Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   My Security Shield (https://www.trojaner-board.de/118375-my-security-shield.html)

smakr2 02.07.2012 22:38
My Security Shield
 
Hallo zusammen,

heute Abend hat mich meine Freundin ein wenig panisch angerufen bei ihr hätte sich ein Virenscanner geöffnet, den Sie nicht installiert hat. Ich hab sie dann gebeten den PC runterzufahren ohne auf etwas zu klicken.

Also hier angekommen, habe ich den PC wieder angeschaltet und beim einloggen öffnete sich ein Fenster von My Security Shield. Ich konnte das Programm direkt schließen und es wurde auch etwas von Microsoft Essentials gefunden.

Code:
Kategorie: Trojaner

Beschreibung: Dieses Programm ist gefährlich. Es führt Befehle eines Angreifers aus.

Empfohlene Aktion: Entfernen Sie diese Software unverzüglich.

Elemente:
process:pid:2660

Online weitere Informationen zu diesem Element abrufen
Defogger Log
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 23:48 on 02/07/2012 (Franziska)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-
Zunächst habe ich OTL ausgeführt

Code:
OTL logfile created on: 03.07.2012 00:03:52 - Run 1
OTL by OldTimer - Version 3.2.53.1    Folder = C:\Users\Franziska\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 2,54 Gb Available Physical Memory | 64,17% Memory free
7,93 Gb Paging File | 6,49 Gb Available in Paging File | 81,87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,16 Gb Total Space | 354,02 Gb Free Space | 78,64% Space Free | Partition Type: NTFS
 
Computer Name: FRANZISKA-PC | User Name: Franziska | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.02 23:40:04 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Franziska\Desktop\OTL.exe
PRC - [2012.06.27 12:29:26 | 001,996,200 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012.06.17 10:53:43 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2009.08.21 02:25:56 | 000,261,888 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2009.08.21 02:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009.08.18 09:38:18 | 000,825,864 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.EXE
PRC - [2009.08.06 19:18:54 | 000,311,592 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
PRC - [2009.08.06 19:18:42 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009.08.04 21:45:00 | 000,181,480 | ---- | M] (Acer Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
PRC - [2009.08.04 07:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
PRC - [2009.07.31 17:29:12 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2009.07.11 00:18:18 | 000,708,608 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
PRC - [2009.07.10 11:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
PRC - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2009.06.05 04:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2009.06.04 15:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2008.07.29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.17 10:53:42 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2009.02.03 02:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2008.07.29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.06.27 12:29:24 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.06.17 10:53:43 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.03.26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.08.22 09:02:25 | 000,332,272 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)
SRV - [2009.08.21 02:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009.08.18 22:40:12 | 000,796,192 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009.08.06 19:18:54 | 000,311,592 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009.07.10 11:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
SRV - [2009.06.04 15:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009.03.27 12:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Programme\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.05.10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.02.07 21:58:12 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.09.23 10:42:58 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.09.15 19:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2009.08.14 16:54:54 | 000,286,768 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.07.27 09:04:36 | 000,058,880 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV:64bit: - [2009.07.21 08:03:34 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.01 12:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009.07.01 12:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009.06.26 22:25:10 | 000,083,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009.06.24 23:03:24 | 000,048,128 | ---- | M] (Nuvoton Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuvotoncir.sys -- (nuvotoncir)
DRV:64bit: - [2009.06.24 05:00:18 | 000,216,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.06.02 13:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009.06.02 13:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009.06.02 13:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.05.14 02:51:40 | 005,435,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009.05.05 10:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009.05.05 10:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2008.03.28 17:25:30 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\OEM\factory\int15.sys -- (int15.sys)
DRV:64bit: - [2007.06.28 12:47:14 | 000,173,056 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdx64.sys -- (nmwcdx64)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5739g&r=273611092716l0353z166t47m4y890
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5739g&r=273611092716l0353z166t47m4y890
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5739g&r=273611092716l0353z166t47m4y890
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5739g&r=273611092716l0353z166t47m4y890
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5739g&r=273611092716l0353z166t47m4y890
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5739g&r=273611092716l0353z166t47m4y890
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE352
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://getkrafted.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 10:53:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.27 18:47:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.07 10:56:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 10:53:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.27 18:47:00 | 000,000,000 | ---D | M]
 
[2009.11.02 15:16:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Franziska\AppData\Roaming\mozilla\Extensions
[2012.06.30 12:30:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Franziska\AppData\Roaming\mozilla\Firefox\Profiles\dsa8pszz.default\extensions
[2011.12.20 11:10:13 | 000,000,933 | ---- | M] () -- C:\Users\Franziska\AppData\Roaming\Mozilla\Firefox\Profiles\dsa8pszz.default\searchplugins\11-suche.xml
[2011.12.20 11:10:13 | 000,002,419 | ---- | M] () -- C:\Users\Franziska\AppData\Roaming\Mozilla\Firefox\Profiles\dsa8pszz.default\searchplugins\englische-ergebnisse.xml
[2011.12.20 11:10:13 | 000,010,525 | ---- | M] () -- C:\Users\Franziska\AppData\Roaming\Mozilla\Firefox\Profiles\dsa8pszz.default\searchplugins\gmx-suche.xml
[2011.12.20 11:10:13 | 000,002,457 | ---- | M] () -- C:\Users\Franziska\AppData\Roaming\Mozilla\Firefox\Profiles\dsa8pszz.default\searchplugins\lastminute.xml
[2011.12.20 11:10:13 | 000,005,508 | ---- | M] () -- C:\Users\Franziska\AppData\Roaming\Mozilla\Firefox\Profiles\dsa8pszz.default\searchplugins\webde-suche.xml
[2012.05.20 11:48:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.06.30 12:30:54 | 000,743,305 | ---- | M] () (No name found) -- C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.06.17 10:53:43 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.04.09 11:49:33 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.07.11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.03.16 19:08:28 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.16 19:08:28 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.16 19:08:28 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.16 19:08:28 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.16 19:08:28 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.16 19:08:28 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54AC65F4-F2D2-482E-A482-9F814060262B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F9E49A12-9959-489B-B3D2-2A6E3A19E6AF}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4f87430f-bb81-11df-bb56-00269e2eab17}\Shell - "" = AutoRun
O33 - MountPoints2\{4f87430f-bb81-11df-bb56-00269e2eab17}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.02 23:40:01 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Franziska\Desktop\OTL.exe
[2012.07.02 22:02:05 | 000,000,000 | ---D | C] -- C:\Users\Franziska\AppData\Roaming\Malwarebytes
[2012.07.02 22:02:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.02 22:02:01 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.02 22:02:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.02 22:02:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.28 17:15:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012.06.28 17:15:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2012.06.18 17:20:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012.06.18 17:19:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012.06.18 17:19:49 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012.06.18 17:17:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012.06.18 17:17:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2012.06.18 17:16:23 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012.06.08 19:21:32 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.06.07 10:57:03 | 000,000,000 | ---D | C] -- C:\Users\Franziska\AppData\Roaming\Thunderbird
[2012.06.07 10:57:03 | 000,000,000 | ---D | C] -- C:\Users\Franziska\AppData\Local\Thunderbird
[2012.06.07 10:56:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2009.08.22 08:22:38 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.02 23:56:57 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.02 23:56:57 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.02 23:56:43 | 001,505,390 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.02 23:56:43 | 000,656,528 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.02 23:56:43 | 000,618,370 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.02 23:56:43 | 000,131,268 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.02 23:56:43 | 000,107,650 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.02 23:49:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.02 23:49:09 | 3193,643,008 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.02 23:48:21 | 000,000,020 | ---- | M] () -- C:\Users\Franziska\defogger_reenable
[2012.07.02 23:40:04 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Franziska\Desktop\OTL.exe
[2012.07.02 23:39:38 | 000,050,477 | ---- | M] () -- C:\Users\Franziska\Desktop\Defogger.exe
[2012.07.02 19:44:25 | 000,314,368 | ---- | M] () -- C:\Users\Franziska\AppData\Local\axmmxmxca.exe
[2012.06.18 20:18:37 | 000,406,264 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.02 23:48:21 | 000,000,020 | ---- | C] () -- C:\Users\Franziska\defogger_reenable
[2012.07.02 23:39:37 | 000,050,477 | ---- | C] () -- C:\Users\Franziska\Desktop\Defogger.exe
[2012.07.02 19:44:25 | 000,314,368 | ---- | C] () -- C:\Users\Franziska\AppData\Local\axmmxmxca.exe
[2011.01.29 13:41:57 | 001,527,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.01.10 20:09:38 | 000,014,848 | ---- | C] () -- C:\Users\Franziska\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== LOP Check ==========
 
[2009.11.02 19:31:30 | 000,000,000 | -HSD | M] -- C:\Users\Franziska\AppData\Roaming\.#
[2012.05.19 20:18:09 | 000,000,000 | ---D | M] -- C:\Users\Franziska\AppData\Roaming\.purple
[2010.02.07 22:04:14 | 000,000,000 | ---D | M] -- C:\Users\Franziska\AppData\Roaming\DAEMON Tools Lite
[2009.11.02 19:31:09 | 000,000,000 | ---D | M] -- C:\Users\Franziska\AppData\Roaming\GameConsole
[2012.05.04 18:38:16 | 000,000,000 | ---D | M] -- C:\Users\Franziska\AppData\Roaming\gtk-2.0
[2011.04.03 16:12:55 | 000,000,000 | ---D | M] -- C:\Users\Franziska\AppData\Roaming\KeePass
[2009.11.06 16:52:52 | 000,000,000 | ---D | M] -- C:\Users\Franziska\AppData\Roaming\Miranda
[2011.10.17 16:40:43 | 000,000,000 | ---D | M] -- C:\Users\Franziska\AppData\Roaming\Mp3tag
[2009.11.02 15:32:41 | 000,000,000 | ---D | M] -- C:\Users\Franziska\AppData\Roaming\OpenOffice.org
[2012.03.16 21:00:47 | 000,000,000 | ---D | M] -- C:\Users\Franziska\AppData\Roaming\PersBackup5
[2009.11.06 16:45:13 | 000,000,000 | ---D | M] -- C:\Users\Franziska\AppData\Roaming\PowerCinema
[2011.01.22 21:00:59 | 000,000,000 | ---D | M] -- C:\Users\Franziska\AppData\Roaming\SharePod
[2009.11.02 15:35:36 | 000,000,000 | ---D | M] -- C:\Users\Franziska\AppData\Roaming\SoftDMA
[2012.06.07 10:57:03 | 000,000,000 | ---D | M] -- C:\Users\Franziska\AppData\Roaming\Thunderbird
[2011.01.17 22:05:50 | 000,000,000 | ---D | M] -- C:\Users\Franziska\AppData\Roaming\WindSolutions
[2012.05.15 16:36:16 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:E3C56885

< End of report >
Code:
OTL Extras logfile created on: 03.07.2012 00:03:52 - Run 1
OTL by OldTimer - Version 3.2.53.1    Folder = C:\Users\Franziska\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 2,54 Gb Available Physical Memory | 64,17% Memory free
7,93 Gb Paging File | 6,49 Gb Available in Paging File | 81,87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,16 Gb Total Space | 354,02 Gb Free Space | 78,64% Space Free | Partition Type: NTFS
 
