Trojaner-Board
Seite 3 von 3 12 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Trojaner TR/Crypt.XPACK.Gen (https://www.trojaner-board.de/119995-trojaner-tr-crypt-xpack-gen.html)

Don_Camillo 30.07.2012 17:32
Hier ist das Log:

Code:
18:28:40.0249 4860        TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
18:28:40.0467 4860        ============================================================
18:28:40.0467 4860        Current date / time: 2012/07/30 18:28:40.0467
18:28:40.0467 4860        SystemInfo:
18:28:40.0467 4860       
18:28:40.0467 4860        OS Version: 6.1.7601 ServicePack: 1.0
18:28:40.0467 4860        Product type: Workstation
18:28:40.0467 4860        ComputerName: MARKUS-PC
18:28:40.0467 4860        UserName: Markus
18:28:40.0467 4860        Windows directory: D:\Windows
18:28:40.0467 4860        System windows directory: D:\Windows
18:28:40.0467 4860        Processor architecture: Intel x86
18:28:40.0467 4860        Number of processors: 2
18:28:40.0467 4860        Page size: 0x1000
18:28:40.0467 4860        Boot type: Normal boot
18:28:40.0467 4860        ============================================================
18:28:41.0091 4860        Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x1C042, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000050
18:28:41.0107 4860        Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:28:41.0216 4860        ============================================================
18:28:41.0216 4860        \Device\Harddisk0\DR0:
18:28:41.0232 4860        MBR partitions:
18:28:41.0232 4860        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:28:41.0232 4860        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC7CE000
18:28:41.0232 4860        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC800800, BlocksNum 0x109C4800
18:28:41.0232 4860        \Device\Harddisk1\DR1:
18:28:41.0232 4860        MBR partitions:
18:28:41.0232 4860        ============================================================
18:28:41.0247 4860        C: <-> \Device\Harddisk0\DR0\Partition1
18:28:41.0294 4860        D: <-> \Device\Harddisk0\DR0\Partition2
18:28:41.0310 4860        Q: <-> \Device\Harddisk0\DR0\Partition0
18:28:41.0310 4860        ============================================================
18:28:41.0310 4860        Initialize success
18:28:41.0310 4860        ============================================================
18:28:52.0152 2744        ============================================================
18:28:52.0152 2744        Scan started
18:28:52.0152 2744        Mode: Manual; SigCheck; TDLFS;
18:28:52.0152 2744        ============================================================
18:28:53.0462 2744        1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) D:\Windows\system32\drivers\1394ohci.sys
18:28:53.0587 2744        1394ohci - ok
18:28:53.0618 2744        ACPI            (cea80c80bed809aa0da6febc04733349) D:\Windows\system32\drivers\ACPI.sys
18:28:53.0634 2744        ACPI - ok
18:28:53.0649 2744        AcpiPmi        (1efbc664abff416d1d07db115dcb264f) D:\Windows\system32\drivers\acpipmi.sys
18:28:53.0712 2744        AcpiPmi - ok
18:28:53.0805 2744        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) D:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
18:28:53.0821 2744        AdobeARMservice - ok
18:28:53.0899 2744        AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) D:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:28:53.0914 2744        AdobeFlashPlayerUpdateSvc - ok
18:28:53.0961 2744        adp94xx        (21e785ebd7dc90a06391141aac7892fb) D:\Windows\system32\DRIVERS\adp94xx.sys
18:28:53.0992 2744        adp94xx - ok
18:28:54.0008 2744        adpahci        (0c676bc278d5b59ff5abd57bbe9123f2) D:\Windows\system32\DRIVERS\adpahci.sys
18:28:54.0024 2744        adpahci - ok
18:28:54.0039 2744        adpu320        (7c7b5ee4b7b822ec85321fe23a27db33) D:\Windows\system32\DRIVERS\adpu320.sys
18:28:54.0055 2744        adpu320 - ok
18:28:54.0086 2744        AeLookupSvc    (8b5eefeec1e6d1a72a06c526628ad161) D:\Windows\System32\aelupsvc.dll
18:28:54.0148 2744        AeLookupSvc - ok
18:28:54.0195 2744        AFD            (9ebbba55060f786f0fcaa3893bfa2806) D:\Windows\system32\drivers\afd.sys
18:28:54.0258 2744        AFD - ok
18:28:54.0289 2744        agp440          (507812c3054c21cef746b6ee3d04dd6e) D:\Windows\system32\drivers\agp440.sys
18:28:54.0304 2744        agp440 - ok
18:28:54.0336 2744        aic78xx        (8b30250d573a8f6b4bd23195160d8707) D:\Windows\system32\DRIVERS\djsvs.sys
18:28:54.0351 2744        aic78xx - ok
18:28:54.0382 2744        ALG            (18a54e132947cd98fea9accc57f98f13) D:\Windows\System32\alg.exe
18:28:54.0460 2744        ALG - ok
18:28:54.0476 2744        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) D:\Windows\system32\drivers\aliide.sys
18:28:54.0492 2744        aliide - ok
18:28:54.0679 2744        AMD External Events Utility (b19505648f033393e907e2e419fde8b3) D:\Windows\system32\atiesrxx.exe
18:28:54.0726 2744        AMD External Events Utility - ok
18:28:54.0757 2744        amdagp          (3c6600a0696e90a463771c7422e23ab5) D:\Windows\system32\drivers\amdagp.sys
18:28:54.0772 2744        amdagp - ok
18:28:54.0788 2744        amdide          (cd5914170297126b6266860198d1d4f0) D:\Windows\system32\drivers\amdide.sys
18:28:54.0804 2744        amdide - ok
18:28:54.0835 2744        AmdK8          (00dda200d71bac534bf56a9db5dfd666) D:\Windows\system32\DRIVERS\amdk8.sys
18:28:54.0897 2744        AmdK8 - ok
18:28:54.0913 2744        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) D:\Windows\system32\DRIVERS\amdppm.sys
18:28:54.0960 2744        AmdPPM - ok
18:28:55.0006 2744        amdsata        (d320bf87125326f996d4904fe24300fc) D:\Windows\system32\drivers\amdsata.sys
18:28:55.0022 2744        amdsata - ok
18:28:55.0069 2744        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) D:\Windows\system32\DRIVERS\amdsbs.sys
18:28:55.0100 2744        amdsbs - ok
18:28:55.0116 2744        amdxata        (46387fb17b086d16dea267d5be23a2f2) D:\Windows\system32\drivers\amdxata.sys
18:28:55.0116 2744        amdxata - ok
18:28:55.0194 2744        AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) D:\Program Files\Avira\AntiVir Desktop\sched.exe
18:28:55.0209 2744        AntiVirSchedulerService - ok
18:28:55.0240 2744        AntiVirService  (a489be6bb0aa1ff406b488b60542314b) D:\Program Files\Avira\AntiVir Desktop\avguard.exe
18:28:55.0256 2744        AntiVirService - ok
18:28:55.0287 2744        AppID          (aea177f783e20150ace5383ee368da19) D:\Windows\system32\drivers\appid.sys
18:28:55.0459 2744        AppID - ok
