Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Verschlüsselungs-Trojaner mit Aufforderung Geld zu überweisen (https://www.trojaner-board.de/116878-verschluesselungs-trojaner-aufforderung-geld-ueberweisen.html)

sanfran 08.06.2012 19:52
Verschlüsselungs-Trojaner mit Aufforderung Geld zu überweisen
 
Hallo,
ich bräuchte Hilfe um einen Laptop (P320 AMD Athlon II X2, Windows 7, Hersteller: emachines) wieder zum laufen zu bringen.
Das Problem. Nachdem einloggen erscheint ein Fenster mit der Überschrift 'Willkommen bei Windows-Update'. Nach einem etwas längeren Text folgt die Aufforderung Geld zu überweisen. Im Anschluss daran blättert die Seite um (ohne etwas zu klicken). Dort heißt es weiter 'Sie haben sich mit einem Windows-Verschlüsselungstrojaner infiziert ...'.
Ich habe den Laptop jetzt erstmal im abgesicherten Modus gestartet und lasse Malwarebytes (Version: 04.04.2012) im vollständigen Suchlauf durchlaufen.
Ein weiteres Problem. Es ist nicht mein Laptop und somit kann ich keine Internetverbindung herstellen, um Updates zu ziehen. Zumindest habe ich bisher nicht versucht den Laptop an mein Heimnetzwerk anzuschließen. Ich weiß auch nicht, ob das im abgesicherten Modus funktioniert. Und, wie gesagt, beim normalen Start habe ich keine Chance auf andere Funktionen zuzugreifen ...
Also bitte helft mir :D.
Danke

So, wie ich erst später gelesen habe, scheint mein beschriebener Trojaner grad das Thema hier ... Naja ich habe jetzt folgende Scans durchgeführt und das Problem mit dem Internetanschluss gelöst.

defogger: keine Fehlermeldung und kein Neustart. Noch nicht auf Re-enable geklickt.

OTL:OTL Logfile:
Code:
OTL logfile created on: 09.06.2012 00:00:41 - Run 1
OTL by OldTimer - Version 3.2.47.0    Folder = C:\Users\Karolin\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,75 Gb Total Physical Memory | 2,07 Gb Available Physical Memory | 75,39% Memory free
5,49 Gb Paging File | 4,88 Gb Available in Paging File | 88,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283,99 Gb Total Space | 192,58 Gb Free Space | 67,81% Space Free | Partition Type: NTFS
 
Computer Name: KAROLIN-PC | User Name: Karolin | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found --
PRC - [2012.06.08 23:57:34 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Karolin\Desktop\OTL.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.03.17 16:17:08 | 000,202,752 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.04.21 03:16:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.07.04 08:16:39 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.29 09:59:37 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.12.08 14:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.03 15:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.02.05 20:23:06 | 000,865,824 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Programme\eMachines\eMachines Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Stopped] -- C:\Programme\eMachines\eMachines Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009.10.10 04:59:08 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.07.04 08:16:39 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.07.04 08:16:39 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.07.30 14:18:04 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2010.07.30 14:18:02 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2010.07.30 14:18:00 | 000,026,624 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2010.07.30 14:17:56 | 000,019,456 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2010.03.20 20:59:08 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2010.03.18 00:48:58 | 002,212,352 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.03.17 19:24:24 | 006,405,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.03.17 15:21:18 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.02.08 15:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.12.22 02:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009.12.10 13:25:10 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.12.02 09:01:24 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009.08.23 11:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.05 10:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009.05.05 10:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2008.08.28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=eme640&r=273607107015l0404z1l5r45i2r501
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=eme640&r=273607107015l0404z1l5r45i2r501
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=eme640&r=273607107015l0404z1l5r45i2r501
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=eme640&r=273607107015l0404z1l5r45i2r501
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=eme640&r=273607107015l0404z1l5r45i2r501
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 38 7E 9C D3 72 3E CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW_deDE387DE387
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.08.13 15:16:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.01 19:51:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.05.29 16:32:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.08.13 15:16:27 | 000,000,000 | ---D | M]
 
[2010.07.08 10:12:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karolin\AppData\Roaming\mozilla\Extensions
[2012.05.02 09:36:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karolin\AppData\Roaming\mozilla\Firefox\Profiles\rn7u4nmy.default\extensions
[2010.07.09 12:41:24 | 000,001,819 | ---- | M] () -- C:\Users\Karolin\AppData\Roaming\Mozilla\Firefox\Profiles\rn7u4nmy.default\searchplugins\bing.xml
[2012.05.01 19:51:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.05.01 19:51:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions
[2012.05.01 19:51:49 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de
[2012.05.01 09:20:16 | 000,570,013 | ---- | M] () (No name found) -- C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2012.04.21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.05 12:15:14 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\eMachines\eMachines Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DE7DD07-8513-40F8-9162-0BECBDCCBD8B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8FB9F08-9693-4240-9D78-DD7B53D51E76}: DhcpNameServer = 10.110.15.1 10.110.15.2
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.08 23:57:31 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Karolin\Desktop\OTL.exe
[2012.06.08 18:30:23 | 000,000,000 | ---D | C] -- C:\Users\Karolin\Desktop\CD für die anderen
[2012.06.08 17:28:56 | 000,000,000 | ---D | C] -- C:\Users\Karolin\Desktop\Marie
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.08 23:57:34 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Karolin\Desktop\OTL.exe
[2012.06.08 23:56:04 | 000,000,000 | ---- | M] () -- C:\Users\Karolin\defogger_reenable
[2012.06.08 23:53:43 | 000,000,728 | ---- | M] () -- C:\Users\Karolin\Desktop\Defogger - Verknüpfung.lnk
[2012.06.08 23:46:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.08 23:46:08 | 2210,578,432 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.08 20:41:11 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.08 20:41:11 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.08 20:41:11 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.08 20:41:11 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.08 20:41:11 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.08 20:40:40 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.08 20:32:50 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.08 19:09:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.08 17:35:33 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.08 17:35:33 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.06 11:07:20 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.05.29 17:09:38 | 000,139,585 | ---- | M] () -- C:\Users\Karolin\Desktop\ESt2011_Bork_Karolin.elfo
[2012.05.29 15:21:53 | 000,001,242 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2012.05.15 13:04:51 | 000,374,704 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012.06.08 23:56:04 | 000,000,000 | ---- | C] () -- C:\Users\Karolin\defogger_reenable
[2012.06.08 23:53:43 | 000,000,728 | ---- | C] () -- C:\Users\Karolin\Desktop\Defogger - Verknüpfung.lnk
[2012.06.08 20:40:40 | 000,001,122 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.06 11:07:20 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011.07.05 11:24:41 | 000,000,000 | ---- | C] () -- C:\Users\Karolin\AppData\Local\{3733F916-33B1-4DCF-A6A9-880BA0CC82E1}
[2011.04.30 13:08:01 | 000,000,000 | ---- | C] () -- C:\Users\Karolin\AppData\Local\{E7B6B059-DE6D-4FFE-BF78-ECA1C2EA6BB4}
[2010.12.12 20:53:46 | 000,000,704 | ---- | C] () -- C:\Users\Karolin\AppData\Local\_rschroe.FPT
[2010.12.12 20:53:46 | 000,000,665 | ---- | C] () -- C:\Users\Karolin\AppData\Local\_rschroe.dbf
[2010.10.13 16:22:25 | 000,000,822 | ---- | C] () -- C:\Users\Karolin\AppData\Roaming\wklnhst.dat
[2010.08.13 15:09:12 | 000,181,084 | ---- | C] () -- C:\Windows\hpoins13.dat
[2010.08.13 15:09:11 | 000,000,457 | ---- | C] () -- C:\Windows\hpomdl13.dat
[2010.08.13 14:38:32 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.08.11 16:25:06 | 000,005,120 | ---- | C] () -- C:\Users\Karolin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.18 20:16:53 | 000,091,380 | ---- | C] () -- C:\Users\Karolin\AppData\Roaming\mdbu.bin
[2010.07.08 10:12:09 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
 
========== LOP Check ==========
 
[2011.10.04 16:47:50 | 000,000,000 | ---D | M] -- C:\Users\Karolin\AppData\Roaming\elsterformular
[2011.07.02 16:41:09 | 000,000,000 | ---D | M] -- C:\Users\Karolin\AppData\Roaming\Nokia
[2011.07.02 16:41:10 | 000,000,000 | ---D | M] -- C:\Users\Karolin\AppData\Roaming\PC Suite
[2011.07.07 21:09:25 | 000,000,000 | ---D | M] -- C:\Users\Karolin\AppData\Roaming\schroedelarbeitblaetter
[2010.10.13 16:22:28 | 000,000,000 | ---D | M] -- C:\Users\Karolin\AppData\Roaming\Template
[2010.07.08 19:51:09 | 000,000,000 | ---D | M] -- C:\Users\Karolin\AppData\Roaming\WildTangent
[2012.05.24 10:24:22 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
< End of report >
--- --- ---


OTL Extra:OTL Logfile:
Code:
OTL Extras logfile created on: 09.06.2012 00:00:41 - Run 1
OTL by OldTimer - Version 3.2.47.0    Folder = C:\Users\Karolin\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,75 Gb Total Physical Memory | 2,07 Gb Available Physical Memory | 75,39% Memory free
5,49 Gb Paging File | 4,88 Gb Available in Paging File | 88,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283,99 Gb Total Space | 192,58 Gb Free Space | 67,81% Space Free | Partition Type: NTFS
 
Computer Name: KAROLIN-PC | User Name: Karolin | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04254FF8-6F17-4747-A397-DA9C98C5B4EA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1E2F738A-174C-4DB9-98E5-9E9C9C5CD839}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{30812E4D-CF4B-4867-B0AB-5F1BEF9A9E0C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{32F39B6A-40C1-443B-B335-C12335197ECC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{381523A4-4445-4387-B931-9EE786A51C9A}" = lport=445 | protocol=6 | dir=in | app=system |
"{3D2DF885-4B1C-4FEF-856C-910170F91E62}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{44BD8A4D-D9EF-452D-B47E-9088D1B0B81C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{4F3B66BE-FC6D-4A6A-9101-87ED131A8803}" = rport=139 | protocol=6 | dir=out | app=system |
"{6439E09E-82C7-4D79-8B98-C6C15960D714}" = rport=137 | protocol=17 | dir=out | app=system |
"{67DE9530-5D22-4CBB-AF69-915D990784C4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{73348DD7-E209-46F2-B411-8F71A5280E26}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{82CB4870-C08E-4B30-A02B-20DA37B15955}" = lport=139 | protocol=6 | dir=in | app=system |
"{9D52E6CA-9AA8-46D8-9D78-07189967FD4F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A05088F0-CA04-4C48-93C7-1C7C970C9E22}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A0587993-149A-4DAA-8DFD-B9B88B2DFFAC}" = rport=445 | protocol=6 | dir=out | app=system |
"{AEA6E1CE-4E1E-4205-938A-86EC752DD49B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B4C8A47E-5C4A-463B-B20E-4521186F681E}" = lport=137 | protocol=17 | dir=in | app=system |
"{B6DBCDCC-03B2-47FC-95CB-864ECF72713C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BDF5F9A1-306E-4936-B5B7-68D9821CFBCA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E2D5C230-FFCB-4CD8-86D2-C3F5CA120541}" = lport=138 | protocol=17 | dir=in | app=system |
"{EA568DD2-AE97-457F-8022-0C8765BBC047}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F046F4CD-3808-44D9-AE7A-C710E643F82A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F1ED89EC-34C0-461B-A66A-EDC92D9F08D4}" = rport=138 | protocol=17 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{050BA61C-AF6E-44EB-A0FE-BE4A0BDC4B12}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0AE2895C-902E-46E3-AD87-776B5F67E4B2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{14394422-5A49-452E-8BF9-5CAA116035DA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1BEAD187-1071-481F-8981-6E8F1DDCD3FD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{30CAC2FB-4FB1-4D98-9E71-526C20DFF77E}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{33B6FFD0-C4AF-4C9A-9B23-1B8C985992B9}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{33E6F067-16F8-4C53-8049-A7A659316AAC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3966825D-ABC2-4060-8015-5A4485352537}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4154162A-C5BE-4A55-BC82-80D11E1694DB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{41F8C9C9-2371-4AEE-88FB-07B3C9D09E7D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{46B2FF23-C805-4C9D-9E01-0C30540A3D5B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{50348D42-48A8-43AF-BE3B-2B6459EBE1CA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{524D988C-9292-4077-976F-23C99B86FDF6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{58A7A303-8B3F-4795-BCF8-30792E3B04B3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5DBE45C2-8C91-480A-A3CA-3DCB8CC33FC7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5E546904-B387-4E6E-AA96-B5758BD26263}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{5F69E39D-7CF9-4621-A165-91E4C931789A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{62F88C17-04A5-4156-9182-C5A7A95C8A46}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{68CD4E17-BFCD-4F15-82DF-BDE826A63990}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6E5FE72C-E8B2-4C88-B8DA-5E50FF66BCE7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{7190F175-A904-4C3B-8086-FA64D018B5BC}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{74DFC4DC-E983-416D-897B-83DC7C4BA3D2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7547EA3D-BAFB-41D7-9622-9AD687D783F1}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{7738E5A8-12A1-414C-9BF7-851295E7CE41}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{82BA5F5F-9877-4428-8A7D-5706392E71BF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8ACD16EA-BC61-4FA8-A844-C493C63B3B5C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{93246E32-B60D-4366-BFAC-B925D2A24DAA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{988354BA-FDAA-4AEB-BD56-738B84851ADA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B63ADAFC-13E3-4E10-8E28-94E763637958}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{B6B9156B-315E-46EF-8DFE-30CEFDEAB52E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BE57CC7D-3B2E-44CC-878B-14EA5D781B42}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{C0628399-E914-4B7E-8741-62A03C39B1AA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{C36B52AD-0D40-4ABB-95D4-5DF85610715F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{CE80830D-0839-47F1-B3DB-0B22600188A1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D013666C-5B25-4112-ABA5-AB19D10B1956}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{D59C9506-7305-44C9-901A-32D195711D63}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{D7E17F65-EC19-4BCC-9D0B-ABA5E8CFEADC}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{DAA49337-ED3D-440F-AEC8-283DA80D1258}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{E2D9E0BE-EACC-49D8-8FFA-82CE3F1CAABE}" = protocol=6 | dir=out | app=system |
"{E39D6B52-8733-492E-B112-2078D8DC589C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E8A766EE-8012-4ECC-8652-0AA1FAAE6210}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EC685FE1-AA31-4AAF-B052-96F1B642BAD8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe |
"{EE1B4BB4-04EC-4E92-B3FF-DB02B90FA680}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{EE8B0846-E1EC-4515-B4E1-443940308EB9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{F6DEAEC6-CEE1-4136-9540-40752854132B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F762FF52-7057-4333-A986-5E8A413EB94D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{FC4C1C0C-C5A0-4B40-A6BC-1004C4EAA133}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"TCP Query User{70D40997-C53A-43E9-9587-B98CD105D005}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{7B5183A9-C8B6-4E6F-936F-CDB4695E60F7}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{14BC5667-22B0-4DC4-8205-597053BBDDC9}" = HP Photosmart C4200 All-In-One Driver Software 13.0 Rel. 1
"{42281103-DF49-8A45-C960-977096F29F45}" = ccc-utility64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6F43CF39-8B2F-546B-57E3-4803E935C465}" = ATI Catalyst Install Manager
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6DA48AFDE796708D5A4C9121A83E7617A63A9A15" = Windows-Treiberpaket - Nokia Modem  (10/07/2010 4.6)
"E5372C32E8562C76C24DBA6525002B1031495F34" = Windows-Treiberpaket - Nokia Modem  (06/09/2010 7.01.0.8)
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
""Mathematik 5. und 6. Klasse" - DVD38_is1" = Oriolus Lernprogramm Mathematik 5. und 6. Klasse
""Mathematik in der Grundschule" - DVD38_is1" = Oriolus Lernprogramm Mathematik in der Grundschule
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15424D99-B708-54FD-94EC-997BE1976918}" = CCC Help Japanese
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{17C50809-F2E0-4DD8-84D7-55FF74615723}" = Video Web Camera Ver:1.0.31.325
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B7D12BE-D1D8-4CCE-A01B-43CAFF8ECA9B}" = C4200
"{1DCEE28F-CEDA-ADBA-DE41-1377ADD42DD3}" = CCC Help Finnish
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2552055A-7121-346E-F287-C0E7CC1BB36E}" = CCC Help Turkish
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{327AD686-FD94-F270-C0C9-D379ACC3CCA3}" = CCC Help Russian
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3CABCB73-0ABE-9578-A11C-6888ECF5D6D7}" = CCC Help Portuguese
"{3DB0448D-AD82-4923-B305-D001E521A964}" = eMachines Power Management
"{3DCF232A-B152-4375-B840-F19D866A316D}" = Catalyst Control Center Graphics Full New
"{3F34DE3B-887D-72A9-FCFE-2676B2EDBE67}" = CCC Help Thai
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B30D670-AA94-3DAC-965D-CA8FED631DA3}" = Catalyst Control Center Graphics Previews Common
"{5F65AB3C-FCF3-E10B-3203-26F3C133F036}" = CCC Help Chinese Standard
"{5F8D5450-5BD8-4B8A-A1DE-8326C0395D5D}" = PS_AIO_Software_min
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64CFDAC9-C358-88FE-E0E3-B33ED5C8AB2C}" = CCC Help Norwegian
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{702A9675-C93C-6914-7B90-8056525349A7}" = Catalyst Control Center Graphics Light
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7661AFE4-1F7A-8B5C-D395-3A8B682F106A}" = CCC Help Korean
"{77D3B22B-CB40-19AE-5A7D-9256E9862010}" = Catalyst Control Center Core Implementation
"{7A555AD4-057E-EB0B-3C2D-82658AA1B190}" = CCC Help English
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.3.0
"{81FC1368-171E-4151-E3E1-D63C8CF1F150}" = CCC Help Polish
"{85DD738D-6572-53AA-E570-50D0D0842722}" = Catalyst Control Center Graphics Full Existing
"{86141D3B-58F6-D4E9-809E-05032F1C09BE}" = CCC Help Swedish
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97DA45B6-451C-A4B8-897F-106E2B3B6E2F}" = CCC Help Dutch
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A26840C5-95D5-BB10-700A-304AA9F4AF92}" = CCC Help Greek
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A385939C-3DE9-5568-D8B0-3972BA293DC7}" = CCC Help German
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{B284EA3C-8391-5648-BFC4-800A44D01ADA}" = ccc-core-static
"{B2F1B278-B685-1112-F051-AD05C5946C0D}" = CCC Help French
"{B3A0945A-1A84-BD5C-D33A-F4DC811FCCCC}" = CCC Help Chinese Traditional
"{B4060669-4633-038A-8A50-E05D1F54929E}" = CCC Help Czech
"{BC171806-3828-33E5-289C-9609C5BC59DF}" = Catalyst Control Center Localization All
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BDE26FB2-E880-BFF9-3A85-18D70FC44D8D}" = Catalyst Control Center InstallProxy
"{C31501D8-8267-A455-D269-85FBDBE2BFC3}" = CCC Help Italian
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C75A193A-D403-5707-7D32-166DF4EA47DD}" = CCC Help Spanish
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{D4905980-7A59-8CE0-1336-EBC0338DAC1B}" = CCC Help Hungarian
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E65CA2A8-1F2A-4400-AE55-FFD43D3B6980}" = c4200_Help
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = eMachines Updater
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F38FD0E4-B991-462B-873D-F2115EADD093}" = Nokia PC Suite
"{F98098D2-8822-1B1D-6771-945669046216}" = CCC Help Danish
"{FC635D8E-FFBA-4B2C-BE68-A37D56BDFB74}" = Catalyst Control Center - Branding
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"ElsterFormular 13.0.0.8086p" = ElsterFormular
"ElsterFormular 13.2.0.8623p" = ElsterFormular
"ElsterFormular für Privatanwender 12.0.0.5880p" = ElsterFormular für Privatanwender
"eMachines Game Console" = eMachines Game Console
"eMachines Registration" = eMachines Registration
"eMachines Screensaver" = eMachines ScreenSaver
"eMachines Welcome Center" = Welcome Center
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Identity Card" = Identity Card
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"Lehrstoffmanager 2.0_is1" = Lehrstoffmanager 2.0
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nokia PC Suite" = Nokia PC Suite
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"Rossmann Fotoservice_is1" = Rossmann Fotoservice
"Rossmann Fotowelt Software" = Rossmann Fotowelt Software 4.12.1
"Schroedel Arbeitsblätter" = Schroedel Arbeitsblätter
"WildTangent emachines Master Uninstall" = eMachines Games
"WT078910" = Bejeweled 2 Deluxe
"WT078919" = Insaniquarium Deluxe
"WT078930" = Zuma Deluxe
"WT078958" = Blasterball 3
"WT078962" = Bob the Builder Can-Do-Zoo
"WT079018" = Faerie Solitaire
"WT079022" = FATE - The Traitor Soul
"WT079062" = Jewel Quest
"WT079066" = Jewel Quest Solitaire 3
"WT079106" = Penguins!
"WT079114" = Polar Bowler
"WT079118" = Polar Golfer
"WT079122" = Polar Pool
"WT079175" = Virtual Villagers - A New Home
"WT079180" = Yahtzee
"WT079283" = Build-a-lot 2
"WT079296" = Chicken Invaders 3 - Revenge of the Yolk
"WT079316" = Escape Rosecliff Island
"WT079329" = Mahjongg Artifacts
"WT079418" = Virtual Families
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 24.01.2012 13:36:16 | Computer Name = Karolin-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 31.01.2012 05:42:29 | Computer Name = Karolin-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 31.01.2012 05:44:27 | Computer Name = Karolin-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\Nokia\nokia pc suite 7\TIS_Windows7PIM.dll".  Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 31.01.2012 05:44:39 | Computer Name = Karolin-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 31.01.2012 05:45:14 | Computer Name = Karolin-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 31.01.2012 05:45:14 | Computer Name = Karolin-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 31.01.2012 05:45:14 | Computer Name = Karolin-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 31.01.2012 05:45:14 | Computer Name = Karolin-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 03.02.2012 08:53:34 | Computer Name = Karolin-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 03.02.2012 08:53:35 | Computer Name = Karolin-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ System Events ]
Error - 08.06.2012 18:01:17 | Computer Name = Karolin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 08.06.2012 18:03:15 | Computer Name = Karolin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 08.06.2012 18:03:15 | Computer Name = Karolin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 08.06.2012 18:03:15 | Computer Name = Karolin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 08.06.2012 18:03:59 | Computer Name = Karolin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 08.06.2012 18:03:59 | Computer Name = Karolin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 08.06.2012 18:03:59 | Computer Name = Karolin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 08.06.2012 18:06:07 | Computer Name = Karolin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 08.06.2012 18:06:07 | Computer Name = Karolin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 08.06.2012 18:06:07 | Computer Name = Karolin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
 
