.14 13:15:40 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2012.05.13 21:17:32 | 000,481,560 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012.06.04 16:58:21 | 000,142,310 | ---- | C] () -- C:\Users\Hannes\Desktop\virus.jpg
[2012.06.02 22:01:29 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.01 16:59:51 | 000,001,525 | ---- | C] () -- C:\Users\Hannes\Desktop\iexplore - Verknüpfung.lnk
[2012.06.01 16:55:30 | 000,000,188 | ---- | C] () -- C:\Users\Hannes\defogger_reenable
[2012.06.01 16:54:46 | 000,050,477 | ---- | C] () -- C:\Users\Hannes\Desktop\Defogger.exe
[2012.06.01 16:22:30 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.01 16:11:50 | 000,001,409 | ---- | C] () -- C:\Users\Hannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012.06.01 16:11:47 | 000,001,443 | ---- | C] () -- C:\Users\Hannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.06.01 16:00:19 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.06.01 16:00:14 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012.05.30 14:14:46 | 000,124,899 | ---- | C] () -- C:\Users\Hannes\Desktop\476355_416282435049858_100000043157736_1615673_127329664_o.jpg
[2012.05.14 13:15:52 | 000,211,945 | ---- | C] () -- C:\Users\Hannes\Desktop\VodafoneWillkommen_001925162666.pdf
[2012.03.28 22:11:08 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.03.28 22:11:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.03.28 22:11:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.03.28 22:11:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.03.28 22:11:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.01.04 15:32:58 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2011.02.11 17:42:01 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.02.11 17:41:58 | 002,601,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe
[2011.02.11 17:41:58 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.10.05 11:34:31 | 000,005,378 | ---- | C] () -- C:\Windows\PSPICEEV.INI
 
========== LOP Check ==========
 
[2010.10.22 19:23:45 | 000,000,000 | -HSD | M] -- C:\Users\Hannes\AppData\Roaming\.#
[2011.01.15 23:58:37 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\algomahe.de
[2010.05.06 15:14:40 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\Canon
[2010.11.23 14:24:35 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\DAEMON Tools Lite
[2010.11.22 21:39:21 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\DAEMON Tools Pro
[2009.11.11 12:10:37 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\Dev-Cpp
[2012.06.04 13:23:02 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\Dropbox
[2012.04.04 20:17:40 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\DVDVideoSoft
[2012.04.04 20:16:57 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.11.10 22:16:57 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\FRITZ!
[2009.11.24 19:33:00 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\ICQ
[2010.11.10 15:15:12 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\McLoad
[2012.02.11 19:24:15 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\MCS Electronics
[2012.02.09 12:18:11 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\Origin
[2010.11.23 00:04:17 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\PC Suite
[2012.04.19 20:28:39 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\Samsung
[2012.05.13 20:43:12 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\Temp
[2012.05.19 14:24:30 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\TuneUp Software
[2009.12.14 21:46:58 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\ubi.com
[2012.04.12 19:31:45 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.10.22 19:23:45 | 000,000,000 | -HSD | M] -- C:\Users\Hannes\AppData\Roaming\.#
[2011.02.11 17:41:37 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\Adobe
[2011.01.15 23:58:37 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\algomahe.de
[2010.03.25 19:07:06 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\Avira
[2010.05.06 15:14:40 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\Canon
[2010.10.04 17:06:40 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\Comodo
[2010.10.04 17:10:35 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\CyberLink
[2010.11.23 14:24:35 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\DAEMON Tools Lite
[2010.11.22 21:39:21 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\DAEMON Tools Pro
[2009.11.11 12:10:37 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\Dev-Cpp
[2012.06.04 13:23:02 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\Dropbox
[2011.07.19 14:26:37 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\dvdcss
[2012.04.04 20:17:40 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\DVDVideoSoft
[2012.04.04 20:16:57 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.11.10 22:16:57 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\FRITZ!
[2009.11.24 19:33:00 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\ICQ
[2009.11.06 19:49:58 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\Identities
[2009.11.09 14:22:00 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\Macromedia
[2012.06.01 16:22:38 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\Malwarebytes
[2009.11.09 14:25:36 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\MathWorks
[2010.11.10 15:15:12 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\McLoad
[2012.02.11 19:24:15 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\MCS Electronics
[2009.07.14 20:18:34 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\Media Center Programs
[2012.04.22 23:45:44 | 000,000,000 | --SD | M] -- C:\Users\Hannes\AppData\Roaming\Microsoft
[2010.03.19 16:27:19 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\Mozilla
[2010.10.06 14:16:18 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\MozillaControl
[2009.11.10 22:58:45 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\Nero
[2010.07.20 11:36:02 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\NeroDigital™
[2012.03.06 21:46:41 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\NVIDIA
[2012.02.09 12:18:11 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\Origin
[2010.11.23 00:04:17 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\PC Suite
[2012.04.19 20:28:39 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\Samsung
[2012.05.13 20:43:12 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\Temp
[2012.05.19 14:24:30 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\TuneUp Software
[2009.12.14 21:46:58 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\ubi.com
[2012.05.21 16:42:21 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\vlc
 
< %APPDATA%\*.exe /s >
[2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Hannes\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.05.24 20:39:24 | 000,872,144 | ---- | M] (Dropbox, Inc.) -- C:\Users\Hannes\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2012.05.24 20:39:56 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\Hannes\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2009.11.09 17:54:09 | 000,029,926 | R--- | M] () -- C:\Users\Hannes\AppData\Roaming\Microsoft\Installer\{5EB90C06-964F-4195-B83E-BD7E55C88415}\ARPPRODUCTICON.exe
[2010.12.15 14:41:39 | 000,010,134 | R--- | M] () -- C:\Users\Hannes\AppData\Roaming\Microsoft\Installer\{77077FFF-8831-470F-9627-E86F06A50CCD}\ARPPRODUCTICON.exe
[2012.05.13 20:31:43 | 003,154,792 | ---- | M] (Microsoft Corporation) -- C:\Users\Hannes\AppData\Roaming\Samsung\Kies\UpdateTemp\NDP40-KB2461678-x64.exe
[2012.03.31 04:38:12 | 000,954,256 | ---- | M] (Samsung) -- C:\Users\Hannes\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\Kies.exe
[2012.03.31 04:38:16 | 000,278,928 | ---- | M] () -- C:\Users\Hannes\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesDriverInstaller.exe
[2012.03.28 22:13:22 | 000,309,760 | ---- | M] (Samsung) -- C:\Users\Hannes\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesLogger.exe
[2012.03.31 04:38:14 | 003,521,424 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\Hannes\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesTrayAgent.exe
[2012.03.28 22:12:02 | 000,694,784 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Hannes\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceManager.exe
[2012.03.31 04:38:20 | 000,067,472 | ---- | M] (Samsung) -- C:\Users\Hannes\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\Kies_Tutorial.exe
[2012.03.28 22:11:38 | 000,106,920 | ---- | M] () -- C:\Users\Hannes\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentInstaller.exe
[2012.03.28 22:11:38 | 000,101,288 | ---- | M] () -- C:\Users\Hannes\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentUpdate.exe
[2012.03.31 04:38:24 | 000,183,696 | ---- | M] () -- C:\Users\Hannes\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\BinaryLoaderMgr.exe
[2012.03.31 04:38:26 | 000,021,392 | ---- | M] () -- C:\Users\Hannes\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\KiesPDLR.exe
[2012.03.31 04:38:28 | 003,570,312 | ---- | M] (Freeware) -- C:\Users\Hannes\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\MediaModules\MyFreeCodecPack.exe
[2012.03.31 04:38:30 | 000,371,088 | ---- | M] (ml) -- C:\Users\Hannes\AppData\Roaming\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe
[2012.05.04 07:37:12 | 000,371,088 | ---- | M] (ml) -- C:\Users\Hannes\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe
 
< %SYSTEMDRIVE%\*.exe >
[2005.08.16 09:49:12 | 000,040,960 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\junction.exe
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: ENETHOOK.DLL  >
[2007.05.22 15:00:04 | 000,090,112 | ---- | M] (acer) MD5=2BB5B239A4501C0A846A2E43D3A98986 -- C:\Acer\Empowering Technology\eNet\eNetHook.dll
 
< MD5 for: EVENTLOG.DLL  >
[1999.10.02 12:24:46 | 000,017,408 | ---- | M] () MD5=1363337A5301619F00F8033835EF30E9 -- C:\Program Files (x86)\MATLAB\R2007a Student\sys\perl\win32\site\lib\auto\Win32\EventLog\EventLog.dll
 
< MD5 for: IASTOR.SYS  >
[2007.04.25 06:17:36 | 000,277,784 | ---- | M] (Intel Corporation) MD5=5DF93509037399B53D3ECAA8A67B6C58 -- C:\Acer\Empowering Technology\eRecovery\Autorun\SW1\Robson\Winall\Driver\iaStor.sys
[2007.04.25 06:17:36 | 000,277,784 | ---- | M] (Intel Corporation) MD5=5DF93509037399B53D3ECAA8A67B6C58 -- C:\Acer\Robson\Winall\Driver\iaStor.sys
[2007.04.25 06:18:12 | 000,537,368 | ---- | M] (Intel Corporation) MD5=6E9BEDAEFA5A3F86CECF40F4963F3021 -- C:\Acer\Empowering Technology\eRecovery\Autorun\SW1\Robson\Winall\Driver64\IaStor.sys
[2007.04.25 06:18:12 | 000,537,368 | ---- | M] (Intel Corporation) MD5=6E9BEDAEFA5A3F86CECF40F4963F3021 -- C:\Acer\Robson\Winall\Driver64\IaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 03:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll
 
<          >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:0A73A758
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:A95A95AC
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:30A9E86A
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:7B212553

< End of report >
--- --- ---


[/code]

sind versehentlich zweimal die gleichen!

während des scans ist dreimal direkt hintereinander gekommen:
"Es befindet sich kein Datenträger im Laufwerk. Legen Sie einen Datenträger ein."
Dies habe ich aber jeweils abgebrochen. War das ok?

AntiVir meldete mir neben den Funden (welche ich noch nicht in Quarantäne verschoben habe) auch Diese drei Warnungen:

Code:

C:\Users\Hannes\AppData\Local\Mozilla\Firefox\Profiles\h7r66vdw.default\Cache\F\1E\9420Ad01
  [WARNUNG]  Die Datei wurde ignoriert.
C:\Users\Hannes\AppData\Local\Mozilla\Firefox\Profiles\h7r66vdw.default\Cache\B\96\E15C8d01
  [WARNUNG]  Die Datei wurde ignoriert.
C:\Users\Hannes\AppData\Local\Mozilla\Firefox\Profiles\h7r66vdw.default\Cache\6\AD\57706d01
  [WARNUNG]  Die Datei wurde ignoriert.
C:\Users\Hannes\AppData\Local\Mozilla\Firefox\Profiles\h7r66vdw.default\Cache\1\5E\DE316d01
  [WARNUNG]  Die Datei wurde ignoriert.
kann das damit zu tun haben das firefox nicht mehr funktioniert?

cosinus 04.06.2012 20:52
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
IE - HKU\S-1-5-21-209052573-2804626970-400000205-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-209052573-2804626970-400000205-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-209052573-2804626970-400000205-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-209052573-2804626970-400000205-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-209052573-2804626970-400000205-1000\..\SearchScopes\{745CBB2B-7D6B-42EE-BD3D-234ACE39FDB8}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=FA53FEE2-5D7D-49B1-81B7-CF139F383622&apn_sauid=E552C527-A743-49E4-BD1E-8686E67D5147&
FF - user.js - File not found
[2012.04.18 18:45:39 | 000,000,000 | ---D | M] (PriceGong) -- C:\Users\Hannes\AppData\Roaming\mozilla\Firefox\Profiles\h7r66vdw.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
[2012.04.18 18:45:32 | 000,003,915 | ---- | M] () -- C:\Users\Hannes\AppData\Roaming\Mozilla\Firefox\Profiles\h7r66vdw.default\searchplugins\sweetim.xml
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.6.4\PriceGongIE.dll (PriceGong)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKU\S-1-5-21-209052573-2804626970-400000205-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-209052573-2804626970-400000205-1000\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKU\S-1-5-21-209052573-2804626970-400000205-1000..\Run: [F:\SPECTRUM_3.0_setup.exe] F:\SPECTRUM_3.0_setup.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-209052573-2804626970-400000205-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
[2010.10.22 19:23:45 | 000,000,000 | -HSD | M] -- C:\Users\Hannes\AppData\Roaming\.#
[2011.01.15 23:58:37 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\algomahe.de
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:0A73A758
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:A95A95AC
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:30A9E86A
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:7B212553
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Hannes7 04.06.2012 22:32
nach dem fixen konnte ich auf nichts mehr drücken nur diese txt datei war offfen.