18:28:55.0490 2744        AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) D:\Windows\System32\appidsvc.dll
18:28:55.0537 2744        AppIDSvc - ok
18:28:55.0584 2744        Appinfo        (fb1959012294d6ad43e5304df65e3c26) D:\Windows\System32\appinfo.dll
18:28:55.0646 2744        Appinfo - ok
18:28:55.0724 2744        Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:28:55.0740 2744        Apple Mobile Device - ok
18:28:55.0771 2744        arc            (2932004f49677bd84dbc72edb754ffb3) D:\Windows\system32\DRIVERS\arc.sys
18:28:55.0786 2744        arc - ok
18:28:55.0802 2744        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) D:\Windows\system32\DRIVERS\arcsas.sys
18:28:55.0818 2744        arcsas - ok
18:28:55.0896 2744        aspnet_state    (776acefa0ca9df0faa51a5fb2f435705) D:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
18:28:55.0942 2744        aspnet_state - ok
18:28:55.0974 2744        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) D:\Windows\system32\DRIVERS\asyncmac.sys
18:28:56.0083 2744        AsyncMac - ok
18:28:56.0114 2744        atapi          (338c86357871c167a96ab976519bf59e) D:\Windows\system32\drivers\atapi.sys
18:28:56.0114 2744        atapi - ok
18:28:56.0301 2744        atikmdag        (04f09923a393e4e0e8453a8f78361e73) D:\Windows\system32\DRIVERS\atikmdag.sys
18:28:56.0488 2744        atikmdag - ok
18:28:56.0598 2744        atksgt          (f0d933b42cd0594048e4d5200ae9e417) D:\Windows\system32\DRIVERS\atksgt.sys
18:28:56.0644 2744        atksgt - ok
18:28:56.0691 2744        AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) D:\Windows\System32\Audiosrv.dll
18:28:56.0738 2744        AudioEndpointBuilder - ok
18:28:56.0754 2744        Audiosrv        (ce3b4e731638d2ef62fcb419be0d39f0) D:\Windows\System32\Audiosrv.dll
18:28:56.0769 2744        Audiosrv - ok
18:28:56.0816 2744        avgntflt        (d5541f0afb767e85fc412fc609d96a74) D:\Windows\system32\DRIVERS\avgntflt.sys
18:28:56.0832 2744        avgntflt - ok
18:28:56.0847 2744        avipbb          (7d967a682d4694df7fa57d63a2db01fe) D:\Windows\system32\DRIVERS\avipbb.sys
18:28:56.0863 2744        avipbb - ok
18:28:56.0863 2744        avkmgr          (271cfd1a989209b1964e24d969552bf7) D:\Windows\system32\DRIVERS\avkmgr.sys
18:28:56.0878 2744        avkmgr - ok
18:28:56.0910 2744        AxInstSV        (6e30d02aac9cac84f421622e3a2f6178) D:\Windows\System32\AxInstSV.dll
18:28:56.0988 2744        AxInstSV - ok
18:28:57.0034 2744        b06bdrv        (1a231abec60fd316ec54c66715543cec) D:\Windows\system32\DRIVERS\bxvbdx.sys
18:28:57.0097 2744        b06bdrv - ok
18:28:57.0144 2744        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) D:\Windows\system32\DRIVERS\b57nd60x.sys
18:28:57.0175 2744        b57nd60x - ok
18:28:57.0222 2744        BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) D:\Windows\System32\bdesvc.dll
18:28:57.0268 2744        BDESVC - ok
18:28:57.0284 2744        Beep            (505506526a9d467307b3c393dedaf858) D:\Windows\system32\drivers\Beep.sys
18:28:57.0331 2744        Beep - ok
18:28:57.0393 2744        BFE            (1e2bac209d184bb851e1a187d8a29136) D:\Windows\System32\bfe.dll
18:28:57.0440 2744        BFE - ok
18:28:57.0487 2744        BITS            (e585445d5021971fae10393f0f1c3961) D:\Windows\System32\qmgr.dll
18:28:57.0549 2744        BITS - ok
18:28:57.0565 2744        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) D:\Windows\system32\DRIVERS\blbdrive.sys
18:28:57.0596 2744        blbdrive - ok
18:28:57.0690 2744        Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) D:\Program Files\Bonjour\mDNSResponder.exe
18:28:57.0705 2744        Bonjour Service - ok
18:28:57.0736 2744        bowser          (8f2da3028d5fcbd1a060a3de64cd6506) D:\Windows\system32\DRIVERS\bowser.sys
18:28:57.0783 2744        bowser - ok
18:28:57.0814 2744        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) D:\Windows\system32\DRIVERS\BrFiltLo.sys
18:28:57.0892 2744        BrFiltLo - ok
18:28:57.0908 2744        BrFiltUp        (56801ad62213a41f6497f96dee83755a) D:\Windows\system32\DRIVERS\BrFiltUp.sys
18:28:57.0955 2744        BrFiltUp - ok
18:28:57.0986 2744        Browser        (6e11f33d14d020f58d5e02e4d67dfa19) D:\Windows\System32\browser.dll
18:28:58.0064 2744        Browser - ok
18:28:58.0126 2744        Brserid        (845b8ce732e67f3b4133164868c666ea) D:\Windows\System32\Drivers\Brserid.sys
18:28:58.0204 2744        Brserid - ok
18:28:58.0220 2744        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) D:\Windows\System32\Drivers\BrSerWdm.sys
18:28:58.0267 2744        BrSerWdm - ok
18:28:58.0298 2744        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) D:\Windows\System32\Drivers\BrUsbMdm.sys
18:28:58.0345 2744        BrUsbMdm - ok
18:28:58.0360 2744        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) D:\Windows\System32\Drivers\BrUsbSer.sys
18:28:58.0392 2744        BrUsbSer - ok
18:28:58.0407 2744        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) D:\Windows\system32\DRIVERS\bthmodem.sys
18:28:58.0438 2744        BTHMODEM - ok
18:28:58.0501 2744        bthserv        (1df19c96eef6c29d1c3e1a8678e07190) D:\Windows\system32\bthserv.dll
18:28:58.0516 2744        bthserv - ok
18:28:58.0563 2744        cdfs            (77ea11b065e0a8ab902d78145ca51e10) D:\Windows\system32\DRIVERS\cdfs.sys
18:28:58.0610 2744        cdfs - ok
18:28:58.0672 2744        cdrom          (be167ed0fdb9c1fa1133953c18d5a6c9) D:\Windows\system32\drivers\cdrom.sys
18:28:58.0719 2744        cdrom - ok
18:28:58.0766 2744        CertPropSvc    (319c6b309773d063541d01df8ac6f55f) D:\Windows\System32\certprop.dll
18:28:58.0813 2744        CertPropSvc - ok
18:28:58.0860 2744        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) D:\Windows\system32\DRIVERS\circlass.sys
18:28:58.0891 2744        circlass - ok
18:28:58.0922 2744        CLFS            (635181e0e9bbf16871bf5380d71db02d) D:\Windows\system32\CLFS.sys
18:28:58.0938 2744        CLFS - ok
18:28:59.0000 2744        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) D:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:28:59.0016 2744        clr_optimization_v2.0.50727_32 - ok
18:28:59.0078 2744        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:28:59.0140 2744        clr_optimization_v4.0.30319_32 - ok
18:28:59.0156 2744        CmBatt          (dea805815e587dad1dd2c502220b5616) D:\Windows\system32\DRIVERS\CmBatt.sys
18:28:59.0172 2744        CmBatt - ok
18:28:59.0203 2744        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) D:\Windows\system32\drivers\cmdide.sys
18:28:59.0218 2744        cmdide - ok