Computer Name: FRANZISKA-PC | User Name: Franziska | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1BCAF9AA-34F0-41FD-86A7-FFD4386DEEDA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1BF76B10-88D4-44E3-853E-CC7090CCD295}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1D03A906-0147-4B67-B4A0-61025078185B}" = lport=138 | protocol=17 | dir=in | app=system |
"{244C3BED-FF54-4347-8364-E33A7EC00501}" = rport=10243 | protocol=6 | dir=out | app=system |
"{27239769-22CE-4A61-81AD-2A07D7C43A15}" = rport=139 | protocol=6 | dir=out | app=system |
"{2CAD0F15-1DC6-4F0E-A4F1-E47E4368FD9E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4326AE37-5B41-48E2-83CC-0F1222254F17}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{44BD00DE-A1A0-4E31-8AEB-DFE292E92B36}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5100D03F-17B9-4E04-9A96-AF85345F7FD0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5127335F-5FC8-4B22-B25C-0448B93AD5A6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{551F8613-6C81-485B-922F-912EEF6020EF}" = rport=138 | protocol=17 | dir=out | app=system |
"{57D075D7-72A8-4218-B35E-3FC8562A9D18}" = lport=137 | protocol=17 | dir=in | app=system |
"{7B6B1DAC-C029-4C78-9FAA-C2D0630DA09E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9427F9B7-C26B-4E03-8834-D513C1AFEA39}" = rport=137 | protocol=17 | dir=out | app=system |
"{AA5882EF-3296-4E29-8DD5-E0961D0F7DB7}" = lport=445 | protocol=6 | dir=in | app=system |
"{AF91230F-EC17-4ADF-83A2-6ABC534106F5}" = lport=10243 | protocol=6 | dir=in | app=system |
"{AF997735-556E-4572-BAB3-9FB0E87AA9B9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BBDB7E42-37AB-4A9B-90D4-7FCD3F824A41}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BEF786F8-0248-4062-8248-567AE8E87606}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C0D4439D-0523-4124-A3ED-BF03826A9EEB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C4687B68-648C-43F7-90CA-D14EF60758DA}" = rport=445 | protocol=6 | dir=out | app=system |
"{CEDFFF78-71E8-4FF2-AF96-0874E3B9AF95}" = lport=139 | protocol=6 | dir=in | app=system |
"{E493B28B-9953-4B2B-930F-105E286A69FF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{EE3B2121-6B70-44DC-8280-538FF6EF27E4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F315DBD1-4AB0-4E01-89FE-33DE3CE91127}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{022B0D71-A02F-4F4E-8B46-942C80EF763E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{07AA7354-4718-4576-8EA4-55CB37DC0537}" = dir=in | app=c:\program files (x86)\acer\acer vcm\rs_service.exe |
"{098C6020-A909-4A81-937B-A301EF3FEDB1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0A122C59-0AB4-4F98-BD9A-B557337E1059}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{0A51EDF6-1F19-4EDC-93C6-28D303A14D97}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{24911101-DCB0-4C4F-8E87-BBC500CC4FFA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2C0C1039-5810-4AA8-A1BE-4B7D9E2EEE66}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{393E61BA-36E8-4FF9-839C-D25DE9D1E5C8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{39CA6369-8BBF-4F64-BA0C-862269D7C51F}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{419F54CD-6E98-468D-B7AC-D3CB72E7AD48}" = protocol=6 | dir=out | app=system |
"{49141CF3-E6AC-4711-8A55-41301C649CD9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{590A771B-3462-41C3-850E-099F1ABC6C50}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5DED7AB2-4AF7-4762-8193-B5A6FD8F7697}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{66F7BB8E-46D3-4A94-940B-757A4F10FB60}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe |
"{6835DFFC-2FEA-4405-BE3F-F14B704BA202}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{73BDC5A4-C3B7-41D5-A704-A70B45BB57DA}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{746E3F65-84B5-4736-BEE1-9F2BE1A82B93}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\pmvservice.exe |
"{78E04F85-CAC2-4280-90EB-CD8C485C7CB1}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{7C3F9664-41D2-4C24-9A06-5C0BCFCADDFA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7F486232-5275-4D85-9DAB-E7A81EE76E4A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8B057B72-B20A-46A7-8E50-18C1162F2B26}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9650A03D-7D36-4B69-8975-73341BA2F811}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{96979360-4E13-4F96-B0C2-03D23BE669F1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9ACBD464-14B9-48D3-AF4B-F6A50CA721AC}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{9D126ECD-31B5-48D2-A870-11F566E863EE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{9E0818E4-553A-4452-A463-A4B3A5E6ECAA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9EC42587-EF13-4DC1-9451-04FD9C22E61D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A80CA0FD-AF07-4D3E-B20C-3C02651AC3C0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{AB27103F-E442-4100-A777-FCCE43B7C1D3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B0080336-DA1A-441A-AF1E-1F7A70649D0A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{B88EF606-F0C5-4344-AFC8-C855C9DE0CAE}" = dir=in | app=c:\program files (x86)\acer\acer vcm\vc.exe |
"{C10344EB-9292-4350-8C88-A500802617DD}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{C42B89B9-0C33-47DF-9523-110935F537CE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D0F7BBE3-3A4A-4E2C-92A5-D3A0E8406A56}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D323E3E3-8BD7-4A96-B0B0-A3F4CC0FE319}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D5357411-BE5B-49F3-9176-99A55AE0AABB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E95520A0-4300-4E50-9BC5-653B3C219161}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\playmovie.exe |
"{FC52F213-A410-4B98-871E-F52F514422F4}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{FF963D44-9218-4852-8188-1DCD31875368}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"TCP Query User{3A4FD351-9B8C-4ACB-B5A1-A9B8E0124003}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{74D6F38C-465A-4474-BB2F-B7AD1C0F851E}C:\program files (x86)\left4dead 2 2.0.0.2\left4dead2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\left4dead 2 2.0.0.2\left4dead2.exe |
"TCP Query User{BED82F64-3CA9-4DF1-A38F-05FF0259391D}C:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe |
"TCP Query User{CEE499BF-B4A2-4B55-986C-E76EF2D3860B}C:\program files (x86)\pidgin\pidgin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pidgin\pidgin.exe |
"TCP Query User{D38CEA9A-4216-4CE3-8412-FD7D4A190225}C:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe |
"UDP Query User{1FE147F5-1265-4D8F-A7AB-CAD29FC03989}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{2F8CD3CE-0670-4678-A853-9B00A357FF54}C:\program files (x86)\left4dead 2 2.0.0.2\left4dead2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\left4dead 2 2.0.0.2\left4dead2.exe |
"UDP Query User{545127C7-3F0A-401C-93E0-09222290BA69}C:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe |
"UDP Query User{9A5DF899-8705-489B-81A4-2B4768A18724}C:\program files (x86)\pidgin\pidgin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pidgin\pidgin.exe |
"UDP Query User{A20C58C8-C76E-4A70-B77D-AABCC347B451}C:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{BCF07271-A853-4D3A-B668-4B752174CAA8}" = iTunes
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"929413420CDE2F0C2C08C06E73FF16D9CB6C9807" = Windows-Treiberpaket - Apple Inc. Apple Wireless Mouse (09/17/2009 3.0.0.5)
"Kyocera Product Library" = Kyocera Product Library
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02A55871-A354-48CC-8549-F7719982F51A}" = Acer Arcade Instant On
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{27996809-446F-7261-6C69-6B654C656F6E}" =
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2D3858B1-226A-420D-9C9D-B51864E85429}" = Nuvoton CIR Device Driver
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{7FB413C8-3CAD-49F7-A67C-6EFEB4B04050}" = LogMeIn Hamachi
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114803710}" = Star Defender 4
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1" = Acer GameZone Console
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AAF89271-2594-468D-B578-96B2E30C41C4}" = eBay Worldwide
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.1 MUI
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"7-Zip" = 7-Zip 4.65
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Aspell German Dictionary_is1" = Aspell German Dictionary-0.50-2
"GNU Aspell_is1" = GNU Aspell 0.50-3
"GridVista" = Acer GridVista
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (nur entfernen)
"Identity Card" = Identity Card
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"IrfanView" = IrfanView (remove only)
"KeePass Password Safe_is1" = KeePass Password Safe 1.19
"Left4Dead 2 2.0.0.2" = Left4Dead 2 2.0.0.2
"LManager" = Launch Manager
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Miranda IM" = Miranda IM 0.8.9
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"Mozilla Thunderbird 13.0 (x86 de)" = Mozilla Thunderbird 13.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.49
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Personal Backup 5_is1" = Personal Backup 5.3
"Pidgin" = Pidgin
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"YTdetect" = Yahoo! Detect
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 01.07.2012 02:56:32 | Computer Name = Franziska-PC | Source = ESENT | ID = 623
Description = wuaueng.dll (344) SUS20ClientDataStore: Der Versionsspeicher für Instanz
 0 hat seine maximale Größe von 32 MB erreicht. Wahrscheinlich verhindert eine lange
 andauernde Transaktion die Bereinigung des Versionsspeichers und vergrößert ihn.
 Aktualisierungen werden zurückgewiesen, bis für die betreffende Transaktion ein
 vollständiger Commit- oder Rollbackvorgang durchgeführt wurde.    Mögliche lange andauernde
 Transaktion:    Sitzungs-ID: 0x00000000017304A0    Sitzungskontext: 0x00000000    Thread-ID
 des Sitzungskontextes: 0x0000000000000700    Cleanup: 1
 
Error - 01.07.2012 08:15:32 | Computer Name = Franziska-PC | Source = ESENT | ID = 623
Description = wuaueng.dll (336) SUS20ClientDataStore: Der Versionsspeicher für Instanz
 0 hat seine maximale Größe von 32 MB erreicht. Wahrscheinlich verhindert eine lange
 andauernde Transaktion die Bereinigung des Versionsspeichers und vergrößert ihn.
 Aktualisierungen werden zurückgewiesen, bis für die betreffende Transaktion ein
 vollständiger Commit- oder Rollbackvorgang durchgeführt wurde.    Mögliche lange andauernde
 Transaktion:    Sitzungs-ID: 0x00000000016004A0    Sitzungskontext: 0x00000000    Thread-ID
 des Sitzungskontextes: 0x0000000000000F48    Cleanup: 1
 
Error - 01.07.2012 08:16:46 | Computer Name = Franziska-PC | Source = ESENT | ID = 623
Description = wuaueng.dll (336) SUS20ClientDataStore: Der Versionsspeicher für Instanz
 0 hat seine maximale Größe von 32 MB erreicht. Wahrscheinlich verhindert eine lange
 andauernde Transaktion die Bereinigung des Versionsspeichers und vergrößert ihn.
 Aktualisierungen werden zurückgewiesen, bis für die betreffende Transaktion ein
 vollständiger Commit- oder Rollbackvorgang durchgeführt wurde.    Mögliche lange andauernde
 Transaktion:    Sitzungs-ID: 0x00000000016004A0    Sitzungskontext: 0x00000000    Thread-ID
 des Sitzungskontextes: 0x0000000000000F48    Cleanup: 1
 
Error - 01.07.2012 11:05:48 | Computer Name = Franziska-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 02.07.2012 10:24:27 | Computer Name = Franziska-PC | Source = ESENT | ID = 623
Description = wuaueng.dll (364) SUS20ClientDataStore: Der Versionsspeicher für Instanz
 0 hat seine maximale Größe von 32 MB erreicht. Wahrscheinlich verhindert eine lange
 andauernde Transaktion die Bereinigung des Versionsspeichers und vergrößert ihn.
 Aktualisierungen werden zurückgewiesen, bis für die betreffende Transaktion ein
 vollständiger Commit- oder Rollbackvorgang durchgeführt wurde.    Mögliche lange andauernde
 Transaktion:    Sitzungs-ID: 0x00000000014004A0    Sitzungskontext: 0x00000000    Thread-ID
 des Sitzungskontextes: 0x0000000000000FF0    Cleanup: 1
 
Error - 02.07.2012 10:30:02 | Computer Name = Franziska-PC | Source = ESENT | ID = 623
Description = wuaueng.dll (364) SUS20ClientDataStore: Der Versionsspeicher für Instanz
 0 hat seine maximale Größe von 32 MB erreicht. Wahrscheinlich verhindert eine lange
 andauernde Transaktion die Bereinigung des Versionsspeichers und vergrößert ihn.
 Aktualisierungen werden zurückgewiesen, bis für die betreffende Transaktion ein
 vollständiger Commit- oder Rollbackvorgang durchgeführt wurde.    Mögliche lange andauernde
 Transaktion:    Sitzungs-ID: 0x00000000014104A0    Sitzungskontext: 0x00000000    Thread-ID
 des Sitzungskontextes: 0x0000000000000FF0    Cleanup: 1
 
Error - 02.07.2012 13:16:34 | Computer Name = Franziska-PC | Source = ESENT | ID = 623
Description = wuaueng.dll (340) SUS20ClientDataStore: Der Versionsspeicher für Instanz
 0 hat seine maximale Größe von 32 MB erreicht. Wahrscheinlich verhindert eine lange
 andauernde Transaktion die Bereinigung des Versionsspeichers und vergrößert ihn.
 Aktualisierungen werden zurückgewiesen, bis für die betreffende Transaktion ein
 vollständiger Commit- oder Rollbackvorgang durchgeführt wurde.    Mögliche lange andauernde
 Transaktion:    Sitzungs-ID: 0x00000000010C04A0    Sitzungskontext: 0x00000000    Thread-ID
 des Sitzungskontextes: 0x0000000000001368    Cleanup: 1
 
Error - 02.07.2012 13:17:52 | Computer Name = Franziska-PC | Source = ESENT | ID = 623
Description = wuaueng.dll (340) SUS20ClientDataStore: Der Versionsspeicher für Instanz
 0 hat seine maximale Größe von 32 MB erreicht. Wahrscheinlich verhindert eine lange
 andauernde Transaktion die Bereinigung des Versionsspeichers und vergrößert ihn.
 Aktualisierungen werden zurückgewiesen, bis für die betreffende Transaktion ein
 vollständiger Commit- oder Rollbackvorgang durchgeführt wurde.    Mögliche lange andauernde
 Transaktion:    Sitzungs-ID: 0x00000000010C04A0    Sitzungskontext: 0x00000000    Thread-ID
 des Sitzungskontextes: 0x0000000000001368    Cleanup: 1
 
Error - 02.07.2012 14:09:16 | Computer Name = Franziska-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 02.07.2012 17:48:17 | Computer Name = Franziska-PC | Source = ESENT | ID = 623
Description = wuaueng.dll (344) SUS20ClientDataStore: Der Versionsspeicher für Instanz
 0 hat seine maximale Größe von 32 MB erreicht. Wahrscheinlich verhindert eine lange
 andauernde Transaktion die Bereinigung des Versionsspeichers und vergrößert ihn.
 Aktualisierungen werden zurückgewiesen, bis für die betreffende Transaktion ein
 vollständiger Commit- oder Rollbackvorgang durchgeführt wurde.    Mögliche lange andauernde
 Transaktion:    Sitzungs-ID: 0x00000000016404A0    Sitzungskontext: 0x00000000    Thread-ID
 des Sitzungskontextes: 0x00000000000002C8    Cleanup: 1
 
[ Media Center Events ]
Error - 30.06.2012 13:44:47 | Computer Name = Franziska-PC | Source = MCUpdate | ID = 0
Description = 19:44:47 - Fehler beim Herstellen der Internetverbindung.  19:44:47
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 30.06.2012 13:44:56 | Computer Name = Franziska-PC | Source = MCUpdate | ID = 0
Description = 19:44:52 - Fehler beim Herstellen der Internetverbindung.  19:44:52
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 02.07.2012 17:55:29 | Computer Name = Franziska-PC | Source = MCUpdate | ID = 0
Description = 23:55:28 - Fehler beim Herstellen der Internetverbindung.  23:55:29
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 02.07.2012 17:55:38 | Computer Name = Franziska-PC | Source = MCUpdate | ID = 0
Description = 23:55:34 - Fehler beim Herstellen der Internetverbindung.  23:55:34
-    Serververbindung konnte nicht hergestellt werden.. 
 
[ System Events ]
Error - 02.07.2012 16:01:17 | Computer Name = Franziska-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 02.07.2012 16:02:01 | Computer Name = Franziska-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 02.07.2012 16:02:01 | Computer Name = Franziska-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 02.07.2012 16:02:01 | Computer Name = Franziska-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 02.07.2012 16:03:23 | Computer Name = Franziska-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 02.07.2012 16:03:23 | Computer Name = Franziska-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 02.07.2012 16:03:23 | Computer Name = Franziska-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 02.07.2012 16:07:05 | Computer Name = Franziska-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 02.07.2012 16:07:05 | Computer Name = Franziska-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 02.07.2012 16:07:05 | Computer Name = Franziska-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
 
< End of report >
Dann habe ich rkill gestartet. Es öffnen sich zunächst 3 identische Fenster mit der Meldung "Installation fehlgeschlagen", danach öffnet sich eine Konsole in der rkill ausgeführt wird und erzeugt den folgenden Log

Code:
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 02.07.2012 at 22:29:50.
Operating System: Windows 7 Home Premium


Processes terminated by Rkill or while it was running:



Rkill completed on 02.07.2012 at 22:29:57.
Danach habe ich einen vollständigen Scan gemacht, mit folgendem Ergebnis

Code:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.02.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Franziska :: FRANZISKA-PC [Administrator]

Schutz: Aktiviert

02.07.2012 22:31:32
mbam-log-2012-07-02 (23-32-15).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 382638
Laufzeit: 1 Stunde(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Franziska\AppData\Local\axmmxmxca.exe (Trojan.Lameshield) -> Keine Aktion durchgeführt.

(Ende)
Vielen Dank schon für die Hilfe

cosinus 04.07.2012 13:30
Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

smakr2 06.07.2012 07:44
Hallo ich habe vorher mal gescannt, aber abgebrochen weil ich rkill noch nicht ausgeführt hatte. Ich poste mal wie gebeten alle Logs

Code:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.02.04

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Franziska :: FRANZISKA-PC [Administrator]

Schutz: Deaktiviert

02.07.2012 22:03:43
mbam-log-2012-07-02 (22-03-43).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 208975
Laufzeit: 3 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Code:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.02.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Franziska :: FRANZISKA-PC [Administrator]

Schutz: Aktiviert

02.07.2012 22:10:59
mbam-log-2012-07-02 (22-10-59).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 58345
Laufzeit: 12 Minute(n), 35 Sekunde(n) [Abgebrochen]

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Code:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.02.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Franziska :: FRANZISKA-PC [Administrator]

Schutz: Aktiviert

02.07.2012 22:31:32
mbam-log-2012-07-02 (22-31-32).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 382638
Laufzeit: 1 Stunde(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Franziska\AppData\Local\axmmxmxca.exe (Trojan.Lameshield) -> Keine Aktion durchgeführt.

(Ende)
Code:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.02.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Franziska :: FRANZISKA-PC [Administrator]

Schutz: Aktiviert

03.07.2012 00:12:47
mbam-log-2012-07-03 (00-12-47).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 209849
Laufzeit: 3 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus 06.07.2012 10:24
Führ bitte auch ESET aus, danach sehen wir weiter.

Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden.

ESET Online Scanner
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen
  • Dein Anti-Virus-Programm während des Scans deaktivieren.