Code:

All processes killed
========== OTL ==========
HKU\S-1-5-21-209052573-2804626970-400000205-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-209052573-2804626970-400000205-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-209052573-2804626970-400000205-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-209052573-2804626970-400000205-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll moved successfully.
Registry key HKEY_USERS\S-1-5-21-209052573-2804626970-400000205-1000\Software\Microsoft\Internet Explorer\SearchScopes\{745CBB2B-7D6B-42EE-BD3D-234ACE39FDB8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{745CBB2B-7D6B-42EE-BD3D-234ACE39FDB8}\ not found.
C:\Users\Hannes\AppData\Roaming\mozilla\Firefox\Profiles\h7r66vdw.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\components folder moved successfully.
C:\Users\Hannes\AppData\Roaming\mozilla\Firefox\Profiles\h7r66vdw.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\chrome\skin folder moved successfully.
C:\Users\Hannes\AppData\Roaming\mozilla\Firefox\Profiles\h7r66vdw.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\chrome\locale\en-US folder moved successfully.
C:\Users\Hannes\AppData\Roaming\mozilla\Firefox\Profiles\h7r66vdw.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\chrome\locale folder moved successfully.
C:\Users\Hannes\AppData\Roaming\mozilla\Firefox\Profiles\h7r66vdw.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\chrome\content folder moved successfully.
C:\Users\Hannes\AppData\Roaming\mozilla\Firefox\Profiles\h7r66vdw.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\chrome folder moved successfully.
C:\Users\Hannes\AppData\Roaming\mozilla\Firefox\Profiles\h7r66vdw.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} folder moved successfully.
C:\Users\Hannes\AppData\Roaming\Mozilla\Firefox\Profiles\h7r66vdw.default\searchplugins\sweetim.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926}\ deleted successfully.
C:\Program Files (x86)\PriceGong\2.6.4\PriceGongIE.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ deleted successfully.
File C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_USERS\S-1-5-21-209052573-2804626970-400000205-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-209052573-2804626970-400000205-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
File C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Program Files (x86)\Ask.com\Updater\Updater.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SweetIM deleted successfully.
C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Sweetpacks Communicator deleted successfully.
C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-209052573-2804626970-400000205-1000\Software\Microsoft\Windows\CurrentVersion\Run\\F:\SPECTRUM_3.0_setup.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-209052573-2804626970-400000205-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
C:\Users\Hannes\AppData\Roaming\.# folder moved successfully.
C:\Users\Hannes\AppData\Roaming\algomahe.de\MausII folder moved successfully.
C:\Users\Hannes\AppData\Roaming\algomahe.de folder moved successfully.
ADS C:\ProgramData\TEMP:0A73A758 deleted successfully.
ADS C:\ProgramData\TEMP:A95A95AC deleted successfully.
ADS C:\ProgramData\TEMP:30A9E86A deleted successfully.
ADS C:\ProgramData\TEMP:B623B5B8 deleted successfully.
ADS C:\ProgramData\TEMP:7B212553 deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Hannes
->Temp folder emptied: 5254418237 bytes
->Temporary Internet Files folder emptied: 629210336 bytes
->Java cache emptied: 1211089 bytes
->FireFox cache emptied: 861039566 bytes
->Flash cache emptied: 50260 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 240812548 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 540 bytes
 
Total Files Cleaned = 6.663,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Hannes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.45.0 log created on 06042012_230616

Files\Folders moved on Reboot...
File\Folder C:\Users\Hannes\AppData\Local\Temp\2011-10-21-1195564306_04-RG.PDF  not found!
C:\Users\Hannes\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
Also Firefox funktioniert auf jeden Fall schon wieder :)

Avira ist auch wieder aktiv und wird angezeigt :)

der erneute vierenscan mit antivir brachte auch keine neuen Funde bzw Warnungen :-)