18:28:59.0250 2744        CNG            (247b4ce2dab1160cd422d532d5241e1f) D:\Windows\system32\Drivers\cng.sys
18:28:59.0296 2744        CNG - ok
18:28:59.0296 2744        Compbatt        (a6023d3823c37043986713f118a89bee) D:\Windows\system32\DRIVERS\compbatt.sys
18:28:59.0312 2744        Compbatt - ok
18:28:59.0359 2744        CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) D:\Windows\system32\drivers\CompositeBus.sys
18:28:59.0374 2744        CompositeBus - ok
18:28:59.0390 2744        COMSysApp - ok
18:28:59.0406 2744        crcdisk        (2c4ebcfc84a9b44f209dff6c6e6c61d1) D:\Windows\system32\DRIVERS\crcdisk.sys
18:28:59.0421 2744        crcdisk - ok
18:28:59.0452 2744        CryptSvc        (06e771aa596b8761107ab57e99f128d7) D:\Windows\system32\cryptsvc.dll
18:28:59.0484 2744        CryptSvc - ok
18:28:59.0530 2744        DcomLaunch      (7660f01d3b38aca1747e397d21d790af) D:\Windows\system32\rpcss.dll
18:28:59.0593 2744        DcomLaunch - ok
18:28:59.0624 2744        defragsvc      (8d6e10a2d9a5eed59562d9b82cf804e1) D:\Windows\System32\defragsvc.dll
18:28:59.0686 2744        defragsvc - ok
18:28:59.0718 2744        DfsC            (f024449c97ec1e464aaffda18593db88) D:\Windows\system32\Drivers\dfsc.sys
18:28:59.0796 2744        DfsC - ok
18:28:59.0858 2744        Dhcp            (e9e01eb683c132f7fa27cd607b8a2b63) D:\Windows\system32\dhcpcore.dll
18:28:59.0905 2744        Dhcp - ok
18:28:59.0936 2744        discache        (1a050b0274bfb3890703d490f330c0da) D:\Windows\system32\drivers\discache.sys
18:28:59.0983 2744        discache - ok
18:29:00.0030 2744        Disk            (565003f326f99802e68ca78f2a68e9ff) D:\Windows\system32\DRIVERS\disk.sys
18:29:00.0045 2744        Disk - ok
18:29:00.0061 2744        Dnscache        (33ef4861f19a0736b11314aad9ae28d0) D:\Windows\System32\dnsrslvr.dll
18:29:00.0092 2744        Dnscache - ok
18:29:00.0108 2744        dot3svc        (366ba8fb4b7bb7435e3b9eacb3843f67) D:\Windows\System32\dot3svc.dll
18:29:00.0170 2744        dot3svc - ok
18:29:00.0201 2744        DPS            (8ec04ca86f1d68da9e11952eb85973d6) D:\Windows\system32\dps.dll
18:29:00.0248 2744        DPS - ok
18:29:00.0295 2744        drmkaud        (b918e7c5f9bf77202f89e1a9539f2eb4) D:\Windows\system32\drivers\drmkaud.sys
18:29:00.0326 2744        drmkaud - ok
18:29:00.0388 2744        DXGKrnl        (23f5d28378a160352ba8f817bd8c71cb) D:\Windows\System32\drivers\dxgkrnl.sys
18:29:00.0435 2744        DXGKrnl - ok
18:29:00.0466 2744        e1express      (cf0a6015f437161698c5b2a0a12cf052) D:\Windows\system32\DRIVERS\e1e6032.sys
18:29:00.0529 2744        e1express - ok
18:29:00.0544 2744        EapHost        (8600142fa91c1b96367d3300ad0f3f3a) D:\Windows\System32\eapsvc.dll
18:29:00.0591 2744        EapHost - ok
18:29:00.0716 2744        ebdrv          (024e1b5cac09731e4d868e64dbfb4ab0) D:\Windows\system32\DRIVERS\evbdx.sys
18:29:00.0841 2744        ebdrv - ok
18:29:00.0919 2744        EFS            (81951f51e318aecc2d68559e47485cc4) D:\Windows\System32\lsass.exe
18:29:00.0966 2744        EFS - ok
18:29:01.0012 2744        ehRecvr        (a8c362018efc87beb013ee28f29c0863) D:\Windows\ehome\ehRecvr.exe
18:29:01.0106 2744        ehRecvr - ok
18:29:01.0137 2744        ehSched        (d389bff34f80caede417bf9d1507996a) D:\Windows\ehome\ehsched.exe
18:29:01.0184 2744        ehSched - ok
18:29:01.0278 2744        ElbyCDIO        (d71233d7ccc2e64f8715a20428d5a33b) D:\Windows\system32\Drivers\ElbyCDIO.sys
18:29:01.0293 2744        ElbyCDIO - ok
18:29:01.0340 2744        elxstor        (0ed67910c8c326796faa00b2bf6d9d3c) D:\Windows\system32\DRIVERS\elxstor.sys
18:29:01.0371 2744        elxstor - ok
18:29:01.0402 2744        ErrDev          (8fc3208352dd3912c94367a206ab3f11) D:\Windows\system32\drivers\errdev.sys
18:29:01.0434 2744        ErrDev - ok
18:29:01.0496 2744        EventSystem    (f6916efc29d9953d5d0df06882ae8e16) D:\Windows\system32\es.dll
18:29:01.0543 2744        EventSystem - ok
18:29:01.0574 2744        exfat          (2dc9108d74081149cc8b651d3a26207f) D:\Windows\system32\drivers\exfat.sys
18:29:01.0621 2744        exfat - ok
18:29:01.0636 2744        fastfat        (7e0ab74553476622fb6ae36f73d97d35) D:\Windows\system32\drivers\fastfat.sys
18:29:01.0699 2744        fastfat - ok
18:29:01.0761 2744        Fax            (967ea5b213e9984cbe270205df37755b) D:\Windows\system32\fxssvc.exe
18:29:01.0824 2744        Fax - ok
18:29:01.0855 2744        fdc            (e817a017f82df2a1f8cfdbda29388b29) D:\Windows\system32\DRIVERS\fdc.sys
18:29:01.0902 2744        fdc - ok
18:29:01.0917 2744        fdPHost        (f3222c893bd2f5821a0179e5c71e88fb) D:\Windows\system32\fdPHost.dll
18:29:01.0980 2744        fdPHost - ok
18:29:01.0995 2744        FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) D:\Windows\system32\fdrespub.dll
18:29:02.0058 2744        FDResPub - ok
18:29:02.0073 2744        FileInfo        (6cf00369c97f3cf563be99be983d13d8) D:\Windows\system32\drivers\fileinfo.sys
18:29:02.0089 2744        FileInfo - ok
18:29:02.0120 2744        Filetrace      (42c51dc94c91da21cb9196eb64c45db9) D:\Windows\system32\drivers\filetrace.sys
18:29:02.0151 2744        Filetrace - ok
18:29:02.0167 2744        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) D:\Windows\system32\DRIVERS\flpydisk.sys
18:29:02.0182 2744        flpydisk - ok
18:29:02.0214 2744        FltMgr          (7520ec808e0c35e0ee6f841294316653) D:\Windows\system32\drivers\fltmgr.sys
18:29:02.0245 2744        FltMgr - ok
18:29:02.0292 2744        FontCache      (b3a5ec6b6b6673db7e87c2bcdbddc074) D:\Windows\system32\FntCache.dll
18:29:02.0354 2744        FontCache - ok
18:29:02.0416 2744        FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) D:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:29:02.0432 2744        FontCache3.0.0.0 - ok
18:29:02.0448 2744        FsDepends      (1a16b57943853e598cff37fe2b8cbf1d) D:\Windows\system32\drivers\FsDepends.sys
18:29:02.0463 2744        FsDepends - ok
18:29:02.0479 2744        Fs_Rec          (7dae5ebcc80e45d3253f4923dc424d05) D:\Windows\system32\drivers\Fs_Rec.sys
18:29:02.0494 2744        Fs_Rec - ok
18:29:02.0541 2744        fvevol          (8a73e79089b282100b9393b644cb853b) D:\Windows\system32\DRIVERS\fvevol.sys
18:29:02.0572 2744        fvevol - ok
18:29:02.0604 2744        gagp30kx        (65ee0c7a58b65e74ae05637418153938) D:\Windows\system32\DRIVERS\gagp30kx.sys
18:29:02.0619 2744        gagp30kx - ok
18:29:02.0650 2744        GEARAspiWDM    (8182ff89c65e4d38b2de4bb0fb18564e) D:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:29:02.0666 2744        GEARAspiWDM - ok
18:29:02.0713 2744        gpsvc          (e897eaf5ed6ba41e081060c9b447a673) D:\Windows\System32\gpsvc.dll