    Button http://img695.imageshack.us/img695/1599/eset1l.jpg (<< klick) drücken.
    • Firefox-User:
      Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User:
      müssen das Installieren eines ActiveX Elements erlauben.
  • Setze den einen Haken bei Yes, i accept the Terms of Use.
  • Drücke den http://img707.imageshack.us/img707/687/starteg.jpg Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Scan archives".
  • Gehe sicher das bei Remove Found Threats kein Hacken gesetzt ist.
  • http://img707.imageshack.us/img707/687/starteg.jpg drücken.
  • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde
  • Klicke Finish.
  • Browser schließen.
Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste und kopiere folgenden Text in das Ausführen Fenster.
Code:
"%PROGRAMFILES%\Eset\Eset Online Scanner\log.txt"
Hinweis: Falls du ein 64-Bit-Windows einsetzt, lautet der Pfad so:

Code:
"%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\log.txt"
Poste nun den Inhalt der log.txt.

smakr2 06.07.2012 12:47
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=d85266e1125b8a42aca412616fdede93
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-06 11:37:54
# local_time=2012-07-06 01:37:54 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 66 85 33786069 93198298 0 0
# compatibility_mode=8192 67108863 100 0 194 194 0 0
# scanned=167309
# found=1
# cleaned=0
# scan_time=6227
C:\Users\Franziska\AppData\Local\axmmxmxca.exe        a variant of Win32/Kryptik.AHTF trojan (unable to clean)        00000000000000000000000000000000        I

cosinus 06.07.2012 14:04
Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

smakr2 06.07.2012 14:21
1.) Ja sieht zumindestens so aus
2.) Nein

cosinus 06.07.2012 14:47
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

smakr2 06.07.2012 15:17
Code:
OTL logfile created on: 06.07.2012 16:00:06 - Run 2
OTL by OldTimer - Version 3.2.53.1    Folder = C:\Users\Franziska\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 2,84 Gb Available Physical Memory | 71,62% Memory free
7,93 Gb Paging File | 6,73 Gb Available in Paging File | 84,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,16 Gb Total Space | 353,39 Gb Free Space | 78,50% Space Free | Partition Type: NTFS
 
Computer Name: FRANZISKA-PC | User Name: Franziska | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.06 15:58:37 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Franziska\Desktop\OTL.exe
PRC - [2012.06.27 12:29:26 | 001,996,200 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2009.08.21 02:25:56 | 000,261,888 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2009.08.21 02:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009.08.18 09:38:18 | 000,825,864 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.EXE
PRC - [2009.08.06 19:18:54 | 000,311,592 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
PRC - [2009.08.06 19:18:42 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009.08.04 21:45:00 | 000,181,480 | ---- | M] (Acer Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
PRC - [2009.08.04 07:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
PRC - [2009.07.31 17:29:12 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2009.07.11 00:18:18 | 000,708,608 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
PRC - [2009.07.10 11:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
PRC - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2009.06.05 04:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2009.06.04 15:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2008.07.29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.02.03 02:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2008.07.29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.06.27 12:29:24 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.06.17 10:53:43 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.03.26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.08.22 09:02:25 | 000,332,272 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)
SRV - [2009.08.21 02:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009.08.18 22:40:12 | 000,796,192 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009.08.06 19:18:54 | 000,311,592 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009.07.10 11:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
SRV - [2009.06.04 15:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009.03.27 12:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Programme\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.05.10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.02.07 21:58:12 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.09.23 10:42:58 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.09.15 19:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2009.08.14 16:54:54 | 000,286,768 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.07.27 09:04:36 | 000,058,880 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV:64bit: - [2009.07.21 08:03:34 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.01 12:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009.07.01 12:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009.06.26 22:25:10 | 000,083,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009.06.24 23:03:24 | 000,048,128 | ---- | M] (Nuvoton Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuvotoncir.sys -- (nuvotoncir)
DRV:64bit: - [2009.06.24 05:00:18 | 000,216,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.06.02 13:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009.06.02 13:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009.06.02 13:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.05.14 02:51:40 | 005,435,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009.05.05 10:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009.05.05 10:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2008.03.28 17:25:30 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\OEM\factory\int15.sys -- (int15.sys)
DRV:64bit: - [2007.06.28 12:47:14 | 000,173,056 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdx64.sys -- (nmwcdx64)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5739g&r=273611092716l0353z166t47m4y890
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5739g&r=273611092716l0353z166t47m4y890
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5739g&r=273611092716l0353z166t47m4y890
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5739g&r=273611092716l0353z166t47m4y890
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1502092293-2306933415-2920850022-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5739g&r=273611092716l0353z166t47m4y890
IE - HKU\S-1-5-21-1502092293-2306933415-2920850022-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5739g&r=273611092716l0353z166t47m4y890
IE - HKU\S-1-5-21-1502092293-2306933415-2920850022-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-1502092293-2306933415-2920850022-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1502092293-2306933415-2920850022-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE352
IE - HKU\S-1-5-21-1502092293-2306933415-2920850022-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1502092293-2306933415-2920850022-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1502092293-2306933415-2920850022-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://getkrafted.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 10:53:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.27 18:47:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.07 10:56:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 10:53:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.27 18:47:00 | 000,000,000 | ---D | M]
 
[2009.11.02 15:16:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Franziska\AppData\Roaming\mozilla\Extensions
[2012.07.06 08:41:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Franziska\AppData\Roaming\mozilla\Firefox\Profiles\dsa8pszz.default\extensions
[2011.12.20 11:10:13 | 000,000,933 | ---- | M] () -- C:\Users\Franziska\AppData\Roaming\Mozilla\Firefox\Profiles\dsa8pszz.default\searchplugins\11-suche.xml
[2011.12.20 11:10:13 | 000,002,419 | ---- | M] () -- C:\Users\Franziska\AppData\Roaming\Mozilla\Firefox\Profiles\dsa8pszz.default\searchplugins\englische-ergebnisse.xml
[2011.12.20 11:10:13 | 000,010,525 | ---- | M] () -- C:\Users\Franziska\AppData\Roaming\Mozilla\Firefox\Profiles\dsa8pszz.default\searchplugins\gmx-suche.xml
[2011.12.20 11:10:13 | 000,002,457 | ---- | M] () -- C:\Users\Franziska\AppData\Roaming\Mozilla\Firefox\Profiles\dsa8pszz.default\searchplugins\lastminute.xml
[2011.12.20 11:10:13 | 000,005,508 | ---- | M] () -- C:\Users\Franziska\AppData\Roaming\Mozilla\Firefox\Profiles\dsa8pszz.default\searchplugins\webde-suche.xml
[2012.05.20 11:48:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.06 08:41:13 | 000,743,290 | ---- | M] () (No name found) -- C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.06.17 10:53:43 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.04.09 11:49:33 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.07.11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.03.16 19:08:28 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.16 19:08:28 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.16 19:08:28 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.16 19:08:28 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.16 19:08:28 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.16 19:08:28 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-1502092293-2306933415-2920850022-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54AC65F4-F2D2-482E-A482-9F814060262B}: DhcpNameServer = 81.173.194.69 81.173.194.77
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F9E49A12-9959-489B-B3D2-2A6E3A19E6AF}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4f87430f-bb81-11df-bb56-00269e2eab17}\Shell - "" = AutoRun
O33 - MountPoints2\{4f87430f-bb81-11df-bb56-00269e2eab17}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk -  - File not found
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Symantec Fax Starter Edition-Anschluss.lnk -  - File not found
MsConfig:64bit - StartUpFolder: C:^Users^Franziska^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE - ()
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
MsConfig:64bit - StartUpReg: NortonOnlineBackupReminder - hkey= - key= - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: swg - hkey= - key= - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: mcmscsvc - Service
SafeBootMin:64bit: MCODS - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: mcmscsvc - Service
SafeBootMin: MCODS - Service
SafeBootMin: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: mcmscsvc - Service
SafeBootNet:64bit: MCODS - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MpfService - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Hamachi2Svc - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: mcmscsvc - Service
SafeBootNet: MCODS - Service
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - Service
SafeBootNet: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.06 15:58:34 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Franziska\Desktop\OTL.exe
[2012.07.06 11:50:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.07.06 11:50:15 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Franziska\Desktop\esetsmartinstaller_enu.exe
[2012.07.02 22:02:05 | 000,000,000 | ---D | C] -- C:\Users\Franziska\AppData\Roaming\Malwarebytes
[2012.07.02 22:02:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.02 22:02:01 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.02 22:02:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.02 22:02:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.28 17:15:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012.06.28 17:15:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2012.06.18 17:20:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012.06.18 17:19:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012.06.18 17:19:49 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012.06.18 17:17:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012.06.18 17:17:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2012.06.18 17:16:23 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012.06.08 19:21:32 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.06.07 10:57:03 | 000,000,000 | ---D | C] -- C:\Users\Franziska\AppData\Roaming\Thunderbird
[2012.06.07 10:57:03 | 000,000,000 | ---D | C] -- C:\Users\Franziska\AppData\Local\Thunderbird
[2012.06.07 10:56:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2009.08.22 08:22:38 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.06 16:04:30 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.06 16:04:30 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.06 15:58:37 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Franziska\Desktop\OTL.exe
[2012.07.06 15:57:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.06 15:56:56 | 3193,643,008 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.06 15:22:06 | 001,505,390 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.06 15:22:06 | 000,656,528 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.06 15:22:06 | 000,618,370 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.06 15:22:06 | 000,131,268 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.06 15:22:06 | 000,107,650 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.06 11:50:31 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Franziska\Desktop\esetsmartinstaller_enu.exe
[2012.07.02 23:48:21 | 000,000,020 | ---- | M] () -- C:\Users\Franziska\defogger_reenable
[2012.07.02 23:39:38 | 000,050,477 | ---- | M] () -- C:\Users\Franziska\Desktop\Defogger.exe
[2012.06.18 20:18:37 | 000,406,264 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.02 23:48:21 | 000,000,020 | ---- | C] () -- C:\Users\Franziska\defogger_reenable
[2012.07.02 23:39:37 | 000,050,477 | ---- | C] () -- C:\Users\Franziska\Desktop\Defogger.exe
[2011.01.29 13:41:57 | 001,527,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.01.10 20:09:38 | 000,014,848 | ---- | C] () -- C:\Users\Franziska\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== LOP Check ==========
 
[2009.11.02 19:31:30 | 000,000,000 | -HSD | M] -- C:\Users\Franziska\AppData\Roaming\.#
[2012.05.19 20:18:09 | 000,000,000 | ---D | M] -- C:\Users\Franziska\AppData\Roaming\.purple
[2010.02.07 22:04:14 | 000,000,000 | ---D | M] -- C:\Users\Franziska\AppData\Roaming\DAEMON Tools Lite
[2009.11.02 19:31:09 | 000,000,000 | ---D | M] -- C:\Users\Franziska\AppData\Roaming\GameConsole
[2012.05.04 18:38:16 | 000,000,000 | ---D | M] -- C:\Users\Franziska\AppData\Roaming\gtk-2.0
[2011.04.03 16:12:55 | 000,000,000 | ---D | M] -- C:\Users\Franziska\AppData\Roaming\KeePass
[2009.11.06 16:52:52 | 000,000,000 | ---D | M] -- C:\Users\Franziska\AppData\Roaming\Miranda
[2011.10.17 16:40:43 | 000,000,000 | ---D | M] -- C:\Users\Franziska\AppData\Roaming\Mp3tag
[2009.11.02 15:32:41 | 000,000,000 | ---D | M] -- C:\Users\Franziska\AppData\Roaming\OpenOffice.org
[2012.03.16 21:00:47 | 000,000,000 | ---D | M] -- C:\Users\Franziska\AppData\Roaming\PersBackup5
[2009.11.06 16:45:13 | 000,000,000 | ---D | M] -- C:\Users\Franziska\AppData\Roaming\PowerCinema
[2011.01.22 21:00:59 | 000,000,000 | ---D | M] -- C:\Users\Franziska\AppData\Roaming\SharePod
[2009.11.02 15:35:36 | 000,000,000 | ---D | M] -- C:\Users\Franziska\AppData\Roaming\SoftDMA
[2012.06.07 10:57:03 | 000,000,000 | ---D | M] -- C:\Users\Franziska\AppData\Roaming\Thunderbird
[2011.01.17 22:05:50 | 000,000,000 | ---D | M] -- C:\Users\Franziska\AppData\Roaming\WindSolutions
[2012.05.15 16:36:16 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009.11.02 19:31:30 | 000,000,000 | -HSD | M] -- C:\Users\Franziska\AppData\Roaming\.#
[2012.05.19 20:18:09 | 000,000,000 | ---D | M] -- C:\Users\Franziska\AppData\Roaming\.purple
[2009.11.06 15:54:34 | 000,000,000 | ---D | M] -- C:\Users\Franziska\AppData\Roaming\Adobe
[2011.08.07 14:50:14 | 000,000,000 | ---D | M] -- C:\Users\Franziska\AppData\Roaming\Apple Computer
[2009.11.02 15:35:20 | 000,000,000 | ---D | M] -- C:\Users\Franziska\AppData\Roaming\CyberLink
[2010.02.07 22:04:14 | 000,000,000 | ---D | M] -- C:\Users\Franziska\AppData\Roaming\DAEMON Tools Lite
[2012.06.23 00:50:38 | 000,000,000 | ---D | M] -- C:\Users\Franziska\AppData\Roaming\dvdcss
[2009.11.02 19:31:09 | 000,000,000 | ---D | M] -- C:\Users\Franziska\AppData\Roaming\GameConsole
[2009.11.02 15:04:54 | 000,000,000 | ---D | M] -- C:\Users\Franziska\AppData\Roaming\Google
[2012.05.04 18:38:16 | 000,000,000 | ---D | M] -- C:\Users\Franziska\AppData\Roaming\gtk-2.0
[2009.11.02 14:58:06 | 000,000,000 | ---D | M] -- C:\Users\Franziska\AppData\Roaming\Identities
[2011.04.03 16:12:55 | 000,000,000 | ---D | M] -- C:\Users\Franziska\AppData\Roaming\KeePass
[2009.11.02 14:58:41 | 000,000,000 | ---D | M] -- C:\Users\Franziska\AppData\Roaming\Macromedia
[2012.07.02 22:02:05 | 000,000,000 | ---D | M] -- C:\Users\Franziska\AppData\Roaming\Malwarebytes
[2009.07.14 09:44:38 | 000,000,000 | ---D | M] -- C:\Users\Franziska\AppData\Roaming\Media Center Programs
[2010.12.26 17:24:42 | 000,000,000 | --SD | M] -- C:\Users\Franziska\AppData\Roaming\Microsoft
[2009.11.02 21:02:20 | 000,000,000 | ---D | M] -- C:\Users\Franziska\AppData\Roaming\Microsoft Web Folders
[2009.11.06 16:52:52 | 000,000,000 | ---D | M] -- C:\Users\Franziska\AppData\Roaming\Miranda
[2009.11.02 15:16:29 | 000,000,000 | ---D | M] -- C:\Users\Franziska\AppData\Roaming\Mozilla
[2011.10.17 16:40:43 | 000,000,000 | ---D | M] -- C:\Users\Franziska\AppData\Roaming\Mp3tag
[2009.11.02 15:32:41 | 000,000,000 | ---D | M] -- C:\Users\Franziska\AppData\Roaming\OpenOffice.org
[2012.03.16 21:00:47 | 000,000,000 | ---D | M] -- C:\Users\Franziska\AppData\Roaming\PersBackup5
[2009.11.06 16:45:13 | 000,000,000 | ---D | M] -- C:\Users\Franziska\AppData\Roaming\PowerCinema
[2011.01.22 21:00:59 | 000,000,000 | ---D | M] -- C:\Users\Franziska\AppData\Roaming\SharePod
[2009.11.02 15:35:36 | 000,000,000 | ---D | M] -- C:\Users\Franziska\AppData\Roaming\SoftDMA
[2012.06.07 10:57:03 | 000,000,000 | ---D | M] -- C:\Users\Franziska\AppData\Roaming\Thunderbird
[2012.06.23 02:23:54 | 000,000,000 | ---D | M] -- C:\Users\Franziska\AppData\Roaming\vlc
[2011.08.08 22:18:28 | 000,000,000 | ---D | M] -- C:\Users\Franziska\AppData\Roaming\Winamp
[2011.01.17 22:05:50 | 000,000,000 | ---D | M] -- C:\Users\Franziska\AppData\Roaming\WindSolutions
[2010.10.26 18:46:56 | 000,000,000 | ---D | M] -- C:\Users\Franziska\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.06.05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009.06.05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\drivers\iaStor.sys
[2009.06.05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys
[2009.06.05 03:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Franziska\AppData\Local\Temp\RarSFX0\userinit.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Franziska\AppData\Local\Temp\RarSFX1\userinit.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Franziska\AppData\Local\Temp\RarSFX2\userinit.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Franziska\AppData\Local\Temp\RarSFX3\userinit.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Franziska\AppData\Local\Temp\RarSFX4\userinit.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Franziska\AppData\Local\Temp\RarSFX5\userinit.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Franziska\AppData\Local\Temp\RarSFX6\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Franziska\AppData\Local\Temp\RarSFX0\winlogon.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Franziska\AppData\Local\Temp\RarSFX1\winlogon.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Franziska\AppData\Local\Temp\RarSFX2\winlogon.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Franziska\AppData\Local\Temp\RarSFX3\winlogon.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Franziska\AppData\Local\Temp\RarSFX4\winlogon.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Franziska\AppData\Local\Temp\RarSFX5\winlogon.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Franziska\AppData\Local\Temp\RarSFX6\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<          >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:E3C56885