cosinus 05.06.2012 09:44
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Hannes7 05.06.2012 16:17
17:06:44.0943 0812 TDSS rootkit removing tool 2.7.38.0 May 25 2012 17:35:31
17:06:46.0986 0812 ============================================================
17:06:46.0986 0812 Current date / time: 2012/06/05 17:06:46.0986
17:06:46.0986 0812 SystemInfo:
17:06:46.0986 0812
17:06:46.0986 0812 OS Version: 6.1.7601 ServicePack: 1.0
17:06:46.0986 0812 Product type: Workstation
17:06:46.0986 0812 ComputerName: HANNES-PC
17:06:46.0986 0812 UserName: Hannes
17:06:46.0986 0812 Windows directory: C:\Windows
17:06:46.0986 0812 System windows directory: C:\Windows
17:06:46.0986 0812 Running under WOW64
17:06:46.0986 0812 Processor architecture: Intel x64
17:06:46.0986 0812 Number of processors: 2
17:06:46.0986 0812 Page size: 0x1000
17:06:46.0986 0812 Boot type: Normal boot
17:06:46.0986 0812 ============================================================
17:06:48.0687 0812 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:06:48.0983 0812 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:06:48.0983 0812 ============================================================
17:06:48.0983 0812 \Device\Harddisk0\DR0:
17:06:49.0061 0812 MBR partitions:
17:06:49.0061 0812 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x6, StartLBA 0x157B000, BlocksNum 0xDE62000
17:06:49.0061 0812 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xF3DD000, BlocksNum 0xDDE8000
17:06:49.0061 0812 \Device\Harddisk1\DR1:
17:06:49.0061 0812 MBR partitions:
17:06:49.0061 0812 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
17:06:49.0061 0812 ============================================================
17:06:49.0108 0812 C: <-> \Device\Harddisk0\DR0\Partition0
17:06:49.0139 0812 D: <-> \Device\Harddisk1\DR1\Partition0
17:06:49.0280 0812 E: <-> \Device\Harddisk0\DR0\Partition1
17:06:49.0373 0812 ============================================================
17:06:49.0373 0812 Initialize success
17:06:49.0373 0812 ============================================================
17:07:54.0129 3148 ============================================================
17:07:54.0129 3148 Scan started
17:07:54.0129 3148 Mode: Manual; SigCheck; TDLFS;
17:07:54.0129 3148 ============================================================
17:07:56.0937 3148 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
17:07:57.0639 3148 1394ohci - ok
17:07:57.0717 3148 61883 (e0a8525a951addb4655bc2068566407d) C:\Windows\system32\DRIVERS\61883.sys
17:07:57.0842 3148 61883 - ok
17:07:57.0920 3148 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
17:07:57.0967 3148 ACPI - ok
17:07:57.0998 3148 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
17:07:58.0107 3148 AcpiPmi - ok
17:07:58.0403 3148 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:07:58.0419 3148 AdobeFlashPlayerUpdateSvc - ok
17:07:58.0528 3148 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
17:07:58.0559 3148 adp94xx - ok
17:07:58.0591 3148 Scan interrupted by user!
17:07:58.0591 3148 Scan interrupted by user!
17:07:58.0591 3148 Scan interrupted by user!
17:07:58.0591 3148 ============================================================
17:07:58.0591 3148 Scan finished
17:07:58.0591 3148 ============================================================
17:07:58.0591 2376 Detected object count: 0
17:07:58.0591 2376 Actual detected object count: 0
17:08:03.0941 2300 ============================================================
17:08:03.0941 2300 Scan started
17:08:03.0941 2300 Mode: Manual; SigCheck; TDLFS;
17:08:03.0941 2300 ============================================================
17:08:04.0253 2300 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
17:08:04.0269 2300 1394ohci - ok
17:08:04.0300 2300 61883 (e0a8525a951addb4655bc2068566407d) C:\Windows\system32\DRIVERS\61883.sys
17:08:04.0316 2300 61883 - ok
17:08:04.0456 2300 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
17:08:04.0472 2300 ACPI - ok
17:08:04.0612 2300 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
17:08:04.0628 2300 AcpiPmi - ok
17:08:04.0815 2300 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:08:04.0815 2300 AdobeFlashPlayerUpdateSvc - ok
17:08:04.0924 2300 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
17:08:04.0940 2300 adp94xx - ok
17:08:04.0987 2300 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
17:08:05.0033 2300 adpahci - ok
17:08:05.0127 2300 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
17:08:05.0174 2300 adpu320 - ok
17:08:05.0205 2300 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
17:08:05.0392 2300 AeLookupSvc - ok
17:08:05.0611 2300 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
17:08:05.0735 2300 AFD - ok
17:08:05.0891 2300 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
17:08:05.0907 2300 agp440 - ok
17:08:06.0063 2300 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
17:08:06.0266 2300 ALG - ok
17:08:06.0406 2300 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
17:08:06.0422 2300 aliide - ok
17:08:06.0484 2300 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
17:08:06.0484 2300 amdide - ok
17:08:06.0578 2300 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
17:08:06.0625 2300 AmdK8 - ok
17:08:06.0671 2300 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
17:08:06.0749 2300 AmdPPM - ok
17:08:06.0859 2300 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
17:08:06.0874 2300 amdsata - ok
17:08:06.0952 2300 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
17:08:07.0046 2300 amdsbs - ok
17:08:07.0093 2300 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
17:08:07.0108 2300 amdxata - ok
17:08:07.0311 2300 AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
17:08:07.0373 2300 AntiVirSchedulerService - ok
17:08:07.0514 2300 AntiVirService (72d90e56563165984224493069c69ed4) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
17:08:07.0529 2300 AntiVirService - ok
17:08:07.0670 2300 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
17:08:08.0029 2300 AppID - ok
17:08:08.0107 2300 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
17:08:08.0153 2300 AppIDSvc - ok
17:08:08.0325 2300 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
17:08:08.0372 2300 Appinfo - ok
17:08:08.0450 2300 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
17:08:08.0731 2300 AppMgmt - ok
17:08:08.0965 2300 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
17:08:08.0980 2300 arc - ok
17:08:09.0011 2300 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
17:08:09.0027 2300 arcsas - ok
17:08:09.0089 2300 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:08:09.0136 2300 AsyncMac - ok
17:08:09.0214 2300 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
17:08:09.0230 2300 atapi - ok
17:08:09.0464 2300 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:08:09.0573 2300 AudioEndpointBuilder - ok
17:08:09.0573 2300 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:08:09.0620 2300 AudioSrv - ok
17:08:09.0745 2300 Avc (16fabe84916623d0607e4a975544032c) C:\Windows\system32\DRIVERS\avc.sys
17:08:09.0776 2300 Avc - ok
17:08:09.0916 2300 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
17:08:11.0039 2300 avgntflt - ok
17:08:11.0164 2300 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
17:08:11.0180 2300 avipbb - ok
17:08:11.0351 2300 AVMCOWAN (43744f1d3cde20f3925f10927c9036c2) C:\Windows\system32\DRIVERS\AVMCOWAN.sys
17:08:11.0383 2300 AVMCOWAN - ok
17:08:11.0492 2300 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
17:08:11.0695 2300 AxInstSV - ok
17:08:11.0897 2300 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
17:08:11.0975 2300 b06bdrv - ok
17:08:12.0069 2300 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:08:12.0147 2300 b57nd60a - ok
17:08:12.0241 2300 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
17:08:12.0365 2300 BDESVC - ok
17:08:12.0443 2300 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:08:12.0568 2300 Beep - ok
17:08:12.0818 2300 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
17:08:12.0865 2300 BFE - ok
17:08:13.0099 2300 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
17:08:13.0442 2300 BITS - ok
17:08:13.0567 2300 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:08:13.0660 2300 blbdrive - ok
17:08:13.0785 2300 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
17:08:13.0863 2300 bowser - ok
17:08:13.0910 2300 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:08:13.0972 2300 BrFiltLo - ok
17:08:14.0019 2300 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:08:14.0035 2300 BrFiltUp - ok
17:08:14.0128 2300 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
17:08:14.0206 2300 Browser - ok
17:08:14.0269 2300 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:08:14.0456 2300 Brserid - ok
17:08:14.0487 2300 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:08:14.0518 2300 BrSerWdm - ok
17:08:14.0643 2300 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:08:14.0690 2300 BrUsbMdm - ok
17:08:14.0768 2300 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:08:14.0939 2300 BrUsbSer - ok
17:08:15.0127 2300 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
17:08:15.0298 2300 BthEnum - ok
17:08:15.0345 2300 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
17:08:15.0470 2300 BTHMODEM - ok
17:08:15.0563 2300 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
17:08:15.0610 2300 BthPan - ok
17:08:15.0829 2300 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
17:08:15.0938 2300 BTHPORT - ok
17:08:16.0047 2300 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
17:08:16.0094 2300 bthserv - ok
17:08:16.0125 2300 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
17:08:16.0219 2300 BTHUSB - ok
17:08:16.0312 2300 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:08:16.0437 2300 cdfs - ok
17:08:16.0827 2300 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
17:08:16.0936 2300 cdrom - ok
17:08:17.0123 2300 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:08:17.0186 2300 CertPropSvc - ok
17:08:17.0233 2300 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
17:08:17.0248 2300 circlass - ok
17:08:17.0435 2300 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:08:17.0482 2300 CLFS - ok
17:08:17.0576 2300 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:08:17.0576 2300 clr_optimization_v2.0.50727_32 - ok
17:08:17.0685 2300 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:08:17.0685 2300 clr_optimization_v2.0.50727_64 - ok
17:08:17.0966 2300 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:08:18.0028 2300 clr_optimization_v4.0.30319_32 - ok
17:08:18.0465 2300 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:08:18.0512 2300 clr_optimization_v4.0.30319_64 - ok
17:08:18.0605 2300 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:08:18.0637 2300 CmBatt - ok
17:08:18.0683 2300 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
17:08:18.0683 2300 cmdide - ok
17:08:18.0871 2300 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
17:08:19.0073 2300 CNG - ok
17:08:19.0151 2300 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:08:19.0151 2300 Compbatt - ok
17:08:19.0229 2300 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
17:08:19.0323 2300 CompositeBus - ok
17:08:19.0385 2300 COMSysApp - ok
17:08:19.0432 2300 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
17:08:19.0448 2300 crcdisk - ok
17:08:19.0557 2300 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
17:08:19.0666 2300 CryptSvc - ok
17:08:19.0744 2300 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
17:08:19.0822 2300 CSC - ok
17:08:20.0041 2300 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
17:08:20.0087 2300 CscService - ok
17:08:20.0181 2300 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:08:20.0275 2300 DcomLaunch - ok
17:08:20.0399 2300 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
17:08:20.0493 2300 defragsvc - ok
17:08:20.0571 2300 de_serv - ok
17:08:20.0727 2300 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
17:08:20.0774 2300 DfsC - ok
17:08:20.0899 2300 DgiVecp - ok
17:08:20.0977 2300 dg_ssudbus (113212d25d0c9bb8901a9833774da97f) C:\Windows\system32\DRIVERS\ssudbus.sys
17:08:20.0992 2300 dg_ssudbus - ok
17:08:21.0117 2300 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
17:08:21.0242 2300 Dhcp - ok
17:08:21.0398 2300 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:08:21.0445 2300 discache - ok
17:08:21.0569 2300 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
17:08:21.0585 2300 Disk - ok
17:08:21.0632 2300 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
17:08:21.0741 2300 Dnscache - ok
17:08:21.0803 2300 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
17:08:21.0913 2300 dot3svc - ok
17:08:21.0991 2300 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
17:08:22.0053 2300 DPS - ok
17:08:22.0100 2300 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:08:22.0115 2300 drmkaud - ok
17:08:22.0256 2300 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
17:08:22.0303 2300 DXGKrnl - ok
17:08:22.0349 2300 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
17:08:22.0396 2300 EapHost - ok
17:08:22.0568 2300 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
17:08:22.0739 2300 ebdrv - ok
17:08:22.0895 2300 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
17:08:22.0973 2300 EFS - ok
17:08:23.0067 2300 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
17:08:23.0145 2300 ehRecvr - ok
17:08:23.0192 2300 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
17:08:23.0254 2300 ehSched - ok
17:08:23.0348 2300 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
17:08:23.0379 2300 elxstor - ok
17:08:23.0457 2300 enecir (de9402e080e9e3c94a9fd3fcf65de369) C:\Windows\system32\DRIVERS\enecir.sys
17:08:23.0504 2300 enecir - ok
17:08:23.0535 2300 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
17:08:23.0566 2300 ErrDev - ok
17:08:23.0644 2300 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
17:08:23.0722 2300 EventSystem - ok
17:08:23.0816 2300 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:08:23.0863 2300 exfat - ok
17:08:23.0909 2300 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:08:23.0987 2300 fastfat - ok
17:08:24.0065 2300 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
17:08:24.0159 2300 Fax - ok
17:08:24.0190 2300 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
17:08:24.0206 2300 fdc - ok
17:08:24.0268 2300 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
17:08:24.0331 2300 fdPHost - ok
17:08:24.0362 2300 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
17:08:24.0409 2300 FDResPub - ok
17:08:24.0471 2300 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:08:24.0487 2300 FileInfo - ok
17:08:24.0502 2300 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:08:24.0549 2300 Filetrace - ok
17:08:24.0627 2300 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
17:08:24.0643 2300 flpydisk - ok
17:08:24.0705 2300 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
17:08:24.0721 2300 FltMgr - ok
17:08:24.0845 2300 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
17:08:24.0939 2300 FontCache - ok
17:08:25.0064 2300 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:08:25.0079 2300 FontCache3.0.0.0 - ok
17:08:25.0157 2300 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:08:25.0173 2300 FsDepends - ok
17:08:25.0235 2300 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
17:08:25.0251 2300 Fs_Rec - ok
17:08:25.0298 2300 FTDIBUS (0f210048c6bfbfbc0f50816bce40b575) C:\Windows\system32\drivers\ftdibus.sys
17:08:25.0313 2300 FTDIBUS - ok
17:08:25.0376 2300 FTSER2K (814f098b02095814a8bebbf86d13fc90) C:\Windows\system32\drivers\ftser2k.sys
17:08:25.0391 2300 FTSER2K - ok
17:08:25.0516 2300 FUS2BASE (3d0f2c8b86bcab9a2bc5d5a725f45dcc) C:\Windows\system32\DRIVERS\fus2base.sys
17:08:25.0563 2300 FUS2BASE - ok
17:08:25.0641 2300 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:08:25.0703 2300 fvevol - ok
17:08:25.0766 2300 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:08:25.0766 2300 gagp30kx - ok
17:08:25.0891 2300 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
17:08:25.0969 2300 gpsvc - ok
17:08:26.0031 2300 Hardlock - ok
17:08:26.0062 2300 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:08:26.0125 2300 hcw85cir - ok
17:08:26.0265 2300 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
17:08:26.0296 2300 HdAudAddService - ok
17:08:26.0359 2300 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
17:08:26.0390 2300 HDAudBus - ok
17:08:26.0437 2300 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
17:08:26.0468 2300 HidBatt - ok
17:08:26.0515 2300 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
17:08:26.0655 2300 HidBth - ok
17:08:26.0686 2300 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
17:08:26.0733 2300 HidIr - ok
17:08:26.0795 2300 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
17:08:26.0842 2300 hidserv - ok
17:08:26.0905 2300 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
17:08:26.0920 2300 HidUsb - ok
17:08:26.0951 2300 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
17:08:26.0998 2300 hkmsvc - ok
17:08:27.0045 2300 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
17:08:27.0154 2300 HomeGroupListener - ok
17:08:27.0201 2300 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
17:08:27.0232 2300 HomeGroupProvider - ok
17:08:27.0295 2300 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
17:08:27.0310 2300 HpSAMD - ok
17:08:27.0388 2300 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
17:08:27.0466 2300 HTTP - ok
17:08:27.0513 2300 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
17:08:27.0529 2300 hwpolicy - ok
17:08:27.0575 2300 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
17:08:27.0591 2300 i8042prt - ok
17:08:27.0653 2300 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
17:08:27.0700 2300 iaStorV - ok
17:08:27.0887 2300 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:08:27.0919 2300 idsvc - ok
17:08:27.0965 2300 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
17:08:27.0981 2300 iirsp - ok
17:08:28.0059 2300 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
17:08:28.0137 2300 IKEEXT - ok
17:08:28.0168 2300 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
17:08:28.0184 2300 intelide - ok
17:08:28.0246 2300 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:08:28.0277 2300 intelppm - ok
17:08:28.0340 2300 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
17:08:28.0402 2300 IPBusEnum - ok
17:08:28.0449 2300 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:08:28.0480 2300 IpFilterDriver - ok
17:08:28.0574 2300 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
17:08:28.0667 2300 iphlpsvc - ok
17:08:28.0714 2300 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
17:08:28.0777 2300 IPMIDRV - ok
17:08:28.0808 2300 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:08:28.0855 2300 IPNAT - ok
17:08:28.0886 2300 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:08:28.0979 2300 IRENUM - ok
17:08:29.0042 2300 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
17:08:29.0057 2300 isapnp - ok
17:08:29.0120 2300 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
17:08:29.0151 2300 iScsiPrt - ok
17:08:29.0167 2300 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
17:08:29.0182 2300 kbdclass - ok
17:08:29.0276 2300 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
17:08:29.0307 2300 kbdhid - ok
17:08:29.0385 2300 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:08:29.0401 2300 KeyIso - ok
17:08:29.0494 2300 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
17:08:29.0494 2300 KSecDD - ok
17:08:29.0557 2300 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
17:08:29.0572 2300 KSecPkg - ok
17:08:29.0697 2300 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:08:29.0744 2300 ksthunk - ok
17:08:29.0837 2300 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
17:08:29.0978 2300 KtmRm - ok
17:08:30.0056 2300 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
17:08:30.0118 2300 LanmanServer - ok
17:08:30.0165 2300 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
17:08:30.0212 2300 LanmanWorkstation - ok
17:08:30.0290 2300 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:08:30.0337 2300 lltdio - ok
17:08:30.0383 2300 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
17:08:30.0446 2300 lltdsvc - ok
17:08:30.0461 2300 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
17:08:30.0493 2300 lmhosts - ok
17:08:30.0555 2300 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:08:30.0571 2300 LSI_FC - ok
17:08:30.0571 2300 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:08:30.0586 2300 LSI_SAS - ok
17:08:30.0602 2300 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:08:30.0617 2300 LSI_SAS2 - ok
17:08:30.0633 2300 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:08:30.0649 2300 LSI_SCSI - ok
17:08:30.0680 2300 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:08:30.0727 2300 luafv - ok
17:08:30.0789 2300 MarvinBus (024da28053d57e9e32bee52600576bbb) C:\Windows\system32\DRIVERS\MarvinBus64.sys
17:08:30.0820 2300 MarvinBus - ok
17:08:30.0867 2300 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
17:08:30.0898 2300 Mcx2Svc - ok
17:08:30.0914 2300 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
17:08:30.0929 2300 megasas - ok
17:08:30.0976 2300 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
17:08:31.0007 2300 MegaSR - ok
17:08:31.0148 2300 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
17:08:31.0163 2300 Microsoft Office Groove Audit Service - ok
17:08:31.0210 2300 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:08:31.0288 2300 MMCSS - ok
17:08:31.0366 2300 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:08:31.0429 2300 Modem - ok
17:08:31.0491 2300 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:08:31.0522 2300 monitor - ok
17:08:31.0585 2300 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
17:08:31.0585 2300 mouclass - ok
17:08:31.0631 2300 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:08:31.0647 2300 mouhid - ok
17:08:31.0709 2300 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
17:08:31.0725 2300 mountmgr - ok
17:08:31.0772 2300 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
17:08:31.0787 2300 mpio - ok
17:08:31.0819 2300 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:08:31.0850 2300 mpsdrv - ok
17:08:31.0928 2300 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
17:08:31.0975 2300 MpsSvc - ok
17:08:32.0021 2300 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
17:08:32.0037 2300 MRxDAV - ok
17:08:32.0099 2300 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:08:32.0162 2300 mrxsmb - ok
17:08:32.0209 2300 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:08:32.0240 2300 mrxsmb10 - ok
17:08:32.0287 2300 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:08:32.0302 2300 mrxsmb20 - ok
17:08:32.0333 2300 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
17:08:32.0333 2300 msahci - ok
17:08:32.0380 2300 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
17:08:32.0396 2300 msdsm - ok
17:08:32.0443 2300 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
17:08:32.0474 2300 MSDTC - ok
17:08:32.0536 2300 MSDV (72949a24d37a20a54b3d4d3dadbb55e9) C:\Windows\system32\DRIVERS\msdv.sys
17:08:32.0552 2300 MSDV - ok
17:08:32.0583 2300 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:08:32.0614 2300 Msfs - ok
17:08:32.0661 2300 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:08:32.0708 2300 mshidkmdf - ok
17:08:32.0739 2300 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
17:08:32.0755 2300 msisadrv - ok
17:08:32.0801 2300 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
17:08:32.0864 2300 MSiSCSI - ok
17:08:32.0879 2300 msiserver - ok
17:08:32.0895 2300 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:08:32.0957 2300 MSKSSRV - ok
17:08:32.0973 2300 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:08:33.0035 2300 MSPCLOCK - ok
17:08:33.0067 2300 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:08:33.0145 2300 MSPQM - ok
17:08:33.0207 2300 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
17:08:33.0238 2300 MsRPC - ok
17:08:33.0269 2300 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
17:08:33.0285 2300 mssmbios - ok
17:08:33.0316 2300 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:08:33.0363 2300 MSTEE - ok
17:08:33.0379 2300 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
17:08:33.0410 2300 MTConfig - ok
17:08:33.0425 2300 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:08:33.0441 2300 Mup - ok
17:08:33.0503 2300 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
17:08:33.0566 2300 napagent - ok
17:08:33.0613 2300 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:08:33.0659 2300 NativeWifiP - ok
17:08:33.0722 2300 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
17:08:33.0769 2300 NDIS - ok
17:08:33.0800 2300 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:08:33.0831 2300 NdisCap - ok
17:08:33.0862 2300 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:08:33.0909 2300 NdisTapi - ok
17:08:33.0956 2300 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