18:29:02.0775 2744        gpsvc - ok
18:29:02.0869 2744        gupdate        (f02a533f517eb38333cb12a9e8963773) D:\Program Files\Google\Update\GoogleUpdate.exe
18:29:02.0884 2744        gupdate - ok
18:29:02.0900 2744        gupdatem        (f02a533f517eb38333cb12a9e8963773) D:\Program Files\Google\Update\GoogleUpdate.exe
18:29:02.0916 2744        gupdatem - ok
18:29:02.0947 2744        gusvc          (cc839e8d766cc31a7710c9f38cf3e375) D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
18:29:02.0978 2744        gusvc - ok
18:29:02.0994 2744        hcw85cir        (c44e3c2bab6837db337ddee7544736db) D:\Windows\system32\drivers\hcw85cir.sys
18:29:03.0056 2744        hcw85cir - ok
18:29:03.0118 2744        HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) D:\Windows\system32\drivers\HdAudio.sys
18:29:03.0165 2744        HdAudAddService - ok
18:29:03.0196 2744        HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) D:\Windows\system32\drivers\HDAudBus.sys
18:29:03.0243 2744        HDAudBus - ok
18:29:03.0274 2744        HidBatt        (1d58a7f3e11a9731d0eaaaa8405acc36) D:\Windows\system32\DRIVERS\HidBatt.sys
18:29:03.0306 2744        HidBatt - ok
18:29:03.0337 2744        HidBth          (89448f40e6df260c206a193a4683ba78) D:\Windows\system32\DRIVERS\hidbth.sys
18:29:03.0368 2744        HidBth - ok
18:29:03.0430 2744        HidIr          (cf50b4cf4a4f229b9f3c08351f99ca5e) D:\Windows\system32\DRIVERS\hidir.sys
18:29:03.0446 2744        HidIr - ok
18:29:03.0462 2744        hidserv        (2bc6f6a1992b3a77f5f41432ca6b3b6b) D:\Windows\system32\hidserv.dll
18:29:03.0524 2744        hidserv - ok
18:29:03.0586 2744        HidUsb          (10c19f8290891af023eaec0832e1eb4d) D:\Windows\system32\DRIVERS\hidusb.sys
18:29:03.0602 2744        HidUsb - ok
18:29:03.0633 2744        hkmsvc          (196b4e3f4cccc24af836ce58facbb699) D:\Windows\system32\kmsvc.dll
18:29:03.0696 2744        hkmsvc - ok
18:29:03.0727 2744        HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) D:\Windows\system32\ListSvc.dll
18:29:03.0774 2744        HomeGroupListener - ok
18:29:03.0789 2744        HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) D:\Windows\system32\provsvc.dll
18:29:03.0836 2744        HomeGroupProvider - ok
18:29:03.0883 2744        HpSAMD          (295fdc419039090eb8b49ffdbb374549) D:\Windows\system32\drivers\HpSAMD.sys
18:29:03.0898 2744        HpSAMD - ok
18:29:03.0945 2744        HTTP            (871917b07a141bff43d76d8844d48106) D:\Windows\system32\drivers\HTTP.sys
18:29:03.0992 2744        HTTP - ok
18:29:04.0023 2744        hwpolicy        (0c4e035c7f105f1299258c90886c64c5) D:\Windows\system32\drivers\hwpolicy.sys
18:29:04.0039 2744        hwpolicy - ok
18:29:04.0070 2744        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) D:\Windows\system32\drivers\i8042prt.sys
18:29:04.0101 2744        i8042prt - ok
18:29:04.0148 2744        iaStorV        (5cd5f9a5444e6cdcb0ac89bd62d8b76e) D:\Windows\system32\drivers\iaStorV.sys
18:29:04.0179 2744        iaStorV - ok
18:29:04.0273 2744        idsvc          (c521d7eb6497bb1af6afa89e322fb43c) D:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:29:04.0320 2744        idsvc - ok
18:29:04.0335 2744        iirsp          (4173ff5708f3236cf25195fecd742915) D:\Windows\system32\DRIVERS\iirsp.sys
18:29:04.0351 2744        iirsp - ok
18:29:04.0398 2744        IKEEXT          (f95622f161474511b8d80d6b093aa610) D:\Windows\System32\ikeext.dll
18:29:04.0460 2744        IKEEXT - ok
18:29:04.0491 2744        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) D:\Windows\system32\drivers\intelide.sys
18:29:04.0507 2744        intelide - ok
18:29:04.0522 2744        intelppm        (3b514d27bfc4accb4037bc6685f766e0) D:\Windows\system32\DRIVERS\intelppm.sys
18:29:04.0554 2744        intelppm - ok
18:29:04.0585 2744        IPBusEnum      (acb364b9075a45c0736e5c47be5cae19) D:\Windows\system32\ipbusenum.dll
18:29:04.0647 2744        IPBusEnum - ok
18:29:04.0678 2744        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) D:\Windows\system32\DRIVERS\ipfltdrv.sys
18:29:04.0725 2744        IpFilterDriver - ok
18:29:04.0788 2744        iphlpsvc        (4d65a07b795d6674312f879d09aa7663) D:\Windows\System32\iphlpsvc.dll
18:29:04.0834 2744        iphlpsvc - ok
18:29:04.0850 2744        IPMIDRV        (4bd7134618c1d2a27466a099062547bf) D:\Windows\system32\drivers\IPMIDrv.sys
18:29:04.0866 2744        IPMIDRV - ok
18:29:04.0881 2744        IPNAT          (a5fa468d67abcdaa36264e463a7bb0cd) D:\Windows\system32\drivers\ipnat.sys
18:29:04.0928 2744        IPNAT - ok
18:29:05.0022 2744        iPod Service    (e6be7a41a28d8f2db174957454d32448) D:\Program Files\iPod\bin\iPodService.exe
18:29:05.0053 2744        iPod Service - ok
18:29:05.0084 2744        IRENUM          (42996cff20a3084a56017b7902307e9f) D:\Windows\system32\drivers\irenum.sys
18:29:05.0100 2744        IRENUM - ok
18:29:05.0131 2744        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) D:\Windows\system32\drivers\isapnp.sys
18:29:05.0146 2744        isapnp - ok
18:29:05.0162 2744        iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) D:\Windows\system32\drivers\msiscsi.sys
18:29:05.0193 2744        iScsiPrt - ok
18:29:05.0209 2744        kbdclass        (adef52ca1aeae82b50df86b56413107e) D:\Windows\system32\DRIVERS\kbdclass.sys
18:29:05.0224 2744        kbdclass - ok
18:29:05.0256 2744        kbdhid          (9e3ced91863e6ee98c24794d05e27a71) D:\Windows\system32\DRIVERS\kbdhid.sys
18:29:05.0271 2744        kbdhid - ok
18:29:05.0302 2744        KeyIso          (81951f51e318aecc2d68559e47485cc4) D:\Windows\system32\lsass.exe
18:29:05.0318 2744        KeyIso - ok
18:29:05.0349 2744        KSecDD          (b7895b4182c0d16f6efadeb8081e8d36) D:\Windows\system32\Drivers\ksecdd.sys
18:29:05.0349 2744        KSecDD - ok
18:29:05.0380 2744        KSecPkg        (d30159ac9237519fbc62c6ec247d2d46) D:\Windows\system32\Drivers\ksecpkg.sys
18:29:05.0396 2744        KSecPkg - ok
18:29:05.0443 2744        KtmRm          (89a7b9cc98d0d80c6f31b91c0a310fcd) D:\Windows\system32\msdtckrm.dll
18:29:05.0474 2744        KtmRm - ok
18:29:05.0521 2744        LanmanServer    (d64af876d53eca3668bb97b51b4e70ab) D:\Windows\system32\srvsvc.dll
18:29:05.0568 2744        LanmanServer - ok
18:29:05.0599 2744        LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) D:\Windows\System32\wkssvc.dll
18:29:05.0646 2744        LanmanWorkstation - ok
18:29:05.0724 2744        lirsgt          (f8a7212d0864ef5e9185fb95e6623f4d) D:\Windows\system32\DRIVERS\lirsgt.sys
18:29:05.0739 2744        lirsgt - ok
18:29:05.0770 2744        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) D:\Windows\system32\DRIVERS\lltdio.sys