< End of report >
--- --- ---

cosinus 10.06.2012 18:24
Beim Kopieren des Logs von Malwarebytes ist dir ein kleiner Fehler unterlaufen...und zwar hast du nochmal das OTL-Log reinkopiert

sanfran 10.06.2012 19:47
Uii, Mist. Dann hole ich das ganz schnell nach.

Malwarebytes Anti-Malware (Test) 1.61.0.1400
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: v2012.06.08.06

Windows 7 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 8.0.7600.16385
Karolin :: KAROLIN-PC [Administrator]

Schutz: Deaktiviert

09.06.2012 11:24:31
mbam-log-2012-06-09 (12-52-54).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 416559
Laufzeit: 1 Stunde(n), 4 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Karolin\AppData\Local\Temp\xaldgwpnwd.pre (Trojan.Agent) -> Keine Aktion durchgeführt.
C:\Users\Karolin\AppData\Local\Temp\Bjjlefczfp\xnzrxluucyc.exe (Trojan.Agent) -> Keine Aktion durchgeführt.

(Ende)

cosinus 10.06.2012 20:41
Zitat:
Keine Aktion durchgeführt.
-> No action taken.
Die Funde müssen mit Malwarebytes entfernt waren! Bitte nachholen falls noch nicht getan!

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

sanfran 10.06.2012 21:08
Ok, die beiden Funde habe ich jetzt gelöscht. Hier die Log-Dateien.

2010:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4796

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11.10.2010 22:08:01
mbam-log-2010-10-11 (22-08-01).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 256687
Laufzeit: 1 Stunde(n), 1 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


Gestern:

Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.08.06

Windows 7 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 8.0.7600.16385
Karolin :: KAROLIN-PC [Administrator]

Schutz: Deaktiviert

09.06.2012 00:33:27
mbam-log-2012-06-09 (00-34-26).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 211514
Laufzeit: 47 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Karolin\AppData\Local\Temp\Bjjlefczfp\xnzrxluucyc.exe (Trojan.Agent) -> Keine Aktion durchgeführt.
C:\Users\Karolin\AppData\Local\Temp\xaldgwpnwd.pre (Trojan.Agent) -> Keine Aktion durchgeführt.

(Ende)


Heute:

Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.08.06

Windows 7 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 8.0.7600.16385
Karolin :: KAROLIN-PC [Administrator]

Schutz: Deaktiviert

10.06.2012 21:49:43
mbam-log-2012-06-10 (21-49-43).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 211512
Laufzeit: 4 Minute(n), 37 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Karolin\AppData\Local\Temp\Bjjlefczfp\xnzrxluucyc.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Karolin\AppData\Local\Temp\xaldgwpnwd.pre (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)


Ich hatte die Funde deshalb nicht gelöscht, da in dem Fenster oben der Hinweis auf nichts löschen steht :/ ...

cosinus 11.06.2012 09:15
Führ bitte auch ESET aus, danach sehen wir weiter:

Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden.

ESET Online Scanner

Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen
  • Dein Anti-Virus-Programm während des Scans deaktivieren.

    Button http://img695.imageshack.us/img695/1599/eset1l.jpg (<< klick) drücken.
    • Firefox-User:
      Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User:
      müssen das Installieren eines ActiveX Elements erlauben.
  • Setze den einen Haken bei Yes, i accept the Terms of Use.
  • Drücke den http://img707.imageshack.us/img707/687/starteg.jpg Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Scan archives".
  • Gehe sicher das bei Remove Found Threats kein Hacken gesetzt ist.
  • http://img707.imageshack.us/img707/687/starteg.jpg drücken.
  • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde
  • Klicke Finish.
  • Browser schließen.
Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste und kopiere folgenden Text in das Ausführen Fenster.
Code:
"%PROGRAMFILES%\Eset\Eset Online Scanner\log.txt"
Hinweis: Falls du ein 64-Bit-Windows einsetzt, lautet der Pfad so:

Code:
"%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\log.txt"
Poste nun den Inhalt der log.txt.

sanfran 11.06.2012 12:54
Hab den Scan durchgeführt und es wurden auch 6 weitere Sachen gefunden.

Danke!!!!!!!!

cosinus 11.06.2012 13:06
Zitat:
C:\Users\Karolin\AppData\Local\Temp\mia9C4E.tmp\data\OFFLINE\873987EB\53DCF9F9\registrybooster.exe
Finger weg von Registry-Cleanern!!

Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich.
Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr startet.
  • Wie soll der Cleaner zu 100% wissen ob der Eintrag benötigt wird oder nicht ?
  • Es ist vollkommen egal ob ein paar verwaiste Registry Einträge am System sind oder nicht.
  • Auch die dauernd angepriesene Beschleunigung des Systems ist nur bedingt wahr. Du würdest es nicht merken.

Ein sogenanntes False Positive von einem Cleaner kann auch dein System unbootbar machen.
Zerstörst Du die Registry, zerstörst Du Windows.


Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

sanfran 11.06.2012 13:16
Ok danke, den Hinweis mit dem Registry-Cleanern werd ich demnächst beachten bzw. an die Laptopbesitzerin weitergeben.
Zu deinen Fragen. Also der normale Modus funktioniert wieder und es scheinen sich auch keine leeren Ordner oder ähnliche Auffälligkeiten im Startmenü zu befinden.

cosinus 11.06.2012 13:27
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

sanfran 11.06.2012 13:58
OTL Logfile:
Code:
OTL logfile created on: 11.06.2012 14:33:23 - Run 2
OTL by OldTimer - Version 3.2.47.0    Folder = C:\Users\Karolin\Desktop\Trojaner
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,75 Gb Total Physical Memory | 1,80 Gb Available Physical Memory | 65,53% Memory free
5,49 Gb Paging File | 4,07 Gb Available in Paging File | 74,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283,99 Gb Total Space | 191,32 Gb Free Space | 67,37% Space Free | Partition Type: NTFS
 
Computer Name: KAROLIN-PC | User Name: Karolin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.08 23:57:34 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Karolin\Desktop\Trojaner\OTL.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.07.07 09:08:30 | 000,216,064 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe
PRC - [2011.07.04 08:16:39 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.29 09:59:37 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010.12.21 11:53:40 | 001,483,264 | ---- | M] (Nokia) -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2010.12.08 14:31:06 | 000,628,736 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
PRC - [2010.11.04 21:20:16 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.05.05 05:45:01 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2010.03.03 15:21:16 | 001,300,560 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010.03.03 15:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010.03.03 15:21:16 | 000,297,040 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\eMachines\eMachines Updater\UpdaterService.exe
PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe
PRC - [2009.10.27 09:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.05.05 05:45:01 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2009.05.20 08:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll
MOD - [2008.08.12 10:16:16 | 002,023,424 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtCore4.dll
MOD - [2008.07.29 13:47:56 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll
MOD - [2008.07.29 13:47:38 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll
MOD - [2008.07.29 13:11:18 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtSvg4.dll
MOD - [2008.07.29 13:01:12 | 007,331,840 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtGui4.dll
MOD - [2008.07.29 12:50:26 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtXml4.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.03.17 16:17:08 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.04.21 03:16:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.07.04 08:16:39 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.29 09:59:37 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.12.08 14:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.03 15:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.02.05 20:23:06 | 000,865,824 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\eMachines\eMachines Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\eMachines\eMachines Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009.10.10 04:59:08 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.07.04 08:16:39 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.07.04 08:16:39 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.07.30 14:18:04 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2010.07.30 14:18:02 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2010.07.30 14:18:00 | 000,026,624 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2010.07.30 14:17:56 | 000,019,456 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2010.03.20 20:59:08 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2010.03.18 00:48:58 | 002,212,352 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.03.17 19:24:24 | 006,405,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.03.17 15:21:18 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.02.08 15:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.12.22 02:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009.12.10 13:25:10 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.12.02 09:01:24 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009.08.23 11:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.05 10:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009.05.05 10:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2008.08.28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=eme640&r=273607107015l0404z1l5r45i2r501
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=eme640&r=273607107015l0404z1l5r45i2r501
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=eme640&r=273607107015l0404z1l5r45i2r501
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=eme640&r=273607107015l0404z1l5r45i2r501
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3810083623-1191388484-3988811414-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=eme640&r=273607107015l0404z1l5r45i2r501
IE - HKU\S-1-5-21-3810083623-1191388484-3988811414-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3810083623-1191388484-3988811414-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3810083623-1191388484-3988811414-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 38 7E 9C D3 72 3E CC 01  [binary data]
IE - HKU\S-1-5-21-3810083623-1191388484-3988811414-1001\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-3810083623-1191388484-3988811414-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-3810083623-1191388484-3988811414-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW_deDE387DE387
IE - HKU\S-1-5-21-3810083623-1191388484-3988811414-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3810083623-1191388484-3988811414-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.08.13 15:16:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.01 19:51:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.05.29 16:32:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.08.13 15:16:27 | 000,000,000 | ---D | M]
 
[2010.07.08 10:12:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karolin\AppData\Roaming\mozilla\Extensions
[2012.05.02 09:36:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karolin\AppData\Roaming\mozilla\Firefox\Profiles\rn7u4nmy.default\extensions
[2010.07.09 12:41:24 | 000,001,819 | ---- | M] () -- C:\Users\Karolin\AppData\Roaming\Mozilla\Firefox\Profiles\rn7u4nmy.default\searchplugins\bing.xml
[2012.05.01 19:51:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.05.01 19:51:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions
[2012.05.01 19:51:49 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de
[2012.05.01 09:20:16 | 000,570,013 | ---- | M] () (No name found) -- C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2012.04.21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.05 12:15:14 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-3810083623-1191388484-3988811414-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\eMachines\eMachines Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3810083623-1191388484-3988811414-1001..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKU\S-1-5-21-3810083623-1191388484-3988811414-1001..\Run: [PC Suite Tray] C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DE7DD07-8513-40F8-9162-0BECBDCCBD8B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8FB9F08-9693-4240-9D78-DD7B53D51E76}: DhcpNameServer = 10.110.15.1 10.110.15.2
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.11 11:48:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.06.09 00:41:52 | 000,000,000 | ---D | C] -- C:\Users\Karolin\Desktop\Trojaner
[2012.06.08 18:30:23 | 000,000,000 | ---D | C] -- C:\Users\Karolin\Desktop\CD für die anderen
[2012.06.08 17:28:56 | 000,000,000 | ---D | C] -- C:\Users\Karolin\Desktop\Marie
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.11 14:30:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.11 14:17:30 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.11 14:17:30 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.11 14:16:32 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.11 14:16:32 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.11 14:16:32 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.11 14:16:32 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.11 14:16:32 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.11 14:09:46 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.11 14:09:23 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.11 14:08:39 | 2210,578,432 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.08 23:56:04 | 000,000,000 | ---- | M] () -- C:\Users\Karolin\defogger_reenable
[2012.06.08 20:40:40 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.06 11:07:20 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.05.29 17:09:38 | 000,139,585 | ---- | M] () -- C:\Users\Karolin\Desktop\ESt2011_Bork_Karolin.elfo
[2012.05.29 15:21:53 | 000,001,242 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2012.05.15 13:04:51 | 000,374,704 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012.06.08 23:56:04 | 000,000,000 | ---- | C] () -- C:\Users\Karolin\defogger_reenable
[2012.06.08 20:40:40 | 000,001,122 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.06 11:07:20 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011.07.05 11:24:41 | 000,000,000 | ---- | C] () -- C:\Users\Karolin\AppData\Local\{3733F916-33B1-4DCF-A6A9-880BA0CC82E1}
[2011.04.30 13:08:01 | 000,000,000 | ---- | C] () -- C:\Users\Karolin\AppData\Local\{E7B6B059-DE6D-4FFE-BF78-ECA1C2EA6BB4}
[2010.12.12 20:53:46 | 000,000,704 | ---- | C] () -- C:\Users\Karolin\AppData\Local\_rschroe.FPT
[2010.12.12 20:53:46 | 000,000,665 | ---- | C] () -- C:\Users\Karolin\AppData\Local\_rschroe.dbf
[2010.10.13 16:22:25 | 000,000,822 | ---- | C] () -- C:\Users\Karolin\AppData\Roaming\wklnhst.dat
[2010.08.13 15:09:12 | 000,181,084 | ---- | C] () -- C:\Windows\hpoins13.dat
[2010.08.13 15:09:11 | 000,000,457 | ---- | C] () -- C:\Windows\hpomdl13.dat
[2010.08.13 14:38:32 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.08.11 16:25:06 | 000,005,120 | ---- | C] () -- C:\Users\Karolin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.18 20:16:53 | 000,091,380 | ---- | C] () -- C:\Users\Karolin\AppData\Roaming\mdbu.bin
[2010.07.08 10:12:09 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
 
========== LOP Check ==========
 
[2011.10.04 16:47:50 | 000,000,000 | ---D | M] -- C:\Users\Karolin\AppData\Roaming\elsterformular
[2011.07.02 16:41:09 | 000,000,000 | ---D | M] -- C:\Users\Karolin\AppData\Roaming\Nokia
[2011.07.02 16:41:10 | 000,000,000 | ---D | M] -- C:\Users\Karolin\AppData\Roaming\PC Suite
[2011.07.07 21:09:25 | 000,000,000 | ---D | M] -- C:\Users\Karolin\AppData\Roaming\schroedelarbeitblaetter
[2010.10.13 16:22:28 | 000,000,000 | ---D | M] -- C:\Users\Karolin\AppData\Roaming\Template
[2010.07.08 19:51:09 | 000,000,000 | ---D | M] -- C:\Users\Karolin\AppData\Roaming\WildTangent
[2012.05.24 10:24:22 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.07.11 17:43:17 | 000,000,000 | ---D | M] -- C:\Users\Karolin\AppData\Roaming\Adobe
[2010.07.07 18:46:02 | 000,000,000 | ---D | M] -- C:\Users\Karolin\AppData\Roaming\ATI
[2010.10.11 21:05:21 | 000,000,000 | ---D | M] -- C:\Users\Karolin\AppData\Roaming\Avira
[2011.10.04 16:47:50 | 000,000,000 | ---D | M] -- C:\Users\Karolin\AppData\Roaming\elsterformular
[2010.07.07 18:47:47 | 000,000,000 | ---D | M] -- C:\Users\Karolin\AppData\Roaming\Google
[2010.08.19 14:14:21 | 000,000,000 | ---D | M] -- C:\Users\Karolin\AppData\Roaming\HP
[2010.07.07 18:44:22 | 000,000,000 | ---D | M] -- C:\Users\Karolin\AppData\Roaming\Identities
[2010.07.07 18:44:50 | 000,000,000 | ---D | M] -- C:\Users\Karolin\AppData\Roaming\Macromedia
[2010.10.11 21:04:51 | 000,000,000 | ---D | M] -- C:\Users\Karolin\AppData\Roaming\Malwarebytes
[2009.07.14 09:44:38 | 000,000,000 | ---D | M] -- C:\Users\Karolin\AppData\Roaming\Media Center Programs
[2011.11.18 20:58:59 | 000,000,000 | --SD | M] -- C:\Users\Karolin\AppData\Roaming\Microsoft
[2010.08.13 14:35:00 | 000,000,000 | ---D | M] -- C:\Users\Karolin\AppData\Roaming\Microsoft Web Folders
[2010.07.08 10:12:17 | 000,000,000 | ---D | M] -- C:\Users\Karolin\AppData\Roaming\Mozilla
[2011.07.02 16:41:09 | 000,000,000 | ---D | M] -- C:\Users\Karolin\AppData\Roaming\Nokia
[2011.07.02 16:41:10 | 000,000,000 | ---D | M] -- C:\Users\Karolin\AppData\Roaming\PC Suite
[2011.07.07 21:09:25 | 000,000,000 | ---D | M] -- C:\Users\Karolin\AppData\Roaming\schroedelarbeitblaetter
[2010.10.13 16:22:28 | 000,000,000 | ---D | M] -- C:\Users\Karolin\AppData\Roaming\Template
[2010.07.08 19:51:09 | 000,000,000 | ---D | M] -- C:\Users\Karolin\AppData\Roaming\WildTangent
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<          >