17:08:34.0003 2300 Ndisuio - ok
17:08:34.0049 2300 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
17:08:34.0081 2300 NdisWan - ok
17:08:34.0127 2300 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
17:08:34.0159 2300 NDProxy - ok
17:08:34.0424 2300 Nero BackItUp Scheduler 3 (40d7d0a208ee863bca8d89e299216f15) C:\Program Files (x86)\Nero Burning ROM 8\Nero\Nero8\Nero BackItUp\NBService.exe
17:08:34.0455 2300 Nero BackItUp Scheduler 3 - ok
17:08:34.0502 2300 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:08:34.0564 2300 NetBIOS - ok
17:08:34.0627 2300 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
17:08:34.0689 2300 NetBT - ok
17:08:34.0736 2300 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:08:34.0767 2300 Netlogon - ok
17:08:34.0829 2300 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
17:08:34.0892 2300 Netman - ok
17:08:34.0939 2300 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
17:08:35.0017 2300 netprofm - ok
17:08:35.0157 2300 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:08:35.0173 2300 NetTcpPortSharing - ok
17:08:35.0547 2300 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
17:08:35.0703 2300 netw5v64 - ok
17:08:35.0875 2300 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
17:08:35.0890 2300 nfrd960 - ok
17:08:35.0984 2300 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
17:08:36.0062 2300 NlaSvc - ok
17:08:36.0218 2300 NMIndexingService (eba1b4bf2e2375abdadedb649f283541) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
17:08:36.0233 2300 NMIndexingService - ok
17:08:36.0265 2300 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:08:36.0296 2300 Npfs - ok
17:08:36.0327 2300 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
17:08:36.0374 2300 nsi - ok
17:08:36.0421 2300 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:08:36.0467 2300 nsiproxy - ok
17:08:36.0608 2300 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
17:08:36.0670 2300 Ntfs - ok
17:08:36.0795 2300 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:08:36.0842 2300 Null - ok
17:08:37.0637 2300 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:08:38.0074 2300 nvlddmkm - ok
17:08:38.0230 2300 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
17:08:38.0246 2300 nvraid - ok
17:08:38.0293 2300 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
17:08:38.0308 2300 nvstor - ok
17:08:38.0495 2300 nvsvc (2d7092fec9bd2aca199673bba2ba9277) C:\Windows\system32\nvvsvc.exe
17:08:38.0542 2300 nvsvc - ok
17:08:38.0807 2300 nvUpdatusService (7e22de30e222bfdfcec7e77032baf3cd) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
17:08:38.0870 2300 nvUpdatusService - ok
17:08:39.0026 2300 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
17:08:39.0041 2300 nv_agp - ok
17:08:39.0182 2300 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:08:39.0213 2300 odserv - ok
17:08:39.0244 2300 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
17:08:39.0275 2300 ohci1394 - ok
17:08:39.0338 2300 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:08:39.0353 2300 ose - ok
17:08:39.0400 2300 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:08:39.0463 2300 p2pimsvc - ok
17:08:39.0556 2300 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
17:08:39.0587 2300 p2psvc - ok
17:08:39.0634 2300 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
17:08:39.0650 2300 Parport - ok
17:08:39.0681 2300 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
17:08:39.0697 2300 partmgr - ok
17:08:39.0728 2300 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
17:08:39.0806 2300 PcaSvc - ok
17:08:39.0853 2300 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
17:08:39.0853 2300 pci - ok
17:08:39.0884 2300 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
17:08:39.0884 2300 pciide - ok
17:08:39.0931 2300 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
17:08:39.0946 2300 pcmcia - ok
17:08:39.0977 2300 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:08:39.0993 2300 pcw - ok
17:08:40.0040 2300 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:08:40.0102 2300 PEAUTH - ok
17:08:40.0211 2300 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
17:08:40.0321 2300 PeerDistSvc - ok
17:08:40.0430 2300 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
17:08:40.0445 2300 PerfHost - ok
17:08:40.0617 2300 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
17:08:40.0711 2300 pla - ok
17:08:40.0804 2300 PLFlash DeviceIoControl Service (875e4e0661f3a5994df9e5e3a0a4f96b) C:\Windows\SysWOW64\IoctlSvc.exe
17:08:40.0820 2300 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
17:08:40.0820 2300 PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
17:08:40.0929 2300 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
17:08:40.0991 2300 PlugPlay - ok
17:08:41.0038 2300 PnkBstrA - ok
17:08:41.0085 2300 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
17:08:41.0116 2300 PNRPAutoReg - ok
17:08:41.0163 2300 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:08:41.0179 2300 PNRPsvc - ok
17:08:41.0272 2300 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
17:08:41.0272 2300 Point64 - ok
17:08:41.0335 2300 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
17:08:41.0413 2300 PolicyAgent - ok
17:08:41.0459 2300 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
17:08:41.0522 2300 Power - ok
17:08:41.0584 2300 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
17:08:41.0631 2300 PptpMiniport - ok
17:08:41.0678 2300 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
17:08:41.0709 2300 Processor - ok
17:08:41.0740 2300 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
17:08:41.0803 2300 ProfSvc - ok
17:08:41.0834 2300 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:08:41.0834 2300 ProtectedStorage - ok
17:08:41.0943 2300 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
17:08:41.0974 2300 Psched - ok
17:08:42.0068 2300 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
17:08:42.0130 2300 ql2300 - ok
17:08:42.0442 2300 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
17:08:42.0458 2300 ql40xx - ok
17:08:42.0489 2300 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
17:08:42.0536 2300 QWAVE - ok
17:08:42.0551 2300 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:08:42.0583 2300 QWAVEdrv - ok
17:08:42.0614 2300 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:08:42.0661 2300 RasAcd - ok
17:08:42.0707 2300 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:08:42.0739 2300 RasAgileVpn - ok
17:08:42.0770 2300 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
17:08:42.0801 2300 RasAuto - ok
17:08:42.0848 2300 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:08:42.0910 2300 Rasl2tp - ok
17:08:42.0988 2300 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
17:08:43.0066 2300 RasMan - ok
17:08:43.0113 2300 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:08:43.0160 2300 RasPppoe - ok
17:08:43.0207 2300 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:08:43.0269 2300 RasSstp - ok
17:08:43.0331 2300 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
17:08:43.0472 2300 rdbss - ok
17:08:43.0519 2300 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:08:43.0550 2300 rdpbus - ok
17:08:43.0612 2300 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:08:43.0659 2300 RDPCDD - ok
17:08:43.0721 2300 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
17:08:43.0831 2300 RDPDR - ok
17:08:43.0846 2300 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:08:43.0893 2300 RDPENCDD - ok
17:08:43.0924 2300 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:08:43.0955 2300 RDPREFMP - ok
17:08:44.0018 2300 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
17:08:44.0080 2300 RDPWD - ok
17:08:44.0143 2300 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
17:08:44.0221 2300 rdyboost - ok
17:08:44.0314 2300 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
17:08:44.0392 2300 RemoteAccess - ok
17:08:44.0501 2300 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
17:08:44.0626 2300 RemoteRegistry - ok
17:08:44.0704 2300 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
17:08:44.0720 2300 RFCOMM - ok
17:08:44.0798 2300 rismxdp (2a43f9e6dbde12bc0c104785c3b3f5df) C:\Windows\system32\DRIVERS\rixdpx64.sys
17:08:44.0845 2300 rismxdp - ok
17:08:44.0891 2300 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
17:08:44.0938 2300 ROOTMODEM - ok
17:08:45.0001 2300 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
17:08:45.0079 2300 RpcEptMapper - ok
17:08:45.0110 2300 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
17:08:45.0141 2300 RpcLocator - ok
17:08:45.0235 2300 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:08:45.0281 2300 RpcSs - ok
17:08:45.0344 2300 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:08:45.0406 2300 rspndr - ok
17:08:45.0500 2300 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
17:08:45.0609 2300 s3cap - ok
17:08:45.0687 2300 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:08:45.0703 2300 SamSs - ok
17:08:46.0358 2300 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
17:08:46.0373 2300 sbp2port - ok
17:08:46.0467 2300 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
17:08:46.0529 2300 SCardSvr - ok
17:08:46.0561 2300 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
17:08:46.0607 2300 scfilter - ok
17:08:46.0701 2300 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
17:08:46.0763 2300 Schedule - ok
17:08:46.0810 2300 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:08:46.0841 2300 SCPolicySvc - ok
17:08:46.0904 2300 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
17:08:46.0935 2300 sdbus - ok
17:08:46.0982 2300 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
17:08:47.0075 2300 SDRSVC - ok
17:08:47.0122 2300 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:08:47.0153 2300 secdrv - ok
17:08:47.0200 2300 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
17:08:47.0247 2300 seclogon - ok
17:08:47.0278 2300 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
17:08:47.0325 2300 SENS - ok
17:08:47.0356 2300 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
17:08:47.0387 2300 SensrSvc - ok
17:08:47.0450 2300 Ser2pl (749502a6c51116a6229cf7536181907f) C:\Windows\system32\DRIVERS\ser2pl64.sys
17:08:47.0497 2300 Ser2pl - ok
17:08:47.0528 2300 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:08:47.0543 2300 Serenum - ok
17:08:47.0606 2300 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:08:47.0637 2300 Serial - ok
17:08:47.0731 2300 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
17:08:47.0731 2300 sermouse - ok
17:08:47.0855 2300 ServiceLayer (9d38320bb32230349379df5ddbbf7fce) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
17:08:47.0887 2300 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
17:08:47.0887 2300 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
17:08:47.0933 2300 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
17:08:47.0980 2300 SessionEnv - ok
17:08:48.0043 2300 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
17:08:48.0105 2300 sffdisk - ok
17:08:48.0121 2300 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
17:08:48.0152 2300 sffp_mmc - ok
17:08:48.0167 2300 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
17:08:48.0199 2300 sffp_sd - ok
17:08:48.0230 2300 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
17:08:48.0245 2300 sfloppy - ok
17:08:48.0308 2300 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
17:08:48.0355 2300 SharedAccess - ok
17:08:48.0401 2300 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
17:08:48.0464 2300 ShellHWDetection - ok
17:08:48.0511 2300 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:08:48.0526 2300 SiSRaid2 - ok
17:08:48.0557 2300 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
17:08:48.0573 2300 SiSRaid4 - ok
17:08:48.0604 2300 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:08:48.0651 2300 Smb - ok
17:08:48.0698 2300 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
17:08:48.0729 2300 SNMPTRAP - ok
17:08:48.0745 2300 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:08:48.0760 2300 spldr - ok
17:08:48.0807 2300 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
17:08:48.0854 2300 Spooler - ok
17:08:49.0088 2300 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
17:08:49.0213 2300 sppsvc - ok
17:08:49.0322 2300 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
17:08:49.0369 2300 sppuinotify - ok
17:08:49.0525 2300 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
17:08:49.0556 2300 sptd - ok
17:08:49.0649 2300 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
17:08:49.0712 2300 srv - ok
17:08:49.0743 2300 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
17:08:49.0821 2300 srv2 - ok
17:08:49.0883 2300 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
17:08:49.0915 2300 SrvHsfHDA - ok
17:08:50.0039 2300 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
17:08:50.0117 2300 SrvHsfV92 - ok
17:08:50.0351 2300 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
17:08:50.0383 2300 SrvHsfWinac - ok
17:08:50.0429 2300 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
17:08:50.0461 2300 srvnet - ok
17:08:50.0554 2300 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
17:08:50.0601 2300 SSDPSRV - ok
17:08:50.0648 2300 SSPORT (0211ab46b73a2623b86c1cfcb30579ab) C:\Windows\system32\Drivers\SSPORT.sys
17:08:50.0663 2300 SSPORT - ok
17:08:50.0710 2300 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
17:08:50.0741 2300 SstpSvc - ok
17:08:50.0851 2300 ssudmdm (78cd64791f8634cf7b582fd085e57c4b) C:\Windows\system32\DRIVERS\ssudmdm.sys
17:08:50.0866 2300 ssudmdm - ok
17:08:50.0960 2300 Steam Client Service - ok
17:08:51.0007 2300 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
17:08:51.0022 2300 stexstor - ok
17:08:51.0100 2300 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
17:08:51.0147 2300 stisvc - ok
17:08:51.0194 2300 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
17:08:51.0194 2300 storflt - ok
17:08:51.0272 2300 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
17:08:51.0537 2300 StorSvc - ok
17:08:51.0584 2300 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
17:08:51.0599 2300 storvsc - ok
17:08:51.0631 2300 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
17:08:51.0646 2300 swenum - ok
17:08:51.0771 2300 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
17:08:51.0880 2300 swprv - ok
17:08:51.0958 2300 SynTP (8f63178d1db81bb79270ae55ecdd8321) C:\Windows\system32\DRIVERS\SynTP.sys
17:08:52.0005 2300 SynTP - ok
17:08:52.0255 2300 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
17:08:52.0395 2300 SysMain - ok
17:08:52.0879 2300 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
17:08:52.0910 2300 TabletInputService - ok
17:08:52.0972 2300 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
17:08:53.0035 2300 TapiSrv - ok
17:08:53.0066 2300 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
17:08:53.0097 2300 TBS - ok
17:08:53.0315 2300 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
17:08:53.0393 2300 Tcpip - ok
17:08:53.0627 2300 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
17:08:53.0674 2300 TCPIP6 - ok
17:08:53.0768 2300 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
17:08:53.0799 2300 tcpipreg - ok
17:08:53.0846 2300 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:08:53.0939 2300 TDPIPE - ok
17:08:54.0017 2300 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
17:08:54.0049 2300 TDTCP - ok
17:08:54.0127 2300 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
17:08:54.0220 2300 tdx - ok
17:08:54.0251 2300 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
17:08:54.0267 2300 TermDD - ok
17:08:54.0376 2300 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
17:08:54.0470 2300 TermService - ok
17:08:54.0501 2300 TFsExDisk - ok
17:08:54.0548 2300 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
17:08:54.0579 2300 Themes - ok
17:08:54.0657 2300 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:08:54.0688 2300 THREADORDER - ok
17:08:54.0719 2300 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
17:08:54.0797 2300 TrkWks - ok
17:08:54.0953 2300 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
17:08:55.0047 2300 TrustedInstaller - ok
17:08:55.0109 2300 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:08:55.0141 2300 tssecsrv - ok
17:08:55.0234 2300 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
17:08:55.0609 2300 TsUsbFlt - ok
17:08:55.0655 2300 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
17:08:55.0733 2300 tunnel - ok
17:08:55.0780 2300 TVicPort - ok
17:08:55.0827 2300 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
17:08:55.0827 2300 uagp35 - ok
17:08:56.0045 2300 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
17:08:56.0139 2300 udfs - ok
17:08:56.0186 2300 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
17:08:56.0233 2300 UI0Detect - ok
17:08:56.0295 2300 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
17:08:56.0311 2300 uliagpkx - ok
17:08:56.0357 2300 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
17:08:56.0389 2300 umbus - ok
17:08:56.0482 2300 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
17:08:56.0498 2300 UmPass - ok
17:08:56.0576 2300 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
17:08:56.0607 2300 UmRdpService - ok
17:08:56.0654 2300 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
17:08:56.0716 2300 upnphost - ok
17:08:56.0763 2300 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
17:08:56.0810 2300 usbccgp - ok
17:08:56.0841 2300 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
17:08:56.0857 2300 usbcir - ok
17:08:56.0888 2300 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
17:08:56.0950 2300 usbehci - ok
17:08:57.0028 2300 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
17:08:57.0075 2300 usbhub - ok
17:08:57.0106 2300 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
17:08:57.0122 2300 usbohci - ok
17:08:57.0137 2300 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:08:57.0153 2300 usbprint - ok
17:08:57.0215 2300 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
17:08:57.0231 2300 usbscan - ok
17:08:57.0278 2300 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:08:57.0309 2300 USBSTOR - ok
17:08:57.0496 2300 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
17:08:57.0574 2300 usbuhci - ok
17:08:57.0683 2300 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
17:08:57.0933 2300 usbvideo - ok
17:08:57.0964 2300 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
17:08:58.0011 2300 UxSms - ok
17:08:58.0073 2300 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:08:58.0089 2300 VaultSvc - ok
17:08:58.0167 2300 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
17:08:58.0183 2300 vdrvroot - ok
17:08:58.0245 2300 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
17:08:58.0307 2300 vds - ok
17:08:58.0354 2300 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:08:58.0370 2300 vga - ok
17:08:58.0432 2300 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:08:58.0510 2300 VgaSave - ok
17:08:58.0588 2300 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
17:08:58.0635 2300 vhdmp - ok
17:08:58.0666 2300 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
17:08:58.0666 2300 viaide - ok
17:08:58.0776 2300 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
17:08:58.0838 2300 vmbus - ok
17:08:58.0916 2300 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
17:08:58.0947 2300 VMBusHID - ok
17:08:59.0041 2300 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
17:08:59.0056 2300 volmgr - ok
17:08:59.0290 2300 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
17:08:59.0337 2300 volmgrx - ok
17:08:59.0415 2300 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
17:08:59.0446 2300 volsnap - ok
17:08:59.0524 2300 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
17:08:59.0556 2300 vsmraid - ok
17:08:59.0696 2300 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
17:08:59.0805 2300 VSS - ok
17:09:00.0102 2300 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
17:09:00.0148 2300 vwifibus - ok
17:09:00.0336 2300 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
17:09:00.0382 2300 W32Time - ok
17:09:00.0429 2300 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
17:09:00.0445 2300 WacomPen - ok
17:09:00.0663 2300 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:09:00.0772 2300 WANARP - ok
17:09:00.0788 2300 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:09:00.0819 2300 Wanarpv6 - ok
17:09:01.0147 2300 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
17:09:01.0287 2300 wbengine - ok
17:09:01.0786 2300 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
17:09:01.0818 2300 WbioSrvc - ok
17:09:01.0864 2300 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
17:09:01.0896 2300 wcncsvc - ok
17:09:01.0927 2300 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
17:09:02.0005 2300 WcsPlugInService - ok
17:09:02.0083 2300 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
17:09:02.0098 2300 Wd - ok
17:09:02.0176 2300 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:09:02.0223 2300 Wdf01000 - ok
17:09:02.0270 2300 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:09:02.0426 2300 WdiServiceHost - ok
17:09:02.0426 2300 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:09:02.0442 2300 WdiSystemHost - ok
17:09:02.0504 2300 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
17:09:02.0582 2300 WebClient - ok
17:09:02.0644 2300 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
17:09:02.0754 2300 Wecsvc - ok
17:09:02.0863 2300 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
17:09:02.0910 2300 wercplsupport - ok
17:09:02.0956 2300 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
17:09:03.0034 2300 WerSvc - ok
17:09:03.0144 2300 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:09:03.0175 2300 WfpLwf - ok
17:09:03.0222 2300 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:09:03.0222 2300 WIMMount - ok
17:09:03.0284 2300 WinDefend - ok
17:09:03.0300 2300 WinHttpAutoProxySvc - ok
17:09:03.0378 2300 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
17:09:03.0440 2300 Winmgmt - ok
17:09:03.0596 2300 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
17:09:03.0674 2300 WinRM - ok
17:09:03.0877 2300 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
17:09:03.0908 2300 WinUsb - ok
17:09:04.0002 2300 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
17:09:04.0048 2300 Wlansvc - ok
17:09:04.0095 2300 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
17:09:04.0111 2300 WmiAcpi - ok
17:09:04.0173 2300 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
17:09:04.0204 2300 wmiApSrv - ok
17:09:04.0314 2300 WMPNetworkSvc - ok
17:09:04.0345 2300 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
17:09:04.0376 2300 WPCSvc - ok
17:09:04.0407 2300 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
17:09:04.0454 2300 WPDBusEnum - ok
17:09:04.0485 2300 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:09:04.0532 2300 ws2ifsl - ok
17:09:04.0594 2300 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
17:09:04.0672 2300 wscsvc - ok
17:09:04.0672 2300 WSearch - ok
17:09:04.0969 2300 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
17:09:05.0062 2300 wuauserv - ok
17:09:05.0624 2300 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
17:09:05.0671 2300 WudfPf - ok
17:09:05.0764 2300 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:09:05.0811 2300 WUDFRd - ok
17:09:05.0858 2300 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
17:09:05.0889 2300 wudfsvc - ok
17:09:05.0952 2300 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
17:09:06.0076 2300 WwanSvc - ok
17:09:06.0186 2300 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:09:06.0576 2300 \Device\Harddisk0\DR0 - ok
17:09:06.0888 2300 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
17:09:06.0966 2300 \Device\Harddisk1\DR1 - ok
17:09:06.0981 2300 Boot (0x1200) (3bd7fe9682ed92373d5b970c70eaef2f) \Device\Harddisk0\DR0\Partition0
17:09:06.0981 2300 \Device\Harddisk0\DR0\Partition0 - ok
17:09:07.0028 2300 Boot (0x1200) (887d48673232f5d807e669a892c329b3) \Device\Harddisk0\DR0\Partition1
17:09:07.0028 2300 \Device\Harddisk0\DR0\Partition1 - ok
17:09:07.0028 2300 Boot (0x1200) (cc3019bdf20b872890cdc51eb8d9a5d5) \Device\Harddisk1\DR1\Partition0
17:09:07.0028 2300 \Device\Harddisk1\DR1\Partition0 - ok
17:09:07.0028 2300 ============================================================
17:09:07.0028 2300 Scan finished
17:09:07.0028 2300 ============================================================
17:09:07.0044 0500 Detected object count: 2
17:09:07.0044 0500 Actual detected object count: 2
17:13:35.0005 0500 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:13:35.0005 0500 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:13:35.0005 0500 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
17:13:35.0005 0500 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 05.06.2012 16:17
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Hannes7 05.06.2012 18:00
(doppeltes Log entfernt //cosinus)