< End of report >

cosinus 08.07.2012 19:01
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
FF - prefs.js..browser.startup.homepage: "http://getkrafted.de"
FF - user.js - File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4f87430f-bb81-11df-bb56-00269e2eab17}\Shell - "" = AutoRun
O33 - MountPoints2\{4f87430f-bb81-11df-bb56-00269e2eab17}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
[2009.08.22 08:22:38 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
[2009.11.02 19:31:30 | 000,000,000 | -HSD | M] -- C:\Users\Franziska\AppData\Roaming\.#
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:E3C56885
:Files
C:\Users\Franziska\AppData\Local\axmmxmxca.exe
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

smakr2 09.07.2012 16:03
Code:
All processes killed
========== OTL ==========
Prefs.js: "hxxp://getkrafted.de" removed from browser.startup.homepage
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f87430f-bb81-11df-bb56-00269e2eab17}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4f87430f-bb81-11df-bb56-00269e2eab17}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f87430f-bb81-11df-bb56-00269e2eab17}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4f87430f-bb81-11df-bb56-00269e2eab17}\ not found.
File D:\LaunchU3.exe -a not found.
C:\ProgramData\FullRemove.exe moved successfully.
C:\Users\Franziska\AppData\Roaming\.# folder moved successfully.
ADS C:\ProgramData\Temp:E3C56885 deleted successfully.
========== FILES ==========
File\Folder C:\Users\Franziska\AppData\Local\axmmxmxca.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Franziska
->Temp folder emptied: 306600289 bytes
->Temporary Internet Files folder emptied: 132434541 bytes
->Java cache emptied: 24195830 bytes
->FireFox cache emptied: 69310443 bytes
->Flash cache emptied: 56149 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 14113 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 366032886 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50300 bytes
RecycleBin emptied: 4668388062 bytes
 
Total Files Cleaned = 5.309,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Franziska
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.53.1 log created on 07092012_165348

Files\Folders moved on Reboot...
C:\Users\Franziska\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\Franziska\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

cosinus 09.07.2012 18:33
Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

smakr2 09.07.2012 19:09
Code:
# AdwCleaner v1.701 - Logfile created 07/09/2012 at 20:09:10
# Updated 02/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Franziska - FRANZISKA-PC
# Running from : C:\Users\Franziska\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll
Key Found : HKLM\SOFTWARE\Classes\kt_bho.KettleBho
Key Found : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1
[x64] Key Found : HKCU\Software\Softonic
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll
[x64] Key Found : HKLM\SOFTWARE\Classes\kt_bho.KettleBho
[x64] Key Found : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4f73-BBBA-9B2B222FB7D6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4f73-BBBA-9B2B222FB7D6}
[x64] Key Found : HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default
File : C:\Users\Franziska\AppData\Roaming\Mozilla\Firefox\Profiles\dsa8pszz.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2384 octets] - [09/07/2012 20:09:10]

########## EOF - C:\AdwCleaner[R1].txt - [2512 octets] ##########

cosinus 10.07.2012 09:40
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

smakr2 10.07.2012 15:30
Code:
# AdwCleaner v1.701 - Logfile created 07/10/2012 at 16:27:56
# Updated 02/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Franziska - FRANZISKA-PC
# Running from : C:\Users\Franziska\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll
Key Deleted : HKLM\SOFTWARE\Classes\kt_bho.KettleBho
Key Deleted : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4f73-BBBA-9B2B222FB7D6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default
File : C:\Users\Franziska\AppData\Roaming\Mozilla\Firefox\Profiles\dsa8pszz.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2493 octets] - [09/07/2012 20:09:10]
AdwCleaner[R2].txt - [2553 octets] - [09/07/2012 20:10:16]
AdwCleaner[S1].txt - [1883 octets] - [10/07/2012 16:27:56]