< End of report >
--- --- ---

cosinus 11.06.2012 14:10
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=eme640&r=273607107015l0404z1l5r45i2r501
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=eme640&r=273607107015l0404z1l5r45i2r501
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=eme640&r=273607107015l0404z1l5r45i2r501
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=eme640&r=273607107015l0404z1l5r45i2r501
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3810083623-1191388484-3988811414-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=eme640&r=273607107015l0404z1l5r45i2r501
IE - HKU\S-1-5-21-3810083623-1191388484-3988811414-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3810083623-1191388484-3988811414-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3810083623-1191388484-3988811414-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 38 7E 9C D3 72 3E CC 01  [binary data]
IE - HKU\S-1-5-21-3810083623-1191388484-3988811414-1001\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-3810083623-1191388484-3988811414-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

sanfran 11.06.2012 14:15
Bei Malwarebytes ist das Häkchenfenster (mit aktiviertem Hacken) sowie die Textzeile 'Schutz aktivieren' grau hinterlegt, kann also nicht aufgehoben werden. Kann ich den OTL-Scan trotzdem durchführen?

cosinus 11.06.2012 15:27
In Malwarebytes selbst sollte man das eigentlich deaktivieren können. Egal, dann mach so den OTL-Fix

sanfran 11.06.2012 15:46
Code:
Error: Unable to interpret <OTL Logfile:

       
Code:

       
OTL logfile created on: 11.06.2012 14:33:23 - Run 2> in the current context!
Error: Unable to interpret <OTL by OldTimer - Version 3.2.47.0     Folder = C:\Users\Karolin\Desktop\Trojaner> in the current context!
Error: Unable to interpret <64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation> in the current context!
Error: Unable to interpret <Internet Explorer (Version = 8.0.7600.16385)> in the current context!
Error: Unable to interpret <Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <2,75 Gb Total Physical Memory | 1,80 Gb Available Physical Memory | 65,53% Memory free> in the current context!
Error: Unable to interpret <5,49 Gb Paging File | 4,07 Gb Available in Paging File | 74,09% Paging File free> in the current context!
Error: Unable to interpret <Paging file location(s): ?:\pagefile.sys [binary data]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)> in the current context!
Error: Unable to interpret <Drive C: | 283,99 Gb Total Space | 191,32 Gb Free Space | 67,37% Space Free | Partition Type: NTFS> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Computer Name: KAROLIN-PC | User Name: Karolin | Logged in as Administrator.> in the current context!
Error: Unable to interpret <Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans> in the current context!
Error: Unable to interpret <Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Processes (SafeList) ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <PRC - [2012.06.08 23:57:34 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Karolin\Desktop\Trojaner\OTL.exe> in the current context!
Error: Unable to interpret <PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe> in the current context!
Error: Unable to interpret <PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe> in the current context!
Error: Unable to interpret <PRC - [2011.07.07 09:08:30 | 000,216,064 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe> in the current context!
Error: Unable to interpret <PRC - [2011.07.04 08:16:39 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe> in the current context!
Error: Unable to interpret <PRC - [2011.04.29 09:59:37 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe> in the current context!
Error: Unable to interpret <PRC - [2010.12.21 11:53:40 | 001,483,264 | ---- | M] (Nokia) -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe> in the current context!
Error: Unable to interpret <PRC - [2010.12.08 14:31:06 | 000,628,736 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe> in the current context!
Error: Unable to interpret <PRC - [2010.11.04 21:20:16 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe> in the current context!
Error: Unable to interpret <PRC - [2010.05.05 05:45:01 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe> in the current context!
Error: Unable to interpret <PRC - [2010.03.03 15:21:16 | 001,300,560 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe> in the current context!
Error: Unable to interpret <PRC - [2010.03.03 15:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe> in the current context!
Error: Unable to interpret <PRC - [2010.03.03 15:21:16 | 000,297,040 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe> in the current context!
Error: Unable to interpret <PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\eMachines\eMachines Updater\UpdaterService.exe> in the current context!
Error: Unable to interpret <PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe> in the current context!
Error: Unable to interpret <PRC - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe> in the current context!
Error: Unable to interpret <PRC - [2009.10.27 09:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Modules (No Company Name) ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <MOD - [2010.05.05 05:45:01 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe> in the current context!
Error: Unable to interpret <MOD - [2009.05.20 08:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll> in the current context!
Error: Unable to interpret <MOD - [2008.08.12 10:16:16 | 002,023,424 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtCore4.dll> in the current context!
Error: Unable to interpret <MOD - [2008.07.29 13:47:56 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll> in the current context!
Error: Unable to interpret <MOD - [2008.07.29 13:47:38 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll> in the current context!
Error: Unable to interpret <MOD - [2008.07.29 13:11:18 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtSvg4.dll> in the current context!
Error: Unable to interpret <MOD - [2008.07.29 13:01:12 | 007,331,840 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtGui4.dll> in the current context!
Error: Unable to interpret <MOD - [2008.07.29 12:50:26 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtXml4.dll> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Win32 Services (SafeList) ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <SRV:64bit: - [2010.03.17 16:17:08 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)> in the current context!
Error: Unable to interpret <SRV - [2012.04.21 03:16:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)> in the current context!
Error: Unable to interpret <SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)> in the current context!
Error: Unable to interpret <SRV - [2011.07.04 08:16:39 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)> in the current context!
Error: Unable to interpret <SRV - [2011.04.29 09:59:37 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)> in the current context!
Error: Unable to interpret <SRV - [2010.12.08 14:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)> in the current context!
Error: Unable to interpret <SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)> in the current context!
Error: Unable to interpret <SRV - [2010.03.03 15:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)> in the current context!
Error: Unable to interpret <SRV - [2010.02.05 20:23:06 | 000,865,824 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\eMachines\eMachines Power Management\ePowerSvc.exe -- (ePowerSvc)> in the current context!
Error: Unable to interpret <SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\eMachines\eMachines Updater\UpdaterService.exe -- (Updater Service)> in the current context!
Error: Unable to interpret <SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)> in the current context!
Error: Unable to interpret <SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe -- (GREGService)> in the current context!
Error: Unable to interpret <SRV - [2009.10.10 04:59:08 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe -- (GameConsoleService)> in the current context!
Error: Unable to interpret <SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Driver Services (SafeList) ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2011.07.04 08:16:39 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2011.07.04 08:16:39 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2010.07.30 14:18:04 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2010.07.30 14:18:02 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2010.07.30 14:18:00 | 000,026,624 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2010.07.30 14:17:56 | 000,019,456 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2010.03.20 20:59:08 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2010.03.18 00:48:58 | 002,212,352 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2010.03.17 19:24:24 | 006,405,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2010.03.17 15:21:18 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2010.02.08 15:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2009.12.22 02:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2009.12.10 13:25:10 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2009.12.02 09:01:24 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2009.08.23 11:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2009.07.14 02:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2009.05.05 10:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2009.05.05 10:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2008.08.28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)> in the current context!
Error: Unable to interpret <DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Standard Registry (SafeList) ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Internet Explorer ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=eme640&r=273607107015l0404z1l5r45i2r501> in the current context!
Error: Unable to interpret <IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=eme640&r=273607107015l0404z1l5r45i2r501> in the current context!
Error: Unable to interpret <IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}> in the current context!
Error: Unable to interpret <IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC> in the current context!
Error: Unable to interpret <IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7> in the current context!
Error: Unable to interpret <IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=eme640&r=273607107015l0404z1l5r45i2r501> in the current context!
Error: Unable to interpret <IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm> in the current context!
Error: Unable to interpret <IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=eme640&r=273607107015l0404z1l5r45i2r501> in the current context!
Error: Unable to interpret <IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}> in the current context!
Error: Unable to interpret <IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC> in the current context!
Error: Unable to interpret <IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW> in the current context!
Error: Unable to interpret <IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-3810083623-1191388484-3988811414-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=eme640&r=273607107015l0404z1l5r45i2r501> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-3810083623-1191388484-3988811414-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-3810083623-1191388484-3988811414-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-3810083623-1191388484-3988811414-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 38 7E 9C D3 72 3E CC 01  [binary data]> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-3810083623-1191388484-3988811414-1001\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-3810083623-1191388484-3988811414-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-3810083623-1191388484-3988811414-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW_deDE387DE387> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-3810083623-1191388484-3988811414-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-3810083623-1191388484-3988811414-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== FireFox ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <FF - prefs.js..browser.search.defaultenginename: "Bing"> in the current context!
Error: Unable to interpret <FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=IEFM1&q="> in the current context!
Error: Unable to interpret <FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"> in the current context!
Error: Unable to interpret <FF - prefs.js..browser.search.useDBForOrder: true> in the current context!
Error: Unable to interpret <FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/firefox?client=firefox-a&rls=org.mozilla:de:official"> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51> in the current context!
Error: Unable to interpret <FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?FORM=IEFM1&q="> in the current context!
Error: Unable to interpret <FF - prefs.js..network.proxy.type: 0> in the current context!
Error: Unable to interpret <FF - user.js - File not found> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.08.13 15:16:27 | 000,000,000 | ---D | M]> in the current context!
Error: Unable to interpret <FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.01 19:51:54 | 000,000,000 | ---D | M]> in the current context!
Error: Unable to interpret <FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.05.29 16:32:25 | 000,000,000 | ---D | M]> in the current context!
Error: Unable to interpret <FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.08.13 15:16:27 | 000,000,000 | ---D | M]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[2010.07.08 10:12:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karolin\AppData\Roaming\mozilla\Extensions> in the current context!
Error: Unable to interpret <[2012.05.02 09:36:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karolin\AppData\Roaming\mozilla\Firefox\Profiles\rn7u4nmy.default\extensions> in the current context!
Error: Unable to interpret <[2010.07.09 12:41:24 | 000,001,819 | ---- | M] () -- C:\Users\Karolin\AppData\Roaming\Mozilla\Firefox\Profiles\rn7u4nmy.default\searchplugins\bing.xml> in the current context!
Error: Unable to interpret <[2012.05.01 19:51:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions> in the current context!
Error: Unable to interpret <[2012.05.01 19:51:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions> in the current context!
Error: Unable to interpret <[2012.05.01 19:51:49 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de> in the current context!
Error: Unable to interpret <[2012.05.01 09:20:16 | 000,570,013 | ---- | M] () (No name found) -- C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI> in the current context!
Error: Unable to interpret <[2012.04.21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll> in the current context!
Error: Unable to interpret <[2012.03.05 12:15:14 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll> in the current context!
Error: Unable to interpret <[2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml> in the current context!
Error: Unable to interpret <[2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml> in the current context!
Error: Unable to interpret <[2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml> in the current context!
Error: Unable to interpret <[2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml> in the current context!
Error: Unable to interpret <[2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml> in the current context!
Error: Unable to interpret <[2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts> in the current context!
Error: Unable to interpret <O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)> in the current context!
Error: Unable to interpret <O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)> in the current context!
Error: Unable to interpret <O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)> in the current context!
Error: Unable to interpret <O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)> in the current context!
Error: Unable to interpret <O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)> in the current context!
Error: Unable to interpret <O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.> in the current context!
Error: Unable to interpret <O3:64bit: - HKU\S-1-5-21-3810083623-1191388484-3988811414-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)> in the current context!
Error: Unable to interpret <O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\eMachines\eMachines Power Management\ePowerTray.exe (Acer Incorporated)> in the current context!
Error: Unable to interpret <O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()> in the current context!
Error: Unable to interpret <O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)> in the current context!
Error: Unable to interpret <O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O4 - HKU\S-1-5-21-3810083623-1191388484-3988811414-1001..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background File not found> in the current context!
Error: Unable to interpret <O4 - HKU\S-1-5-21-3810083623-1191388484-3988811414-1001..\Run: [PC Suite Tray] C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)> in the current context!
Error: Unable to interpret <O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found> in the current context!
Error: Unable to interpret <O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found> in the current context!
Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1> in the current context!
Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1> in the current context!
Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5> in the current context!
Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3> in the current context!
Error: Unable to interpret <O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found> in the current context!
Error: Unable to interpret <O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found> in the current context!
Error: Unable to interpret <O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O1364bit: - gopher Prefix: missing> in the current context!
Error: Unable to interpret <O13 - gopher Prefix: missing> in the current context!
Error: Unable to interpret <O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)> in the current context!
Error: Unable to interpret <O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)> in the current context!
Error: Unable to interpret <O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)> in the current context!
Error: Unable to interpret <O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)> in the current context!
Error: Unable to interpret <O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1> in the current context!
Error: Unable to interpret <O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DE7DD07-8513-40F8-9162-0BECBDCCBD8B}: DhcpNameServer = 192.168.1.1> in the current context!
Error: Unable to interpret <O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8FB9F08-9693-4240-9D78-DD7B53D51E76}: DhcpNameServer = 10.110.15.1 10.110.15.2> in the current context!
Error: Unable to interpret <O18:64bit: - Protocol\Handler\ipp - No CLSID value found> in the current context!
Error: Unable to interpret <O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found> in the current context!
Error: Unable to interpret <O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found> in the current context!
Error: Unable to interpret <O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found> in the current context!
Error: Unable to interpret <O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found> in the current context!
Error: Unable to interpret <O18:64bit: - Protocol\Handler\ms-help - No CLSID value found> in the current context!
Error: Unable to interpret <O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found> in the current context!
Error: Unable to interpret <O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found> in the current context!
Error: Unable to interpret <O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.> in the current context!
Error: Unable to interpret <O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.> in the current context!
Error: Unable to interpret <O32 - HKLM CDRom: AutoRun - 1> in the current context!
Error: Unable to interpret <O34 - HKLM BootExecute: (autocheck autochk *)> in the current context!
Error: Unable to interpret <O35:64bit: - HKLM\..comfile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <O35:64bit: - HKLM\..exefile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <O35 - HKLM\..comfile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <O35 - HKLM\..exefile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*> in the current context!
Error: Unable to interpret <O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*> in the current context!
Error: Unable to interpret <O37 - HKLM\...com [@ = comfile] -- "%1" %*> in the current context!
Error: Unable to interpret <O37 - HKLM\...exe [@ = exefile] -- "%1" %*> in the current context!
Error: Unable to interpret <O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)> in the current context!
Error: Unable to interpret <O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)> in the current context!
Error: Unable to interpret <O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <SafeBootMin:64bit: AppMgmt - Service> in the current context!
Error: Unable to interpret <SafeBootMin:64bit: Base - Driver Group> in the current context!
Error: Unable to interpret <SafeBootMin:64bit: Boot Bus Extender - Driver Group> in the current context!
Error: Unable to interpret <SafeBootMin:64bit: Boot file system - Driver Group> in the current context!
Error: Unable to interpret <SafeBootMin:64bit: File system - Driver Group> in the current context!
Error: Unable to interpret <SafeBootMin:64bit: Filter - Driver Group> in the current context!
Error: Unable to interpret <SafeBootMin:64bit: HelpSvc - Service> in the current context!
Error: Unable to interpret <SafeBootMin:64bit: PCI Configuration - Driver Group> in the current context!
Error: Unable to interpret <SafeBootMin:64bit: PNP Filter - Driver Group> in the current context!
Error: Unable to interpret <SafeBootMin:64bit: Primary disk - Driver Group> in the current context!
Error: Unable to interpret <SafeBootMin:64bit: sacsvr - Service> in the current context!
Error: Unable to interpret <SafeBootMin:64bit: SCSI Class - Driver Group> in the current context!
Error: Unable to interpret <SafeBootMin:64bit: System Bus Extender - Driver Group> in the current context!
Error: Unable to interpret <SafeBootMin:64bit: vmms - Service> in the current context!
Error: Unable to interpret <SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers> in the current context!
Error: Unable to interpret <SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive> in the current context!
Error: Unable to interpret <SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive> in the current context!
Error: Unable to interpret <SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller> in the current context!
Error: Unable to interpret <SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc> in the current context!
Error: Unable to interpret <SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard> in the current context!
Error: Unable to interpret <SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse> in the current context!
Error: Unable to interpret <SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters> in the current context!
Error: Unable to interpret <SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter> in the current context!
Error: Unable to interpret <SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System> in the current context!
Error: Unable to interpret <SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive> in the current context!
Error: Unable to interpret <SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy> in the current context!
Error: Unable to interpret <SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers> in the current context!
Error: Unable to interpret <SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume> in the current context!
Error: Unable to interpret <SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices> in the current context!
Error: Unable to interpret <SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices> in the current context!
Error: Unable to interpret <SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices> in the current context!
Error: Unable to interpret <SafeBootMin: AppMgmt - Service> in the current context!
Error: Unable to interpret <SafeBootMin: Base - Driver Group> in the current context!
Error: Unable to interpret <SafeBootMin: Boot Bus Extender - Driver Group> in the current context!
Error: Unable to interpret <SafeBootMin: Boot file system - Driver Group> in the current context!
Error: Unable to interpret <SafeBootMin: File system - Driver Group> in the current context!
Error: Unable to interpret <SafeBootMin: Filter - Driver Group> in the current context!
Error: Unable to interpret <SafeBootMin: HelpSvc - Service> in the current context!
Error: Unable to interpret <SafeBootMin: PCI Configuration - Driver Group> in the current context!
Error: Unable to interpret <SafeBootMin: PNP Filter - Driver Group> in the current context!
Error: Unable to interpret <SafeBootMin: Primary disk - Driver Group> in the current context!
Error: Unable to interpret <SafeBootMin: sacsvr - Service> in the current context!
Error: Unable to interpret <SafeBootMin: SCSI Class - Driver Group> in the current context!
Error: Unable to interpret <SafeBootMin: System Bus Extender - Driver Group> in the current context!
Error: Unable to interpret <SafeBootMin: vmms - Service> in the current context!
Error: Unable to interpret <SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers> in the current context!
Error: Unable to interpret <SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive> in the current context!
Error: Unable to interpret <SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive> in the current context!
Error: Unable to interpret <SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller> in the current context!
Error: Unable to interpret <SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc> in the current context!
Error: Unable to interpret <SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard> in the current context!
Error: Unable to interpret <SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse> in the current context!
Error: Unable to interpret <SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters> in the current context!
Error: Unable to interpret <SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter> in the current context!
Error: Unable to interpret <SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System> in the current context!
Error: Unable to interpret <SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive> in the current context!
Error: Unable to interpret <SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy> in the current context!
Error: Unable to interpret <SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers> in the current context!
Error: Unable to interpret <SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume> in the current context!
Error: Unable to interpret <SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices> in the current context!
Error: Unable to interpret <SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices> in the current context!
Error: Unable to interpret <SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <SafeBootNet:64bit: AppMgmt - Service> in the current context!
Error: Unable to interpret <SafeBootNet:64bit: Base - Driver Group> in the current context!
Error: Unable to interpret <SafeBootNet:64bit: Boot Bus Extender - Driver Group> in the current context!
Error: Unable to interpret <SafeBootNet:64bit: Boot file system - Driver Group> in the current context!
Error: Unable to interpret <SafeBootNet:64bit: File system - Driver Group> in the current context!
Error: Unable to interpret <SafeBootNet:64bit: Filter - Driver Group> in the current context!
Error: Unable to interpret <SafeBootNet:64bit: HelpSvc - Service> in the current context!
Error: Unable to interpret <SafeBootNet:64bit: Messenger - Service> in the current context!
Error: Unable to interpret <SafeBootNet:64bit: NDIS Wrapper - Driver Group> in the current context!
Error: Unable to interpret <SafeBootNet:64bit: NetBIOSGroup - Driver Group> in the current context!
Error: Unable to interpret <SafeBootNet:64bit: NetDDEGroup - Driver Group> in the current context!
Error: Unable to interpret <SafeBootNet:64bit: Network - Driver Group> in the current context!
Error: Unable to interpret <SafeBootNet:64bit: NetworkProvider - Driver Group> in the current context!
Error: Unable to interpret <SafeBootNet:64bit: PCI Configuration - Driver Group> in the current context!
Error: Unable to interpret <SafeBootNet:64bit: PNP Filter - Driver Group> in the current context!
Error: Unable to interpret <SafeBootNet:64bit: PNP_TDI - Driver Group> in the current context!
Error: Unable to interpret <SafeBootNet:64bit: Primary disk - Driver Group> in the current context!
Error: Unable to interpret <SafeBootNet:64bit: rdsessmgr - Service> in the current context!
Error: Unable to interpret <SafeBootNet:64bit: sacsvr - Service> in the current context!
Error: Unable to interpret <SafeBootNet:64bit: SCSI Class - Driver Group> in the current context!
Error: Unable to interpret <SafeBootNet:64bit: Streams Drivers - Driver Group> in the current context!
Error: Unable to interpret <SafeBootNet:64bit: System Bus Extender - Driver Group> in the current context!
Error: Unable to interpret <SafeBootNet:64bit: TDI - Driver Group> in the current context!
Error: Unable to interpret <SafeBootNet:64bit: vmms - Service> in the current context!
Error: Unable to interpret <SafeBootNet:64bit: WudfUsbccidDriver - Driver> in the current context!
Error: Unable to interpret <SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers> in the current context!
Error: Unable to interpret <SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive> in the current context!
Error: Unable to interpret <SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive> in the current context!
Error: Unable to interpret <SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller> in the current context!
Error: Unable to interpret <SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc> in the current context!
Error: Unable to interpret <SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard> in the current context!
Error: Unable to interpret <SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse> in the current context!
Error: Unable to interpret <SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net> in the current context!
Error: Unable to interpret <SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient> in the current context!
Error: Unable to interpret <SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService> in the current context!
Error: Unable to interpret <SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans> in the current context!
Error: Unable to interpret <SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters> in the current context!
Error: Unable to interpret <SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter> in the current context!
Error: Unable to interpret <SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System> in the current context!
Error: Unable to interpret <SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive> in the current context!
Error: Unable to interpret <SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers> in the current context!
Error: Unable to interpret <SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy> in the current context!
Error: Unable to interpret <SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers> in the current context!
Error: Unable to interpret <SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume> in the current context!
Error: Unable to interpret <SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices> in the current context!
Error: Unable to interpret <SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices> in the current context!
Error: Unable to interpret <SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices> in the current context!
Error: Unable to interpret <SafeBootNet: AppMgmt - Service> in the current context!
Error: Unable to interpret <SafeBootNet: Base - Driver Group> in the current context!
Error: Unable to interpret <SafeBootNet: Boot Bus Extender - Driver Group> in the current context!
Error: Unable to interpret <SafeBootNet: Boot file system - Driver Group> in the current context!
Error: Unable to interpret <SafeBootNet: File system - Driver Group> in the current context!
Error: Unable to interpret <SafeBootNet: Filter - Driver Group> in the current context!
Error: Unable to interpret <SafeBootNet: HelpSvc - Service> in the current context!
Error: Unable to interpret <SafeBootNet: Messenger - Service> in the current context!
Error: Unable to interpret <SafeBootNet: NDIS Wrapper - Driver Group> in the current context!
Error: Unable to interpret <SafeBootNet: NetBIOSGroup - Driver Group> in the current context!
Error: Unable to interpret <SafeBootNet: NetDDEGroup - Driver Group> in the current context!
Error: Unable to interpret <SafeBootNet: Network - Driver Group> in the current context!
Error: Unable to interpret <SafeBootNet: NetworkProvider - Driver Group> in the current context!
Error: Unable to interpret <SafeBootNet: PCI Configuration - Driver Group> in the current context!
Error: Unable to interpret <SafeBootNet: PNP Filter - Driver Group> in the current context!
Error: Unable to interpret <SafeBootNet: PNP_TDI - Driver Group> in the current context!
Error: Unable to interpret <SafeBootNet: Primary disk - Driver Group> in the current context!
Error: Unable to interpret <SafeBootNet: rdsessmgr - Service> in the current context!
Error: Unable to interpret <SafeBootNet: sacsvr - Service> in the current context!
Error: Unable to interpret <SafeBootNet: SCSI Class - Driver Group> in the current context!
Error: Unable to interpret <SafeBootNet: Streams Drivers - Driver Group> in the current context!
Error: Unable to interpret <SafeBootNet: System Bus Extender - Driver Group> in the current context!
Error: Unable to interpret <SafeBootNet: TDI - Driver Group> in the current context!
Error: Unable to interpret <SafeBootNet: vmms - Service> in the current context!
Error: Unable to interpret <SafeBootNet: WudfUsbccidDriver - Driver> in the current context!
Error: Unable to interpret <SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers> in the current context!
Error: Unable to interpret <SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive> in the current context!
Error: Unable to interpret <SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive> in the current context!
Error: Unable to interpret <SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller> in the current context!
Error: Unable to interpret <SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc> in the current context!
Error: Unable to interpret <SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard> in the current context!
Error: Unable to interpret <SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse> in the current context!
Error: Unable to interpret <SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net> in the current context!
Error: Unable to interpret <SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient> in the current context!
Error: Unable to interpret <SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService> in the current context!
Error: Unable to interpret <SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans> in the current context!
Error: Unable to interpret <SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters> in the current context!
Error: Unable to interpret <SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter> in the current context!
Error: Unable to interpret <SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System> in the current context!
Error: Unable to interpret <SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive> in the current context!
Error: Unable to interpret <SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers> in the current context!
Error: Unable to interpret <SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy> in the current context!
Error: Unable to interpret <SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers> in the current context!
Error: Unable to interpret <SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume> in the current context!
Error: Unable to interpret <SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices> in the current context!
Error: Unable to interpret <SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices> in the current context!
Error: Unable to interpret <SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0> in the current context!
Error: Unable to interpret <ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> in the current context!
Error: Unable to interpret <ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack> in the current context!
Error: Unable to interpret <ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE> in the current context!
Error: Unable to interpret <ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx> in the current context!
Error: Unable to interpret <ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help> in the current context!
Error: Unable to interpret <ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6> in the current context!
Error: Unable to interpret <ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools> in the current context!
Error: Unable to interpret <ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements> in the current context!
Error: Unable to interpret <ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player> in the current context!
Error: Unable to interpret <ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access> in the current context!
Error: Unable to interpret <ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7> in the current context!
Error: Unable to interpret <ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll> in the current context!
Error: Unable to interpret <ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings> in the current context!
Error: Unable to interpret <ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install> in the current context!
Error: Unable to interpret <ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding> in the current context!
Error: Unable to interpret <ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts> in the current context!
Error: Unable to interpret <ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help> in the current context!
Error: Unable to interpret <ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface> in the current context!
Error: Unable to interpret <ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework> in the current context!
Error: Unable to interpret <ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework> in the current context!
Error: Unable to interpret <ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP> in the current context!
Error: Unable to interpret <ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig> in the current context!
Error: Unable to interpret <ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP> in the current context!
Error: Unable to interpret <ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)> in the current context!
Error: Unable to interpret <ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0> in the current context!
Error: Unable to interpret <ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework> in the current context!
Error: Unable to interpret <ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> in the current context!
Error: Unable to interpret <ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack> in the current context!
Error: Unable to interpret <ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE> in the current context!
Error: Unable to interpret <ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx> in the current context!
Error: Unable to interpret <ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help> in the current context!
Error: Unable to interpret <ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6> in the current context!
Error: Unable to interpret <ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools> in the current context!
Error: Unable to interpret <ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements> in the current context!
Error: Unable to interpret <ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player> in the current context!
Error: Unable to interpret <ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access> in the current context!
Error: Unable to interpret <ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner> in the current context!
Error: Unable to interpret <ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7> in the current context!
Error: Unable to interpret <ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework> in the current context!
Error: Unable to interpret <ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll> in the current context!
Error: Unable to interpret <ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings> in the current context!
Error: Unable to interpret <ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install> in the current context!
Error: Unable to interpret <ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding> in the current context!
Error: Unable to interpret <ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts> in the current context!
Error: Unable to interpret <ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player> in the current context!
Error: Unable to interpret <ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help> in the current context!
Error: Unable to interpret <ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface> in the current context!
Error: Unable to interpret <ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework> in the current context!
Error: Unable to interpret <ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP> in the current context!
Error: Unable to interpret <ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig> in the current context!
Error: Unable to interpret <ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)> in the current context!
Error: Unable to interpret <Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)> in the current context!
Error: Unable to interpret <Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <CREATERESTOREPOINT> in the current context!
Error: Unable to interpret <Restore point Set: OTL Restore Point> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Files/Folders - Created Within 30 Days ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[2012.06.11 11:48:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET> in the current context!
Error: Unable to interpret <[2012.06.09 00:41:52 | 000,000,000 | ---D | C] -- C:\Users\Karolin\Desktop\Trojaner> in the current context!
Error: Unable to interpret <[2012.06.08 18:30:23 | 000,000,000 | ---D | C] -- C:\Users\Karolin\Desktop\CD für die anderen> in the current context!
Error: Unable to interpret <[2012.06.08 17:28:56 | 000,000,000 | ---D | C] -- C:\Users\Karolin\Desktop\Marie> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Files - Modified Within 30 Days ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[2012.06.11 14:30:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat> in the current context!
Error: Unable to interpret <[2012.06.11 14:17:30 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0> in the current context!
Error: Unable to interpret <[2012.06.11 14:17:30 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0> in the current context!
Error: Unable to interpret <[2012.06.11 14:16:32 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI> in the current context!
Error: Unable to interpret <[2012.06.11 14:16:32 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat> in the current context!
Error: Unable to interpret <[2012.06.11 14:16:32 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat> in the current context!
Error: Unable to interpret <[2012.06.11 14:16:32 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat> in the current context!
Error: Unable to interpret <[2012.06.11 14:16:32 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat> in the current context!
Error: Unable to interpret <[2012.06.11 14:09:46 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job> in the current context!
Error: Unable to interpret <[2012.06.11 14:09:23 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job> in the current context!
Error: Unable to interpret <[2012.06.11 14:08:39 | 2210,578,432 | -HS- | M] () -- C:\hiberfil.sys> in the current context!
Error: Unable to interpret <[2012.06.08 23:56:04 | 000,000,000 | ---- | M] () -- C:\Users\Karolin\defogger_reenable> in the current context!
Error: Unable to interpret <[2012.06.08 20:40:40 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk> in the current context!
Error: Unable to interpret <[2012.06.06 11:07:20 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf> in the current context!
Error: Unable to interpret <[2012.05.29 17:09:38 | 000,139,585 | ---- | M] () -- C:\Users\Karolin\Desktop\ESt2011_Bork_Karolin.elfo> in the current context!
Error: Unable to interpret <[2012.05.29 15:21:53 | 000,001,242 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk> in the current context!
Error: Unable to interpret <[2012.05.15 13:04:51 | 000,374,704 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Files Created - No Company Name ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[2012.06.08 23:56:04 | 000,000,000 | ---- | C] () -- C:\Users\Karolin\defogger_reenable> in the current context!
Error: Unable to interpret <[2012.06.08 20:40:40 | 000,001,122 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk> in the current context!
Error: Unable to interpret <[2012.06.06 11:07:20 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf> in the current context!
Error: Unable to interpret <[2011.07.05 11:24:41 | 000,000,000 | ---- | C] () -- C:\Users\Karolin\AppData\Local\{3733F916-33B1-4DCF-A6A9-880BA0CC82E1}> in the current context!
Error: Unable to interpret <[2011.04.30 13:08:01 | 000,000,000 | ---- | C] () -- C:\Users\Karolin\AppData\Local\{E7B6B059-DE6D-4FFE-BF78-ECA1C2EA6BB4}> in the current context!
Error: Unable to interpret <[2010.12.12 20:53:46 | 000,000,704 | ---- | C] () -- C:\Users\Karolin\AppData\Local\_rschroe.FPT> in the current context!
Error: Unable to interpret <[2010.12.12 20:53:46 | 000,000,665 | ---- | C] () -- C:\Users\Karolin\AppData\Local\_rschroe.dbf> in the current context!
Error: Unable to interpret <[2010.10.13 16:22:25 | 000,000,822 | ---- | C] () -- C:\Users\Karolin\AppData\Roaming\wklnhst.dat> in the current context!
Error: Unable to interpret <[2010.08.13 15:09:12 | 000,181,084 | ---- | C] () -- C:\Windows\hpoins13.dat> in the current context!
Error: Unable to interpret <[2010.08.13 15:09:11 | 000,000,457 | ---- | C] () -- C:\Windows\hpomdl13.dat> in the current context!
Error: Unable to interpret <[2010.08.13 14:38:32 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI> in the current context!
Error: Unable to interpret <[2010.08.11 16:25:06 | 000,005,120 | ---- | C] () -- C:\Users\Karolin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini> in the current context!
Error: Unable to interpret <[2010.07.18 20:16:53 | 000,091,380 | ---- | C] () -- C:\Users\Karolin\AppData\Roaming\mdbu.bin> in the current context!
Error: Unable to interpret <[2010.07.08 10:12:09 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== LOP Check ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[2011.10.04 16:47:50 | 000,000,000 | ---D | M] -- C:\Users\Karolin\AppData\Roaming\elsterformular> in the current context!
Error: Unable to interpret <[2011.07.02 16:41:09 | 000,000,000 | ---D | M] -- C:\Users\Karolin\AppData\Roaming\Nokia> in the current context!
Error: Unable to interpret <[2011.07.02 16:41:10 | 000,000,000 | ---D | M] -- C:\Users\Karolin\AppData\Roaming\PC Suite> in the current context!
Error: Unable to interpret <[2011.07.07 21:09:25 | 000,000,000 | ---D | M] -- C:\Users\Karolin\AppData\Roaming\schroedelarbeitblaetter> in the current context!
Error: Unable to interpret <[2010.10.13 16:22:28 | 000,000,000 | ---D | M] -- C:\Users\Karolin\AppData\Roaming\Template> in the current context!
Error: Unable to interpret <[2010.07.08 19:51:09 | 000,000,000 | ---D | M] -- C:\Users\Karolin\AppData\Roaming\WildTangent> in the current context!
Error: Unable to interpret <[2012.05.24 10:24:22 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Purity Check ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Custom Scans ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << %ALLUSERSPROFILE%\Application Data\*. >> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << %ALLUSERSPROFILE%\Application Data\*.exe /s >> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << %APPDATA%\*. >> in the current context!
Error: Unable to interpret <[2010.07.11 17:43:17 | 000,000,000 | ---D | M] -- C:\Users\Karolin\AppData\Roaming\Adobe> in the current context!
Error: Unable to interpret <[2010.07.07 18:46:02 | 000,000,000 | ---D | M] -- C:\Users\Karolin\AppData\Roaming\ATI> in the current context!
Error: Unable to interpret <[2010.10.11 21:05:21 | 000,000,000 | ---D | M] -- C:\Users\Karolin\AppData\Roaming\Avira> in the current context!
Error: Unable to interpret <[2011.10.04 16:47:50 | 000,000,000 | ---D | M] -- C:\Users\Karolin\AppData\Roaming\elsterformular> in the current context!
Error: Unable to interpret <[2010.07.07 18:47:47 | 000,000,000 | ---D | M] -- C:\Users\Karolin\AppData\Roaming\Google> in the current context!
Error: Unable to interpret <[2010.08.19 14:14:21 | 000,000,000 | ---D | M] -- C:\Users\Karolin\AppData\Roaming\HP> in the current context!
Error: Unable to interpret <[2010.07.07 18:44:22 | 000,000,000 | ---D | M] -- C:\Users\Karolin\AppData\Roaming\Identities> in the current context!
Error: Unable to interpret <[2010.07.07 18:44:50 | 000,000,000 | ---D | M] -- C:\Users\Karolin\AppData\Roaming\Macromedia> in the current context!
Error: Unable to interpret <[2010.10.11 21:04:51 | 000,000,000 | ---D | M] -- C:\Users\Karolin\AppData\Roaming\Malwarebytes> in the current context!
Error: Unable to interpret <[2009.07.14 09:44:38 | 000,000,000 | ---D | M] -- C:\Users\Karolin\AppData\Roaming\Media Center Programs> in the current context!
Error: Unable to interpret <[2011.11.18 20:58:59 | 000,000,000 | --SD | M] -- C:\Users\Karolin\AppData\Roaming\Microsoft> in the current context!
Error: Unable to interpret <[2010.08.13 14:35:00 | 000,000,000 | ---D | M] -- C:\Users\Karolin\AppData\Roaming\Microsoft Web Folders> in the current context!
Error: Unable to interpret <[2010.07.08 10:12:17 | 000,000,000 | ---D | M] -- C:\Users\Karolin\AppData\Roaming\Mozilla> in the current context!
Error: Unable to interpret <[2011.07.02 16:41:09 | 000,000,000 | ---D | M] -- C:\Users\Karolin\AppData\Roaming\Nokia> in the current context!
Error: Unable to interpret <[2011.07.02 16:41:10 | 000,000,000 | ---D | M] -- C:\Users\Karolin\AppData\Roaming\PC Suite> in the current context!
Error: Unable to interpret <[2011.07.07 21:09:25 | 000,000,000 | ---D | M] -- C:\Users\Karolin\AppData\Roaming\schroedelarbeitblaetter> in the current context!
Error: Unable to interpret <[2010.10.13 16:22:28 | 000,000,000 | ---D | M] -- C:\Users\Karolin\AppData\Roaming\Template> in the current context!
Error: Unable to interpret <[2010.07.08 19:51:09 | 000,000,000 | ---D | M] -- C:\Users\Karolin\AppData\Roaming\WildTangent> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << %APPDATA%\*.exe /s >> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << %SYSTEMDRIVE%\*.exe >> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << MD5 for: AGP440.SYS  >> in the current context!
Error: Unable to interpret <[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys> in the current context!
Error: Unable to interpret <[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys> in the current context!
Error: Unable to interpret <[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys> in the current context!
Error: Unable to interpret <[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << MD5 for: ATAPI.SYS  >> in the current context!
Error: Unable to interpret <[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys> in the current context!
Error: Unable to interpret <[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys> in the current context!
Error: Unable to interpret <[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys> in the current context!
Error: Unable to interpret <[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << MD5 for: CNGAUDIT.DLL  >> in the current context!
Error: Unable to interpret <[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll> in the current context!
Error: Unable to interpret <[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll> in the current context!
Error: Unable to interpret <[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll> in the current context!
Error: Unable to interpret <[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << MD5 for: IASTORV.SYS  >> in the current context!
Error: Unable to interpret <[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys> in the current context!
Error: Unable to interpret <[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys> in the current context!
Error: Unable to interpret <[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys> in the current context!
Error: Unable to interpret <[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys> in the current context!
Error: Unable to interpret <[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys> in the current context!
Error: Unable to interpret <[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys> in the current context!
Error: Unable to interpret <[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys> in the current context!
Error: Unable to interpret <[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys> in the current context!
Error: Unable to interpret <[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << MD5 for: NETLOGON.DLL  >> in the current context!
Error: Unable to interpret <[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll> in the current context!
Error: Unable to interpret <[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll> in the current context!
Error: Unable to interpret <[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll> in the current context!
Error: Unable to interpret <[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll> in the current context!
Error: Unable to interpret <[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll> in the current context!
Error: Unable to interpret <[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << MD5 for: NVSTOR.SYS  >> in the current context!
Error: Unable to interpret <[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys> in the current context!
Error: Unable to interpret <[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys> in the current context!
Error: Unable to interpret <[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys> in the current context!
Error: Unable to interpret <[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys> in the current context!
Error: Unable to interpret <[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys> in the current context!
Error: Unable to interpret <[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys> in the current context!
Error: Unable to interpret <[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys> in the current context!
Error: Unable to interpret <[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys> in the current context!
Error: Unable to interpret <[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << MD5 for: SCECLI.DLL  >> in the current context!
Error: Unable to interpret <[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll> in the current context!
Error: Unable to interpret <[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll> in the current context!
Error: Unable to interpret <[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll> in the current context!
Error: Unable to interpret <[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll> in the current context!
Error: Unable to interpret <[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll> in the current context!
Error: Unable to interpret <[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << MD5 for: USER32.DLL  >> in the current context!
Error: Unable to interpret <[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll> in the current context!
Error: Unable to interpret <[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll> in the current context!
Error: Unable to interpret <[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll> in the current context!
Error: Unable to interpret <[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll> in the current context!
Error: Unable to interpret <[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll> in the current context!
Error: Unable to interpret <[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << MD5 for: USERINIT.EXE  >> in the current context!
Error: Unable to interpret <[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe> in the current context!
Error: Unable to interpret <[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe> in the current context!
Error: Unable to interpret <[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe> in the current context!
Error: Unable to interpret <[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe> in the current context!
Error: Unable to interpret <[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe> in the current context!
Error: Unable to interpret <[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << MD5 for: WININIT.EXE  >> in the current context!
Error: Unable to interpret <[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe> in the current context!
Error: Unable to interpret <[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe> in the current context!
Error: Unable to interpret <[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe> in the current context!
Error: Unable to interpret <[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << MD5 for: WINLOGON.EXE  >> in the current context!
Error: Unable to interpret <[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe> in the current context!
Error: Unable to interpret <[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe> in the current context!
Error: Unable to interpret <[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe> in the current context!
Error: Unable to interpret <[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe> in the current context!
Error: Unable to interpret <[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe> in the current context!
Error: Unable to interpret <[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << MD5 for: WS2IFSL.SYS  >> in the current context!
Error: Unable to interpret <[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys> in the current context!
Error: Unable to interpret <[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << %systemroot%\system32\drivers\*.sys /lockedfiles >> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << %systemroot%\System32\config\*.sav >> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << %systemroot%\*. /mp /s >> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << %systemroot%\system32\*.dll /lockedfiles >> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <<           >> in the current context!
Error: Unable to interpret << End of report >