Combofix Logfile:
Code:
ComboFix 12-06-05.01 - Hannes 05.06.2012  18:21:10.1.2 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.2046.957 [GMT 2:00]
ausgeführt von:: c:\users\Hannes\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\acer\Empowering Technology\eRecovery\Autorun\SW1\Tuner\Liteon\Resources\_desktop.ini
c:\drv\Tuner\Yuan\Resources\_desktop.ini
c:\users\Hannes\285.62-notebook-win7-winvista-64bit-international-whql.exe
c:\users\Hannes\A471.exe
c:\users\Hannes\AppData\Local\Temp\c25e8b3d-33a7-42bf-85e6-6880c6753136\CliSecureRT.dll
c:\users\Hannes\SS09_3_Info2.exe
c:\users\Hannes\SS09_3_Info2_mein.exe
c:\users\Hannes\SS10_A3.exe
c:\users\Hannes\WS08-09_info2_A3.exe
c:\users\Hannes\WS09_10_A3.exe
c:\windows\IsUn0407.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\SysWow64\muzapp.exe
D:\autorun.inf
E:\autorun.inf
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-05-05 bis 2012-06-05  ))))))))))))))))))))))))))))))
.
.
2012-06-05 16:36 . 2012-06-05 16:36        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2012-06-05 16:36 . 2012-06-05 16:36        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-06-04 21:06 . 2012-06-04 21:06        --------        d-----w-        C:\_OTL
2012-06-03 17:08 . 2012-06-03 17:08        --------        d-----w-        c:\program files (x86)\ESET
2012-06-01 14:22 . 2012-06-01 14:22        --------        d-----w-        c:\users\Hannes\AppData\Roaming\Malwarebytes
2012-06-01 14:22 . 2012-06-01 14:22        --------        d-----w-        c:\programdata\Malwarebytes
2012-06-01 14:22 . 2012-06-01 14:22        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-01 14:22 . 2012-04-04 13:56        24904        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-06-01 14:08 . 2012-06-01 14:08        --------        d-----w-        c:\windows\SysWow64\wbem\en-US
2012-06-01 14:08 . 2012-06-01 14:08        --------        d-----w-        c:\windows\system32\wbem\en-US
2012-05-19 12:24 . 2012-05-19 12:24        --------        d-----w-        c:\users\Hannes\AppData\Roaming\TuneUp Software
2012-05-19 12:23 . 2012-05-19 12:25        --------        d-----w-        c:\programdata\TuneUp Software
2012-05-19 12:22 . 2012-05-19 12:22        --------        d-sh--w-        c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-05-19 12:22 . 2012-05-19 12:22        --------        d--h--w-        c:\programdata\Common Files
2012-05-14 11:07 . 2012-05-14 11:07        --------        d-----w-        c:\program files\Microsoft Silverlight
2012-05-13 18:37 . 2012-05-13 18:37        --------        d-----w-        c:\windows\SysWow64\System32
2012-05-12 19:36 . 2012-02-24 09:14        99384        ----a-w-        c:\windows\system32\drivers\ssudbus.sys
2012-05-12 19:36 . 2012-02-24 09:14        203320        ----a-w-        c:\windows\system32\drivers\ssudmdm.sys
2012-05-12 11:52 . 2012-03-03 06:35        1544704        ----a-w-        c:\windows\system32\DWrite.dll
2012-05-12 11:52 . 2012-03-03 05:31        1077248        ----a-w-        c:\windows\SysWow64\DWrite.dll
2012-05-12 11:52 . 2012-03-31 06:05        5559664        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-05-12 11:52 . 2012-03-31 04:39        3968368        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2012-05-12 11:52 . 2012-03-31 03:10        3146240        ----a-w-        c:\windows\system32\win32k.sys
2012-05-12 11:52 . 2012-03-31 04:39        3913072        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2012-05-12 11:52 . 2012-03-17 07:58        75120        ----a-w-        c:\windows\system32\drivers\partmgr.sys
2012-05-12 11:51 . 2012-03-30 11:35        1918320        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-05-12 11:51 . 2012-03-31 05:42        1732096        ----a-w-        c:\program files\Windows Journal\NBDoc.DLL
2012-05-12 11:51 . 2012-03-31 05:40        1402880        ----a-w-        c:\program files\Windows Journal\JNWDRV.dll
2012-05-12 11:51 . 2012-03-31 05:40        1367552        ----a-w-        c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 11:51 . 2012-03-31 05:40        1393664        ----a-w-        c:\program files\Windows Journal\JNTFiltr.dll
2012-05-12 11:51 . 2012-03-31 04:29        936960        ----a-w-        c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-02 20:01 . 2012-05-02 11:28        70304        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-02 20:01 . 2012-05-02 11:28        419488        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-19 20:35 . 2011-10-29 08:43        1002728        ----a-w-        c:\windows\system32\WinUSBCoInstaller2.dll
2012-03-28 20:11 . 2012-04-17 17:38        4659712        ----a-w-        c:\windows\SysWow64\Redemption.dll
2012-03-28 20:11 . 2012-03-28 20:11        90112        ----a-w-        c:\windows\MAMCityDownload.ocx
2012-03-28 20:11 . 2012-03-28 20:11        325552        ----a-w-        c:\windows\MASetupCaller.dll
2012-03-28 20:11 . 2012-03-28 20:11        30568        ----a-w-        c:\windows\MusiccityDownload.exe
2012-03-28 20:11 . 2012-03-28 20:11        974848        ----a-w-        c:\windows\SysWow64\cis-2.4.dll
2012-03-28 20:11 . 2012-03-28 20:11        81920        ----a-w-        c:\windows\SysWow64\issacapi_bs-2.3.dll
2012-03-28 20:11 . 2012-03-28 20:11        65536        ----a-w-        c:\windows\SysWow64\issacapi_pe-2.3.dll
2012-03-28 20:11 . 2012-03-28 20:11        57344        ----a-w-        c:\windows\SysWow64\MTXSYNCICON.dll
2012-03-28 20:11 . 2012-03-28 20:11        57344        ----a-w-        c:\windows\SysWow64\MK_Lyric.dll
2012-03-28 20:11 . 2012-03-28 20:11        57344        ----a-w-        c:\windows\SysWow64\issacapi_se-2.3.dll
2012-03-28 20:11 . 2012-03-28 20:11        569344        ----a-w-        c:\windows\SysWow64\muzdecode.ax
2012-03-28 20:11 . 2012-03-28 20:11        491520        ----a-w-        c:\windows\SysWow64\muzapp.dll
2012-03-28 20:11 . 2012-03-28 20:11        49152        ----a-w-        c:\windows\SysWow64\MaJGUILib.dll
2012-03-28 20:11 . 2012-03-28 20:11        45320        ----a-w-        c:\windows\SysWow64\MAMACExtract.dll
2012-03-28 20:11 . 2012-03-28 20:11        45056        ----a-w-        c:\windows\SysWow64\MaXMLProto.dll
2012-03-28 20:11 . 2012-03-28 20:11        45056        ----a-w-        c:\windows\SysWow64\MACXMLProto.dll
2012-03-28 20:11 . 2012-03-28 20:11        40960        ----a-w-        c:\windows\SysWow64\MTTELECHIP.dll
2012-03-28 20:11 . 2012-03-28 20:11        352256        ----a-w-        c:\windows\SysWow64\MSLUR71.dll
2012-03-28 20:11 . 2012-03-28 20:11        258048        ----a-w-        c:\windows\SysWow64\muzoggsp.ax
2012-03-28 20:11 . 2012-03-28 20:11        245760        ----a-w-        c:\windows\SysWow64\MSCLib.dll
2012-03-28 20:11 . 2012-03-28 20:11        24576        ----a-w-        c:\windows\SysWow64\MASetupCleaner.exe
2012-03-28 20:11 . 2012-03-28 20:11        200704        ----a-w-        c:\windows\SysWow64\muzwmts.dll
2012-03-28 20:11 . 2012-03-28 20:11        155648        ----a-w-        c:\windows\SysWow64\MSFLib.dll
2012-03-28 20:11 . 2012-03-28 20:11        143360        ----a-w-        c:\windows\SysWow64\3DAudio.ax
2012-03-28 20:11 . 2012-03-28 20:11        135168        ----a-w-        c:\windows\SysWow64\muzaf1.dll
2012-03-28 20:11 . 2012-03-28 20:11        131072        ----a-w-        c:\windows\SysWow64\muzmpgsp.ax
2012-03-28 20:11 . 2012-03-28 20:11        122880        ----a-w-        c:\windows\SysWow64\muzeffect.ax
2012-03-28 20:11 . 2012-03-28 20:11        118784        ----a-w-        c:\windows\SysWow64\MaDRM.dll
2012-03-28 20:11 . 2012-03-28 20:11        110592        ----a-w-        c:\windows\SysWow64\muzmp4sp.ax
2012-03-28 20:11 . 2012-04-17 17:37        821824        ----a-w-        c:\windows\SysWow64\dgderapi.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"Steam"="d:\spiele\steam\Steam.exe" [2012-02-06 1242448]
"KiesHelper"="d:\handy rooten\Kies\KiesHelper.exe" [2012-05-04 955792]
"KiesPDLR"="d:\handy rooten\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-05-04 21392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"NBKeyScan"="c:\program files (x86)\Nero Burning ROM 8\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-09 281768]
"KiesTrayAgent"="d:\handy rooten\Kies\KiesTrayAgent.exe" [2012-05-04 3521424]
.
c:\users\Hannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Hannes\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-02 257696]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 FUS2BASE;AVM FRITZ!Card USB;c:\windows\system32\DRIVERS\fus2base.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-05-09 136360]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S3 AVMCOWAN;AVM ISDN CoNDIS WAN CAPI Driver;c:\windows\system32\DRIVERS\AVMCOWAN.sys [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-02 20:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube Download - c:\users\Hannes\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Web-Suche - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{8E408DDA-6263-4A13-B2FE-2DFDB74DFBB3}: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{8E408DDA-6263-4A13-B2FE-2DFDB74DFBB3}\75C414E4D2835403338373: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{8E408DDA-6263-4A13-B2FE-2DFDB74DFBB3}\8414E4E45435D20534F5E4564777F627B6: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Hannes\AppData\Roaming\Mozilla\Firefox\Profiles\h7r66vdw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.de/search?q=
FF - prefs.js: browser.startup.homepage - hxxp://go.web.de/tb/mff_startpage_home
FF - prefs.js: keyword.URL - hxxp://www.google.de/search?q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Nero Burning ROM 8\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\SysWOW64\IoctlSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-05  18:53:31 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-05 16:53
.
Vor Suchlauf: 20 Verzeichnis(se), 59.309.584.384 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 59.184.447.488 Bytes frei
.
- - End Of File - - B0915168F0A698AE6AF48906865147C9
--- --- ---