18:29:05.0817 2744        lltdio - ok
18:29:05.0864 2744        lltdsvc        (5700673e13a2117fa3b9020c852c01e2) D:\Windows\System32\lltdsvc.dll
18:29:05.0895 2744        lltdsvc - ok
18:29:05.0911 2744        lmhosts        (55ca01ba19d0006c8f2639b6c045e08b) D:\Windows\System32\lmhsvc.dll
18:29:05.0958 2744        lmhosts - ok
18:29:05.0989 2744        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) D:\Windows\system32\DRIVERS\lsi_fc.sys
18:29:06.0020 2744        LSI_FC - ok
18:29:06.0036 2744        LSI_SAS        (8ade1c877256a22e49b75d1cc9161f9c) D:\Windows\system32\DRIVERS\lsi_sas.sys
18:29:06.0051 2744        LSI_SAS - ok
18:29:06.0067 2744        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) D:\Windows\system32\DRIVERS\lsi_sas2.sys
18:29:06.0067 2744        LSI_SAS2 - ok
18:29:06.0098 2744        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) D:\Windows\system32\DRIVERS\lsi_scsi.sys
18:29:06.0114 2744        LSI_SCSI - ok
18:29:06.0129 2744        luafv          (6703e366cc18d3b6e534f5cf7df39cee) D:\Windows\system32\drivers\luafv.sys
18:29:06.0160 2744        luafv - ok
18:29:06.0192 2744        MBAMProtector  (6dfe7f2e8e8a337263aa5c92a215f161) D:\Windows\system32\drivers\mbam.sys
18:29:06.0207 2744        MBAMProtector - ok
18:29:06.0301 2744        MBAMService    (43683e970f008c93c9429ef428147a54) D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
18:29:06.0332 2744        MBAMService - ok
18:29:06.0363 2744        Mcx2Svc        (bfb9ee8ee977efe85d1a3105abef6dd1) D:\Windows\system32\Mcx2Svc.dll
18:29:06.0363 2744        Mcx2Svc - ok
18:29:06.0394 2744        megasas        (0fff5b045293002ab38eb1fd1fc2fb74) D:\Windows\system32\DRIVERS\megasas.sys
18:29:06.0410 2744        megasas - ok
18:29:06.0426 2744        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) D:\Windows\system32\DRIVERS\MegaSR.sys
18:29:06.0457 2744        MegaSR - ok
18:29:06.0472 2744        MMCSS          (146b6f43a673379a3c670e86d89be5ea) D:\Windows\system32\mmcss.dll
18:29:06.0519 2744        MMCSS - ok
18:29:06.0550 2744        Modem          (f001861e5700ee84e2d4e52c712f4964) D:\Windows\system32\drivers\modem.sys
18:29:06.0597 2744        Modem - ok
18:29:06.0644 2744        monitor        (79d10964de86b292320e9dfe02282a23) D:\Windows\system32\DRIVERS\monitor.sys
18:29:06.0675 2744        monitor - ok
18:29:06.0722 2744        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) D:\Windows\system32\DRIVERS\mouclass.sys
18:29:06.0753 2744        mouclass - ok
18:29:06.0769 2744        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) D:\Windows\system32\DRIVERS\mouhid.sys
18:29:06.0800 2744        mouhid - ok
18:29:06.0831 2744        mountmgr        (fc8771f45ecccfd89684e38842539b9b) D:\Windows\system32\drivers\mountmgr.sys
18:29:06.0862 2744        mountmgr - ok
18:29:06.0862 2744        mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) D:\Windows\system32\drivers\mpio.sys
18:29:06.0894 2744        mpio - ok
18:29:06.0909 2744        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) D:\Windows\system32\drivers\mpsdrv.sys
18:29:06.0956 2744        mpsdrv - ok
18:29:07.0003 2744        MpsSvc          (9835584e999d25004e1ee8e5f3e3b881) D:\Windows\system32\mpssvc.dll
18:29:07.0065 2744        MpsSvc - ok
18:29:07.0096 2744        MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) D:\Windows\system32\drivers\mrxdav.sys
18:29:07.0128 2744        MRxDAV - ok
18:29:07.0174 2744        mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) D:\Windows\system32\DRIVERS\mrxsmb.sys
18:29:07.0237 2744        mrxsmb - ok
18:29:07.0268 2744        mrxsmb10        (6d17a4791aca19328c685d256349fefc) D:\Windows\system32\DRIVERS\mrxsmb10.sys
18:29:07.0315 2744        mrxsmb10 - ok
18:29:07.0346 2744        mrxsmb20        (b81f204d146000be76651a50670a5e9e) D:\Windows\system32\DRIVERS\mrxsmb20.sys
18:29:07.0393 2744        mrxsmb20 - ok
18:29:07.0424 2744        msahci          (012c5f4e9349e711e11e0f19a8589f0a) D:\Windows\system32\drivers\msahci.sys
18:29:07.0440 2744        msahci - ok
18:29:07.0455 2744        msdsm          (55055f8ad8be27a64c831322a780a228) D:\Windows\system32\drivers\msdsm.sys
18:29:07.0471 2744        msdsm - ok
18:29:07.0502 2744        MSDTC          (e1bce74a3bd9902b72599c0192a07e27) D:\Windows\System32\msdtc.exe
18:29:07.0533 2744        MSDTC - ok
18:29:07.0564 2744        Msfs            (daefb28e3af5a76abcc2c3078c07327f) D:\Windows\system32\drivers\Msfs.sys
18:29:07.0611 2744        Msfs - ok
18:29:07.0611 2744        mshidkmdf      (3e1e5767043c5af9367f0056295e9f84) D:\Windows\System32\drivers\mshidkmdf.sys
18:29:07.0658 2744        mshidkmdf - ok
18:29:07.0689 2744        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) D:\Windows\system32\drivers\msisadrv.sys
18:29:07.0705 2744        msisadrv - ok
18:29:07.0720 2744        MSiSCSI        (90f7d9e6b6f27e1a707d4a297f077828) D:\Windows\system32\iscsiexe.dll
18:29:07.0767 2744        MSiSCSI - ok
18:29:07.0767 2744        msiserver - ok
18:29:07.0798 2744        MSKSSRV        (8c0860d6366aaffb6c5bb9df9448e631) D:\Windows\system32\drivers\MSKSSRV.sys
18:29:07.0861 2744        MSKSSRV - ok
18:29:07.0892 2744        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) D:\Windows\system32\drivers\MSPCLOCK.sys
18:29:07.0939 2744        MSPCLOCK - ok
18:29:07.0954 2744        MSPQM          (f456e973590d663b1073e9c463b40932) D:\Windows\system32\drivers\MSPQM.sys
18:29:08.0001 2744        MSPQM - ok
18:29:08.0048 2744        MsRPC          (0e008fc4819d238c51d7c93e7b41e560) D:\Windows\system32\drivers\MsRPC.sys
18:29:08.0064 2744        MsRPC - ok
18:29:08.0095 2744        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) D:\Windows\system32\drivers\mssmbios.sys
18:29:08.0095 2744        mssmbios - ok
18:29:08.0126 2744        MSTEE          (b42c6b921f61a6e55159b8be6cd54a36) D:\Windows\system32\drivers\MSTEE.sys
18:29:08.0142 2744        MSTEE - ok
18:29:08.0157 2744        MTConfig        (33599130f44e1f34631cea241de8ac84) D:\Windows\system32\DRIVERS\MTConfig.sys
18:29:08.0188 2744        MTConfig - ok
18:29:08.0220 2744        Mup            (159fad02f64e6381758c990f753bcc80) D:\Windows\system32\Drivers\mup.sys
18:29:08.0235 2744        Mup - ok
18:29:08.0266 2744        napagent        (61d57a5d7c6d9afe10e77dae6e1b445e) D:\Windows\system32\qagentRT.dll
18:29:08.0298 2744        napagent - ok
18:29:08.0329 2744        NativeWifiP    (26384429fcd85d83746f63e798ab1480) D:\Windows\system32\DRIVERS\nwifi.sys
18:29:08.0360 2744        NativeWifiP - ok
18:29:08.0407 2744        NDIS            (e7c54812a2aaf43316eb6930c1ffa108) D:\Windows\system32\drivers\ndis.sys