########## EOF - C:\AdwCleaner[S1].txt - [2011 octets] ##########

cosinus 10.07.2012 21:05
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

smakr2 11.07.2012 07:47
Code:
08:40:36.0699 2516        TDSS rootkit removing tool 2.7.45.0 Jul  9 2012 12:46:35
08:40:36.0714 2516        ============================================================
08:40:36.0714 2516        Current date / time: 2012/07/11 08:40:36.0714
08:40:36.0714 2516        SystemInfo:
08:40:36.0714 2516       
08:40:36.0714 2516        OS Version: 6.1.7601 ServicePack: 1.0
08:40:36.0714 2516        Product type: Workstation
08:40:36.0730 2516        ComputerName: FRANZISKA-PC
08:40:36.0730 2516        UserName: Franziska
08:40:36.0730 2516        Windows directory: C:\Windows
08:40:36.0730 2516        System windows directory: C:\Windows
08:40:36.0730 2516        Running under WOW64
08:40:36.0730 2516        Processor architecture: Intel x64
08:40:36.0730 2516        Number of processors: 2
08:40:36.0730 2516        Page size: 0x1000
08:40:36.0730 2516        Boot type: Normal boot
08:40:36.0730 2516        ============================================================
08:40:37.0323 2516        Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:40:37.0338 2516        Drive \Device\Harddisk1\DR1 - Size: 0x1DE000000 (7.47 Gb), SectorSize: 0x200, Cylinders: 0x3CE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
08:40:37.0338 2516        ============================================================
08:40:37.0338 2516        \Device\Harddisk0\DR0:
08:40:37.0338 2516        MBR partitions:
08:40:37.0338 2516        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1F00800, BlocksNum 0x32000
08:40:37.0354 2516        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1F33000, BlocksNum 0x38452800
08:40:37.0354 2516        \Device\Harddisk1\DR1:
08:40:37.0354 2516        MBR partitions:
08:40:37.0354 2516        \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x890, BlocksNum 0xEEF770
08:40:37.0354 2516        ============================================================
08:40:37.0385 2516        C: <-> \Device\Harddisk0\DR0\Partition1
08:40:37.0385 2516        ============================================================
08:40:37.0385 2516        Initialize success
08:40:37.0385 2516        ============================================================
08:41:07.0587 1324        ============================================================
08:41:07.0587 1324        Scan started
08:41:07.0587 1324        Mode: Manual; SigCheck; TDLFS;
08:41:07.0587 1324        ============================================================
08:41:09.0178 1324        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
08:41:09.0334 1324        1394ohci - ok
08:41:09.0428 1324        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
08:41:09.0475 1324        ACPI - ok
08:41:09.0553 1324        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
08:41:09.0615 1324        AcpiPmi - ok
08:41:09.0740 1324        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
08:41:09.0818 1324        adp94xx - ok
08:41:09.0927 1324        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
08:41:09.0974 1324        adpahci - ok
08:41:10.0021 1324        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
08:41:10.0067 1324        adpu320 - ok
08:41:10.0177 1324        AeLookupSvc    (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
08:41:10.0333 1324        AeLookupSvc - ok
08:41:10.0457 1324        AFD            (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
08:41:10.0567 1324        AFD - ok
08:41:10.0629 1324        AgereModemAudio (b65f8dba54f251906bbe8611b5a0e7ab) C:\Program Files\LSI SoftModem\agr64svc.exe
08:41:10.0691 1324        AgereModemAudio - ok
08:41:10.0879 1324        AgereSoftModem  (c98356d813b581e9c425b42a5d146ce0) C:\Windows\system32\DRIVERS\agrsm64.sys
08:41:10.0957 1324        AgereSoftModem - ok
08:41:11.0035 1324        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
08:41:11.0066 1324        agp440 - ok
08:41:11.0097 1324        ALG            (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
08:41:11.0144 1324        ALG - ok
08:41:11.0175 1324        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
08:41:11.0191 1324        aliide - ok
08:41:11.0206 1324        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
08:41:11.0222 1324        amdide - ok
08:41:11.0253 1324        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
08:41:11.0284 1324        AmdK8 - ok
08:41:11.0315 1324        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
08:41:11.0347 1324        AmdPPM - ok
08:41:11.0409 1324        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
08:41:11.0456 1324        amdsata - ok
08:41:11.0534 1324        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
08:41:11.0581 1324        amdsbs - ok
08:41:11.0596 1324        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
08:41:11.0612 1324        amdxata - ok
08:41:11.0659 1324        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
08:41:11.0752 1324        AppID - ok
08:41:11.0783 1324        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
08:41:11.0861 1324        AppIDSvc - ok
08:41:11.0939 1324        Appinfo        (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
08:41:12.0064 1324        Appinfo - ok
08:41:12.0283 1324        Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:41:12.0298 1324        Apple Mobile Device - ok
08:41:12.0361 1324        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
08:41:12.0407 1324        arc - ok
08:41:12.0423 1324        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
08:41:12.0470 1324        arcsas - ok
08:41:12.0517 1324        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
08:41:12.0610 1324        AsyncMac - ok
08:41:12.0641 1324        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
08:41:12.0657 1324        atapi - ok
08:41:12.0797 1324        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
08:41:12.0938 1324        AudioEndpointBuilder - ok
08:41:12.0953 1324        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
08:41:13.0016 1324        AudioSrv - ok
08:41:13.0063 1324        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
08:41:13.0141 1324        AxInstSV - ok
08:41:13.0234 1324        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
08:41:13.0297 1324        b06bdrv - ok
08:41:13.0359 1324        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
08:41:13.0437 1324        b57nd60a - ok
08:41:13.0499 1324        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
08:41:13.0546 1324        BDESVC - ok
08:41:13.0577 1324        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
08:41:13.0640 1324        Beep - ok
08:41:13.0780 1324        BFE            (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
08:41:13.0921 1324        BFE - ok
08:41:14.0123 1324        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
08:41:14.0279 1324        BITS - ok
08:41:14.0342 1324        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
08:41:14.0373 1324        blbdrive - ok
08:41:14.0529 1324        Bonjour Service (f2060a34c8a75bc24a9222eb4f8c07bd) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
08:41:14.0560 1324        Bonjour Service - ok
08:41:14.0623 1324        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
08:41:14.0654 1324        bowser - ok
08:41:14.0685 1324        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:41:14.0732 1324        BrFiltLo - ok
08:41:14.0763 1324        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:41:14.0779 1324        BrFiltUp - ok
08:41:14.0810 1324        Browser        (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
08:41:14.0919 1324        Browser - ok
08:41:14.0981 1324        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
08:41:15.0059 1324        Brserid - ok
08:41:15.0075 1324        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
08:41:15.0137 1324        BrSerWdm - ok
08:41:15.0169 1324        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:41:15.0231 1324        BrUsbMdm - ok
08:41:15.0231 1324        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
08:41:15.0293 1324        BrUsbSer - ok
08:41:15.0309 1324        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
08:41:15.0403 1324        BTHMODEM - ok
08:41:15.0434 1324        bthserv        (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
08:41:15.0543 1324        bthserv - ok
08:41:15.0652 1324        btwaudio        (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys
08:41:15.0699 1324        btwaudio - ok
08:41:15.0761 1324        btwavdt        (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\drivers\btwavdt.sys
08:41:15.0793 1324        btwavdt - ok
08:41:15.0839 1324        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
08:41:15.0917 1324        cdfs - ok
08:41:15.0980 1324        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
08:41:16.0042 1324        cdrom - ok
08:41:16.0089 1324        CertPropSvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
08:41:16.0198 1324        CertPropSvc - ok
08:41:16.0245 1324        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
08:41:16.0276 1324        circlass - ok
08:41:16.0432 1324        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
08:41:16.0495 1324        CLFS - ok
08:41:16.0557 1324        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:41:16.0619 1324        clr_optimization_v2.0.50727_32 - ok
08:41:16.0697 1324        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:41:16.0760 1324        clr_optimization_v2.0.50727_64 - ok
08:41:16.0853 1324        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:41:16.0885 1324        clr_optimization_v4.0.30319_32 - ok
08:41:16.0931 1324        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:41:16.0978 1324        clr_optimization_v4.0.30319_64 - ok
08:41:17.0041 1324        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
08:41:17.0087 1324        CmBatt - ok
08:41:17.0134 1324        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
08:41:17.0165 1324        cmdide - ok
08:41:17.0321 1324        CNG            (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
08:41:17.0415 1324        CNG - ok
08:41:17.0462 1324        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
08:41:17.0493 1324        Compbatt - ok
08:41:17.0571 1324        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
08:41:17.0696 1324        CompositeBus - ok
08:41:17.0711 1324        COMSysApp - ok
08:41:17.0727 1324        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
08:41:17.0743 1324        crcdisk - ok
08:41:17.0805 1324        CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
08:41:17.0883 1324        CryptSvc - ok
08:41:17.0977 1324        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
08:41:18.0086 1324        DcomLaunch - ok
08:41:18.0179 1324        defragsvc      (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
08:41:18.0273 1324        defragsvc - ok
08:41:18.0320 1324        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
08:41:18.0429 1324        DfsC - ok
08:41:18.0507 1324        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
08:41:18.0601 1324        Dhcp - ok
08:41:18.0616 1324        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
08:41:18.0725 1324        discache - ok
08:41:18.0757 1324        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
08:41:18.0788 1324        Disk - ok
08:41:19.0271 1324        DKbFltr        (d5bcb77be83cf99f508943945d46343d) C:\Windows\syswow64\Drivers\DKbFltr.sys
08:41:19.0303 1324        DKbFltr - ok
08:41:19.0412 1324        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
08:41:19.0537 1324        Dnscache - ok
08:41:19.0599 1324        dot3svc        (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
08:41:19.0724 1324        dot3svc - ok
08:41:19.0771 1324        DPS            (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
08:41:19.0895 1324        DPS - ok
08:41:19.0927 1324        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
08:41:19.0958 1324        drmkaud - ok
08:41:20.0145 1324        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
08:41:20.0223 1324        DXGKrnl - ok
08:41:20.0254 1324        EapHost        (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
08:41:20.0317 1324        EapHost - ok
08:41:20.0925 1324        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
08:41:21.0081 1324        ebdrv - ok
08:41:21.0268 1324        EFS            (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
08:41:21.0331 1324        EFS - ok
08:41:21.0549 1324        ehRecvr        (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
08:41:21.0627 1324        ehRecvr - ok
08:41:21.0705 1324        ehSched        (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
08:41:21.0767 1324        ehSched - ok
08:41:21.0908 1324        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
08:41:22.0001 1324        elxstor - ok
08:41:22.0267 1324        ePowerSvc      (c75ce2e262fee152f43c230d59f92dae) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
08:41:22.0313 1324        ePowerSvc - ok
08:41:22.0579 1324        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
08:41:22.0641 1324        ErrDev - ok
08:41:22.0750 1324        EventSystem    (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
08:41:22.0844 1324        EventSystem - ok
08:41:22.0906 1324        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
08:41:23.0031 1324        exfat - ok
08:41:23.0093 1324        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
08:41:23.0218 1324        fastfat - ok
08:41:23.0374 1324        Fax            (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
08:41:23.0468 1324        Fax - ok
08:41:23.0499 1324        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
08:41:23.0515 1324        fdc - ok
08:41:23.0561 1324        fdPHost        (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
08:41:23.0655 1324        fdPHost - ok
08:41:23.0671 1324        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
08:41:23.0733 1324        FDResPub - ok
08:41:23.0764 1324        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
08:41:23.0795 1324        FileInfo - ok
08:41:23.0842 1324        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
08:41:23.0905 1324        Filetrace - ok
08:41:23.0951 1324        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
08:41:23.0967 1324        flpydisk - ok
08:41:24.0029 1324        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
08:41:24.0092 1324        FltMgr - ok
08:41:24.0279 1324        FontCache      (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
08:41:24.0404 1324        FontCache - ok
08:41:24.0544 1324        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:41:24.0591 1324        FontCache3.0.0.0 - ok
08:41:24.0622 1324        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
08:41:24.0653 1324        FsDepends - ok
08:41:24.0700 1324        Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
08:41:24.0731 1324        Fs_Rec - ok
08:41:24.0794 1324        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
08:41:24.0841 1324        fvevol - ok
08:41:24.0872 1324        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
08:41:24.0887 1324        gagp30kx - ok
08:41:24.0965 1324        GEARAspiWDM    (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:41:25.0012 1324        GEARAspiWDM - ok
08:41:25.0153 1324        gpsvc          (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
08:41:25.0324 1324        gpsvc - ok
08:41:25.0558 1324        Greg_Service    (816fd5a6f3c2f3d600900096632fc60e) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
08:41:25.0605 1324        Greg_Service - ok
08:41:25.0667 1324        gusvc          (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
08:41:25.0714 1324        gusvc - ok
08:41:26.0011 1324        hamachi        (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
08:41:26.0042 1324        hamachi - ok
08:41:26.0447 1324        Hamachi2Svc    (21d24138b736983f6e23823e092e9428) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
08:41:26.0510 1324        Hamachi2Svc - ok
08:41:26.0759 1324        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
08:41:26.0791 1324        hcw85cir - ok
08:41:26.0884 1324        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
08:41:26.0978 1324        HdAudAddService - ok
08:41:27.0040 1324        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
08:41:27.0087 1324        HDAudBus - ok
08:41:27.0118 1324        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
08:41:27.0149 1324        HidBatt - ok
08:41:27.0181 1324        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
08:41:27.0243 1324        HidBth - ok
08:41:27.0305 1324        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
08:41:27.0352 1324        HidIr - ok
08:41:27.0383 1324        hidserv        (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
08:41:27.0477 1324        hidserv - ok
08:41:27.0555 1324        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
08:41:27.0586 1324        HidUsb - ok
08:41:27.0633 1324        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
08:41:27.0727 1324        hkmsvc - ok
08:41:27.0836 1324        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
08:41:27.0914 1324        HomeGroupListener - ok
08:41:27.0976 1324        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
08:41:28.0054 1324        HomeGroupProvider - ok
08:41:28.0117 1324        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
08:41:28.0163 1324        HpSAMD - ok
08:41:28.0319 1324        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
08:41:28.0429 1324        HTTP - ok
08:41:28.0460 1324        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
08:41:28.0475 1324        hwpolicy - ok
08:41:28.0569 1324        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
08:41:28.0600 1324        i8042prt - ok
08:41:28.0741 1324        IAANTMON        (7548066df68a8a1a56b043359f915f37) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
08:41:28.0772 1324        IAANTMON - ok
08:41:28.0881 1324        iaStor          (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
08:41:28.0897 1324        iaStor - ok
08:41:28.0990 1324        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
08:41:29.0053 1324        iaStorV - ok
08:41:29.0333 1324        idsvc          (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:41:29.0411 1324        idsvc - ok
08:41:30.0394 1324        igfx            (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
08:41:30.0628 1324        igfx - ok
08:41:30.0971 1324        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
08:41:31.0003 1324        iirsp - ok
08:41:31.0143 1324        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
08:41:31.0315 1324        IKEEXT - ok
08:41:31.0393 1324        int15.sys      (8c7fa71cb1ebcd3ede8958d27b1bf0b4) C:\Windows\System32\OEM\Factory\int15.sys
08:41:31.0424 1324        int15.sys - ok
08:41:31.0736 1324        IntcAzAudAddService (430aab6c09af99d5beb311795349e9dd) C:\Windows\system32\drivers\RTKVHD64.sys
08:41:31.0861 1324        IntcAzAudAddService - ok
08:41:32.0063 1324        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
08:41:32.0079 1324        intelide - ok
08:41:32.0141 1324        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
08:41:32.0173 1324        intelppm - ok
08:41:32.0219 1324        IPBusEnum      (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
08:41:32.0329 1324        IPBusEnum - ok
08:41:32.0563 1324        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:41:32.0641 1324        IpFilterDriver - ok
08:41:32.0750 1324        iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
08:41:32.0890 1324        iphlpsvc - ok
08:41:32.0937 1324        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
08:41:32.0984 1324        IPMIDRV - ok
08:41:33.0077 1324        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
08:41:33.0155 1324        IPNAT - ok
08:41:33.0358 1324        iPod Service    (d38469601b72d2da4f847fc642174e21) C:\Program Files\iPod\bin\iPodService.exe
08:41:33.0421 1324        iPod Service - ok
08:41:33.0452 1324        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
08:41:33.0499 1324        IRENUM - ok
08:41:33.0530 1324        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
08:41:33.0545 1324        isapnp - ok
08:41:33.0608 1324        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
08:41:33.0670 1324        iScsiPrt - ok
08:41:33.0717 1324        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
08:41:33.0748 1324        kbdclass - ok
08:41:33.0764 1324        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
08:41:33.0779 1324        kbdhid - ok
08:41:33.0826 1324        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:41:33.0842 1324        KeyIso - ok
08:41:33.0873 1324        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
08:41:33.0889 1324        KSecDD - ok
08:41:33.0935 1324        KSecPkg        (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
08:41:33.0982 1324        KSecPkg - ok
08:41:33.0998 1324        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
08:41:34.0091 1324        ksthunk - ok
08:41:34.0154 1324        KtmRm          (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
08:41:34.0247 1324        KtmRm - ok
08:41:34.0294 1324        L1C            (2377ec4cc3e356655b996f39b43486b6) C:\Windows\system32\DRIVERS\L1C62x64.sys
08:41:34.0325 1324        L1C - ok
08:41:34.0388 1324        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
08:41:34.0481 1324        LanmanServer - ok
08:41:34.0513 1324        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
08:41:34.0622 1324        LanmanWorkstation - ok
08:41:34.0669 1324        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
08:41:34.0700 1324        lltdio - ok
08:41:34.0747 1324        lltdsvc        (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
08:41:34.0887 1324        lltdsvc - ok
08:41:34.0918 1324        lmhosts        (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
08:41:34.0996 1324        lmhosts - ok
08:41:35.0043 1324        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
08:41:35.0105 1324        LSI_FC - ok
08:41:35.0152 1324        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
08:41:35.0183 1324        LSI_SAS - ok
08:41:35.0199 1324        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:41:35.0230 1324        LSI_SAS2 - ok
08:41:35.0261 1324        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:41:35.0308 1324        LSI_SCSI - ok
08:41:35.0339 1324        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
08:41:35.0449 1324        luafv - ok
08:41:35.0480 1324        MBAMProtector  (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
08:41:35.0495 1324        MBAMProtector - ok
08:41:35.0698 1324        MBAMService    (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
08:41:35.0761 1324        MBAMService - ok
08:41:35.0792 1324        Mcx2Svc        (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
08:41:35.0839 1324        Mcx2Svc - ok
08:41:35.0870 1324        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
08:41:35.0901 1324        megasas - ok
08:41:35.0963 1324        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
08:41:36.0010 1324        MegaSR - ok
08:41:36.0057 1324        MMCSS          (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
08:41:36.0197 1324        MMCSS - ok
08:41:36.0229 1324        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
08:41:36.0291 1324        Modem - ok
08:41:36.0307 1324        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
08:41:36.0338 1324        monitor - ok
08:41:36.0400 1324        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
08:41:36.0431 1324        mouclass - ok
08:41:36.0478 1324        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
08:41:36.0525 1324        mouhid - ok
08:41:36.0572 1324        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
08:41:36.0619 1324        mountmgr - ok
08:41:36.0759 1324        MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
08:41:36.0806 1324        MozillaMaintenance - ok
08:41:36.0884 1324        MpFilter        (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
08:41:36.0946 1324        MpFilter - ok
08:41:36.0993 1324        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
08:41:37.0040 1324        mpio - ok
08:41:37.0071 1324        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
08:41:37.0149 1324        mpsdrv - ok
08:41:37.0289 1324        MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
08:41:37.0399 1324        MpsSvc - ok
08:41:37.0445 1324        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
08:41:37.0523 1324        MRxDAV - ok
08:41:37.0601 1324        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:41:37.0695 1324        mrxsmb - ok
08:41:37.0820 1324        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:41:37.0882 1324        mrxsmb10 - ok
08:41:37.0945 1324        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:41:37.0991 1324        mrxsmb20 - ok
08:41:38.0038 1324        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
08:41:38.0069 1324        msahci - ok
08:41:38.0132 1324        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
08:41:38.0163 1324        msdsm - ok
08:41:38.0272 1324        MSDTC          (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
08:41:38.0350 1324        MSDTC - ok
08:41:38.0444 1324        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
08:41:38.0522 1324        Msfs - ok
08:41:38.0553 1324        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
08:41:38.0678 1324        mshidkmdf - ok
08:41:38.0725 1324        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
08:41:38.0740 1324        msisadrv - ok
08:41:38.0803 1324        MSiSCSI        (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
08:41:38.0865 1324        MSiSCSI - ok
08:41:38.0865 1324        msiserver - ok
08:41:38.0912 1324        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
08:41:38.0959 1324        MSKSSRV - ok
08:41:39.0068 1324        MsMpSvc        (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
08:41:39.0099 1324        MsMpSvc - ok
08:41:39.0130 1324        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
08:41:39.0224 1324        MSPCLOCK - ok
08:41:39.0239 1324        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
08:41:39.0271 1324        MSPQM - ok
08:41:39.0395 1324        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
08:41:39.0442 1324        MsRPC - ok
08:41:39.0473 1324        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
08:41:39.0489 1324        mssmbios - ok
08:41:39.0520 1324        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
08:41:39.0583 1324        MSTEE - ok
08:41:39.0661 1324        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
08:41:39.0723 1324        MTConfig - ok
08:41:39.0770 1324        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
08:41:39.0785 1324        Mup - ok
08:41:39.0817 1324        mwlPSDFilter    (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
08:41:39.0832 1324        mwlPSDFilter - ok
08:41:39.0848 1324        mwlPSDNServ    (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
08:41:39.0848 1324        mwlPSDNServ - ok
08:41:39.0910 1324        mwlPSDVDisk    (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
08:41:39.0941 1324        mwlPSDVDisk - ok
08:41:40.0129 1324        MWLService      (0f5faac852db4c340b7a2f187e3358b8) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
08:41:40.0160 1324        MWLService - ok
08:41:40.0238 1324        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
08:41:40.0363 1324        napagent - ok
08:41:40.0456 1324        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
08:41:40.0519 1324        NativeWifiP - ok