cosinus 05.06.2012 19:48
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Hannes7 05.06.2012 21:35
lädt seit ca einer stunde "Avast! Virus definitions" herunter und ist gerade mal bei ca 8,28 MB.. ist das normal?

cosinus 05.06.2012 22:08
Ja das kann etwas dauern
Welche Bandbreite hast du?

Hannes7 05.06.2012 22:22
7.200 kbit/s

dachte nur, weil im Mom steht er immer noch auf 8,28 MB!

aber steht eben noch downloading dort...

Im Task-Manager auf meiner Lan-Verbindung zeigt es auch überhaupt keine Auslastung an außer ca alle 20 Sek mal einen kurzen peak

ich mache den aswMBR nochmal neu auf und schaue ob er bis morgen früh alles geladen hat...

Und nach 2 min war es auch schon fertig :)

txt kommt morgen früh

Code:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-05 23:56:39
-----------------------------
23:56:39.834    OS Version: Windows x64 6.1.7601 Service Pack 1
23:56:39.834    Number of processors: 2 586 0xF0B
23:56:39.834    ComputerName: HANNES-PC  UserName: Hannes
23:56:40.754    Initialize success
23:59:17.912    AVAST engine defs: 12060501
00:02:34.490    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
00:02:34.490    Disk 0 Vendor: WDC_WD2500BEVS-22UST0 01.01A01 Size: 238475MB BusType: 11
00:02:34.505    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-5
00:02:34.505    Disk 1 Vendor: WDC_WD2500BEVS-22UST0 01.01A01 Size: 238475MB BusType: 11
00:02:34.552    Disk 0 MBR read successfully
00:02:34.552    Disk 0 MBR scan
00:02:34.552    Disk 0 Windows 7 default MBR code
00:02:34.552    Disk 0 Partition 1 00    27 Hidden NTFS WinRE NTFS        10997 MB offset 63
00:02:34.568    Disk 0 Partition 2 80 (A) 06        FAT16 NTFS      113860 MB offset 22523904
00:02:34.599    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS      113616 MB offset 255709184
00:02:34.630    Disk 0 scanning C:\Windows\system32\drivers
00:02:44.770    Service scanning
00:03:06.080    Modules scanning
00:03:06.594    Disk 0 trace - called modules:
00:03:06.641    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
00:03:06.641    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80027cf060]
00:03:06.641    3 CLASSPNP.SYS[fffff8800198e43f] -> nt!IofCallDriver -> [0xfffffa8002300520]
00:03:06.657    5 ACPI.sys[fffff88000ec27a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0xfffffa8002305680]
00:03:07.593    AVAST engine scan C:\Windows
00:03:10.728    AVAST engine scan C:\Windows\system32
00:06:04.809    AVAST engine scan C:\Windows\system32\drivers
00:06:17.071    AVAST engine scan C:\Users\Hannes
00:09:11.448    AVAST engine scan C:\ProgramData
00:10:50.726    Scan finished successfully
06:47:11.035    Disk 0 MBR has been saved successfully to "C:\Users\Hannes\Desktop\MBR.dat"
06:47:11.347    The log file has been saved successfully to "C:\Users\Hannes\Desktop\aswMBR.txt"

cosinus 06.06.2012 08:43
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Hannes7 06.06.2012 09:28
Ok kann ich aber erst wieder heute Abend machen...

Code:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.06.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Hannes :: HANNES-PC [Administrator]

06.06.2012 16:08:10
mbam-log-2012-06-06 (16-08-10).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 537414
Laufzeit: 1 Stunde(n), 14 Minute(n), 37 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Code:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.06.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Hannes :: HANNES-PC [Administrator]

06.06.2012 16:08:10
mbam-log-2012-06-06 (16-08-10).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 537414
Laufzeit: 1 Stunde(n), 14 Minute(n), 37 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Code:

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 06/06/2012 at 09:05 PM

Application Version : 5.0.1150

Core Rules Database Version : 8690
Trace Rules Database Version: 6502

Scan type      : Complete Scan
Total Scan Time : 03:27:41

Operating System Information
Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator

Memory items scanned      : 620
Memory threats detected  : 0
Registry items scanned    : 72029
Registry threats detected : 0
File items scanned        : 306394
File threats detected    : 825