18:29:08.0438 2744        NDIS - ok
18:29:08.0454 2744        NdisCap        (0e1787aa6c9191d3d319e8bafe86f80c) D:\Windows\system32\DRIVERS\ndiscap.sys
18:29:08.0500 2744        NdisCap - ok
18:29:08.0532 2744        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) D:\Windows\system32\DRIVERS\ndistapi.sys
18:29:08.0578 2744        NdisTapi - ok
18:29:08.0625 2744        Ndisuio        (d8a65dafb3eb41cbb622745676fcd072) D:\Windows\system32\DRIVERS\ndisuio.sys
18:29:08.0656 2744        Ndisuio - ok
18:29:08.0672 2744        NdisWan        (38fbe267e7e6983311179230facb1017) D:\Windows\system32\DRIVERS\ndiswan.sys
18:29:08.0734 2744        NdisWan - ok
18:29:08.0766 2744        NDProxy        (a4bdc541e69674fbff1a8ff00be913f2) D:\Windows\system32\drivers\NDProxy.sys
18:29:08.0812 2744        NDProxy - ok
18:29:08.0844 2744        NetBIOS        (80b275b1ce3b0e79909db7b39af74d51) D:\Windows\system32\DRIVERS\netbios.sys
18:29:08.0906 2744        NetBIOS - ok
18:29:08.0937 2744        NetBT          (280122ddcf04b378edd1ad54d71c1e54) D:\Windows\system32\DRIVERS\netbt.sys
18:29:09.0000 2744        NetBT - ok
18:29:09.0031 2744        Netlogon        (81951f51e318aecc2d68559e47485cc4) D:\Windows\system32\lsass.exe
18:29:09.0031 2744        Netlogon - ok
18:29:09.0093 2744        Netman          (7cccfca7510684768da22092d1fa4db2) D:\Windows\System32\netman.dll
18:29:09.0140 2744        Netman - ok
18:29:09.0249 2744        NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) D:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:29:09.0280 2744        NetMsmqActivator - ok
18:29:09.0280 2744        NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) D:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:29:09.0296 2744        NetPipeActivator - ok
18:29:09.0327 2744        netprofm        (8c338238c16777a802d6a9211eb2ba50) D:\Windows\System32\netprofm.dll
18:29:09.0358 2744        netprofm - ok
18:29:09.0358 2744        NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) D:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:29:09.0374 2744        NetTcpActivator - ok
18:29:09.0374 2744        NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) D:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:29:09.0390 2744        NetTcpPortSharing - ok
18:29:09.0405 2744        nfrd960        (1d85c4b390b0ee09c7a46b91efb2c097) D:\Windows\system32\DRIVERS\nfrd960.sys
18:29:09.0421 2744        nfrd960 - ok
18:29:09.0452 2744        NlaSvc          (912084381d30d8b89ec4e293053f4710) D:\Windows\System32\nlasvc.dll
18:29:09.0499 2744        NlaSvc - ok
18:29:09.0530 2744        Npfs            (1db262a9f8c087e8153d89bef3d2235f) D:\Windows\system32\drivers\Npfs.sys
18:29:09.0546 2744        Npfs - ok
18:29:09.0577 2744        nsi            (ba387e955e890c8a88306d9b8d06bf17) D:\Windows\system32\nsisvc.dll
18:29:09.0639 2744        nsi - ok
18:29:09.0655 2744        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) D:\Windows\system32\drivers\nsiproxy.sys
18:29:09.0702 2744        nsiproxy - ok
18:29:09.0780 2744        Ntfs            (81189c3d7763838e55c397759d49007a) D:\Windows\system32\drivers\Ntfs.sys
18:29:09.0826 2744        Ntfs - ok
18:29:09.0858 2744        Null            (f9756a98d69098dca8945d62858a812c) D:\Windows\system32\drivers\Null.sys
18:29:09.0873 2744        Null - ok
18:29:09.0904 2744        nvraid          (b3e25ee28883877076e0e1ff877d02e0) D:\Windows\system32\drivers\nvraid.sys
18:29:09.0936 2744        nvraid - ok
18:29:09.0951 2744        nvstor          (4380e59a170d88c4f1022eff6719a8a4) D:\Windows\system32\drivers\nvstor.sys
18:29:09.0967 2744        nvstor - ok
18:29:09.0982 2744        nv_agp          (5a0983915f02bae73267cc2a041f717d) D:\Windows\system32\drivers\nv_agp.sys
18:29:10.0014 2744        nv_agp - ok
18:29:10.0092 2744        odserv          (785f487a64950f3cb8e9f16253ba3b7b) D:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:29:10.0123 2744        odserv - ok
18:29:10.0154 2744        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) D:\Windows\system32\drivers\ohci1394.sys
18:29:10.0201 2744        ohci1394 - ok
18:29:10.0248 2744        ose            (5a432a042dae460abe7199b758e8606c) D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:29:10.0263 2744        ose - ok
18:29:10.0310 2744        p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) D:\Windows\system32\pnrpsvc.dll
18:29:10.0388 2744        p2pimsvc - ok
18:29:10.0435 2744        p2psvc          (59c3ddd501e39e006dac31bf55150d91) D:\Windows\system32\p2psvc.dll
18:29:10.0466 2744        p2psvc - ok
18:29:10.0482 2744        Parport        (2ea877ed5dd9713c5ac74e8ea7348d14) D:\Windows\system32\DRIVERS\parport.sys
18:29:10.0513 2744        Parport - ok
18:29:10.0560 2744        partmgr        (3f34a1b4c5f6475f320c275e63afce9b) D:\Windows\system32\drivers\partmgr.sys
18:29:10.0575 2744        partmgr - ok
18:29:10.0591 2744        Parvdm          (eb0a59f29c19b86479d36b35983daadc) D:\Windows\system32\DRIVERS\parvdm.sys
18:29:10.0606 2744        Parvdm - ok
18:29:10.0653 2744        PcaSvc          (358ab7956d3160000726574083dfc8a6) D:\Windows\System32\pcasvc.dll
18:29:10.0669 2744        PcaSvc - ok
18:29:10.0700 2744        pci            (673e55c3498eb970088e812ea820aa8f) D:\Windows\system32\drivers\pci.sys
18:29:10.0700 2744        pci - ok
18:29:10.0716 2744        pciide          (afe86f419014db4e5593f69ffe26ce0a) D:\Windows\system32\drivers\pciide.sys
18:29:10.0731 2744        pciide - ok
18:29:10.0762 2744        pcmcia          (f396431b31693e71e8a80687ef523506) D:\Windows\system32\DRIVERS\pcmcia.sys
18:29:10.0778 2744        pcmcia - ok
18:29:10.0794 2744        pcw            (250f6b43d2b613172035c6747aeeb19f) D:\Windows\system32\drivers\pcw.sys
18:29:10.0809 2744        pcw - ok
18:29:10.0856 2744        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) D:\Windows\system32\drivers\peauth.sys
18:29:10.0903 2744        PEAUTH - ok
18:29:10.0996 2744        Ph3xIB32        (8b7aec0aba77de5d2feac1824c15a3fa) D:\Windows\system32\DRIVERS\Ph3xIB32.sys
18:29:11.0059 2744        Ph3xIB32 - ok
18:29:11.0137 2744        pla            (414bba67a3ded1d28437eb66aeb8a720) D:\Windows\system32\pla.dll
18:29:11.0230 2744        pla - ok
18:29:11.0324 2744        PlugPlay        (ec7bc28d207da09e79b3e9faf8b232ca) D:\Windows\system32\umpnpmgr.dll
18:29:11.0386 2744        PlugPlay - ok
18:29:11.0402 2744        PnkBstrA        (1713d9de407313138118d501b0e3c05b) D:\Windows\system32\PnkBstrA.exe
18:29:11.0418 2744        PnkBstrA - ok
18:29:11.0449 2744        PNRPAutoReg    (63ff8572611249931eb16bb8eed6afc8) D:\Windows\system32\pnrpauto.dll