--- --- ---
> in the current context!
 
OTL by OldTimer - Version 3.2.47.0 log created on 06112012_163226

cosinus 11.06.2012 15:57
Du hast die Anleitung nicht 1:1 umgesetzt! Das Fixscript muss in die Textbox
Bitte sorgfältiger lesen und umsetzen!

sanfran 11.06.2012 16:24
Hmm, da muss wohl irgendwas falsch gelaufen sein ... Habs jetzt nochmal gemacht.
Danke für deine Mühe :)!

Code:
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\S-1-5-21-3810083623-1191388484-3988811414-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-3810083623-1191388484-3988811414-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-3810083623-1191388484-3988811414-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-3810083623-1191388484-3988811414-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
HKEY_USERS\S-1-5-21-3810083623-1191388484-3988811414-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3810083623-1191388484-3988811414-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33103 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Karolin
->Temp folder emptied: 1519056058 bytes
->Temporary Internet Files folder emptied: 86362339 bytes
->Java cache emptied: 22395374 bytes
->FireFox cache emptied: 331405107 bytes
->Flash cache emptied: 98761 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 508951686 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67698 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 2.354,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Karolin
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.47.0 log created on 06112012_171440

Files\Folders moved on Reboot...
C:\Users\Karolin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...

cosinus 11.06.2012 20:17
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

sanfran 11.06.2012 22:34
Code:
23:29:41.0840 2604        TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
23:29:42.0121 2604        ============================================================
23:29:42.0121 2604        Current date / time: 2012/06/11 23:29:42.0121
23:29:42.0121 2604        SystemInfo:
23:29:42.0121 2604       
23:29:42.0121 2604        OS Version: 6.1.7600 ServicePack: 0.0
23:29:42.0121 2604        Product type: Workstation
23:29:42.0121 2604        ComputerName: KAROLIN-PC
23:29:42.0121 2604        UserName: Karolin
23:29:42.0121 2604        Windows directory: C:\Windows
23:29:42.0121 2604        System windows directory: C:\Windows
23:29:42.0121 2604        Running under WOW64
23:29:42.0121 2604        Processor architecture: Intel x64
23:29:42.0121 2604        Number of processors: 2
23:29:42.0121 2604        Page size: 0x1000
23:29:42.0136 2604        Boot type: Normal boot
23:29:42.0136 2604        ============================================================
23:29:43.0431 2604        Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:29:43.0431 2604        ============================================================
23:29:43.0431 2604        \Device\Harddisk0\DR0:
23:29:43.0431 2604        MBR partitions:
23:29:43.0431 2604        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1C01A24, BlocksNum 0x32FCD
23:29:43.0431 2604        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1C349F1, BlocksNum 0x237F98BF
23:29:43.0431 2604        ============================================================
23:29:43.0462 2604        C: <-> \Device\Harddisk0\DR0\Partition1
23:29:43.0462 2604        ============================================================
23:29:43.0462 2604        Initialize success
23:29:43.0462 2604        ============================================================
23:30:07.0003 4376        ============================================================
23:30:07.0003 4376        Scan started
23:30:07.0003 4376        Mode: Manual; SigCheck; TDLFS;
23:30:07.0003 4376        ============================================================
23:30:07.0923 4376        1394ohci        (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
23:30:08.0110 4376        1394ohci - ok
23:30:08.0157 4376        ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
23:30:08.0173 4376        ACPI - ok
23:30:08.0204 4376        AcpiPmi        (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
23:30:08.0297 4376        AcpiPmi - ok
23:30:08.0344 4376        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
23:30:08.0360 4376        adp94xx - ok
23:30:08.0422 4376        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
23:30:08.0438 4376        adpahci - ok
23:30:08.0453 4376        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
23:30:08.0485 4376        adpu320 - ok
23:30:08.0516 4376        AeLookupSvc    (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
23:30:08.0594 4376        AeLookupSvc - ok
23:30:08.0656 4376        AFD            (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
23:30:08.0765 4376        AFD - ok
23:30:08.0797 4376        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
23:30:08.0828 4376        agp440 - ok
23:30:08.0875 4376        ALG            (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
23:30:08.0953 4376        ALG - ok
23:30:08.0984 4376        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
23:30:09.0015 4376        aliide - ok
23:30:09.0062 4376        AMD External Events Utility (53e74b13eef0e3ed256f4b8028f91274) C:\Windows\system32\atiesrxx.exe
23:30:09.0124 4376        AMD External Events Utility - ok
23:30:09.0124 4376        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
23:30:09.0140 4376        amdide - ok
23:30:09.0187 4376        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
23:30:09.0233 4376        AmdK8 - ok
23:30:09.0577 4376        amdkmdag        (09a3d41550116e898c4c6f2b941e6d07) C:\Windows\system32\DRIVERS\atipmdag.sys
23:30:09.0748 4376        amdkmdag - ok
23:30:09.0857 4376        amdkmdap        (5e9d3213040458690ebb61c37ec685ba) C:\Windows\system32\DRIVERS\atikmpag.sys
23:30:09.0904 4376        amdkmdap - ok
23:30:09.0935 4376        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
23:30:09.0998 4376        AmdPPM - ok
23:30:10.0045 4376        amdsata        (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
23:30:10.0076 4376        amdsata - ok
23:30:10.0091 4376        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
23:30:10.0107 4376        amdsbs - ok
23:30:10.0138 4376        amdxata        (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
23:30:10.0154 4376        amdxata - ok
23:30:10.0247 4376        AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
23:30:10.0279 4376        AntiVirSchedulerService - ok
23:30:10.0310 4376        AntiVirService  (72d90e56563165984224493069c69ed4) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
23:30:10.0325 4376        AntiVirService - ok
23:30:10.0357 4376        AppID          (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
23:30:10.0466 4376        AppID - ok
23:30:10.0497 4376        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
23:30:10.0544 4376        AppIDSvc - ok
23:30:10.0575 4376        Appinfo        (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
23:30:10.0637 4376        Appinfo - ok
23:30:10.0700 4376        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
23:30:10.0731 4376        arc - ok
23:30:10.0731 4376        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
23:30:10.0747 4376        arcsas - ok
23:30:10.0778 4376        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:30:10.0825 4376        AsyncMac - ok
23:30:10.0840 4376        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
23:30:10.0856 4376        atapi - ok
23:30:10.0996 4376        athr            (d53972336e7408330417de45619d75e7) C:\Windows\system32\DRIVERS\athrx.sys
23:30:11.0090 4376        athr - ok
23:30:11.0230 4376        AtiPcie        (c07a040d6b5a42dd41ee386cf90974c8) C:\Windows\system32\DRIVERS\AtiPcie.sys
23:30:11.0293 4376        AtiPcie - ok
23:30:11.0355 4376        AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
23:30:11.0433 4376        AudioEndpointBuilder - ok
23:30:11.0449 4376        AudioSrv        (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
23:30:11.0496 4376        AudioSrv - ok
23:30:11.0558 4376        avgntflt        (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
23:30:11.0589 4376        avgntflt - ok
23:30:11.0636 4376        avipbb          (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
23:30:11.0652 4376        avipbb - ok
23:30:11.0683 4376        AxInstSV        (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
23:30:11.0792 4376        AxInstSV - ok
23:30:11.0854 4376        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
23:30:11.0917 4376        b06bdrv - ok
23:30:11.0948 4376        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:30:12.0010 4376        b57nd60a - ok
23:30:12.0073 4376        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
23:30:12.0151 4376        BDESVC - ok
23:30:12.0182 4376        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:30:12.0276 4376        Beep - ok
23:30:12.0338 4376        BFE            (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
23:30:12.0416 4376        BFE - ok
23:30:12.0478 4376        BITS            (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
23:30:12.0541 4376        BITS - ok
23:30:12.0588 4376        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
23:30:12.0634 4376        blbdrive - ok
23:30:12.0697 4376        bowser          (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
23:30:12.0759 4376        bowser - ok
23:30:12.0806 4376        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:30:12.0853 4376        BrFiltLo - ok
23:30:12.0853 4376        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:30:12.0868 4376        BrFiltUp - ok
23:30:12.0900 4376        Browser        (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
23:30:12.0993 4376        Browser - ok
23:30:13.0024 4376        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:30:13.0071 4376        Brserid - ok
23:30:13.0087 4376        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:30:13.0118 4376        BrSerWdm - ok
23:30:13.0118 4376        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:30:13.0180 4376        BrUsbMdm - ok
23:30:13.0212 4376        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:30:13.0227 4376        BrUsbSer - ok
23:30:13.0243 4376        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
23:30:13.0258 4376        BTHMODEM - ok
23:30:13.0290 4376        bthserv        (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
23:30:13.0336 4376        bthserv - ok
23:30:13.0368 4376        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:30:13.0414 4376        cdfs - ok
23:30:13.0446 4376        cdrom          (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
23:30:13.0477 4376        cdrom - ok
23:30:13.0508 4376        CertPropSvc    (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
23:30:13.0617 4376        CertPropSvc - ok
23:30:13.0648 4376        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
23:30:13.0680 4376        circlass - ok
23:30:13.0711 4376        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:30:13.0726 4376        CLFS - ok
23:30:13.0804 4376        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:30:13.0836 4376        clr_optimization_v2.0.50727_32 - ok
23:30:13.0851 4376        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:30:13.0867 4376        clr_optimization_v2.0.50727_64 - ok
23:30:13.0945 4376        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:30:13.0976 4376        clr_optimization_v4.0.30319_32 - ok
23:30:14.0007 4376        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:30:14.0007 4376        clr_optimization_v4.0.30319_64 - ok
23:30:14.0038 4376        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
23:30:14.0070 4376        CmBatt - ok
23:30:14.0085 4376        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
23:30:14.0101 4376        cmdide - ok
23:30:14.0179 4376        CNG            (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
23:30:14.0226 4376        CNG - ok
23:30:14.0257 4376        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
23:30:14.0288 4376        Compbatt - ok
23:30:14.0304 4376        CompositeBus    (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
23:30:14.0350 4376        CompositeBus - ok
23:30:14.0366 4376        COMSysApp - ok
23:30:14.0382 4376        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
23:30:14.0397 4376        crcdisk - ok
23:30:14.0444 4376        CryptSvc        (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
23:30:14.0491 4376        CryptSvc - ok
23:30:14.0538 4376        DcomLaunch      (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
23:30:14.0600 4376        DcomLaunch - ok
23:30:14.0647 4376        defragsvc      (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
23:30:14.0694 4376        defragsvc - ok
23:30:14.0756 4376        DfsC            (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
23:30:14.0818 4376        DfsC - ok
23:30:14.0881 4376        Dhcp            (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
23:30:15.0006 4376        Dhcp - ok
23:30:15.0037 4376        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:30:15.0130 4376        discache - ok
23:30:15.0177 4376        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
23:30:15.0193 4376        Disk - ok
23:30:15.0240 4376        Dnscache        (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
23:30:15.0271 4376        Dnscache - ok
23:30:15.0318 4376        dot3svc        (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
23:30:15.0364 4376        dot3svc - ok
23:30:15.0427 4376        Dot4            (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
23:30:15.0474 4376        Dot4 - ok
23:30:15.0505 4376        Dot4Print      (85135ad27e79b689335c08167d917cde) C:\Windows\system32\DRIVERS\Dot4Prt.sys
23:30:15.0536 4376        Dot4Print - ok
23:30:15.0567 4376        dot4usb        (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
23:30:15.0598 4376        dot4usb - ok
23:30:15.0630 4376        DPS            (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
23:30:15.0692 4376        DPS - ok
23:30:15.0723 4376        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:30:15.0786 4376        drmkaud - ok
23:30:15.0895 4376        DsiWMIService  (61e894fe1e9cc720c909e6e343351794) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
23:30:15.0926 4376        DsiWMIService - ok
23:30:16.0004 4376        DXGKrnl        (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
23:30:16.0051 4376        DXGKrnl - ok
23:30:16.0098 4376        EapHost        (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
23:30:16.0176 4376        EapHost - ok
23:30:16.0332 4376        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
23:30:16.0394 4376        ebdrv - ok
23:30:16.0503 4376        EFS            (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
23:30:16.0566 4376        EFS - ok
23:30:16.0659 4376        ehRecvr        (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
23:30:16.0753 4376        ehRecvr - ok
23:30:16.0784 4376        ehSched        (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
23:30:16.0862 4376        ehSched - ok
23:30:16.0956 4376        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
23:30:16.0971 4376        elxstor - ok
23:30:17.0080 4376        ePowerSvc      (49eef52bfb986a2b5d70f4ec12637d7b) C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe
23:30:17.0112 4376        ePowerSvc - ok
23:30:17.0221 4376        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
23:30:17.0268 4376        ErrDev - ok
23:30:17.0346 4376        EventSystem    (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
23:30:17.0408 4376        EventSystem - ok
23:30:17.0455 4376        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:30:17.0517 4376        exfat - ok
23:30:17.0548 4376        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:30:17.0595 4376        fastfat - ok
23:30:17.0673 4376        Fax            (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
23:30:17.0736 4376        Fax - ok
23:30:17.0751 4376        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
23:30:17.0798 4376        fdc - ok
23:30:17.0829 4376        fdPHost        (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
23:30:17.0907 4376        fdPHost - ok
23:30:17.0938 4376        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
23:30:17.0985 4376        FDResPub - ok
23:30:18.0016 4376        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:30:18.0032 4376        FileInfo - ok
23:30:18.0048 4376        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:30:18.0094 4376        Filetrace - ok
23:30:18.0110 4376        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
23:30:18.0141 4376        flpydisk - ok
23:30:18.0172 4376        FltMgr          (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
23:30:18.0188 4376        FltMgr - ok
23:30:18.0266 4376        FontCache      (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
23:30:18.0313 4376        FontCache - ok
23:30:18.0375 4376        FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:30:18.0406 4376        FontCache3.0.0.0 - ok
23:30:18.0438 4376        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:30:18.0469 4376        FsDepends - ok
23:30:18.0500 4376        Fs_Rec          (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
23:30:18.0516 4376        Fs_Rec - ok
23:30:18.0562 4376        fvevol          (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:30:18.0578 4376        fvevol - ok
23:30:18.0609 4376        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:30:18.0625 4376        gagp30kx - ok
23:30:18.0734 4376        GameConsoleService (6858c318e8daa40e747e6fb9b214e104) C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe
23:30:18.0765 4376        GameConsoleService - ok
23:30:18.0812 4376        gpsvc          (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
23:30:18.0859 4376        gpsvc - ok
23:30:18.0937 4376        GREGService    (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe
23:30:18.0952 4376        GREGService - ok
23:30:18.0999 4376        gupdate        (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:30:18.0999 4376        gupdate - ok
23:30:19.0030 4376        gupdatem        (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:30:19.0046 4376        gupdatem - ok
23:30:19.0093 4376        gusvc          (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
23:30:19.0124 4376        gusvc - ok
23:30:19.0171 4376        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:30:19.0218 4376        hcw85cir - ok
23:30:19.0264 4376        HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
23:30:19.0311 4376        HdAudAddService - ok
23:30:19.0358 4376        HDAudBus        (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:30:19.0374 4376        HDAudBus - ok
23:30:19.0389 4376        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
23:30:19.0420 4376        HidBatt - ok
23:30:19.0436 4376        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
23:30:19.0467 4376        HidBth - ok
23:30:19.0498 4376        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
23:30:19.0530 4376        HidIr - ok
23:30:19.0561 4376        hidserv        (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
23:30:19.0623 4376        hidserv - ok
23:30:19.0670 4376        HidUsb          (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
23:30:19.0701 4376        HidUsb - ok
23:30:19.0764 4376        hkmsvc          (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
23:30:19.0810 4376        hkmsvc - ok
23:30:19.0857 4376        HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
23:30:19.0935 4376        HomeGroupListener - ok
23:30:19.0966 4376        HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
23:30:20.0029 4376        HomeGroupProvider - ok
23:30:20.0154 4376        hpqcxs08        (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
23:30:20.0185 4376        hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
23:30:20.0185 4376        hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
23:30:20.0232 4376        hpqddsvc        (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
23:30:20.0263 4376        hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
23:30:20.0263 4376        hpqddsvc - detected UnsignedFile.Multi.Generic (1)
23:30:20.0294 4376        HpSAMD          (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
23:30:20.0325 4376        HpSAMD - ok
23:30:20.0372 4376        HTTP            (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
23:30:20.0466 4376        HTTP - ok
23:30:20.0481 4376        hwpolicy        (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
23:30:20.0512 4376        hwpolicy - ok
23:30:20.0559 4376        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
23:30:20.0590 4376        i8042prt - ok
23:30:20.0653 4376        iaStorV        (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
23:30:20.0684 4376        iaStorV - ok
23:30:20.0778 4376        idsvc          (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:30:20.0824 4376        idsvc - ok
23:30:20.0856 4376        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
23:30:20.0871 4376        iirsp - ok
23:30:20.0918 4376        IKEEXT          (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
23:30:20.0980 4376        IKEEXT - ok
23:30:21.0136 4376        IntcAzAudAddService (feadc18677a85a123e95a9b976101120) C:\Windows\system32\drivers\RTKVHD64.sys
23:30:21.0199 4376        IntcAzAudAddService - ok
23:30:21.0308 4376        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
23:30:21.0339 4376        intelide - ok
23:30:21.0355 4376        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:30:21.0402 4376        intelppm - ok
23:30:21.0448 4376        IPBusEnum      (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
23:30:21.0526 4376        IPBusEnum - ok
23:30:21.0542 4376        IpFilterDriver  (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:30:21.0589 4376        IpFilterDriver - ok
23:30:21.0636 4376        iphlpsvc        (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
23:30:21.0729 4376        iphlpsvc - ok
23:30:21.0760 4376        IPMIDRV        (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
23:30:21.0776 4376        IPMIDRV - ok
23:30:21.0792 4376        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:30:21.0838 4376        IPNAT - ok
23:30:21.0870 4376        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:30:21.0885 4376        IRENUM - ok
23:30:21.0901 4376        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
23:30:21.0916 4376        isapnp - ok
23:30:21.0932 4376        iScsiPrt        (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
23:30:21.0948 4376        iScsiPrt - ok
23:30:21.0994 4376        k57nd60a        (c9b4ecc187581e5bf3f76648884b7829) C:\Windows\system32\DRIVERS\k57nd60a.sys
23:30:22.0010 4376        k57nd60a - ok
23:30:22.0041 4376        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
23:30:22.0057 4376        kbdclass - ok
23:30:22.0072 4376        kbdhid          (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
23:30:22.0104 4376        kbdhid - ok
23:30:22.0135 4376        KeyIso          (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
23:30:22.0150 4376        KeyIso - ok
23:30:22.0150 4376        KSecDD          (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
23:30:22.0182 4376        KSecDD - ok
23:30:22.0197 4376        KSecPkg        (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
23:30:22.0213 4376        KSecPkg - ok
23:30:22.0244 4376        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:30:22.0291 4376        ksthunk - ok
23:30:22.0338 4376        KtmRm          (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
23:30:22.0416 4376        KtmRm - ok
23:30:22.0494 4376        LanmanServer    (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
23:30:22.0572 4376        LanmanServer - ok
23:30:22.0603 4376        LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
23:30:22.0650 4376        LanmanWorkstation - ok
23:30:22.0696 4376        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:30:22.0774 4376        lltdio - ok
23:30:22.0806 4376        lltdsvc        (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
23:30:22.0852 4376        lltdsvc - ok
23:30:22.0884 4376        lmhosts        (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
23:30:22.0930 4376        lmhosts - ok
23:30:22.0977 4376        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:30:23.0008 4376        LSI_FC - ok
23:30:23.0024 4376        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:30:23.0055 4376        LSI_SAS - ok
23:30:23.0055 4376        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:30:23.0086 4376        LSI_SAS2 - ok
23:30:23.0086 4376        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:30:23.0102 4376        LSI_SCSI - ok
23:30:23.0118 4376        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:30:23.0164 4376        luafv - ok
23:30:23.0227 4376        MBAMProtector  (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
23:30:23.0258 4376        MBAMProtector - ok
23:30:23.0398 4376        MBAMService    (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
23:30:23.0445 4376        MBAMService - ok
23:30:23.0508 4376        McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
23:30:23.0539 4376        McComponentHostService - ok
23:30:23.0570 4376        Mcx2Svc        (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
23:30:23.0601 4376        Mcx2Svc - ok
23:30:23.0617 4376        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
23:30:23.0632 4376        megasas - ok
23:30:23.0679 4376        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
23:30:23.0726 4376        MegaSR - ok
23:30:23.0773 4376        MMCSS          (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:30:23.0851 4376        MMCSS - ok
23:30:23.0866 4376        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:30:23.0913 4376        Modem - ok
23:30:23.0960 4376        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:30:24.0007 4376        monitor - ok
23:30:24.0038 4376        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
23:30:24.0069 4376        mouclass - ok
23:30:24.0100 4376        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:30:24.0132 4376        mouhid - ok
23:30:24.0163 4376        mountmgr        (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
23:30:24.0194 4376        mountmgr - ok
23:30:24.0256 4376        MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:30:24.0288 4376        MozillaMaintenance - ok
23:30:24.0319 4376        mpio            (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
23:30:24.0334 4376        mpio - ok
23:30:24.0350 4376        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:30:24.0381 4376        mpsdrv - ok
23:30:24.0444 4376        MpsSvc          (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
23:30:24.0506 4376        MpsSvc - ok
23:30:24.0553 4376        MRxDAV          (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
23:30:24.0600 4376        MRxDAV - ok
23:30:24.0646 4376        mrxsmb          (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:30:24.0693 4376        mrxsmb - ok
23:30:24.0740 4376        mrxsmb10        (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:30:24.0787 4376        mrxsmb10 - ok
23:30:24.0802 4376        mrxsmb20        (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:30:24.0834 4376        mrxsmb20 - ok
23:30:24.0849 4376        msahci          (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
23:30:24.0880 4376        msahci - ok
23:30:24.0912 4376        msdsm          (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
23:30:24.0943 4376        msdsm - ok
23:30:24.0990 4376        MSDTC          (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
23:30:25.0052 4376        MSDTC - ok
23:30:25.0083 4376        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:30:25.0130 4376        Msfs - ok
23:30:25.0177 4376        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:30:25.0208 4376        mshidkmdf - ok
23:30:25.0224 4376        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
23:30:25.0239 4376        msisadrv - ok
23:30:25.0270 4376        MSiSCSI        (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
23:30:25.0317 4376        MSiSCSI - ok
23:30:25.0333 4376        msiserver - ok
23:30:25.0364 4376        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:30:25.0411 4376        MSKSSRV - ok
23:30:25.0411 4376        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:30:25.0473 4376        MSPCLOCK - ok
23:30:25.0489 4376        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:30:25.0536 4376        MSPQM - ok
23:30:25.0582 4376        MsRPC          (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
23:30:25.0598 4376        MsRPC - ok
23:30:25.0629 4376        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
23:30:25.0645 4376        mssmbios - ok
23:30:25.0692 4376        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:30:25.0754 4376        MSTEE - ok
23:30:25.0754 4376        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
23:30:25.0785 4376        MTConfig - ok