08:41:40.0675 1324        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
08:41:40.0768 1324        NDIS - ok
08:41:40.0815 1324        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
08:41:40.0909 1324        NdisCap - ok
08:41:40.0924 1324        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
08:41:40.0971 1324        NdisTapi - ok
08:41:41.0018 1324        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
08:41:41.0096 1324        Ndisuio - ok
08:41:41.0143 1324        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
08:41:41.0252 1324        NdisWan - ok
08:41:41.0299 1324        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
08:41:41.0377 1324        NDProxy - ok
08:41:41.0439 1324        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
08:41:41.0517 1324        NetBIOS - ok
08:41:41.0564 1324        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
08:41:41.0673 1324        NetBT - ok
08:41:41.0720 1324        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:41:41.0720 1324        Netlogon - ok
08:41:41.0782 1324        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
08:41:41.0891 1324        Netman - ok
08:41:41.0969 1324        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
08:41:42.0110 1324        netprofm - ok
08:41:42.0219 1324        NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:41:42.0266 1324        NetTcpPortSharing - ok
08:41:43.0217 1324        NETw5s64        (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys
08:41:43.0483 1324        NETw5s64 - ok
08:41:44.0309 1324        netw5v64        (705283c02177809ca9fa7cc58a4f1e77) C:\Windows\system32\DRIVERS\netw5v64.sys
08:41:44.0481 1324        netw5v64 - ok
08:41:44.0653 1324        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
08:41:44.0684 1324        nfrd960 - ok
08:41:44.0793 1324        NisDrv          (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
08:41:44.0824 1324        NisDrv - ok
08:41:45.0043 1324        NisSrv          (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
08:41:45.0121 1324        NisSrv - ok
08:41:45.0214 1324        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
08:41:45.0323 1324        NlaSvc - ok
08:41:45.0401 1324        nmwcdx64        (ad8c3895155ee8d057f073856b2d5851) C:\Windows\system32\drivers\nmwcdx64.sys
08:41:45.0495 1324        nmwcdx64 - ok
08:41:45.0526 1324        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
08:41:45.0573 1324        Npfs - ok
08:41:45.0589 1324        nsi            (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
08:41:45.0682 1324        nsi - ok
08:41:45.0729 1324        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
08:41:45.0823 1324        nsiproxy - ok
08:41:46.0135 1324        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
08:41:46.0275 1324        Ntfs - ok
08:41:46.0400 1324        NTI IScheduleSvc (70e3eb0cef795d348f05e5a9b115f491) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
08:41:46.0415 1324        NTI IScheduleSvc - ok
08:41:46.0509 1324        NTIBackupSvc    (fd324cce1d4d5bb5af65f8e55b462c7e) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
08:41:46.0540 1324        NTIBackupSvc - ok
08:41:46.0712 1324        NTIDrvr        (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
08:41:46.0743 1324        NTIDrvr - ok
08:41:46.0821 1324        NTISchedulerSvc (3f6268a2ec33cd38cf75c880af8ded42) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
08:41:46.0899 1324        NTISchedulerSvc - ok
08:41:46.0930 1324        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
08:41:47.0024 1324        Null - ok
08:41:47.0102 1324        nuvotoncir      (6f09cb36c344b98356978b37ba9ad42b) C:\Windows\system32\DRIVERS\nuvotoncir.sys
08:41:47.0180 1324        nuvotoncir - ok
08:41:47.0289 1324        NVHDA          (cb599955ce2ce9694721562f9481cd84) C:\Windows\system32\drivers\nvhda64v.sys
08:41:47.0320 1324        NVHDA - ok
08:41:49.0005 1324        nvlddmkm        (ccb87cbaf1b9c24b874ff10fc9e260f3) C:\Windows\system32\DRIVERS\nvlddmkm.sys
08:41:49.0348 1324        nvlddmkm - ok
08:41:49.0489 1324        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
08:41:49.0520 1324        nvraid - ok
08:41:49.0582 1324        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
08:41:49.0629 1324        nvstor - ok
08:41:49.0691 1324        nvsvc          (522b2ad8d62e3d5c82a745ad523f65fa) C:\Windows\system32\nvvsvc.exe
08:41:49.0738 1324        nvsvc - ok
08:41:49.0754 1324        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
08:41:49.0785 1324        nv_agp - ok
08:41:49.0832 1324        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
08:41:49.0894 1324        ohci1394 - ok
08:41:50.0019 1324        ose            (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:41:50.0050 1324        ose - ok
08:41:51.0688 1324        osppsvc        (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
08:41:51.0829 1324        osppsvc - ok
08:41:52.0031 1324        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
08:41:52.0156 1324        p2pimsvc - ok
08:41:52.0265 1324        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
08:41:52.0328 1324        p2psvc - ok
08:41:52.0390 1324        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
08:41:52.0484 1324        Parport - ok
08:41:52.0515 1324        partmgr        (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
08:41:52.0546 1324        partmgr - ok
08:41:52.0624 1324        Partner Service (9665402b7fa59302d520ad845ddfc026) C:\ProgramData\Partner\Partner.exe
08:41:52.0655 1324        Partner Service - ok
08:41:53.0014 1324        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
08:41:53.0108 1324        PcaSvc - ok
08:41:53.0389 1324        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
08:41:53.0451 1324        pci - ok
08:41:53.0451 1324        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
08:41:53.0467 1324        pciide - ok
08:41:53.0529 1324        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
08:41:53.0607 1324        pcmcia - ok
08:41:53.0623 1324        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
08:41:53.0638 1324        pcw - ok
08:41:53.0732 1324        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
08:41:53.0825 1324        PEAUTH - ok
08:41:54.0106 1324        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
08:41:54.0169 1324        PerfHost - ok
08:41:54.0512 1324        pla            (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
08:41:54.0637 1324        pla - ok
08:41:54.0746 1324        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
08:41:54.0793 1324        PlugPlay - ok
08:41:54.0839 1324        PNRPAutoReg    (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
08:41:54.0902 1324        PNRPAutoReg - ok
08:41:54.0964 1324        PNRPsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
08:41:55.0011 1324        PNRPsvc - ok
08:41:55.0120 1324        PolicyAgent    (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
08:41:55.0276 1324        PolicyAgent - ok
08:41:55.0323 1324        Power          (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
08:41:55.0432 1324        Power - ok
08:41:55.0526 1324        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
08:41:55.0651 1324        PptpMiniport - ok
08:41:55.0682 1324        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
08:41:55.0744 1324        Processor - ok
08:41:55.0807 1324        ProfSvc        (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
08:41:55.0885 1324        ProfSvc - ok
08:41:55.0931 1324        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:41:55.0963 1324        ProtectedStorage - ok
08:41:56.0041 1324        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
08:41:56.0134 1324        Psched - ok
08:41:56.0477 1324        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
08:41:56.0571 1324        ql2300 - ok
08:41:56.0821 1324        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
08:41:56.0883 1324        ql40xx - ok
08:41:56.0992 1324        QWAVE          (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
08:41:57.0039 1324        QWAVE - ok
08:41:57.0101 1324        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
08:41:57.0148 1324        QWAVEdrv - ok
08:41:57.0195 1324        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
08:41:57.0257 1324        RasAcd - ok
08:41:57.0304 1324        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:41:57.0351 1324        RasAgileVpn - ok
08:41:57.0382 1324        RasAuto        (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
08:41:57.0429 1324        RasAuto - ok
08:41:57.0460 1324        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:41:57.0554 1324        Rasl2tp - ok
08:41:57.0647 1324        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
08:41:57.0772 1324        RasMan - ok
08:41:57.0803 1324        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
08:41:57.0850 1324        RasPppoe - ok
08:41:57.0881 1324        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
08:41:57.0944 1324        RasSstp - ok
08:41:57.0991 1324        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
08:41:58.0084 1324        rdbss - ok
08:41:58.0100 1324        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
08:41:58.0162 1324        rdpbus - ok
08:41:58.0193 1324        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:41:58.0287 1324        RDPCDD - ok
08:41:58.0334 1324        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
08:41:58.0427 1324        RDPENCDD - ok
08:41:58.0459 1324        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
08:41:58.0537 1324        RDPREFMP - ok
08:41:58.0599 1324        RDPWD          (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
08:41:58.0661 1324        RDPWD - ok
08:41:58.0739 1324        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
08:41:58.0849 1324        rdyboost - ok
08:41:59.0005 1324        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
08:41:59.0145 1324        RemoteAccess - ok
08:41:59.0192 1324        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
08:41:59.0332 1324        RemoteRegistry - ok
08:41:59.0379 1324        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
08:41:59.0441 1324        RpcEptMapper - ok
08:41:59.0473 1324        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
08:41:59.0504 1324        RpcLocator - ok
08:41:59.0597 1324        RpcSs          (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
08:41:59.0660 1324        RpcSs - ok
08:41:59.0691 1324        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
08:41:59.0785 1324        rspndr - ok
08:41:59.0878 1324        RSUSBSTOR      (a5df2f732a6c95554e548fcb6932bd31) C:\Windows\system32\Drivers\RtsUStor.sys
08:41:59.0925 1324        RSUSBSTOR - ok
08:42:00.0050 1324        RS_Service      (b5a4b7d779cf4070df408de18bd33b02) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
08:42:00.0065 1324        RS_Service ( UnsignedFile.Multi.Generic ) - warning
08:42:00.0065 1324        RS_Service - detected UnsignedFile.Multi.Generic (1)
08:42:00.0175 1324        SamSs          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:42:00.0206 1324        SamSs - ok
08:42:00.0253 1324        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
08:42:00.0299 1324        sbp2port - ok
08:42:00.0362 1324        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
08:42:00.0424 1324        SCardSvr - ok
08:42:00.0518 1324        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
08:42:00.0611 1324        scfilter - ok
08:42:00.0814 1324        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
08:42:00.0970 1324        Schedule - ok
08:42:01.0251 1324        SCPolicySvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
08:42:01.0298 1324        SCPolicySvc - ok
08:42:01.0485 1324        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
08:42:01.0563 1324        SDRSVC - ok
08:42:01.0625 1324        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
08:42:01.0688 1324        secdrv - ok
08:42:01.0719 1324        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
08:42:01.0766 1324        seclogon - ok
08:42:01.0875 1324        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
08:42:01.0984 1324        SENS - ok
08:42:02.0015 1324        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
08:42:02.0047 1324        SensrSvc - ok
08:42:02.0093 1324        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
08:42:02.0125 1324        Serenum - ok
08:42:02.0156 1324        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
08:42:02.0218 1324        Serial - ok
08:42:02.0265 1324        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
08:42:02.0296 1324        sermouse - ok
08:42:02.0390 1324        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
08:42:02.0499 1324        SessionEnv - ok
08:42:02.0764 1324        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
08:42:02.0811 1324        sffdisk - ok
08:42:02.0827 1324        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
08:42:02.0858 1324        sffp_mmc - ok
08:42:02.0873 1324        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
08:42:02.0920 1324        sffp_sd - ok
08:42:02.0967 1324        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
08:42:03.0014 1324        sfloppy - ok
08:42:03.0092 1324        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
08:42:03.0201 1324        SharedAccess - ok
08:42:03.0357 1324        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
08:42:03.0466 1324        ShellHWDetection - ok
08:42:03.0513 1324        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:42:03.0529 1324        SiSRaid2 - ok
08:42:03.0544 1324        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
08:42:03.0560 1324        SiSRaid4 - ok
08:42:03.0591 1324        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
08:42:03.0685 1324        Smb - ok
08:42:03.0731 1324        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
08:42:03.0763 1324        SNMPTRAP - ok
08:42:03.0763 1324        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
08:42:03.0794 1324        spldr - ok
08:42:03.0872 1324        Spooler        (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
08:42:03.0950 1324        Spooler - ok
08:42:04.0558 1324        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
08:42:04.0777 1324        sppsvc - ok
08:42:05.0042 1324        sppuinotify    (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
08:42:05.0120 1324        sppuinotify - ok
08:42:05.0354 1324        sptd            (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
08:42:05.0401 1324        sptd - ok
08:42:05.0541 1324        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
08:42:05.0603 1324        srv - ok
08:42:05.0713 1324        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
08:42:05.0775 1324        srv2 - ok
08:42:05.0853 1324        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
08:42:05.0900 1324        srvnet - ok
08:42:05.0962 1324        SSDPSRV        (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
08:42:06.0071 1324        SSDPSRV - ok
08:42:06.0087 1324        SstpSvc        (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
08:42:06.0134 1324        SstpSvc - ok
08:42:06.0149 1324        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
08:42:06.0165 1324        stexstor - ok
08:42:06.0259 1324        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
08:42:06.0321 1324        stisvc - ok
08:42:06.0352 1324        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
08:42:06.0368 1324        swenum - ok
08:42:06.0446 1324        swprv          (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
08:42:06.0602 1324        swprv - ok
08:42:06.0680 1324        SynTP          (924d711941956f7420a4925592be8253) C:\Windows\system32\DRIVERS\SynTP.sys
08:42:06.0727 1324        SynTP - ok
08:42:06.0976 1324        SysMain        (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
08:42:07.0101 1324        SysMain - ok
08:42:07.0538 1324        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
08:42:07.0600 1324        TabletInputService - ok
08:42:07.0678 1324        TapiSrv        (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
08:42:07.0787 1324        TapiSrv - ok
08:42:07.0834 1324        TBS            (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
08:42:07.0912 1324        TBS - ok
08:42:08.0271 1324        Tcpip          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
08:42:08.0365 1324        Tcpip - ok
08:42:09.0004 1324        TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
08:42:09.0051 1324        TCPIP6 - ok
08:42:09.0363 1324        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
08:42:09.0472 1324        tcpipreg - ok
08:42:09.0550 1324        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
08:42:09.0581 1324        TDPIPE - ok
08:42:09.0613 1324        TDTCP          (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
08:42:09.0644 1324        TDTCP - ok
08:42:09.0706 1324        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
08:42:09.0784 1324        tdx - ok
08:42:09.0815 1324        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
08:42:09.0831 1324        TermDD - ok
08:42:09.0971 1324        TermService    (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
08:42:10.0096 1324        TermService - ok
08:42:10.0174 1324        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
08:42:10.0268 1324        Themes - ok
08:42:10.0315 1324        THREADORDER    (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
08:42:10.0346 1324        THREADORDER - ok
08:42:10.0424 1324        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
08:42:10.0549 1324        TrkWks - ok
08:42:10.0627 1324        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
08:42:10.0720 1324        TrustedInstaller - ok
08:42:10.0892 1324        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:42:10.0954 1324        tssecsrv - ok
08:42:11.0017 1324        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
08:42:11.0079 1324        TsUsbFlt - ok
08:42:11.0157 1324        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
08:42:11.0235 1324        tunnel - ok
08:42:11.0360 1324        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
08:42:11.0391 1324        uagp35 - ok
08:42:11.0438 1324        UBHelper        (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
08:42:11.0453 1324        UBHelper - ok
08:42:11.0531 1324        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
08:42:11.0656 1324        udfs - ok
08:42:11.0734 1324        UI0Detect      (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
08:42:11.0781 1324        UI0Detect - ok
08:42:11.0828 1324        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
08:42:11.0859 1324        uliagpkx - ok
08:42:11.0906 1324        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
08:42:11.0937 1324        umbus - ok
08:42:11.0968 1324        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
08:42:11.0999 1324        UmPass - ok
08:42:12.0109 1324        Updater Service (70dde3a86dbeb1d6c3c30ad687b1877a) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
08:42:12.0171 1324        Updater Service - ok
08:42:12.0280 1324        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
08:42:12.0421 1324        upnphost - ok
08:42:12.0483 1324        USBAAPL64      (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
08:42:12.0514 1324        USBAAPL64 - ok
08:42:12.0577 1324        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
08:42:12.0623 1324        usbccgp - ok
08:42:12.0670 1324        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
08:42:12.0717 1324        usbcir - ok
08:42:12.0733 1324        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
08:42:12.0764 1324        usbehci - ok
08:42:12.0826 1324        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
08:42:12.0857 1324        usbhub - ok
08:42:12.0873 1324        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
08:42:12.0904 1324        usbohci - ok
08:42:12.0951 1324        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
08:42:12.0998 1324        usbprint - ok
08:42:13.0045 1324        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:42:13.0076 1324        USBSTOR - ok
08:42:13.0232 1324        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
08:42:13.0279 1324        usbuhci - ok
08:42:13.0341 1324        usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
08:42:13.0372 1324        usbvideo - ok
08:42:13.0419 1324        UxSms          (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
08:42:13.0497 1324        UxSms - ok
08:42:13.0544 1324        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:42:13.0559 1324        VaultSvc - ok
08:42:13.0622 1324        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
08:42:13.0637 1324        vdrvroot - ok
08:42:13.0747 1324        vds            (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
08:42:13.0856 1324        vds - ok
08:42:13.0918 1324        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
08:42:13.0949 1324        vga - ok
08:42:13.0981 1324        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
08:42:14.0059 1324        VgaSave - ok
08:42:14.0105 1324        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
08:42:14.0168 1324        vhdmp - ok
08:42:14.0246 1324        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
08:42:14.0277 1324        viaide - ok
08:42:14.0308 1324        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
08:42:14.0324 1324        volmgr - ok
08:42:14.0417 1324        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
08:42:14.0480 1324        volmgrx - ok
08:42:14.0558 1324        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
08:42:14.0605 1324        volsnap - ok
08:42:14.0683 1324        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
08:42:14.0729 1324        vsmraid - ok
08:42:14.0979 1324        VSS            (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
08:42:15.0166 1324        VSS - ok
08:42:15.0790 1324        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
08:42:15.0837 1324        vwifibus - ok
08:42:15.0884 1324        VWiFiFlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
08:42:15.0946 1324        VWiFiFlt - ok
08:42:15.0977 1324        vwifimp        (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
08:42:16.0009 1324        vwifimp - ok
08:42:16.0040 1324        W32Time        (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
08:42:16.0102 1324        W32Time - ok
08:42:16.0118 1324        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
08:42:16.0133 1324        WacomPen - ok
08:42:16.0180 1324        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:42:16.0274 1324        WANARP - ok
08:42:16.0305 1324        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:42:16.0352 1324        Wanarpv6 - ok
08:42:16.0601 1324        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
08:42:16.0711 1324        wbengine - ok
08:42:17.0007 1324        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
08:42:17.0069 1324        WbioSrvc - ok
08:42:17.0132 1324        wcncsvc        (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
08:42:17.0225 1324        wcncsvc - ok
08:42:17.0288 1324        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
08:42:17.0303 1324        WcsPlugInService - ok
08:42:17.0631 1324        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
08:42:17.0662 1324        Wd - ok
08:42:17.0756 1324        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
08:42:17.0818 1324        Wdf01000 - ok
08:42:17.0927 1324        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
08:42:18.0021 1324        WdiServiceHost - ok
08:42:18.0021 1324        WdiSystemHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
08:42:18.0052 1324        WdiSystemHost - ok
08:42:18.0099 1324        WebClient      (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
08:42:18.0177 1324        WebClient - ok
08:42:18.0224 1324        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
08:42:18.0333 1324        Wecsvc - ok
08:42:18.0380 1324        wercplsupport  (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
08:42:18.0489 1324        wercplsupport - ok
08:42:18.0520 1324        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
08:42:18.0583 1324        WerSvc - ok
08:42:18.0645 1324        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
08:42:18.0723 1324        WfpLwf - ok
08:42:18.0895 1324        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
08:42:18.0926 1324        WIMMount - ok
08:42:18.0973 1324        WinDefend - ok
08:42:18.0988 1324        WinHttpAutoProxySvc - ok
08:42:19.0316 1324        Winmgmt        (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
08:42:19.0409 1324        Winmgmt - ok
08:42:19.0971 1324        WinRM          (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
08:42:20.0111 1324        WinRM - ok
08:42:20.0642 1324        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
08:42:20.0704 1324        WinUsb - ok
08:42:20.0891 1324        Wlansvc        (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
08:42:21.0001 1324        Wlansvc - ok
08:42:21.0063 1324        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
08:42:21.0094 1324        WmiAcpi - ok
08:42:21.0250 1324        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
08:42:21.0313 1324        wmiApSrv - ok
08:42:21.0391 1324        WMPNetworkSvc - ok
08:42:21.0422 1324        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
08:42:21.0453 1324        WPCSvc - ok
08:42:21.0484 1324        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
08:42:21.0562 1324        WPDBusEnum - ok
08:42:21.0578 1324        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
08:42:21.0625 1324        ws2ifsl - ok
08:42:21.0640 1324        wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
08:42:21.0671 1324        wscsvc - ok
08:42:21.0687 1324        WSearch - ok
08:42:22.0077 1324        wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
08:42:22.0217 1324        wuauserv - ok
08:42:22.0451 1324        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
08:42:22.0576 1324        WudfPf - ok
08:42:22.0607 1324        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:42:22.0685 1324        WUDFRd - ok
08:42:22.0732 1324        wudfsvc        (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
08:42:22.0841 1324        wudfsvc - ok
08:42:22.0888 1324        WwanSvc        (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
08:42:23.0013 1324        WwanSvc - ok
08:42:23.0075 1324        MBR (0x1B8)    (9c51d3fd2697bd2ae931be1d6f1e6ffa) \Device\Harddisk0\DR0
08:42:24.0199 1324        \Device\Harddisk0\DR0 - ok
08:42:24.0199 1324        MBR (0x1B8)    (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk1\DR1
08:42:24.0511 1324        \Device\Harddisk1\DR1 - ok
08:42:24.0542 1324        Boot (0x1200)  (daceddfdaee71d5d0819f57847557ae5) \Device\Harddisk0\DR0\Partition0
08:42:24.0542 1324        \Device\Harddisk0\DR0\Partition0 - ok
08:42:24.0635 1324        Boot (0x1200)  (a0df840d95c02d1fdb0a98d5ce412c4c) \Device\Harddisk0\DR0\Partition1
08:42:24.0635 1324        \Device\Harddisk0\DR0\Partition1 - ok
08:42:24.0651 1324        Boot (0x1200)  (9d6623ead07ce47db978ce890466a6f4) \Device\Harddisk1\DR1\Partition0
08:42:24.0651 1324        \Device\Harddisk1\DR1\Partition0 - ok
08:42:24.0651 1324        ============================================================
08:42:24.0651 1324        Scan finished
08:42:24.0651 1324        ============================================================
08:42:24.0698 3644        Detected object count: 1
08:42:24.0698 3644        Actual detected object count: 1
08:42:47.0723 3644        RS_Service ( UnsignedFile.Multi.Generic ) - skipped by user
08:42:47.0723 3644        RS_Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:43:55.0272 2884        Deinitialize success