Adware.Tracking Cookie
        C:\Users\Hannes\AppData\Roaming\Microsoft\Windows\Cookies\hannes@2o7[1].txt [ /2o7 ]
        C:\Users\Hannes\AppData\Roaming\Microsoft\Windows\Cookies\hannes@ad.yieldmanager[1].txt [ /ad.yieldmanager ]
        C:\Users\Hannes\AppData\Roaming\Microsoft\Windows\Cookies\hannes@adfarm1.adition[2].txt [ /adfarm1.adition ]
        C:\Users\Hannes\AppData\Roaming\Microsoft\Windows\Cookies\hannes@apmebf[1].txt [ /apmebf ]
        C:\Users\Hannes\AppData\Roaming\Microsoft\Windows\Cookies\hannes@atdmt[2].txt [ /atdmt ]
        C:\Users\Hannes\AppData\Roaming\Microsoft\Windows\Cookies\hannes@atwola[2].txt [ /atwola ]
        C:\Users\Hannes\AppData\Roaming\Microsoft\Windows\Cookies\hannes@bs.serving-sys[1].txt [ /bs.serving-sys ]
        C:\Users\Hannes\AppData\Roaming\Microsoft\Windows\Cookies\hannes@chitika[2].txt [ /chitika ]
        C:\Users\Hannes\AppData\Roaming\Microsoft\Windows\Cookies\hannes@content.yieldmanager[1].txt [ /content.yieldmanager ]
        C:\Users\Hannes\AppData\Roaming\Microsoft\Windows\Cookies\hannes@doubleclick[1].txt [ /doubleclick ]
        C:\Users\Hannes\AppData\Roaming\Microsoft\Windows\Cookies\hannes@pinnaclesystems.122.2o7[1].txt [ /pinnaclesystems.122.2o7 ]
        C:\Users\Hannes\AppData\Roaming\Microsoft\Windows\Cookies\hannes@serving-sys[2].txt [ /serving-sys ]
        C:\Users\Hannes\AppData\Roaming\Microsoft\Windows\Cookies\hannes@sevenoneintermedia.112.2o7[1].txt [ /sevenoneintermedia.112.2o7 ]
        C:\Users\Hannes\AppData\Roaming\Microsoft\Windows\Cookies\hannes@smartadserver[1].txt [ /smartadserver ]
        C:\Users\Hannes\AppData\Roaming\Microsoft\Windows\Cookies\hannes@tracking.quisma[1].txt [ /tracking.quisma ]
        C:\Users\Hannes\AppData\Roaming\Microsoft\Windows\Cookies\hannes@www.windowsmedia[1].txt [ /www.windowsmedia ]
        C:\Users\Hannes\AppData\Roaming\Microsoft\Windows\Cookies\SDZ2V9EC.txt [ /zanox.com ]
        C:\Users\Hannes\AppData\Roaming\Microsoft\Windows\Cookies\81X1T3H4.txt [ /fastclick.net ]
        C:\Users\Hannes\AppData\Roaming\Microsoft\Windows\Cookies\SRT151FF.txt [ /ad.zanox.com ]
        C:\Users\Hannes\AppData\Roaming\Microsoft\Windows\Cookies\90XKAYH7.txt [ /mediaplex.com ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@www.free-good-porn[1].txt [ Cookie:hannes@www.free-good-porn.com/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@spy.thesexgals[1].txt [ Cookie:hannes@spy.thesexgals.com/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@adultbouncer[1].txt [ Cookie:hannes@adultbouncer.com/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@4stats[2].txt [ Cookie:hannes@4stats.de/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@tns-counter[1].txt [ Cookie:hannes@tns-counter.ru/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@tacoda[2].txt [ Cookie:hannes@tacoda.net/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@ehg-fifa.hitbox[1].txt [ Cookie:hannes@ehg-fifa.hitbox.com/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\F1XLQ7VS.txt [ Cookie:hannes@zanox.com/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@media6degrees[1].txt [ Cookie:hannes@media6degrees.com/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@bs.serving-sys[1].txt [ Cookie:hannes@bs.serving-sys.com/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\HEDVZRPP.txt [ Cookie:hannes@webmasterplan.com/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\EZ9K88P9.txt [ Cookie:hannes@questionmarket.com/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@pornouni[2].txt [ Cookie:hannes@pornouni.com/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@tradedoubler[2].txt [ Cookie:hannes@tradedoubler.com/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@atwola[2].txt [ Cookie:hannes@atwola.com/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@mathworks.112.2o7[1].txt [ Cookie:hannes@mathworks.112.2o7.net/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@de.at.atwola[1].txt [ Cookie:hannes@de.at.atwola.com/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@unitymedia[1].txt [ Cookie:hannes@unitymedia.de/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@statse.webtrendslive[2].txt [ Cookie:hannes@statse.webtrendslive.com/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@trackmatics[2].txt [ Cookie:hannes@trackmatics.com/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\PKKHN5HZ.txt [ Cookie:hannes@ad.yieldmanager.com/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@relaxxxation[2].txt [ Cookie:hannes@relaxxxation.com/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@www.megapornobilder[2].txt [ Cookie:hannes@www.megapornobilder.com/st/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@galleries1.adult-empire[1].txt [ Cookie:hannes@galleries1.adult-empire.com/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@traffictrack[1].txt [ Cookie:hannes@traffictrack.de/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@www.sexpartnerclub[2].txt [ Cookie:hannes@www.sexpartnerclub.de/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@collective-media[1].txt [ Cookie:hannes@collective-media.net/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@sexandcash[1].txt [ Cookie:hannes@sexandcash.com/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@euros4click[1].txt [ Cookie:hannes@euros4click.de/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\6LBKA5MR.txt [ Cookie:hannes@ad.zanox.com/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@www.etracker[1].txt [ Cookie:hannes@www.etracker.de/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@adserver.adreactor[1].txt [ Cookie:hannes@adserver.adreactor.com/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@go.dynamic-tracking[1].txt [ Cookie:hannes@go.dynamic-tracking.de/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@tracking.mindshare[2].txt [ Cookie:hannes@tracking.mindshare.de/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@guj.122.2o7[1].txt [ Cookie:hannes@guj.122.2o7.net/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\62I26B2M.txt [ Cookie:hannes@tomtailor.dyntracker.com/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@statcounter[2].txt [ Cookie:hannes@statcounter.com/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@msnportal.112.2o7[1].txt [ Cookie:hannes@msnportal.112.2o7.net/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@ads.quartermedia[2].txt [ Cookie:hannes@ads.quartermedia.de/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@hitbox[1].txt [ Cookie:hannes@hitbox.com/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@fhg.teenpornstarcasting[1].txt [ Cookie:hannes@fhg.teenpornstarcasting.com/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\1LP9EARB.txt [ Cookie:hannes@tracking.mlsat02.de/tmobile/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@toplist[2].txt [ Cookie:hannes@toplist.cz/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@server.cpmstar[2].txt [ Cookie:hannes@server.cpmstar.com/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@pornouni[3].txt [ Cookie:hannes@pornouni.com/gallery/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\ETJT99DK.txt [ Cookie:hannes@serving-sys.com/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@trafficholder[2].txt [ Cookie:hannes@trafficholder.com/cgi-bin/traffic/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\SATENUFU.txt [ Cookie:hannes@smartadserver.com/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@yadro[1].txt [ Cookie:hannes@yadro.ru/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@adserver.kino-zeit[1].txt [ Cookie:hannes@adserver.kino-zeit.de/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@adx.chip[1].txt [ Cookie:hannes@adx.chip.de/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\QVVVJ8CC.txt [ Cookie:hannes@zanox-affiliate.de/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@imrworldwide[2].txt [ Cookie:hannes@imrworldwide.com/cgi-bin ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@amateur-pornos[2].txt [ Cookie:hannes@amateur-pornos.tv/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\16A1841G.txt [ Cookie:hannes@mediaplex.com/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@sexpartnerclub[1].txt [ Cookie:hannes@sexpartnerclub.de/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@tds.teensexfans[1].txt [ Cookie:hannes@tds.teensexfans.com/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\4FTOAJHV.txt [ Cookie:hannes@fl01.ct2.comclick.com/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@bondage-teen[2].txt [ Cookie:hannes@bondage-teen.com/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@eaeacom.112.2o7[1].txt [ Cookie:hannes@eaeacom.112.2o7.net/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@eas.apm.emediate[1].txt [ Cookie:hannes@eas.apm.emediate.eu/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@cdn.at.atwola[1].txt [ Cookie:hannes@cdn.at.atwola.com/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@www.active-tracking[2].txt [ Cookie:hannes@www.active-tracking.de/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@ads2.net2day[1].txt [ Cookie:hannes@ads2.net2day.de/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@counter.sexsuche[1].txt [ Cookie:hannes@counter.sexsuche.tv/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@ehg-autodesk.hitbox[2].txt [ Cookie:hannes@ehg-autodesk.hitbox.com/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@www.salganisex[2].txt [ Cookie:hannes@www.salganisex.com/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@2o7[2].txt [ Cookie:hannes@2o7.net/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@ehg-yvesrocher.hitbox[1].txt [ Cookie:hannes@ehg-yvesrocher.hitbox.com/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@casalemedia[1].txt [ Cookie:hannes@casalemedia.com/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@clickcash[1].txt [ Cookie:hannes@clickcash.com/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@www.derporno[1].txt [ Cookie:hannes@www.derporno.com/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@openxxx.viragemedia[2].txt [ Cookie:hannes@openxxx.viragemedia.com/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\WGNG4SVZ.txt [ Cookie:hannes@specificclick.net/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@ads4.net2day[1].txt [ Cookie:hannes@ads4.net2day.de/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@rotator.adjuggler[2].txt [ Cookie:hannes@rotator.adjuggler.com/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@thesoftpro.tripod[2].txt [ Cookie:hannes@thesoftpro.tripod.com/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@www.mallorcateen[2].txt [ Cookie:hannes@www.mallorcateen.com/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@ad.adserver01[2].txt [ Cookie:hannes@ad.adserver01.de/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@pornstars69[2].txt [ Cookie:hannes@pornstars69.com/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\OQ4ZFNSH.txt [ Cookie:hannes@ad2.adfarm1.adition.com/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@sextracker[1].txt [ Cookie:hannes@sextracker.com/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@overture[2].txt [ Cookie:hannes@overture.com/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@himedia.individuad[2].txt [ Cookie:hannes@himedia.individuad.net/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@www.amateur-porno-tgp[2].txt [ Cookie:hannes@www.amateur-porno-tgp.com/st/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@www.series-xxx[1].txt [ Cookie:hannes@www.series-xxx.com/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@pornthunder[2].txt [ Cookie:hannes@pornthunder.com/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@counter14.sextracker[1].txt [ Cookie:hannes@counter14.sextracker.com/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\NO5RMV5V.txt [ Cookie:hannes@adviva.net/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@sexkontaktinserate[1].txt [ Cookie:hannes@sexkontaktinserate.net/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\NIKEI76I.txt [ Cookie:hannes@adform.net/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\FE7SD137.txt [ Cookie:hannes@invitemedia.com/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\3C8UJ2KO.txt [ Cookie:hannes@im.banner.t-online.de/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@clickbank[1].txt [ Cookie:hannes@clickbank.net/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@counter13.sextracker[1].txt [ Cookie:hannes@counter13.sextracker.com/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@counter2.sextracker[1].txt [ Cookie:hannes@counter2.sextracker.com/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@adserver.11freunde[2].txt [ Cookie:hannes@adserver.11freunde.de/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@ad.adnet[1].txt [ Cookie:hannes@ad.adnet.de/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\JLU99CKX.txt [ Cookie:hannes@track.adform.net/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@a7.adserver01[2].txt [ Cookie:hannes@a7.adserver01.de/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\FU2QSHIA.txt [ Cookie:hannes@ad4.adfarm1.adition.com/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@fpsexgals[1].txt [ Cookie:hannes@fpsexgals.com/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@w3counter[2].txt [ Cookie:hannes@w3counter.com/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@85.25.120[1].txt [ Cookie:hannes@85.25.120.181/stats/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@content.yieldmanager[3].txt [ Cookie:hannes@content.yieldmanager.com/ak/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@adprotraffic[2].txt [ Cookie:hannes@adprotraffic.com/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@spylog[2].txt [ Cookie:hannes@spylog.com/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@www.freesexportal[2].txt [ Cookie:hannes@www.freesexportal.net/st/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@rts.pgmediaserve[1].txt [ Cookie:hannes@rts.pgmediaserve.com/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@content.yieldmanager[2].txt [ Cookie:hannes@content.yieldmanager.com/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@galleries.adult-empire[1].txt [ Cookie:hannes@galleries.adult-empire.com/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@www.nudist-teens[1].txt [ Cookie:hannes@www.nudist-teens.org/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@ad.adition[2].txt [ Cookie:hannes@ad.adition.net/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@sexlist[1].txt [ Cookie:hannes@sexlist.com/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\HN708VI5.txt [ Cookie:hannes@ad1.adfarm1.adition.com/ ]
        C:\USERS\HANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannes@www.traffictrack[1].txt [ Cookie:hannes@www.traffictrack.de/ ]
        C:\USERS\HANNES\Cookies\SDZ2V9EC.txt [ Cookie:hannes@zanox.com/ ]
        C:\USERS\HANNES\Cookies\hannes@bs.serving-sys[1].txt [ Cookie:hannes@bs.serving-sys.com/ ]
        C:\USERS\HANNES\Cookies\hannes@pinnaclesystems.122.2o7[1].txt [ Cookie:hannes@pinnaclesystems.122.2o7.net/ ]
        C:\USERS\HANNES\Cookies\81X1T3H4.txt [ Cookie:hannes@fastclick.net/ ]
        C:\USERS\HANNES\Cookies\hannes@atwola[2].txt [ Cookie:hannes@atwola.com/ ]
        C:\USERS\HANNES\Cookies\hannes@ad.yieldmanager[1].txt [ Cookie:hannes@ad.yieldmanager.com/ ]
        C:\USERS\HANNES\Cookies\SRT151FF.txt [ Cookie:hannes@ad.zanox.com/ ]
        C:\USERS\HANNES\Cookies\hannes@chitika[2].txt [ Cookie:hannes@chitika.net/ ]
        C:\USERS\HANNES\Cookies\hannes@www.windowsmedia[1].txt [ Cookie:hannes@www.windowsmedia.com/ ]
        C:\USERS\HANNES\Cookies\hannes@serving-sys[2].txt [ Cookie:hannes@serving-sys.com/ ]
        C:\USERS\HANNES\Cookies\hannes@smartadserver[1].txt [ Cookie:hannes@smartadserver.com/ ]
        C:\USERS\HANNES\Cookies\90XKAYH7.txt [ Cookie:hannes@mediaplex.com/ ]
        C:\USERS\HANNES\Cookies\hannes@content.yieldmanager[1].txt [ Cookie:hannes@content.yieldmanager.com/ ]
        C:\USERS\HANNES\Cookies\hannes@2o7[1].txt [ Cookie:hannes@2o7.net/ ]
        C:\USERS\HANNES\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANNES@ADS.GAMESBANNERNET[1].TXT [ /ADS.GAMESBANNERNET ]
        C:\USERS\HANNES\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANNES@ADS.LYCOS[2].TXT [ /ADS.LYCOS ]
        C:\USERS\HANNES\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANNES@TRIPOD[2].TXT [ /TRIPOD ]
        C:\USERS\HANNES\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANNES@ADS.WHALEADS[2].TXT [ /ADS.WHALEADS ]
        C:\USERS\HANNES\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANNES@SEVENONEINTERMEDIA.112.2O7[1].TXT [ /SEVENONEINTERMEDIA.112.2O7 ]
        C:\USERS\HANNES\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANNES@TOOLS.ADULTFEEDCREATOR[2].TXT [ /TOOLS.ADULTFEEDCREATOR ]
        C:\USERS\HANNES\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANNES@WWW.AMATEUR-PORNOS[1].TXT [ /WWW.AMATEUR-PORNOS ]
        C:\USERS\HANNES\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANNES@SALGANISEX[1].TXT [ /SALGANISEX ]
        C:\USERS\HANNES\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANNES@ADBRITE[1].TXT [ /ADBRITE ]
        C:\USERS\HANNES\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANNES@TRAFFICMP[1].TXT [ /TRAFFICMP ]
        C:\USERS\HANNES\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANNES@MICROSOFTINTERNETEXPLORER.112.2O7[1].TXT [ /MICROSOFTINTERNETEXPLORER.112.2O7 ]
        C:\USERS\HANNES\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANNES@ADS.NET2DAY[2].TXT [ /ADS.NET2DAY ]
        C:\USERS\HANNES\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANNES@WWW.PREMIUMHARDCORESEX[2].TXT [ /WWW.PREMIUMHARDCORESEX ]
        C:\USERS\HANNES\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANNES@DRUNK-TEENY[1].TXT [ /DRUNK-TEENY ]
        C:\USERS\HANNES\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANNES@ROUGH-SEX.VIDZ[1].TXT [ /ROUGH-SEX.VIDZ ]
        C:\USERS\HANNES\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANNES@ADVERTISING[2].TXT [ /ADVERTISING ]
        C:\USERS\HANNES\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANNES@ADS.AD4GAME[1].TXT [ /ADS.AD4GAME ]
        C:\USERS\HANNES\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANNES@ADS.POPPEN[2].TXT [ /ADS.POPPEN ]
        C:\USERS\HANNES\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANNES@TRIOSEX[1].TXT [ /TRIOSEX ]
        C:\USERS\HANNES\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANNES@WWW.VOYEURXXXVIDEOS[2].TXT [ /WWW.VOYEURXXXVIDEOS ]
        C:\USERS\HANNES\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANNES@ADS.ADSHOPPING[1].TXT [ /ADS.ADSHOPPING ]
        C:\USERS\HANNES\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANNES@ADSRV.ADMEDIATE[2].TXT [ /ADSRV.ADMEDIATE ]
        C:\USERS\HANNES\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANNES@AT.ATWOLA[1].TXT [ /AT.ATWOLA ]
        C:\USERS\HANNES\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANNES@AD.ADC-SERV[1].TXT [ /AD.ADC-SERV ]
        C:\USERS\HANNES\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANNES@ADTECH[1].TXT [ /ADTECH ]
        C:\USERS\HANNES\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANNES@OUTDOOR-PORNOS[2].TXT [ /OUTDOOR-PORNOS ]
        C:\USERS\HANNES\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANNES@KOMTRACK[2].TXT [ /KOMTRACK ]
        C:\USERS\HANNES\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANNES@CDN5.SPECIFICCLICK[2].TXT [ /CDN5.SPECIFICCLICK ]
        C:\USERS\HANNES\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANNES@ZEDO[2].TXT [ /ZEDO ]
        .atdmt.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .lfstmedia.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .seitensprung-sextreffen.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .cdate.122.2o7.net [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        ads.adult-werbung.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .sexkontakt.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .oma-sexkontakte.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .sextropia.eu [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adxvalue.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        ad.adition.net [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        ad.adition.net [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .sexgeschichten.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .a.revenuemax.de [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .sexgeschichten.silvia-online.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        partners.webmasterplan.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        ad.adserver01.de [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .versext.net [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        my.enveromedia.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        eas4.emediate.eu [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .amazon-adsystem.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .amazon-adsystem.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .lfstmedia.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .eyewonder.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        clicks.pangora.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        clicks.pangora.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .paypal.112.2o7.net [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .eyewonder.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .pornolala.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .pornolala.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        spenden.wikimedia.de [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        spenden.wikimedia.de [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .sexgeschichten.tv [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        adserv.brandaffinity.net [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .questionmarket.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .specificclick.net [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .stepstone.112.2o7.net [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .liveperson.net [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .sexgeschichten.tv [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .lfstmedia.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .fastclick.net [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .komtrack.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .komtrack.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6aekiuhdjgbq.stats.esomniture.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wcl4ciazcep.stats.esomniture.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        tracking.quisma.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wdkowoajkdo.stats.esomniture.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        tracking.quisma.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wjkysjdjclq.stats.esomniture.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .count.xhit.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        adserver.momo-net.ch [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        adserver.momo-net.ch [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .xfind.de [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .xfind.de [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .dealtime.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .lfstmedia.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        www.sexvideos-tube.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        www.porno-erotik.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        www.sexvideos-tube.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        www.porno-erotik.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        www.porno-erotik.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        www.porntube-xnxx.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        www.porntube-xnxx.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .ero-advertising.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .ero-advertising.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        s4.trafficmaxx.de [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .xiti.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        delivery.atkmedia.de [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .akku-discounter.de [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .akku-discounter.de [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .ad.adnet.de [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        track.webtrekk.de [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .deutschepostag.112.2o7.net [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .conrad.122.2o7.net [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adviva.net [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .getclicky.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .static.getclicky.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        in.getclicky.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .guj.122.2o7.net [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .stats.paypal.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        tracking.quisma.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        www.zanox-affiliate.de [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adxvalue.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adxvalue.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .ad.adnet.de [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .sexkontakte-sofort.net [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .sexkontakte-sofort.net [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        server.adform.net [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        accounts.google.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .yadro.ru [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        voyeursexgalleries.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .voyeursexgalleries.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .ad.adnet.de [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .hightraffic.hugoboss.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .collective-media.net [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        www.adserving.pixfuture.net [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        pissingpornvideo.org [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        pissingpornvideo.org [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .ero-advertising.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .ero-advertising.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        www.bigfreesex.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        www.bigfreesex.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        www.bigfreesex.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        nudismlifeporn.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .voyeursexvideo.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .interclick.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .interclick.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .clickfuse.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .unister-adservices.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .unister-adservices.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .unister-adservices.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .unister-adservices.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        ad1.adfarm1.adition.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .sunporno.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .sunporno.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .sunporno.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .sunporno.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .ero-advertising.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .ero-advertising.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        voyeursexvideo.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        shedrunkandfucked.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .bs.serving-sys.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        ad.adserver01.de [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .yieldmanager.net [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        studivz.adfarm1.adition.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        studivz.adfarm1.adition.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .collective-media.net [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .bs.serving-sys.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .at.atwola.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .quartermedia.de [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .traffictrack.de [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        keyword-advertising.web.de [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .liveperson.net [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .overture.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .fastclick.net [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        ad.dyntracker.de [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .www.sexcam-livecam.info [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .yoursexytits.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .yoursexytits.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        www.sexcam-livecam.eu [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        www.sexcam-livecam.eu [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        www.anal-xxx-sex.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        www.anal-xxx-sex.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .counter.sexsuche.tv [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        m1.webstats.motigo.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .voyeurtraffic.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .rambler.ru [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .rambler.ru [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        statse.webtrendslive.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adserver.adtechus.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .technoratimedia.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .technoratimedia.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .server.cpmstar.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .server.cpmstar.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .server.cpmstar.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .server.cpmstar.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .server.cpmstar.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .trafficholder.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        traffic.brokerbabe.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        traffic.brokerbabe.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        fpsexgals.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .publicsexadventures.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .publicsexadventures.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .publicsexadventures.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .publicsexadventures.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .publicsexadventures.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .publicsexadventures.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .publicsexadventures.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .publicsexadventures.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .wolandtraffic.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .spyhiddensex.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        www.xxx69.net [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        www.xxx69.net [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .xxx69.net [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .xxx69.net [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .xxx69.net [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        www.xxx69.net [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .pissingpornvids.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .pissingpornvids.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .pissingpornvids.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        www.pissingpornvids.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        fpsexgals.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .fpsexgals.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .fpsexgals.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .fpsexgals.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .trafficholder.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .nichemixporn.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        nichemixporn.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .trafficholder.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .fucktruckvids.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .fucktruckvids.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .fucktruckvids.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .trafficholder.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .trafficholder.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .trafficholder.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        www.pornhub.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        h2porn.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .pornbanana.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .pornbanana.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .pornbanana.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        www.pornbanana.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .trafficholder.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        www.fpctraffic.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        h2porn.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .h2porn.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        h2porn.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .trafficholder.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        h2porn.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .h2porn.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .h2porn.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .h2porn.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .h2porn.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        h2porn.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .h2porn.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .h2porn.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .h2porn.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .h2porn.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        h2porn.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        h2porn.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .ero-advertising.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        sexoverdose.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .ero-advertising.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        sexoverdose.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .sexoverdose.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .sexoverdose.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .sexoverdose.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adultfriendfinder.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        ads.trafficjunky.net [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        www.pinporn.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .pinporn.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .pinporn.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .pinporn.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .girlsteachsex.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .pornstarnetwork.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .pornstarnetwork.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        www.pornstarnetwork.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        www.pinporn.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .xxxkinky.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .xxxkinky.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .xxxkinky.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .xxxkinky.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .ero-advertising.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        www.xxxkinky.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        www.xxxkinky.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        www.xxxkinky.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .pornhub.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .pornhub.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .pornhub.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .pornhub.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .pornhub.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        www.pornhub.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .alphaporno.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .alphaporno.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .alphaporno.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .porn.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        www.porn.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .porn.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .porn.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .porn.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adultfriendfinder.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adultfriendfinder.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .pornoadler.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .pornoadler.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .pornoadler.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .alphaporno.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .alphaporno.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .alphaporno.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .alphaporno.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .alphaporno.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .alphaporno.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .porntubevidz.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .porntubevidz.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .porntubevidz.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .porntubevidz.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .porntubevidz.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .porntubevidz.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        www.hdpornmobile.xxx [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        www.hdpornmobile.xxx [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .ero-advertising.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .yourxxxcams.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .yourxxxcams.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .nakedonthestreets.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .nakedonthestreets.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .nakedonthestreets.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        nakedonthestreets.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        nakedonthestreets.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        nakedonthestreets.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        nakedshygirls.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .nakedshygirls.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .nakedshygirls.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .nakedshygirls.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .nakedshygirls.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        nakedshygirls.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        dumpaporn.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adultadworld.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adultadworld.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .dumpaporn.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .dumpaporn.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .dumpaporn.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adultadworld.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        dumpaporn.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        dumpaporn.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        trekmedia.net [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        www.sexxxtape.net [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .sexxxtape.net [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .sexxxtape.net [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .sexxxtape.net [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .ero-advertising.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adultadworld.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adultadworld.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adultadworld.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adultadworld.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        www.adserv3.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        www.adserv3.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .mmotraffic.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .hornygamer.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .hornygamer.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .hornygamer.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .ero-advertising.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        www.alldirtyteens.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .ero-advertising.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .alldirtyteens.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .alldirtyteens.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .alldirtyteens.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .crazyporn7.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .crazyporn7.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .crazyporn7.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        www.crazyporn7.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .myclickfind.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .myclickfind.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .myclickfind.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        www.drunk-teens.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .drunk-teens.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .drunk-teens.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .drunk-teens.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        www.xxx-hotties.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .xxx-hotties.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .xxx-hotties.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .xxx-hotties.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .ero-advertising.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        www.greedycunts.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .greedycunts.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .greedycunts.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .greedycunts.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        edates.traffective-tracking.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        edates.traffective-tracking.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        edates.traffective-tracking.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        edates.traffective-tracking.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        www.realgfporn.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        www.realgfporn.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .realgfporn.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .realgfporn.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .realgfporn.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .purepornvids.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .purepornvids.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .purepornvids.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        purepornvids.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adultfriendfinder.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adultfriendfinder.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adultfriendfinder.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adultfriendfinder.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adultfriendfinder.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adultfriendfinder.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adultfriendfinder.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adultfriendfinder.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .syndication.traffichaus.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .syndication.traffichaus.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .syndication.traffichaus.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        ads.crakmedia.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        stat.dealtime.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        www.active-tracking.de [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        www.active-tracking.de [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        www.active-tracking.de [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        partners.webmasterplan.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .antennendiscount24.de [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .antennendiscount24.de [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .antennendiscount24.de [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        www.antennendiscount24.de [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        www.antennendiscount24.de [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        www.antennendiscount24.de [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wnl4khcpebp.stats.esomniture.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .tracking.crealytics.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adition.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        track.adform.net [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .tribalfusion.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        www.zanox-affiliate.de [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        www.digital-eliteboard.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        www.digital-eliteboard.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .digital-eliteboard.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .digital-eliteboard.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .digital-eliteboard.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .zanox.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .zanox-affiliate.de [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .countomat.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        adfarm1.adition.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adxpose.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .histats.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        germansexvideo.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        germansexvideo.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        germansexvideo.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .histats.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .germanpornvid.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .www.germanpornvid.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .germanpornvid.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .germanpornvid.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        webclickengine.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .germansexvideo.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .germansexvideo.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        germansexvideo.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        germansexvideo.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        germansexvideo.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        germansexvideo.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        germansexvideo.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        counter2.sexmoney.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .exoclick.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .exoclick.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        beasex.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .ero-advertising.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .beasex.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .beasex.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .sexad.net [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .trafficholder.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        delivery.trafficbroker.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        www.fpctraffic2.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .ero-advertising.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .ero-advertising.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .unister-adservices.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .unister-adservices.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .ero-advertising.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .freeyouporn.org [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .freeyouporn.org [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .ero-advertising.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .exoclick.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adxpansion.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .ero-advertising.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .statcounter.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        banner.testberichte.de [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        banner.testberichte.de [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        banner.testberichte.de [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        ww251.smartadserver.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        ad4.adfarm1.adition.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .questionmarket.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        ad3.adfarm1.adition.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        ad2.adfarm1.adition.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        track.adform.net [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .adform.net [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
        .kaspersky.122.2o7.net [ C:\USERS\HANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7R66VDW.DEFAULT\COOKIES.SQLITE ]
sagte was von ca 830 threats detected