18:29:11.0496 2744        PNRPAutoReg - ok
18:29:11.0527 2744        PNRPsvc        (82a8521ddc60710c3d3d3e7325209bec) D:\Windows\system32\pnrpsvc.dll
18:29:11.0542 2744        PNRPsvc - ok
18:29:11.0589 2744        PolicyAgent    (53946b69ba0836bd95b03759530c81ec) D:\Windows\System32\ipsecsvc.dll
18:29:11.0636 2744        PolicyAgent - ok
18:29:11.0667 2744        Power          (f87d30e72e03d579a5199ccb3831d6ea) D:\Windows\system32\umpo.dll
18:29:11.0698 2744        Power - ok
18:29:11.0745 2744        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) D:\Windows\system32\DRIVERS\raspptp.sys
18:29:11.0776 2744        PptpMiniport - ok
18:29:11.0808 2744        Processor      (85b1e3a0c7585bc4aae6899ec6fcf011) D:\Windows\system32\DRIVERS\processr.sys
18:29:11.0854 2744        Processor - ok
18:29:11.0886 2744        ProfSvc        (cadefac453040e370a1bdff3973be00d) D:\Windows\system32\profsvc.dll
18:29:11.0917 2744        ProfSvc - ok
18:29:11.0932 2744        ProtectedStorage (81951f51e318aecc2d68559e47485cc4) D:\Windows\system32\lsass.exe
18:29:11.0948 2744        ProtectedStorage - ok
18:29:11.0979 2744        Psched          (6270ccae2a86de6d146529fe55b3246a) D:\Windows\system32\DRIVERS\pacer.sys
18:29:12.0026 2744        Psched - ok
18:29:12.0088 2744        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) D:\Windows\system32\DRIVERS\ql2300.sys
18:29:12.0135 2744        ql2300 - ok
18:29:12.0213 2744        ql40xx          (b4dd51dd25182244b86737dc51af2270) D:\Windows\system32\DRIVERS\ql40xx.sys
18:29:12.0244 2744        ql40xx - ok
18:29:12.0276 2744        QWAVE          (31ac809e7707eb580b2bdb760390765a) D:\Windows\system32\qwave.dll
18:29:12.0322 2744        QWAVE - ok
18:29:12.0354 2744        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) D:\Windows\system32\drivers\qwavedrv.sys
18:29:12.0354 2744        QWAVEdrv - ok
18:29:12.0369 2744        RasAcd          (30a81b53c766d0133bb86d234e5556ab) D:\Windows\system32\DRIVERS\rasacd.sys
18:29:12.0432 2744        RasAcd - ok
18:29:12.0463 2744        RasAgileVpn    (57ec4aef73660166074d8f7f31c0d4fd) D:\Windows\system32\DRIVERS\AgileVpn.sys
18:29:12.0510 2744        RasAgileVpn - ok
18:29:12.0541 2744        RasAuto        (a60f1839849c0c00739787fd5ec03f13) D:\Windows\System32\rasauto.dll
18:29:12.0588 2744        RasAuto - ok
18:29:12.0619 2744        Rasl2tp        (d9f91eafec2815365cbe6d167e4e332a) D:\Windows\system32\DRIVERS\rasl2tp.sys
18:29:12.0650 2744        Rasl2tp - ok
18:29:12.0712 2744        RasMan          (cb9e04dc05eacf5b9a36ca276d475006) D:\Windows\System32\rasmans.dll
18:29:12.0790 2744        RasMan - ok
18:29:12.0822 2744        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) D:\Windows\system32\DRIVERS\raspppoe.sys
18:29:12.0837 2744        RasPppoe - ok
18:29:12.0868 2744        RasSstp        (44101f495a83ea6401d886e7fd70096b) D:\Windows\system32\DRIVERS\rassstp.sys
18:29:12.0915 2744        RasSstp - ok
18:29:12.0962 2744        rdbss          (d528bc58a489409ba40334ebf96a311b) D:\Windows\system32\DRIVERS\rdbss.sys
18:29:13.0009 2744        rdbss - ok
18:29:13.0024 2744        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) D:\Windows\system32\DRIVERS\rdpbus.sys
18:29:13.0071 2744        rdpbus - ok
18:29:13.0087 2744        RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) D:\Windows\system32\DRIVERS\RDPCDD.sys
18:29:13.0149 2744        RDPCDD - ok
18:29:13.0180 2744        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) D:\Windows\system32\drivers\rdpencdd.sys
18:29:13.0227 2744        RDPENCDD - ok
18:29:13.0258 2744        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) D:\Windows\system32\drivers\rdprefmp.sys
18:29:13.0305 2744        RDPREFMP - ok
18:29:13.0336 2744        RDPWD          (f031683e6d1fea157abb2ff260b51e61) D:\Windows\system32\drivers\RDPWD.sys
18:29:13.0383 2744        RDPWD - ok
18:29:13.0430 2744        rdyboost        (518395321dc96fe2c9f0e96ac743b656) D:\Windows\system32\drivers\rdyboost.sys
18:29:13.0461 2744        rdyboost - ok
18:29:13.0477 2744        RemoteAccess    (7b5e1419717fac363a31cc302895217a) D:\Windows\System32\mprdim.dll
18:29:13.0539 2744        RemoteAccess - ok
18:29:13.0570 2744        RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) D:\Windows\system32\regsvc.dll
18:29:13.0602 2744        RemoteRegistry - ok
18:29:13.0617 2744        RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) D:\Windows\System32\RpcEpMap.dll
18:29:13.0648 2744        RpcEptMapper - ok
18:29:13.0680 2744        RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) D:\Windows\system32\locator.exe
18:29:13.0726 2744        RpcLocator - ok
18:29:13.0758 2744        RpcSs          (7660f01d3b38aca1747e397d21d790af) D:\Windows\system32\rpcss.dll
18:29:13.0789 2744        RpcSs - ok
18:29:13.0836 2744        rspndr          (032b0d36ad92b582d869879f5af5b928) D:\Windows\system32\DRIVERS\rspndr.sys
18:29:13.0882 2744        rspndr - ok
18:29:13.0945 2744        RTL8192su      (030129520d4c75cba170e0f0c6040c68) D:\Windows\system32\DRIVERS\RTL8192su.sys
18:29:13.0976 2744        RTL8192su - ok
18:29:13.0992 2744        SamSs          (81951f51e318aecc2d68559e47485cc4) D:\Windows\system32\lsass.exe
18:29:14.0007 2744        SamSs - ok
18:29:14.0038 2744        sbp2port        (05d860da1040f111503ac416ccef2bca) D:\Windows\system32\drivers\sbp2port.sys
18:29:14.0070 2744        sbp2port - ok
18:29:14.0101 2744        SCardSvr        (8fc518ffe9519c2631d37515a68009c4) D:\Windows\System32\SCardSvr.dll
18:29:14.0148 2744        SCardSvr - ok
18:29:14.0163 2744        scfilter        (0693b5ec673e34dc147e195779a4dcf6) D:\Windows\system32\DRIVERS\scfilter.sys
18:29:14.0226 2744        scfilter - ok
18:29:14.0288 2744        Schedule        (a04bb13f8a72f8b6e8b4071723e4e336) D:\Windows\system32\schedsvc.dll
18:29:14.0350 2744        Schedule - ok
18:29:14.0397 2744        SCPolicySvc    (319c6b309773d063541d01df8ac6f55f) D:\Windows\System32\certprop.dll
18:29:14.0428 2744        SCPolicySvc - ok
18:29:14.0460 2744        SDRSVC          (08236c4bce5edd0a0318a438af28e0f7) D:\Windows\System32\SDRSVC.dll
18:29:14.0522 2744        SDRSVC - ok
18:29:14.0553 2744        secdrv          (90a3935d05b494a5a39d37e71f09a677) D:\Windows\system32\drivers\secdrv.sys
18:29:14.0616 2744        secdrv - ok
18:29:14.0647 2744        seclogon        (a59b3a4442c52060cc7a85293aa3546f) D:\Windows\system32\seclogon.dll
18:29:14.0709 2744        seclogon - ok
18:29:14.0740 2744        SENS            (dcb7fcdcc97f87360f75d77425b81737) D:\Windows\System32\sens.dll
18:29:14.0787 2744        SENS - ok