cosinus 11.07.2012 10:38
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

smakr2 12.07.2012 09:49
Code:
ComboFix 12-07-11.03 - Franziska 12.07.2012  10:29:43.1.2 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.4061.2729 [GMT 2:00]
ausgeführt von:: c:\users\Franziska\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\Acer GameZone online.ico
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-06-12 bis 2012-07-12  ))))))))))))))))))))))))))))))
.
.
2012-07-09 14:53 . 2012-07-09 14:53        --------        d-----w-        C:\_OTL
2012-07-06 11:48 . 2012-05-31 04:04        9013136        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{697579CE-8E87-4A34-8F40-34484A9691E0}\mpengine.dll
2012-07-06 09:50 . 2012-07-06 09:50        --------        d-----w-        c:\program files (x86)\ESET
2012-07-06 06:46 . 2012-02-12 13:23        927800        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{48314FB4-5276-4D1F-80B8-1226075DBE11}\gapaengine.dll
2012-07-02 22:01 . 2012-05-31 04:04        9013136        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-02 20:02 . 2012-07-02 20:02        --------        d-----w-        c:\users\Franziska\AppData\Roaming\Malwarebytes
2012-07-02 20:02 . 2012-07-02 20:02        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-02 20:02 . 2012-07-02 20:02        --------        d-----w-        c:\programdata\Malwarebytes
2012-07-02 20:02 . 2012-04-04 13:56        24904        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-06-30 18:59 . 2012-06-30 18:59        42776        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-06-28 15:15 . 2012-06-28 15:15        --------        d-----w-        c:\program files (x86)\LogMeIn Hamachi
2012-06-27 16:22 . 2012-06-27 16:22        2300696        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-06-27 16:22 . 2012-06-27 16:22        42776        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-06-22 22:46 . 2012-06-02 22:19        44056        ----a-w-        c:\windows\system32\wups2.dll
2012-06-22 22:46 . 2012-06-02 22:19        2428952        ----a-w-        c:\windows\system32\wuaueng.dll
2012-06-22 22:46 . 2012-06-02 22:19        57880        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-22 22:46 . 2012-06-02 22:15        2622464        ----a-w-        c:\windows\system32\wucltux.dll
2012-06-22 22:46 . 2012-06-02 22:19        38424        ----a-w-        c:\windows\system32\wups.dll
2012-06-22 22:46 . 2012-06-02 22:19        701976        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-22 22:46 . 2012-06-02 22:15        99840        ----a-w-        c:\windows\system32\wudriver.dll
2012-06-22 22:45 . 2012-06-02 13:19        186752        ----a-w-        c:\windows\system32\wuwebv.dll
2012-06-22 22:45 . 2012-06-02 13:15        36864        ----a-w-        c:\windows\system32\wuapp.exe
2012-06-18 15:19 . 2012-06-18 15:19        --------        d-----w-        c:\windows\PCHEALTH
2012-06-18 15:17 . 2012-06-18 15:17        --------        d-----w-        c:\program files (x86)\Microsoft Analysis Services
2012-06-18 15:16 . 2012-06-18 15:16        --------        d-----r-        C:\MSOCache
2012-06-13 15:38 . 2012-04-26 05:41        77312        ----a-w-        c:\windows\system32\rdpwsx.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-30 19:00 . 2009-11-02 17:39        2300696        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-06-30 18:59 . 2009-11-04 21:56        1236816        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-06-27 16:22 . 2009-11-02 17:39        1236816        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-06 17:18        120104        ----a-w-        c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-08-21 261888]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-18 825864]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-07-31 128296]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-08-04 181480]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2009-8-22 708608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-05-14 5435904]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\nmwcdx64.sys [2007-06-28 173056]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2009-08-22 332272]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-24 216576]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-02-07 834544]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-02 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-02 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-02 60464]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-08-18 796192]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-08-06 311592]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-08-21 62720]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-07-27 58880]
S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
S3 nuvotoncir;Nuvoton IR Transceiver;c:\windows\system32\DRIVERS\nuvotoncir.sys [2009-06-24 48128]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2009-06-26 83488]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-06 17:19        137512        ----a-w-        c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-08-06 349480]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-08-18 496160]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-26 16369768]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-09-04 8098848]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5739g&r=273611092716l0353z166t47m4y890
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5739g&r=273611092716l0353z166t47m4y890
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Franziska\AppData\Roaming\Mozilla\Firefox\Profiles\dsa8pszz.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Left4Dead 2 2.0.0.2 - c:\program files (x86)\Left4Dead 2 2.0.0.2\Uninstall-Left4Dead2.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-12  10:42:01 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-07-12 08:42
.
Vor Suchlauf: 15 Verzeichnis(se), 385.673.760.768 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 385.160.556.544 Bytes frei
.
- - End Of File - - 1D9C9C658F83786A179B7EA82B7E58E0

cosinus 12.07.2012 13:11
Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

smakr2 12.07.2012 16:10
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-12 15:01:22
Windows 6.1.7601 Service Pack 1
Running: qtut8f65.exe


---- Registry - GMER 1.0.15 ----

Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                   
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                C:\Program Files (x86)\DAEMON Tools Lite\
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                0xD4 0xC3 0x97 0x02 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                0
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x3F 0x2B 0xA7 0x12 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                         
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                    0xF1 0xF9 0x11 0xBA ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                     
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0xD6 0x77 0x44 0x79 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters@DhcpNameServer                                              81.173.194.69 81.173.194.77
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)               
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                    C:\Program Files (x86)\DAEMON Tools Lite\
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                    0xD4 0xC3 0x97 0x02 ...
Reg  HKLM\SYSTEM\ControlSet0a02\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                    0
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x3F 0x2B 0xA7 0x12 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)     
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                        0xF1 0xF9 0x11 0xBA ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) 
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0xD6 0x77 0x44 0x79 ...

---- EOF - GMER 1.0.15 ----
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 15:07:43 on 12.07.2012

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit
Default Browser: Mozilla Corporation Firefox 13.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys
"int15.sys" (int15.sys) - "Acer, Inc." - C:\Windows\System32\OEM\Factory\int15.sys
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"NTIDrvr" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\system32\drivers\NTIDrvr.sys
"UBHelper" (UBHelper) - "NewTech Infosystems Corporation" - C:\Windows\system32\drivers\UBHelper.sys

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files (x86)\7-Zip\7-zip.dll
{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} "DragDropProtect Class" - "Egis Technology Inc." - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\psdprotect.dll
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONFILTER.DLL
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
{FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} "Google Dictionary Compression sdch" - "Google Inc." - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Franziska\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"Acer VCM.lnk" - "Acer Incorporated" - C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"ArcadeDeluxeAgent" - "CyberLink Corp." - "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
"BackupManagerTray" - "NewTech Infosystems, Inc." - "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
"EgisTecLiveUpdate" - "Egis Technology Inc." - "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
"LManager" - "Dritek System Inc." - C:\Program Files (x86)\Launch Manager\LManager.exe
"LogMeIn Hamachi Ui" - "LogMeIn Inc." - "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
"PlayMovie" - "Acer Corp." - "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"KM Language Monitor" - "KYOCERA MITA Corporation" - C:\Windows\system32\KMPJL64.DLL

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll  (File not found)
"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"  (File not found)
"@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243" (NisSrv) - "Microsoft Corporation" - c:\Program Files\Microsoft Security Client\NisSrv.exe
"Acer ePower Service" (ePowerSvc) - "Acer Incorporated" - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
"GRegService" (Greg_Service) - "Acer Incorporated" - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"LogMeIn Hamachi Tunneling Engine" (Hamachi2Svc) - "LogMeIn Inc." - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
"Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Antimalware Service" (MsMpSvc) - "Microsoft Corporation" - c:\Program Files\Microsoft Security Client\MsMpEng.exe
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"MyWinLocker Service" (MWLService) - "Egis Technology Inc." - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
"NTI Backup Now 5 Backup Service" (NTIBackupSvc) - "NewTech InfoSystems, Inc." - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
"NTI Backup Now 5 Scheduler Service" (NTISchedulerSvc) - "NewTech Infosystems, Inc." - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
"NTI IScheduleSvc" (NTI IScheduleSvc) - "NewTech Infosystems, Inc." - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"Partner Service" (Partner Service) - "Google Inc." - C:\ProgramData\Partner\Partner.exe
"Raw Socket Service" (RS_Service) - "Acer Incorporated" - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
"Updater Service" (Updater Service) - "Acer" - C:\Program Files\Acer\Acer Updater\UpdaterService.exe

[Winlogon]
-----( HKCU\Control Panel\Desktop )-----
"SCRNSAVE.EXE" - ? - C:\Windows\System32\Acer.scr

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files (x86)\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-12 16:18:43
-----------------------------
16:18:43.937    OS Version: Windows x64 6.1.7601 Service Pack 1
16:18:43.937    Number of processors: 2 586 0x170A
16:18:43.937    ComputerName: FRANZISKA-PC  UserName: Franziska
16:18:45.435    Initialize success
16:18:50.131    AVAST engine defs: 12071200
16:19:21.939    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:19:21.939    Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
16:19:21.970    Disk 0 MBR read successfully
16:19:21.970    Disk 0 MBR scan
16:19:21.970    Disk 0 unknown MBR code
16:19:21.986    Disk 0 Partition 1 00    27 Hidden NTFS WinRE NTFS        12288 MB offset 2048
16:19:22.001    Disk 0 Partition 2 00    12  Compaq diag NTFS        3584 MB offset 25167872
16:19:22.017    Disk 0 Partition 3 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 32507904
16:19:22.033    Disk 0 Partition - 00    0F Extended LBA            460966 MB offset 32712704
16:19:22.048    Disk 0 Partition 4 00    07    HPFS/NTFS NTFS      460965 MB offset 32714752
16:19:22.064    Disk 0 scanning C:\Windows\system32\drivers
16:19:32.843    Service scanning
16:19:57.133    Modules scanning
16:19:57.648    Disk 0 trace - called modules:
16:19:57.679    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
16:19:57.694    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80057ae060]
16:19:57.710    3 CLASSPNP.SYS[fffff88001bab43f] -> nt!IofCallDriver -> [0xfffffa8003cf1e40]
16:19:57.726    5 ACPI.sys[fffff88000fa37a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80046a4050]
16:19:57.741    Scan finished successfully
17:08:29.174    Disk 0 MBR has been saved successfully to "C:\Users\Franziska\Desktop\MBR.dat"
17:08:29.190    The log file has been saved successfully to "C:\Users\Franziska\Desktop\aswMBR.txt"

cosinus 12.07.2012 18:47
Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.
Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast

Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Anschließend Windows neu starten und ein neues Log mit aswMBR machen.

smakr2 12.07.2012 19:43
Hallo,

vermutest du also, dass sich da was im MBR versteckt?