Hannes7 08.06.2012 14:14
? ? ? ? ?
? ? ? ? ?

cosinus 08.06.2012 18:01
Sieht ok aus, da wurden nur Cookies gefunden.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )


Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Hannes7 09.06.2012 11:22
OK. Dankeschön für die hilfreichen Tipps, werde ich auch machen.

Habe bis jetzt noch nichts weiteres entdeckt was nicht funktioniert (außer die Programme wieder alle zu deinstallieren ;) )...

Möchte mich auch ganz herzlich bei dir bedanken für deine SUPER Hilfe!!!

Einfach genial, dass es noch Leute gibt die in ihrer Freizeit den anderen "dümmeren", die sich damit nicht so auskennen helfen!!! ;)

Also nochmals tausend DANK!!!

cosinus 10.06.2012 00:00
Ok. Wegen der Verschlüsselung:
Obige Hinweise beachten
Da sind mittlerweile 8 Tools, musst du ausprobieren
Man darf sich aber keine falschen Hoffnungen machen. Mittlerweile sieht es finster aus => Delphi-PRAXiS - Einzelnen Beitrag anzeigen - Verschlüsselungs-Trojaner, Hilfe benötigt

Für die Zukunft unbedingt mal das Backup-Konzept überdenken!
Denkanstoß hier => http://www.trojaner-board.de/115678-...r-backups.html


Abgesehen davon wären wir aber durch
Entfern bitte noch nichts aus der Quarantäne, die schädlichen Dateien, Ordner etc die wir gelöscht haben, liegen noch als Sicherheitskopie in diversen Ordner wie Qoobox oder _OTL/MovedFiles - die werden evtl. noch für eine Entschlüsselung benötigt


Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:

Adobe - Andere Version des Adobe Flash Player installieren

Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

Hannes7 11.06.2012 22:18
Danke für die Hinweise.

Werde Ende des Sommers meinen Laptop neu aufsetzen und eine BackUp Datei auf meiner externen Fesplatte anlegen, die ich nur zu speicherung für wichtige Daten verwende.

Verstehe das mit der Verschlüsselung / Entschlüsselung nicht ganz...
Kann doch auf alle meine Daten zugreifen oder verstehe ich da was falsch?

Zwecks Adobe:
Habe die drei Programme:
"Adobe AIR"
"Adobe Flash Player 11 ActiveX"
"Adobe Flash Player 11 Plugin"
Soll ich da alle drei Programme löschen oder ist AIR was anderes?

Secunia PSI habe ich heruntergeladen:
Dort lässt sich z.B. "Adobe Reader 9.X" nicht updaten. Da steht dann nur "Waiting for update to..."
Um ihn zu löschen finde ich den 9er aber nicht unter der Systemsteuerung/Programme...
Soll ich ihn direkt in den installierten Ordner löschen?
Das gleiche auch mit "Mozilla Firefox 11.x" und "Sun Java JRE 1.5.x / 5.x"
Bei "Daemon Tools Lite 4.x" zeigt es mir "Install Solution" an, was auf nen neuen download und installation verweist, was ich auch gemacht habe. Wobei die Meldung nach nochmaligen scan aber nicht verschwindet.

Java habe ich auch neu heruntergeladen und vorher deinstalliert.

Zum Schluss noch eine Frage zu Excel bzw Word. Wenn ich da ein Dokument öffne, gehen zwei dieser Fenster auf, wobei nur bei einem das jeweilige Dokument geöffnet ist und das andere Fenster leer ist.
Woran könnte das liegen?

Danke schonmal!

Beste Grüße Hannes

Ach ja...

Habe gerade gemerkt, dass ich versehentlich beim download von Daemon Tools den JDownloader mir heruntergeladen habe... brauche ich den überhaupt?

cosinus 12.06.2012 10:03
Zitat:
Kann doch auf alle meine Daten zugreifen oder verstehe ich da was falsch?
Na dann sei doch froh wenn keine Datei zerwürfelt wurde :pfeiff:

Zitat:
Soll ich da alle drei Programme löschen oder ist AIR was anderes?
Google hilft sicher Adobe Integrated Runtime
Für sowas wie Youtube braucht man AIR nicht. Ich brauchte es bisher nur für dieses Monitoring-Programm meiner dLAN-Adapter von Devolo unter Windows, aber eigentlich ist das auch nur ne doofe Spielerei http://cosgan.de/images/midi/boese/a040.gif

Zitat:
Dort lässt sich z.B. "Adobe Reader 9.X" nicht updaten. Da steht dann nur "Waiting for update to..."
Reader 9.x manuell deinstallieren über Systemsteuerung. Dann installierst du einen PDF-Reader, der NICHT von Adobe ist! => PDF-X-Change, SumatraPDF, Foxit - selbst IrfanView kann PDFs betrachten

Zitat:
Das gleiche auch mit "Mozilla Firefox 11.x" und "Sun Java JRE 1.5.x / 5.x"
Manchmal zeigt Secunia nicht den aktuellen Stand deines Systems. Mitunter musste ich Secunia mehrmals neu starten und den Computer scannen lassen
Ansonsten musst du mal schauen in welchem Pfad die angeblich veraltete Version angezeigt wird. Habs schon erlebt, dass auf irgendwelchen vorinstallierten Ordnern vom OEM-Hersteller (wie zB Acer oder Lenovo) irgendwelche Browser reingepackt wurden, die dann logischerweise irgendwann veraltet sind

Zitat:
Wenn ich da ein Dokument öffne, gehen zwei dieser Fenster auf,
Was sind "diese" zwei Fenster?
Ist das nur wenn du ein Dokument per Doppelklick öffnest? Was wenn du Word direkt startest ohne ein Dokument zu öffnen? Das SP3 für Office 2007 ist installiert, auch alle Folgepatches? (siehe Microsoftupdate)
Inwiefern ist das ein Problem?

Zitat:
den JDownloader mir heruntergeladen habe... brauche ich den überhaupt?
Mach dich doch via Google schlau welches Programm was tut und dann wirst du auch mal selber entscheiden können was du brauchst oder willst und was nicht.
Ich bin doch nicht dein Papa, der dir sagt was du tun musst/darfst :confused:

Hannes7 12.06.2012 15:59
Zitat:
Was sind "diese" zwei Fenster?
Ist das nur wenn du ein Dokument per Doppelklick öffnest? Was wenn du Word direkt startest ohne ein Dokument zu öffnen? Das SP3 für Office 2007 ist installiert, auch alle Folgepatches? (siehe Microsoftupdate)
Inwiefern ist das ein Problem?
Windows Update ist auf dem neuesten Stand...
Wenn ich ein Dokument mit Doppelklick öffne dann werden zwei Word-Fenster aufgemacht. In dem einen wird dann das entsprechende Dokument angezeigt, das andere Word-Fenster ist einfach nur leer ohne irgendein Dokument drin (nicht einmal ein leeres)..
Habe gerade gemerkt, dass wenn ich es nicht per Doppelklick sondern mit rechts/links öffne, dies nicht auftritt. Wenn ich nur Word öffne tritt dies ebenfalls nicht auf...
Mich stört es nicht unbedingt und ich habe das Problem auch schon bissl länger, ist mir nur da gerade aufgefallen und dachte du wüsstest vllt. nen Tipp wie ich es verhindern kann... ;) Aber wie gesagt werde es überleben :)

Zitat:
Mach dich doch via Google schlau welches Programm was tut und dann wirst du auch mal selber entscheiden können was du brauchst oder willst und was nicht.
Ich bin doch nicht dein Papa, der dir sagt was du tun musst/darfst
Habe ich auch nachgelesen.
Dachte nur weil ich nen "YouTube Downloader" drauf habe, dass der "JDownloader" vllt große Vorteile oder Nachteile gegenüber hat, die der "normalo" evtl. nicht kennt.


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:52 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131