23:30:25.0801 4376        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:30:25.0816 4376        Mup - ok
23:30:25.0848 4376        napagent        (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
23:30:25.0910 4376        napagent - ok
23:30:25.0957 4376        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:30:25.0988 4376        NativeWifiP - ok
23:30:26.0050 4376        NDIS            (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
23:30:26.0082 4376        NDIS - ok
23:30:26.0097 4376        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:30:26.0144 4376        NdisCap - ok
23:30:26.0175 4376        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:30:26.0222 4376        NdisTapi - ok
23:30:26.0253 4376        Ndisuio        (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
23:30:26.0331 4376        Ndisuio - ok
23:30:26.0347 4376        NdisWan        (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
23:30:26.0394 4376        NdisWan - ok
23:30:26.0409 4376        NDProxy        (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
23:30:26.0503 4376        NDProxy - ok
23:30:26.0565 4376        Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll
23:30:26.0581 4376        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
23:30:26.0581 4376        Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
23:30:26.0628 4376        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:30:26.0690 4376        NetBIOS - ok
23:30:26.0721 4376        NetBT          (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
23:30:26.0784 4376        NetBT - ok
23:30:26.0830 4376        Netlogon        (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
23:30:26.0846 4376        Netlogon - ok
23:30:26.0877 4376        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
23:30:26.0924 4376        Netman - ok
23:30:26.0971 4376        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
23:30:27.0033 4376        netprofm - ok
23:30:27.0158 4376        NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:30:27.0189 4376        NetTcpPortSharing - ok
23:30:27.0220 4376        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
23:30:27.0252 4376        nfrd960 - ok
23:30:27.0314 4376        NlaSvc          (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
23:30:27.0376 4376        NlaSvc - ok
23:30:27.0423 4376        nmwcd          (985a3f046dfcd58e26d3a95283bb8f1d) C:\Windows\system32\drivers\ccdcmbx64.sys
23:30:27.0501 4376        nmwcd - ok
23:30:27.0532 4376        nmwcdc          (5eb41a9656388dc21119ccc33f0ee22a) C:\Windows\system32\drivers\ccdcmbox64.sys
23:30:27.0595 4376        nmwcdc - ok
23:30:27.0626 4376        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:30:27.0673 4376        Npfs - ok
23:30:27.0704 4376        nsi            (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
23:30:27.0798 4376        nsi - ok
23:30:27.0813 4376        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:30:27.0860 4376        nsiproxy - ok
23:30:27.0969 4376        Ntfs            (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
23:30:28.0016 4376        Ntfs - ok
23:30:28.0094 4376        NTIBackupSvc    (15221dd637d9d0ffc60848ebbf1df538) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
23:30:28.0125 4376        NTIBackupSvc - ok
23:30:28.0234 4376        NTIDrvr        (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
23:30:28.0250 4376        NTIDrvr - ok
23:30:28.0531 4376        NTISchedulerSvc (b5071e15d4c3f5ef5018aff7e85a85e5) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
23:30:28.0578 4376        NTISchedulerSvc - ok
23:30:28.0609 4376        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:30:28.0702 4376        Null - ok
23:30:28.0749 4376        nvraid          (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
23:30:28.0765 4376        nvraid - ok
23:30:28.0780 4376        nvstor          (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
23:30:28.0796 4376        nvstor - ok
23:30:28.0843 4376        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
23:30:28.0874 4376        nv_agp - ok
23:30:28.0968 4376        odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:30:28.0999 4376        odserv - ok
23:30:29.0014 4376        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
23:30:29.0046 4376        ohci1394 - ok
23:30:29.0077 4376        ose            (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:30:29.0092 4376        ose - ok
23:30:29.0139 4376        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:30:29.0202 4376        p2pimsvc - ok
23:30:29.0248 4376        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
23:30:29.0280 4376        p2psvc - ok
23:30:29.0311 4376        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
23:30:29.0326 4376        Parport - ok
23:30:29.0358 4376        partmgr        (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
23:30:29.0373 4376        partmgr - ok
23:30:29.0404 4376        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
23:30:29.0436 4376        PcaSvc - ok
23:30:29.0482 4376        pccsmcfd        (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
23:30:29.0529 4376        pccsmcfd - ok
23:30:29.0560 4376        pci            (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
23:30:29.0592 4376        pci - ok
23:30:29.0607 4376        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
23:30:29.0623 4376        pciide - ok
23:30:29.0638 4376        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
23:30:29.0654 4376        pcmcia - ok
23:30:29.0670 4376        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:30:29.0685 4376        pcw - ok
23:30:29.0716 4376        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:30:29.0779 4376        PEAUTH - ok
23:30:29.0857 4376        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
23:30:29.0872 4376        PerfHost - ok
23:30:29.0966 4376        pla            (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
23:30:30.0044 4376        pla - ok
23:30:30.0122 4376        PlugPlay        (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
23:30:30.0216 4376        PlugPlay - ok
23:30:30.0262 4376        Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll
23:30:30.0294 4376        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
23:30:30.0294 4376        Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
23:30:30.0325 4376        PNRPAutoReg    (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
23:30:30.0372 4376        PNRPAutoReg - ok
23:30:30.0465 4376        PNRPsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:30:30.0496 4376        PNRPsvc - ok
23:30:30.0543 4376        PolicyAgent    (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
23:30:30.0621 4376        PolicyAgent - ok
23:30:30.0668 4376        Power          (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
23:30:30.0746 4376        Power - ok
23:30:30.0824 4376        PptpMiniport    (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
23:30:30.0902 4376        PptpMiniport - ok
23:30:30.0918 4376        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
23:30:30.0949 4376        Processor - ok
23:30:30.0980 4376        ProfSvc        (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
23:30:31.0042 4376        ProfSvc - ok
23:30:31.0074 4376        ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
23:30:31.0105 4376        ProtectedStorage - ok
23:30:31.0136 4376        Psched          (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
23:30:31.0198 4376        Psched - ok
23:30:31.0308 4376        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
23:30:31.0354 4376        ql2300 - ok
23:30:31.0479 4376        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
23:30:31.0510 4376        ql40xx - ok
23:30:31.0557 4376        QWAVE          (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
23:30:31.0604 4376        QWAVE - ok
23:30:31.0604 4376        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:30:31.0635 4376        QWAVEdrv - ok
23:30:31.0635 4376        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:30:31.0682 4376        RasAcd - ok
23:30:31.0713 4376        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:30:31.0760 4376        RasAgileVpn - ok
23:30:31.0776 4376        RasAuto        (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
23:30:31.0822 4376        RasAuto - ok
23:30:31.0838 4376        Rasl2tp        (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:30:31.0900 4376        Rasl2tp - ok
23:30:31.0947 4376        RasMan          (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
23:30:31.0994 4376        RasMan - ok
23:30:32.0025 4376        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:30:32.0103 4376        RasPppoe - ok
23:30:32.0119 4376        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:30:32.0212 4376        RasSstp - ok
23:30:32.0244 4376        rdbss          (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
23:30:32.0306 4376        rdbss - ok
23:30:32.0337 4376        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
23:30:32.0353 4376        rdpbus - ok
23:30:32.0384 4376        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:30:32.0415 4376        RDPCDD - ok
23:30:32.0446 4376        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:30:32.0509 4376        RDPENCDD - ok
23:30:32.0524 4376        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:30:32.0571 4376        RDPREFMP - ok
23:30:32.0618 4376        RDPWD          (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
23:30:32.0696 4376        RDPWD - ok
23:30:32.0727 4376        rdyboost        (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
23:30:32.0743 4376        rdyboost - ok
23:30:32.0790 4376        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
23:30:32.0852 4376        RemoteAccess - ok
23:30:32.0899 4376        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
23:30:32.0961 4376        RemoteRegistry - ok
23:30:32.0992 4376        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
23:30:33.0086 4376        RpcEptMapper - ok
23:30:33.0117 4376        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
23:30:33.0148 4376        RpcLocator - ok
23:30:33.0211 4376        RpcSs          (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
23:30:33.0273 4376        RpcSs - ok
23:30:33.0304 4376        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:30:33.0367 4376        rspndr - ok
23:30:33.0445 4376        RSUSBSTOR      (3ceee53bbf8ba284ff44585cec0162fe) C:\Windows\System32\Drivers\RtsUStor.sys
23:30:33.0476 4376        RSUSBSTOR - ok
23:30:33.0507 4376        RTHDMIAzAudService (4e821c740a675f6d040be41d59a62b1d) C:\Windows\system32\drivers\RtHDMIVX.sys
23:30:33.0523 4376        RTHDMIAzAudService - ok
23:30:33.0726 4376        SamSs          (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
23:30:33.0757 4376        SamSs - ok
23:30:33.0772 4376        sbp2port        (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
23:30:33.0804 4376        sbp2port - ok
23:30:33.0835 4376        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
23:30:33.0882 4376        SCardSvr - ok
23:30:33.0897 4376        scfilter        (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
23:30:33.0944 4376        scfilter - ok
23:30:34.0006 4376        Schedule        (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
23:30:34.0053 4376        Schedule - ok
23:30:34.0084 4376        SCPolicySvc    (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
23:30:34.0131 4376        SCPolicySvc - ok
23:30:34.0162 4376        SDRSVC          (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
23:30:34.0240 4376        SDRSVC - ok
23:30:34.0303 4376        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:30:34.0396 4376        secdrv - ok
23:30:34.0428 4376        seclogon        (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
23:30:34.0490 4376        seclogon - ok
23:30:34.0506 4376        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
23:30:34.0568 4376        SENS - ok
23:30:34.0599 4376        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
23:30:34.0677 4376        SensrSvc - ok
23:30:34.0693 4376        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
23:30:34.0708 4376        Serenum - ok
23:30:34.0724 4376        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
23:30:34.0755 4376        Serial - ok
23:30:34.0771 4376        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
23:30:34.0802 4376        sermouse - ok
23:30:34.0927 4376        ServiceLayer    (7d3903af48e6c1dc2704eafcb608d031) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
23:30:34.0958 4376        ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
23:30:34.0958 4376        ServiceLayer - detected UnsignedFile.Multi.Generic (1)
23:30:35.0020 4376        SessionEnv      (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
23:30:35.0067 4376        SessionEnv - ok
23:30:35.0098 4376        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
23:30:35.0130 4376        sffdisk - ok
23:30:35.0130 4376        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
23:30:35.0145 4376        sffp_mmc - ok
23:30:35.0161 4376        sffp_sd        (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
23:30:35.0192 4376        sffp_sd - ok
23:30:35.0208 4376        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
23:30:35.0239 4376        sfloppy - ok
23:30:35.0286 4376        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
23:30:35.0379 4376        SharedAccess - ok
23:30:35.0410 4376        ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
23:30:35.0473 4376        ShellHWDetection - ok
23:30:35.0504 4376        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:30:35.0535 4376        SiSRaid2 - ok
23:30:35.0535 4376        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
23:30:35.0566 4376        SiSRaid4 - ok
23:30:35.0582 4376        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:30:35.0629 4376        Smb - ok
23:30:35.0676 4376        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
23:30:35.0707 4376        SNMPTRAP - ok
23:30:35.0722 4376        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:30:35.0738 4376        spldr - ok
23:30:35.0800 4376        Spooler        (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
23:30:35.0847 4376        Spooler - ok
23:30:36.0003 4376        sppsvc          (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
23:30:36.0097 4376        sppsvc - ok
23:30:36.0190 4376        sppuinotify    (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
23:30:36.0284 4376        sppuinotify - ok
23:30:36.0346 4376        srv            (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
23:30:36.0393 4376        srv - ok
23:30:36.0440 4376        srv2            (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
23:30:36.0456 4376        srv2 - ok
23:30:36.0502 4376        srvnet          (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
23:30:36.0549 4376        srvnet - ok
23:30:36.0580 4376        SSDPSRV        (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
23:30:36.0674 4376        SSDPSRV - ok
23:30:36.0690 4376        SstpSvc        (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
23:30:36.0752 4376        SstpSvc - ok
23:30:36.0783 4376        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
23:30:36.0814 4376        stexstor - ok
23:30:36.0861 4376        stisvc          (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
23:30:36.0924 4376        stisvc - ok
23:30:36.0939 4376        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
23:30:36.0955 4376        swenum - ok
23:30:37.0002 4376        swprv          (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
23:30:37.0064 4376        swprv - ok
23:30:37.0126 4376        SynTP          (064a2530a4a7c7cec1be6a1945645be4) C:\Windows\system32\DRIVERS\SynTP.sys
23:30:37.0158 4376        SynTP - ok
23:30:37.0236 4376        SysMain        (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
23:30:37.0298 4376        SysMain - ok
23:30:37.0392 4376        TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
23:30:37.0438 4376        TabletInputService - ok
23:30:37.0470 4376        TapiSrv        (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
23:30:37.0532 4376        TapiSrv - ok
23:30:37.0548 4376        TBS            (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
23:30:37.0626 4376        TBS - ok
23:30:37.0782 4376        Tcpip          (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
23:30:37.0828 4376        Tcpip - ok
23:30:38.0062 4376        TCPIP6          (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
23:30:38.0125 4376        TCPIP6 - ok
23:30:38.0234 4376        tcpipreg        (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
23:30:38.0312 4376        tcpipreg - ok
23:30:38.0328 4376        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:30:38.0359 4376        TDPIPE - ok
23:30:38.0406 4376        TDTCP          (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
23:30:38.0421 4376        TDTCP - ok
23:30:38.0452 4376        tdx            (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
23:30:38.0515 4376        tdx - ok
23:30:38.0530 4376        TermDD          (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
23:30:38.0546 4376        TermDD - ok
23:30:38.0593 4376        TermService    (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
23:30:38.0702 4376        TermService - ok
23:30:38.0764 4376        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
23:30:38.0811 4376        Themes - ok
23:30:38.0842 4376        THREADORDER    (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:30:38.0889 4376        THREADORDER - ok
23:30:38.0920 4376        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
23:30:38.0998 4376        TrkWks - ok
23:30:39.0076 4376        TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
23:30:39.0108 4376        TrustedInstaller - ok
23:30:39.0139 4376        tssecsrv        (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:30:39.0186 4376        tssecsrv - ok
23:30:39.0217 4376        tunnel          (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
23:30:39.0264 4376        tunnel - ok
23:30:39.0295 4376        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
23:30:39.0310 4376        uagp35 - ok
23:30:39.0342 4376        UBHelper        (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
23:30:39.0373 4376        UBHelper - ok
23:30:39.0404 4376        udfs            (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
23:30:39.0482 4376        udfs - ok
23:30:39.0529 4376        UI0Detect      (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
23:30:39.0544 4376        UI0Detect - ok
23:30:39.0576 4376        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
23:30:39.0591 4376        uliagpkx - ok
23:30:39.0607 4376        umbus          (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
23:30:39.0638 4376        umbus - ok
23:30:39.0669 4376        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
23:30:39.0700 4376        UmPass - ok
23:30:39.0763 4376        Updater Service (f9ec9acd504d823d9b9ca98a4f8d3ca2) C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
23:30:39.0794 4376        Updater Service - ok
23:30:39.0841 4376        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
23:30:39.0919 4376        upnphost - ok
23:30:39.0966 4376        upperdev        (afa3a0937b7044a8322d8bc91722c53b) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
23:30:40.0044 4376        upperdev - ok
23:30:40.0075 4376        usbccgp        (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
23:30:40.0137 4376        usbccgp - ok
23:30:40.0168 4376        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
23:30:40.0215 4376        usbcir - ok
23:30:40.0246 4376        usbehci        (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
23:30:40.0262 4376        usbehci - ok
23:30:40.0309 4376        usbfilter      (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
23:30:40.0324 4376        usbfilter - ok
23:30:40.0387 4376        usbhub          (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
23:30:40.0418 4376        usbhub - ok
23:30:40.0449 4376        usbohci        (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys
23:30:40.0465 4376        usbohci - ok
23:30:40.0496 4376        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
23:30:40.0527 4376        usbprint - ok
23:30:40.0558 4376        usbscan        (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
23:30:40.0574 4376        usbscan - ok
23:30:40.0621 4376        usbser          (0f0c72a657c622286013788b886968ad) C:\Windows\system32\drivers\usbser.sys
23:30:40.0652 4376        usbser - ok
23:30:40.0668 4376        UsbserFilt      (b826f3ff5a1975cc9096b4caadde77b6) C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
23:30:40.0699 4376        UsbserFilt - ok
23:30:40.0730 4376        USBSTOR        (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:30:40.0808 4376        USBSTOR - ok
23:30:40.0839 4376        usbuhci        (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
23:30:40.0870 4376        usbuhci - ok
23:30:40.0902 4376        usbvideo        (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
23:30:40.0948 4376        usbvideo - ok
23:30:40.0980 4376        UxSms          (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
23:30:41.0011 4376        UxSms - ok
23:30:41.0058 4376        VaultSvc        (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
23:30:41.0089 4376        VaultSvc - ok
23:30:41.0120 4376        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
23:30:41.0151 4376        vdrvroot - ok
23:30:41.0198 4376        vds            (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
23:30:41.0229 4376        vds - ok
23:30:41.0260 4376        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:30:41.0276 4376        vga - ok
23:30:41.0292 4376        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:30:41.0338 4376        VgaSave - ok
23:30:41.0354 4376        vhdmp          (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
23:30:41.0370 4376        vhdmp - ok
23:30:41.0385 4376        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
23:30:41.0401 4376        viaide - ok
23:30:41.0432 4376        volmgr          (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
23:30:41.0448 4376        volmgr - ok
23:30:41.0479 4376        volmgrx        (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
23:30:41.0494 4376        volmgrx - ok
23:30:41.0510 4376        volsnap        (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
23:30:41.0526 4376        volsnap - ok
23:30:41.0557 4376        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
23:30:41.0572 4376        vsmraid - ok
23:30:41.0666 4376        VSS            (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
23:30:41.0728 4376        VSS - ok
23:30:41.0822 4376        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
23:30:41.0869 4376        vwifibus - ok
23:30:41.0884 4376        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
23:30:41.0931 4376        vwififlt - ok
23:30:41.0978 4376        vwifimp        (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
23:30:41.0994 4376        vwifimp - ok
23:30:42.0056 4376        W32Time        (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
23:30:42.0103 4376        W32Time - ok
23:30:42.0134 4376        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
23:30:42.0165 4376        WacomPen - ok
23:30:42.0196 4376        WANARP          (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
23:30:42.0259 4376        WANARP - ok
23:30:42.0259 4376        Wanarpv6        (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
23:30:42.0306 4376        Wanarpv6 - ok
23:30:42.0399 4376        wbengine        (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
23:30:42.0493 4376        wbengine - ok
23:30:42.0618 4376        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
23:30:42.0649 4376        WbioSrvc - ok
23:30:42.0696 4376        wcncsvc        (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
23:30:42.0742 4376        wcncsvc - ok
23:30:42.0758 4376        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
23:30:42.0836 4376        WcsPlugInService - ok
23:30:42.0883 4376        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
23:30:42.0914 4376        Wd - ok
23:30:42.0976 4376        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:30:43.0008 4376        Wdf01000 - ok
23:30:43.0039 4376        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:30:43.0070 4376        WdiServiceHost - ok
23:30:43.0070 4376        WdiSystemHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:30:43.0101 4376        WdiSystemHost - ok
23:30:43.0132 4376        WebClient      (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
23:30:43.0179 4376        WebClient - ok
23:30:43.0195 4376        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
23:30:43.0320 4376        Wecsvc - ok
23:30:43.0351 4376        wercplsupport  (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
23:30:43.0398 4376        wercplsupport - ok
23:30:43.0444 4376        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
23:30:43.0491 4376        WerSvc - ok
23:30:43.0569 4376        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:30:43.0632 4376        WfpLwf - ok
23:30:43.0663 4376        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:30:43.0678 4376        WIMMount - ok
23:30:43.0725 4376        WinDefend - ok
23:30:43.0741 4376        WinHttpAutoProxySvc - ok
23:30:43.0803 4376        Winmgmt        (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
23:30:43.0866 4376        Winmgmt - ok
23:30:43.0959 4376        WinRM          (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
23:30:44.0037 4376        WinRM - ok
23:30:44.0193 4376        WinUsb          (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
23:30:44.0240 4376        WinUsb - ok
23:30:44.0287 4376        Wlansvc        (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
23:30:44.0334 4376        Wlansvc - ok
23:30:44.0380 4376        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
23:30:44.0412 4376        WmiAcpi - ok
23:30:44.0474 4376        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
23:30:44.0521 4376        wmiApSrv - ok
23:30:44.0583 4376        WMPNetworkSvc - ok
23:30:44.0599 4376        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
23:30:44.0661 4376        WPCSvc - ok
23:30:44.0692 4376        WPDBusEnum      (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
23:30:44.0724 4376        WPDBusEnum - ok
23:30:44.0739 4376        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:30:44.0802 4376        ws2ifsl - ok
23:30:44.0848 4376        wscsvc          (8f9f3969933c02da96eb0f84576db43e) C:\Windows\System32\wscsvc.dll
23:30:44.0911 4376        wscsvc - ok
23:30:44.0911 4376        WSearch - ok
23:30:45.0051 4376        wuauserv        (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
23:30:45.0129 4376        wuauserv - ok
23:30:45.0238 4376        WudfPf          (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
23:30:45.0285 4376        WudfPf - ok
23:30:45.0332 4376        WUDFRd          (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:30:45.0363 4376        WUDFRd - ok
23:30:45.0394 4376        wudfsvc        (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
23:30:45.0441 4376        wudfsvc - ok
23:30:45.0504 4376        WwanSvc        (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
23:30:45.0550 4376        WwanSvc - ok
23:30:45.0597 4376        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
23:30:46.0658 4376        \Device\Harddisk0\DR0 - ok
23:30:46.0689 4376        Boot (0x1200)  (426c4b802374b9498af654bce2ab51fb) \Device\Harddisk0\DR0\Partition0
23:30:46.0689 4376        \Device\Harddisk0\DR0\Partition0 - ok
23:30:46.0705 4376        Boot (0x1200)  (eb5c4824c9aefa017dd96aa4530e3813) \Device\Harddisk0\DR0\Partition1
23:30:46.0705 4376        \Device\Harddisk0\DR0\Partition1 - ok
23:30:46.0705 4376        ============================================================
23:30:46.0705 4376        Scan finished
23:30:46.0705 4376        ============================================================
23:30:46.0736 3832        Detected object count: 5
23:30:46.0736 3832        Actual detected object count: 5
23:31:22.0242 3832        hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
23:31:22.0242 3832        hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:31:22.0242 3832        hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
23:31:22.0242 3832        hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:31:22.0242 3832        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
23:31:22.0242 3832        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:31:22.0242 3832        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
23:31:22.0242 3832        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:31:22.0257 3832        ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
23:31:22.0257 3832        ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 12.06.2012 10:52
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