Ist es dann nicht ratsamer alles nach sichern der Dateien platt zu machen?

cosinus 12.07.2012 21:00
Nein ich vermute nicht, das is nur eine Vorsichtsmaßnahme
Und die Datensicherung machst du falls was beim MBR-Fix schiefgeht
Wieso willst du jetzt alles plattmachen?

smakr2 13.07.2012 09:31
Hi,

weil ich dachte, dass man bei ner Infektion des MBR sagt, dass es besser ist neu zu installieren.

Okay dann werde ich die Daten mal sichern. Gibt es da eine richtige Vorgehensweise um sich dadurch nichts auf der externen Platte einzufangen?

cosinus 13.07.2012 19:42
Zitat:
weil ich dachte, dass man bei ner Infektion des MBR sagt, dass es besser ist neu zu installieren.
Wer sagt das? Man sollte nicht alles glauben was so an Stammtischen oder so rumgeplappert wird
Wenn man so will kann man gleich bei jeden Furz neu aufsetzen oder gleich präventiv jeden Tag formatieren weil ja etwas drauf sein könnte

smakr2 15.07.2012 16:22
Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-15 17:17:20
-----------------------------
17:17:20.741    OS Version: Windows x64 6.1.7601 Service Pack 1
17:17:20.741    Number of processors: 2 586 0x170A
17:17:20.741    ComputerName: FRANZISKA-PC  UserName: Franziska
17:17:22.317    Initialize success
17:17:28.791    AVAST engine defs: 12071200
17:17:33.612    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:17:33.627    Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
17:17:33.658    Disk 0 MBR read successfully
17:17:33.674    Disk 0 MBR scan
17:17:33.674    Disk 0 Windows 7 default MBR code
17:17:33.690    Disk 0 Partition 1 00    27 Hidden NTFS WinRE NTFS        12288 MB offset 2048
17:17:33.736    Disk 0 Partition 2 00    12  Compaq diag NTFS        3584 MB offset 25167872
17:17:33.752    Disk 0 Partition 3 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 32507904
17:17:33.768    Disk 0 Partition - 00    0F Extended LBA            460966 MB offset 32712704
17:17:33.799    Disk 0 Partition 4 00    07    HPFS/NTFS NTFS      460965 MB offset 32714752
17:17:33.814    Disk 0 scanning C:\Windows\system32\drivers
17:17:46.060    Service scanning
17:18:12.050    Modules scanning
17:18:12.066    Disk 0 trace - called modules:
17:18:12.112    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
17:18:12.128    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80057ab3c0]
17:18:12.144    3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa80046998a0]
17:18:12.159    5 ACPI.sys[fffff88000ef97a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80046a4050]
17:18:12.175    Scan finished successfully
17:19:31.485    Disk 0 MBR has been saved successfully to "C:\Users\Franziska\Desktop\MBR.dat"
17:19:31.485    The log file has been saved successfully to "C:\Users\Franziska\Desktop\aswMBR2.txt"

cosinus 15.07.2012 18:26
Den MBR neu zuschreiben ist noch mit das einfachste bei der Bereinigung. Die anderen Schädlinge in Dateien, die sich irgednwo "verstecken" oder per rootkit eingebunden sind, sind viel schwieriger zu finden und zu entfernen.
Der MBR ist da immer einheitlich, das ist immer der erste Sektor einer Festplatte und ist immer konstant 512 Byte groß bzw. klein ;)

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

smakr2 15.07.2012 20:08
Code:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.15.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Franziska :: FRANZISKA-PC [Administrator]

15.07.2012 21:03:48
mbam-log-2012-07-15 (21-03-48).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 211089
Laufzeit: 4 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 07/15/2012 at 09:21 PM

Application Version : 5.5.1006

Core Rules Database Version : 8902
Trace Rules Database Version: 6714

Scan type      : Quick Scan
Total Scan Time : 00:06:32

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator

Memory items scanned      : 623
Memory threats detected  : 0
Registry items scanned    : 54322
Registry threats detected : 0
File items scanned        : 12453
File threats detected    : 216

Adware.Tracking Cookie
        C:\Users\Franziska\AppData\Roaming\Microsoft\Windows\Cookies\franziska@doubleclick[1].txt [ /doubleclick ]
        C:\Users\Franziska\AppData\Roaming\Microsoft\Windows\Cookies\PQJX20QD.txt [ /accounts.google.com ]
        C:\USERS\FRANZISKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\franziska@smartadserver[2].txt [ Cookie:franziska@smartadserver.com/ ]
        C:\USERS\FRANZISKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\franziska@doubleclick[1].txt [ Cookie:franziska@doubleclick.net/ ]
        C:\USERS\FRANZISKA\Cookies\franziska@doubleclick[1].txt [ Cookie:franziska@doubleclick.net/ ]
        C:\USERS\FRANZISKA\Cookies\PQJX20QD.txt [ Cookie:franziska@accounts.google.com/ ]
        .smartadserver.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .bs.serving-sys.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .guj.122.2o7.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .xiti.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .statcounter.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .germanwings.112.2o7.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .sevenoneintermedia.112.2o7.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .statcounter.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .vodafonegroup.122.2o7.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .statcounter.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .tns-counter.ru [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .statcounter.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .stats.comunio.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .nextag.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .nextag.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .nextag.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .nextag.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .countomat.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .rewetouristik.112.2o7.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        data.coremetrics.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .cunda.122.2o7.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        in.getclicky.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .produkt-pfadfinder.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .123handydiscount.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .skydeutschland.122.2o7.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .paypal.112.2o7.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .autoscout24.112.2o7.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wjloalcjedo.stats.esomniture.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6whkiclcpmcq.stats.esomniture.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        fl01.ct2.comclick.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        fl01.ct2.comclick.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        fl01.ct2.comclick.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wfkiajczkaq.stats.esomniture.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wjlikgcjmco.stats.esomniture.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wjkywlajgap.stats.esomniture.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wbkoepdpggq.stats.esomniture.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .msnportal.112.2o7.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .collective-media.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        stats.mikado-82.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .kantarmedia.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wjkywnazsdo.stats.esomniture.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        stats.w-u-s.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .overture.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .overture.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .4stats.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6aek4epczekp.stats.esomniture.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .digital-eliteboard.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wfl4ukdzeep.stats.esomniture.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .shopping.112.2o7.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        audit.median.hu [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .novonordiskas.112.2o7.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        fr.sitestat.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        fr.sitestat.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wjliaoc5olp.stats.esomniture.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        track.webtrekk.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        dfb.stats.yum.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .gostats.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wjmyejcpchq.stats.esomniture.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .legolas-media.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        stat.novasol.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .legolas-media.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wmkoupazsdq.stats.esomniture.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wfloamczeap.stats.esomniture.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .nextag.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .opodo.122.2o7.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .thomascookag.122.2o7.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .4fuckr.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        stat.dgnservice.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .moviepilot.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .ru4.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .examinercom.122.2o7.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .lucidmedia.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .comstats.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        www.comstats.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .liveperson.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .olympiaverlag.122.2o7.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wjloskc5shq.stats.esomniture.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .liveperson.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .liveperson.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        tracking.tchibo.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        stat.dealtime.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .deutschepostag.112.2o7.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wjmicndjcko.stats.esomniture.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        stat.aldi.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wdmyeidpolo.stats.esomniture.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        fr.sitestat.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        fr.sitestat.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6aelogpcjego.stats.esomniture.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .histats.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .histats.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .jobscanner.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .macromedia-fachhochschule.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .akupunkturpunkte-finden.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        tracking.sim-technik.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .statcounter.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .gettyimages.122.2o7.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wjlogiajadp.stats.esomniture.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wdl4gocpmep.stats.esomniture.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        stats.realconsulter.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        www.zanox-affiliate.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        thecount.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        thecount.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .ad6media.fr [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .ad6media.fr [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wjk4upcpceo.stats.esomniture.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        wstat.wibiya.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .yadro.ru [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        testdata.coremetrics.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wfkokndjaap.stats.esomniture.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .getclicky.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .static.getclicky.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .liveperson.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        tracking.mobile.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        tracking.klicktel.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .stepstone.112.2o7.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wmlykjdjcdq.stats.esomniture.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .tuiinteractive.122.2o7.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        partners.webmasterplan.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        statse.webtrendslive.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .4stats.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .4stats.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .estat.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .tracking.hermesworld.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .tracking.hermesworld.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .tracking.hermesworld.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        accounts.youtube.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        accounts.youtube.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        accounts.youtube.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        accounts.youtube.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        accounts.youtube.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        accounts.youtube.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        accounts.google.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .accounts.google.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .accounts.google.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .accounts.google.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        accounts.youtube.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .wir-finden-jobs.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .wir-finden-jobs.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .wir-finden-jobs.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        www.wir-finden-jobs.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .microsoftsto.112.2o7.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .statcounter.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]

cosinus 15.07.2012 20:39
Das waren keine Vollscans! Weder mit SASW noch mit Malwarebytes!

smakr2 15.07.2012 23:48
Hab ich nicht aufgepasst gehabt. Dann halt nochmal von vorn

Code:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.15.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Franziska :: FRANZISKA-PC [Administrator]

Schutz: Aktiviert

15.07.2012 22:02:52
mbam-log-2012-07-15 (22-02-52).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 360582
Laufzeit: 51 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 07/16/2012 at 00:46 AM

Application Version : 5.5.1006

Core Rules Database Version : 8902
Trace Rules Database Version: 6714

Scan type      : Complete Scan
Total Scan Time : 01:49:25

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 525
Memory threats detected  : 0
Registry items scanned    : 66012
Registry threats detected : 0
File items scanned        : 150772
File threats detected    : 219

Adware.Tracking Cookie
        C:\Users\Franziska\AppData\Roaming\Microsoft\Windows\Cookies\franziska@doubleclick[1].txt [ /doubleclick ]
        C:\Users\Franziska\AppData\Roaming\Microsoft\Windows\Cookies\PQJX20QD.txt [ /accounts.google.com ]
        C:\USERS\FRANZISKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\franziska@smartadserver[2].txt [ Cookie:franziska@smartadserver.com/ ]
        C:\USERS\FRANZISKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\franziska@doubleclick[1].txt [ Cookie:franziska@doubleclick.net/ ]
        C:\USERS\FRANZISKA\Cookies\franziska@doubleclick[1].txt [ Cookie:franziska@doubleclick.net/ ]
        C:\USERS\FRANZISKA\Cookies\PQJX20QD.txt [ Cookie:franziska@accounts.google.com/ ]
        C:\USERS\FRANZISKA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZISKA@WWW.ETRACKER[1].TXT [ /WWW.ETRACKER ]
        C:\USERS\FRANZISKA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZISKA@WW251.SMARTADSERVER[1].TXT [ /WW251.SMARTADSERVER ]
        .smartadserver.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .bs.serving-sys.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .guj.122.2o7.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .xiti.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .statcounter.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .germanwings.112.2o7.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .sevenoneintermedia.112.2o7.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .statcounter.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .vodafonegroup.122.2o7.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .statcounter.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .tns-counter.ru [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .statcounter.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .stats.comunio.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .nextag.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .nextag.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .nextag.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .nextag.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .countomat.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .rewetouristik.112.2o7.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        data.coremetrics.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .cunda.122.2o7.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        in.getclicky.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .produkt-pfadfinder.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .123handydiscount.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .skydeutschland.122.2o7.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .paypal.112.2o7.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .autoscout24.112.2o7.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wjloalcjedo.stats.esomniture.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6whkiclcpmcq.stats.esomniture.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        fl01.ct2.comclick.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        fl01.ct2.comclick.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        fl01.ct2.comclick.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wfkiajczkaq.stats.esomniture.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wjlikgcjmco.stats.esomniture.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wjkywlajgap.stats.esomniture.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wbkoepdpggq.stats.esomniture.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .msnportal.112.2o7.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .collective-media.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        stats.mikado-82.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .kantarmedia.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wjkywnazsdo.stats.esomniture.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        stats.w-u-s.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .overture.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .overture.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .4stats.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6aek4epczekp.stats.esomniture.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .digital-eliteboard.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wfl4ukdzeep.stats.esomniture.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .shopping.112.2o7.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        audit.median.hu [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .novonordiskas.112.2o7.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        fr.sitestat.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        fr.sitestat.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wjliaoc5olp.stats.esomniture.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        track.webtrekk.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        dfb.stats.yum.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .gostats.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wjmyejcpchq.stats.esomniture.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .legolas-media.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        stat.novasol.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .legolas-media.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wmkoupazsdq.stats.esomniture.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wfloamczeap.stats.esomniture.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .nextag.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .opodo.122.2o7.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .thomascookag.122.2o7.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .4fuckr.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        stat.dgnservice.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .moviepilot.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .ru4.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .examinercom.122.2o7.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .lucidmedia.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .comstats.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        www.comstats.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .liveperson.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .olympiaverlag.122.2o7.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wjloskc5shq.stats.esomniture.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .liveperson.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .liveperson.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        tracking.tchibo.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        stat.dealtime.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .deutschepostag.112.2o7.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wjmicndjcko.stats.esomniture.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        stat.aldi.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wdmyeidpolo.stats.esomniture.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        fr.sitestat.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        fr.sitestat.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6aelogpcjego.stats.esomniture.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .histats.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .histats.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .jobscanner.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .macromedia-fachhochschule.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .akupunkturpunkte-finden.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        tracking.sim-technik.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .statcounter.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .gettyimages.122.2o7.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wjlogiajadp.stats.esomniture.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wdl4gocpmep.stats.esomniture.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        stats.realconsulter.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        www.zanox-affiliate.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        thecount.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        thecount.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .ad6media.fr [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .ad6media.fr [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wjk4upcpceo.stats.esomniture.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        wstat.wibiya.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .yadro.ru [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        testdata.coremetrics.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wfkokndjaap.stats.esomniture.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .getclicky.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .static.getclicky.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .liveperson.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        tracking.mobile.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        tracking.klicktel.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .stepstone.112.2o7.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wmlykjdjcdq.stats.esomniture.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .tuiinteractive.122.2o7.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        partners.webmasterplan.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        statse.webtrendslive.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .4stats.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .4stats.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .estat.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .tracking.hermesworld.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .tracking.hermesworld.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .tracking.hermesworld.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        accounts.youtube.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        accounts.youtube.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        accounts.youtube.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        accounts.youtube.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        accounts.youtube.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        accounts.youtube.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        accounts.google.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .accounts.google.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .accounts.google.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .accounts.google.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        accounts.youtube.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .wir-finden-jobs.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .wir-finden-jobs.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .wir-finden-jobs.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        www.wir-finden-jobs.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .microsoftsto.112.2o7.net [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .statcounter.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\FRANZISKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSA8PSZZ.DEFAULT\COOKIES.SQLITE ]

Trojan.Agent/Gen-Yoddos
        C:\PROGRAM FILES\WINRAR\DEFAULT.SFX

cosinus 16.07.2012 16:01
Sieht ok aus, da wurden nur Cookies gefunden.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )


Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

smakr2 16.07.2012 18:42
Das System scheint in Ordnung zu sein.

Bei den Cookies darfst du nicht vergessen, dass es sich um den PC meiner Freundin handelt, ich halte das bei mir ähnlich wie du. Naja, vlt. installiere ich ihr mal das von dir angesprochene Plugin.

Vielen Dank noch mal für deine Hilfe

cosinus 17.07.2012 10:17
Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.


Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks => Adobe Flash Player Distribution | Adobe

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

smakr2 17.07.2012 10:54
Alles klar, vielen vielen Dank für die kompetente Hilfe


Alle Zeitangaben in WEZ +1. Es ist jetzt 19:59 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55