sanfran 12.06.2012 13:16
Combofix Logfile:
Code:
ComboFix 12-06-12.01 - Karolin 12.06.2012  13:57:01.1.2 - x64
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.49.1031.18.2811.1666 [GMT 2:00]
ausgeführt von:: c:\users\Karolin\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Karolin\4.0
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-05-12 bis 2012-06-12  ))))))))))))))))))))))))))))))
.
.
2012-06-12 12:04 . 2012-06-12 12:04        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-06-12 11:48 . 2012-05-08 17:02        8955792        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{AF8A475D-50CD-417F-83ED-ACA1CD2DF992}\mpengine.dll
2012-06-11 15:04 . 2012-06-11 15:04        --------        d-----w-        c:\windows\system32\%LOCALAPPDATA%
2012-06-11 14:32 . 2012-06-11 14:32        --------        d-----w-        C:\_OTL
2012-06-11 09:48 . 2012-06-11 09:48        --------        d-----w-        c:\program files (x86)\ESET
2012-05-14 15:20 . 2012-03-03 06:29        1541120        ----a-w-        c:\windows\system32\DWrite.dll
2012-05-14 15:20 . 2012-03-03 05:40        1074176        ----a-w-        c:\windows\SysWow64\DWrite.dll
2012-05-14 15:20 . 2012-03-03 06:29        320512        ----a-w-        c:\windows\system32\d3d10_1core.dll
2012-05-14 15:20 . 2012-03-03 06:29        197120        ----a-w-        c:\windows\system32\d3d10_1.dll
2012-05-14 15:20 . 2012-03-03 06:29        1837568        ----a-w-        c:\windows\system32\d3d10warp.dll
2012-05-14 15:20 . 2012-03-03 06:29        902656        ----a-w-        c:\windows\system32\d2d1.dll
2012-05-14 15:20 . 2012-03-03 05:40        1170944        ----a-w-        c:\windows\SysWow64\d3d10warp.dll
2012-05-14 15:20 . 2012-03-03 05:40        739840        ----a-w-        c:\windows\SysWow64\d2d1.dll
2012-05-14 15:20 . 2012-03-03 05:40        218624        ----a-w-        c:\windows\SysWow64\d3d10_1core.dll
2012-05-14 15:20 . 2012-03-03 05:40        161792        ----a-w-        c:\windows\SysWow64\d3d10_1.dll
2012-05-14 15:19 . 2012-04-02 05:34        5504880        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-05-14 15:19 . 2012-04-02 04:46        3902320        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2012-05-14 15:19 . 2012-04-02 03:01        3143680        ----a-w-        c:\windows\system32\win32k.sys
2012-05-14 15:19 . 2012-04-02 04:46        3958128        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2012-05-14 15:19 . 2012-03-17 07:55        75632        ----a-w-        c:\windows\system32\drivers\partmgr.sys
2012-05-14 15:19 . 2012-03-30 11:09        1895280        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-05-14 15:19 . 2012-04-02 05:26        1732096        ----a-w-        c:\program files\Windows Journal\NBDoc.DLL
2012-05-14 15:19 . 2012-04-02 05:24        1367552        ----a-w-        c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-14 15:19 . 2012-04-02 05:24        1402880        ----a-w-        c:\program files\Windows Journal\JNWDRV.dll
2012-05-14 15:19 . 2012-04-02 05:24        1393664        ----a-w-        c:\program files\Windows Journal\JNTFiltr.dll
2012-05-14 15:19 . 2012-04-02 04:40        936960        ----a-w-        c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 13:56 . 2010-10-11 19:04        24904        ----a-w-        c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-03 39408]
"PC Suite Tray"="c:\program files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-12-21 1483264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-17 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-03-03 1300560]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-04 281768]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2011-07-07 216064]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE [1999-4-30 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-07 135664]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-06 50432]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-29 136360]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-03-03 325200]
S2 ePowerSvc;Acer ePower Service;c:\program files\eMachines\eMachines Power Management\ePowerSvc.exe [2010-02-05 865824]
S2 GREGService;GREGService;c:\program files (x86)\eMachines\Registration\GREGsvc.exe [2010-01-08 23584]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-07 135664]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-06 144640]
S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2010-01-28 243232]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-07 17:10]
.
2012-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-07 17:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-15 9644576]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-05-05 206208]
"Acer ePower Management"="c:\program files\eMachines\eMachines Power Management\ePowerTray.exe" [2010-02-05 860192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page =
mLocal Page =
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Karolin\AppData\Roaming\Mozilla\Firefox\Profiles\rn7u4nmy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/firefox?client=firefox-a&rls=org.mozilla:de:official
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Schroedel Arbeitsblätter - c:\windows\ISUN0407.EXE
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Launch Manager\LMworker.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\PC Connectivity Solution\ServiceLayer.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-12  14:13:02 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-12 12:13
.
Vor Suchlauf: 7 Verzeichnis(se), 210.054.549.504 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 209.443.856.384 Bytes frei
.
- - End Of File - - 47A8B68F7E92CFD52332BC0507A29388
--- --- ---

cosinus 12.06.2012 13:55
Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

sanfran 12.06.2012 16:24
Ich habe jetzt alle 3 Scans durchgeführt.
Mit Gmer wurde nichts gefunden und auch keine Log-Datei erstellt.

OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 16:44:39 on 12.06.2012

OS: Windows 7 Home Premium Edition (Build 7600), 64-bit
Default Browser: Mozilla Corporation Firefox 12.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"NokiaConnectionManager" - "Nokia" - C:\PROGRA~2\Nokia\NOKIAP~1\CONNEC~1.CPL

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"NTIDrvr" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\system32\drivers\NTIDrvr.sys
"UBHelper" (UBHelper) - "NewTech Infosystems Corporation" - C:\Windows\system32\drivers\UBHelper.sys

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{5E2121EE-0300-11D4-8D3B-444553540000} "Catalyst Context Menu extension" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" - "Nokia" - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office\OLKFSTUB.DLL

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{C345E174-3E87-4F41-A01C-B066A90A49B4} "WRC Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\wrc32.ocx / hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
{48E73304-E1D6-4330-914C-F5F514E3486C} "Send to OneNote" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
{0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Karolin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe  (Shortcut exists | File exists)
"McAfee Security Scan Plus.lnk" - "McAfee, Inc." - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe  (Shortcut exists | File exists)
"Microsoft Office.lnk" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"PC Suite Tray" - "Nokia" - "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"swg" - "Google Inc." - "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
"HP Software Update" - "Hewlett-Packard" - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
"hpqSRMon" - "Hewlett-Packard" - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
"LManager" - "Dritek System Inc." - C:\Program Files (x86)\Launch Manager\LManager.exe
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"NortonOnlineBackupReminder" - "Symantec Corporation" - "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
"PDFPrint" - "Geek Software GmbH" - C:\Program Files (x86)\PDF24\pdf24.exe
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll  (File not found)
"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"  (File not found)
"Acer ePower Service" (ePowerSvc) - "Acer Incorporated" - C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
"Dritek WMI Service" (DsiWMIService) - "Dritek System Inc." - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
"GameConsoleService" (GameConsoleService) - "WildTangent, Inc." - C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"GREGService" (GREGService) - "Acer Incorporated" - C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe
"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
"McAfee Security Scan Component Host Service" (McComponentHostService) - "McAfee, Inc." - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
"Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"NTI Backup Now 5 Backup Service" (NTIBackupSvc) - "NewTech InfoSystems, Inc." - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
"NTI Backup Now 5 Scheduler Service" (NTISchedulerSvc) - "NewTech Infosystems, Inc." - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll
"ServiceLayer" (ServiceLayer) - "Nokia" - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
"Updater Service" (Updater Service) - "Acer Group" - C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe

[Winlogon]
-----( HKCU\Control Panel\Desktop )-----
"SCRNSAVE.EXE" - ? - C:\Windows\System32\eMachines.scr

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---
If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru [/code]

Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-12 16:48:18
-----------------------------
16:48:18.059    OS Version: Windows x64 6.1.7600
16:48:18.059    Number of processors: 2 586 0x603
16:48:18.060    ComputerName: KAROLIN-PC  UserName: Karolin
16:48:19.290    Initialize success
16:51:26.785    AVAST engine defs: 12061200
16:52:10.738    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:52:10.742    Disk 0 Vendor: TOSHIBA_MK3265GSX GJ002J Size: 305245MB BusType: 11
16:52:10.761    Disk 0 MBR read successfully
16:52:10.767    Disk 0 MBR scan
16:52:10.778    Disk 0 Windows 7 default MBR code
16:52:10.782    Disk 0 Partition 1 00    27 Hidden NTFS WinRE NTFS        14339 MB offset 63
16:52:10.802    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          101 MB offset 29366820
16:52:10.816    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS      290803 MB offset 29575665
16:52:10.870    Disk 0 scanning C:\Windows\system32\drivers
16:52:23.673    Service scanning
16:53:02.898    Modules scanning
16:53:02.917    Disk 0 trace - called modules:
16:53:02.963    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
16:53:02.977    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80030e8790]
16:53:02.989    3 CLASSPNP.SYS[fffff8800190143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8003097680]
16:53:04.026    AVAST engine scan C:\Windows
16:53:11.304    AVAST engine scan C:\Windows\system32
16:58:41.544    AVAST engine scan C:\Windows\system32\drivers
16:58:57.445    AVAST engine scan C:\Users\Karolin
17:13:00.968    AVAST engine scan C:\ProgramData
17:16:02.711    Scan finished successfully
17:20:32.037    Disk 0 MBR has been saved successfully to "C:\Users\Karolin\Desktop\Trojaner\MBR.dat"
17:20:32.042    The log file has been saved successfully to "C:\Users\Karolin\Desktop\Trojaner\aswMBR.txt"

cosinus 12.06.2012 21:25
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

sanfran 13.06.2012 18:56
Hallo,
so hier jetzt die beiden Log-Dateien.

Bei SuperAntiSpyware habe ich noch keine Aktion bzgl. der Funde durchgeführt. Achso, mir ist aufgefallen, dass eure Seite mit den Hinweisen zu SuperAntiSpyware nicht mehr ganz aktuell ist, da die Graphikoberfläche beim Programm geändert wurde. Ich hoffe, ich habe den Scan trotzdem richtig durchgeführt.
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 06/13/2012 at 07:48 PM

Application Version : 5.0.1150

Core Rules Database Version : 8726
Trace Rules Database Version: 6538

Scan type      : Complete Scan
Total Scan Time : 01:43:39

Operating System Information
Windows 7 Home Premium 64-bit (Build 6.01.7600)
UAC On - Administrator

Memory items scanned      : 755
Memory threats detected  : 0
Registry items scanned    : 65498
Registry threats detected : 0
File items scanned        : 180276
File threats detected    : 466

Adware.Tracking Cookie
        C:\Users\Karolin\AppData\Roaming\Microsoft\Windows\Cookies\karolin@doubleclick[2].txt [ /doubleclick ]
        C:\Users\Karolin\AppData\Roaming\Microsoft\Windows\Cookies\karolin@msadcenter.112.2o7[1].txt [ /msadcenter.112.2o7 ]
        C:\Users\Karolin\AppData\Roaming\Microsoft\Windows\Cookies\6UOP3IVL.txt [ /atdmt.com ]
        C:\Users\Karolin\AppData\Roaming\Microsoft\Windows\Cookies\ILUQQFJ7.txt [ /apmebf.com ]
        C:\Users\Karolin\AppData\Roaming\Microsoft\Windows\Cookies\DOPR7ZCB.txt [ /tracking.quisma.com ]
        C:\Users\Karolin\AppData\Roaming\Microsoft\Windows\Cookies\O1ZR1MVA.txt [ /msadcenter.112.2o7.net ]
        C:\Users\Karolin\AppData\Roaming\Microsoft\Windows\Cookies\2WK880JY.txt [ /mediaplex.com ]
        C:\Users\Karolin\AppData\Roaming\Microsoft\Windows\Cookies\15RRYJI3.txt [ /doubleclick.net ]
        C:\Users\Karolin\AppData\Roaming\Microsoft\Windows\Cookies\P4JOIB89.txt [ /fastclick.net ]
        C:\Users\Karolin\AppData\Roaming\Microsoft\Windows\Cookies\TFU7CFTM.txt [ /dyntracker.com ]
        C:\Users\Karolin\AppData\Roaming\Microsoft\Windows\Cookies\3C7N8XJP.txt [ /smartadserver.com ]
        C:\Users\Karolin\AppData\Roaming\Microsoft\Windows\Cookies\LJ75LUMX.txt [ /ru4.com ]
        C:\USERS\KAROLIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\karolin@msnportal.112.2o7[1].txt [ Cookie:karolin@msnportal.112.2o7.net/ ]
        C:\USERS\KAROLIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\karolin@ads.quartermedia[2].txt [ Cookie:karolin@ads.quartermedia.de/ ]
        C:\USERS\KAROLIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\karolin@traffictrack[2].txt [ Cookie:karolin@traffictrack.de/ ]
        C:\USERS\KAROLIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\karolin@bs.serving-sys[1].txt [ Cookie:karolin@bs.serving-sys.com/ ]
        C:\USERS\KAROLIN\Cookies\ILUQQFJ7.txt [ Cookie:karolin@apmebf.com/ ]
        C:\USERS\KAROLIN\Cookies\DOPR7ZCB.txt [ Cookie:karolin@tracking.quisma.com/ ]
        C:\USERS\KAROLIN\Cookies\O1ZR1MVA.txt [ Cookie:karolin@msadcenter.112.2o7.net/ ]
        C:\USERS\KAROLIN\Cookies\15RRYJI3.txt [ Cookie:karolin@doubleclick.net/ ]
        C:\USERS\KAROLIN\Cookies\P4JOIB89.txt [ Cookie:karolin@fastclick.net/ ]
        C:\USERS\KAROLIN\Cookies\TFU7CFTM.txt [ Cookie:karolin@dyntracker.com/ ]
        C:\USERS\KAROLIN\Cookies\3C7N8XJP.txt [ Cookie:karolin@smartadserver.com/ ]
        C:\USERS\KAROLIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\KAROLIN@AD.ADC-SERV[1].TXT [ /AD.ADC-SERV ]
        C:\USERS\KAROLIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\KAROLIN@ATDMT[2].TXT [ /ATDMT ]
        C:\USERS\KAROLIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\KAROLIN@EAS.APM.EMEDIATE[1].TXT [ /EAS.APM.EMEDIATE ]
        C:\USERS\KAROLIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\KAROLIN@HIMEDIA.INDIVIDUAD[2].TXT [ /HIMEDIA.INDIVIDUAD ]
        C:\USERS\KAROLIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\KAROLIN@SERVING-SYS[1].TXT [ /SERVING-SYS ]
        C:\USERS\KAROLIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\KAROLIN@WEBMASTERPLAN[2].TXT [ /WEBMASTERPLAN ]
        C:\USERS\KAROLIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\KAROLIN@ZANOX[2].TXT [ /ZANOX ]
        .eas.apm.emediate.eu [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .eas.apm.emediate.eu [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .eas.apm.emediate.eu [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .collective-media.net [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .ad.adnet.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        fl01.ct2.comclick.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .adviva.net [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        www.usenext.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .overture.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .a.revenuemax.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .adxpose.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .adviva.net [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .countomat.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .xiti.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .adinterax.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .eyewonder.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .guj.122.2o7.net [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        data.coremetrics.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        spenden.wikimedia.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        fr.sitestat.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        fr.sitestat.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .mediacenter.betzold.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        fl01.ct2.comclick.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        eas4.emediate.eu [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .weborama.fr [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .ru4.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .discounto.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .adserver.adtechus.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        in.getclicky.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .traffictrack.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .dealtime.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .adcentriconline.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .4stats.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .4stats.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .getclicky.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .static.getclicky.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        adserver.edv-visions.net [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .deutschepostag.112.2o7.net [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        int.sitestat.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        int.sitestat.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        media.stage-entertainment.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        adserver.kino-zeit.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        track.webtrekk.net [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        adserver.kauperts.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        tracking.sim-technik.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        tracking.quisma.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        software-download.mediamarkt.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .amazon-adsystem.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .amazon-adsystem.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        adserver.wolterskluwer.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .lfstmedia.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .histats.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .histats.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .googleads.g.doubleclick.net [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .conrad.122.2o7.net [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        emediate.apmmedia.net [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .interclick.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .interclick.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .aim4media.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .adxvalue.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .4stats.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .4stats.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .eyewonder.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        fl01.ct2.comclick.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        fl01.ct2.comclick.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .traffictrack.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .tto2.traffictrack.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        spenden.wikimedia.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        spenden.wikimedia.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .questionmarket.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        zbox.zanox.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .blogads.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .yieldmanager.net [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        fl01.ct2.comclick.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .farheap.122.2o7.net [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .adxvalue.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        adserver1.mokono.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .liveperson.net [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .liveperson.net [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        track.webtrekk.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .urbia.wwe-media.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .urbia.wwe-media.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        tracking.quisma.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .hiddencounter.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .112.2o7.net [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .adxvalue.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        tracking.quisma.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        ad.adition.net [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        ad.adition.net [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .adxvalue.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .adxvalue.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .adxvalue.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .adxvalue.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        www.easymedia-gmbh.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .adxvalue.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        audit.median.hu [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .adverticum.net [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        kursnet-finden.arbeitsagentur.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        adserver.mitfahrzentrale.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        media.neodau.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        tracker.pegsanalytics.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        tracker.pegsanalytics.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .c.atdmt.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        ads2.borkum.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .rewetouristik.112.2o7.net [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .ru4.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .ads20.wwe-media.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        adserver2.clipkit.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .samsung.solution.weborama.fr [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .edge.download.newmedia.nacamar.net [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .edge.download.newmedia.nacamar.net [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .hotlog.ru [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        server.adform.net [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .snapfish.112.2o7.net [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .quartermedia.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        tracking.quisma.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wjmicidzgkq.stats.esomniture.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .discounto.arcor.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .discounto.arcor.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .secmedia.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        stat.dealtime.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .discounto.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .discounto.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        tracking.klicktel.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        tracking.klicktel.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        partners.webmasterplan.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        partners.webmasterplan.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        ad.adserver01.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wjloelczidp.stats.esomniture.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .paypal.112.2o7.net [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .stats.paypal.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        wstat.wibiya.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .unister-adservices.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        adfarm1.adition.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .clicksor.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .clicksor.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .hightraffic.hugoboss.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .youporn.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .youporn.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        www.youporn.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .youporninhd.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .youporninhd.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .server.cpmstar.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        keyword-advertising.web.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .ad-emea.doubleclick.net [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .ad-emea.doubleclick.net [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .urbia.wwe-media.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        openx.mediatrust.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        dc.tremormedia.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .ad.adnet.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        ad.dyntracker.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        track.adform.net [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        eas4.emediate.eu [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .server.cpmstar.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .server.cpmstar.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .server.cpmstar.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        ad.adserver01.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .server.cpmstar.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        studivz.adfarm1.adition.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        studivz.adfarm1.adition.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .traffictrack.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        accounts.google.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .accounts.google.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .accounts.google.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .adviva.net [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        adserver.mvg-werbung.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .ad.adnet.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .bs.serving-sys.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .bs.serving-sys.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .c.atdmt.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .c.atdmt.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .overture.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        server.adformdsp.net [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .adformdsp.net [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .adform.net [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        openx.mediatrust.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .tracking.mindshare.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .ero-advertising.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .ero-advertising.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .statcounter.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .youporn.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .youporn.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .porno.youporn.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .porno.youporn.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        de.youporn.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        de.youporn.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .mm.chitika.net [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .you-porn-sex.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .you-porn-sex.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        ads.crakmedia.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .server.cpmstar.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .server.cpmstar.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .server.cpmstar.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        www.youporn.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .clickfuse.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .clickfuse.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .ad.adnet.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        partners.webmasterplan.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        media.gan-online.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        statse.webtrendslive.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .overture.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        www.heisse-teenies.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        nl.youporn.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .youporn.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .youporn.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        ads.trafficjunky.net [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .sexad.net [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        nl.youporn.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .liveperson.net [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .adinterax.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        server.adform.net [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        banner.testberichte.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        www.zanox-affiliate.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .ads20.wwe-media.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        clicks.pangora.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        clicks.pangora.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        clicks.pangora.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .clickfuse.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        clicks.pangora.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        clicks.pangora.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        delivery.atkmedia.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        tomtailor.dyntracker.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wmkycpd5mlp.stats.esomniture.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .lucidmedia.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        ad1.adfarm1.adition.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .eyewonder.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .eyewonder.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .zanox-affiliate.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        ad.dyntracker.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        www.zanox-affiliate.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .questionmarket.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .fastclick.net [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        ww251.smartadserver.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        track.adform.net [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .adform.net [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        adfarm1.adition.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .zanox.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        ad3.adfarm1.adition.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .specificclick.net [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        ad4.adfarm1.adition.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        ad2.adfarm1.adition.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\KAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN7U4NMY.DEFAULT\COOKIES.SQLITE ]
Code:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.12.09

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Karolin :: KAROLIN-PC [Administrator]

Schutz: Aktiviert

12.06.2012 23:21:03
mbam-log-2012-06-12 (23-21-03).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 405642
Laufzeit: 1 Stunde(n), 17 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus 13.06.2012 21:12
Sieht ok aus, da wurden nur Cookies gefunden.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )


Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

sanfran 15.06.2012 17:56
Hey,
also ich habe jetzt nochmal McAfee und Malwarebytes durchlaufen lassen und nichts gefunden. Davor habe ich mir jeweils noch die aktuellsten Updates gezogen.
Eine Frage habe ich jetzt aber noch. Ich habe jetzt bei Malwarebytes noch 2 Trojan.Agent Files in der Quarantäne. Die Log-Datei findest du hier auf Seite 1. Der Beitrag vom 10.06 um 22:08 und die Datei die unter 'Heute' deklariert ist. Was mache ich mit den Funden? Einfach lassen oder löschen?
Vielen Dank nochmal für deine ausgezeichnete Hilfe :D!!!!!!

cosinus 15.06.2012 20:53
Überleg doch mal was eine Quarantäne ist. Ob da die schädliche Datei drinbleibt oder nicht, das hat keine Auswirkungen. Schädlinge in der Quarantäne können nichts mehr anrichten, sie sind dort isoliert. Du solltest grundsätzlich mit der Quarantäne arbeiten, denn falls der Virenscanner durch einen Fehlalarm was wichtiges löscht, kannst Du notfalls noch über die Quarantäne an die Datei ran.

sanfran 15.06.2012 23:20
Klar, hast ja Recht. Aber ich war mir eben nicht ganz sicher.
Was ist eigentlich mit den ganzen Programmen die ich runtergeladen habe. Kann ich die wieder deinstallieren oder sollte die eher behalten?

cosinus 15.06.2012 23:33
Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.


Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:

Adobe - Andere Version des Adobe Flash Player installieren

Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:13 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19