18:29:14.0818 2744        SensrSvc        (50087fe1ee447009c9cc2997b90de53f) D:\Windows\system32\sensrsvc.dll
18:29:14.0881 2744        SensrSvc - ok
18:29:14.0896 2744        Serenum        (9ad8b8b515e3df6acd4212ef465de2d1) D:\Windows\system32\DRIVERS\serenum.sys
18:29:14.0912 2744        Serenum - ok
18:29:14.0928 2744        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) D:\Windows\system32\DRIVERS\serial.sys
18:29:14.0974 2744        Serial - ok
18:29:15.0006 2744        sermouse        (79bffb520327ff916a582dfea17aa813) D:\Windows\system32\DRIVERS\sermouse.sys
18:29:15.0021 2744        sermouse - ok
18:29:15.0068 2744        SessionEnv      (4ae380f39a0032eab7dd953030b26d28) D:\Windows\system32\sessenv.dll
18:29:15.0115 2744        SessionEnv - ok
18:29:15.0177 2744        sfdrv01        (9e7dee11fd5a4355941a45f13c0ed59a) D:\Windows\system32\drivers\sfdrv01.sys
18:29:15.0208 2744        sfdrv01 ( UnsignedFile.Multi.Generic ) - warning
18:29:15.0208 2744        sfdrv01 - detected UnsignedFile.Multi.Generic (1)
18:29:15.0240 2744        sffdisk        (9f976e1eb233df46fce808d9dea3eb9c) D:\Windows\system32\drivers\sffdisk.sys
18:29:15.0271 2744        sffdisk - ok
18:29:15.0302 2744        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) D:\Windows\system32\drivers\sffp_mmc.sys
18:29:15.0333 2744        sffp_mmc - ok
18:29:15.0364 2744        sffp_sd        (6d4ccaedc018f1cf52866bbbaa235982) D:\Windows\system32\drivers\sffp_sd.sys
18:29:15.0380 2744        sffp_sd - ok
18:29:15.0411 2744        sfhlp02        (ecefb59d2206d281e6d317af0ea0d8bd) D:\Windows\system32\drivers\sfhlp02.sys
18:29:15.0427 2744        sfhlp02 ( UnsignedFile.Multi.Generic ) - warning
18:29:15.0427 2744        sfhlp02 - detected UnsignedFile.Multi.Generic (1)
18:29:15.0458 2744        sfloppy        (db96666cc8312ebc45032f30b007a547) D:\Windows\system32\DRIVERS\sfloppy.sys
18:29:15.0505 2744        sfloppy - ok
18:29:15.0552 2744        SharedAccess    (d1a079a0de2ea524513b6930c24527a2) D:\Windows\System32\ipnathlp.dll
18:29:15.0614 2744        SharedAccess - ok
18:29:15.0661 2744        ShellHWDetection (414da952a35bf5d50192e28263b40577) D:\Windows\System32\shsvcs.dll
18:29:15.0723 2744        ShellHWDetection - ok
18:29:15.0754 2744        sisagp          (2565cac0dc9fe0371bdce60832582b2e) D:\Windows\system32\drivers\sisagp.sys
18:29:15.0770 2744        sisagp - ok
18:29:15.0801 2744        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) D:\Windows\system32\DRIVERS\SiSRaid2.sys
18:29:15.0817 2744        SiSRaid2 - ok
18:29:15.0817 2744        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) D:\Windows\system32\DRIVERS\sisraid4.sys
18:29:15.0832 2744        SiSRaid4 - ok
18:29:15.0910 2744        SkypeUpdate    (c70aebd3608ed9fcea2a1bae83567ffc) D:\Program Files\Skype\Updater\Updater.exe
18:29:15.0926 2744        SkypeUpdate - ok
18:29:15.0957 2744        Smb            (3e21c083b8a01cb70ba1f09303010fce) D:\Windows\system32\DRIVERS\smb.sys
18:29:16.0004 2744        Smb - ok
18:29:16.0035 2744        SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) D:\Windows\System32\snmptrap.exe
18:29:16.0051 2744        SNMPTRAP - ok
18:29:16.0066 2744        spldr          (95cf1ae7527fb70f7816563cbc09d942) D:\Windows\system32\drivers\spldr.sys
18:29:16.0082 2744        spldr - ok
18:29:16.0129 2744        Spooler        (866a43013535dc8587c258e43579c764) D:\Windows\System32\spoolsv.exe
18:29:16.0144 2744        Spooler - ok
18:29:16.0269 2744        sppsvc          (cf87a1de791347e75b98885214ced2b8) D:\Windows\system32\sppsvc.exe
18:29:16.0363 2744        sppsvc - ok
18:29:16.0425 2744        sppuinotify    (b0180b20b065d89232a78a40fe56eaa6) D:\Windows\system32\sppuinotify.dll
18:29:16.0472 2744        sppuinotify - ok
18:29:16.0534 2744        srv            (e4c2764065d66ea1d2d3ebc28fe99c46) D:\Windows\system32\DRIVERS\srv.sys
18:29:16.0581 2744        srv - ok
18:29:16.0612 2744        srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) D:\Windows\system32\DRIVERS\srv2.sys
18:29:16.0644 2744        srv2 - ok
18:29:16.0675 2744        srvnet          (be6bd660caa6f291ae06a718a4fa8abc) D:\Windows\system32\DRIVERS\srvnet.sys
18:29:16.0690 2744        srvnet - ok
18:29:16.0722 2744        SSDPSRV        (d887c9fd02ac9fa880f6e5027a43e118) D:\Windows\System32\ssdpsrv.dll
18:29:16.0768 2744        SSDPSRV - ok
18:29:16.0800 2744        ssmdrv          (a36ee93698802cd899f98bfd553d8185) D:\Windows\system32\DRIVERS\ssmdrv.sys
18:29:16.0815 2744        ssmdrv - ok
18:29:16.0815 2744        SstpSvc        (d318f23be45d5e3a107469eb64815b50) D:\Windows\system32\sstpsvc.dll
18:29:16.0862 2744        SstpSvc - ok
18:29:16.0893 2744        stexstor        (db32d325c192b801df274bfd12a7e72b) D:\Windows\system32\DRIVERS\stexstor.sys
18:29:16.0909 2744        stexstor - ok
18:29:16.0940 2744        StillCam        (edb05bd63148796f23ea78506404a538) D:\Windows\system32\DRIVERS\serscan.sys
18:29:16.0987 2744        StillCam - ok
18:29:17.0034 2744        StiSvc          (e1fb3706030fb4578a0d72c2fc3689e4) D:\Windows\System32\wiaservc.dll
18:29:17.0096 2744        StiSvc - ok
18:29:17.0127 2744        swenum          (e58c78a848add9610a4db6d214af5224) D:\Windows\system32\drivers\swenum.sys
18:29:17.0143 2744        swenum - ok
18:29:17.0174 2744        swprv          (a28bd92df340e57b024ba433165d34d7) D:\Windows\System32\swprv.dll
18:29:17.0205 2744        swprv - ok
18:29:17.0252 2744        SysMain        (36650d618ca34c9d357dfd3d89b2c56f) D:\Windows\system32\sysmain.dll
18:29:17.0283 2744        SysMain - ok
18:29:17.0314 2744        TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) D:\Windows\System32\TabSvc.dll
18:29:17.0330 2744        TabletInputService - ok
18:29:17.0361 2744        TapiSrv        (613bf4820361543956909043a265c6ac) D:\Windows\System32\tapisrv.dll
18:29:17.0392 2744        TapiSrv - ok
18:29:17.0408 2744        TBS            (b799d9fdb26111737f58288d8dc172d9) D:\Windows\System32\tbssvc.dll
18:29:17.0470 2744        TBS - ok
18:29:17.0580 2744        Tcpip          (7fa2e0f8b072bd04b77b421480b6cc22) D:\Windows\system32\drivers\tcpip.sys
18:29:17.0642 2744        Tcpip - ok
18:29:17.0673 2744        TCPIP6          (7fa2e0f8b072bd04b77b421480b6cc22) D:\Windows\system32\DRIVERS\tcpip.sys
18:29:17.0689 2744        TCPIP6 - ok
18:29:17.0720 2744        tcpipreg        (cca24162e055c3714ce5a88b100c64ed) D:\Windows\system32\drivers\tcpipreg.sys
18:29:17.0782 2744        tcpipreg - ok
18:29:17.0814 2744        TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) D:\Windows\system32\drivers\tdpipe.sys
18:29:17.0860 2744        TDPIPE - ok
18:29:17.0876 2744        TDTCP          (2c2c5afe7ee4f620d69c23c0617651a8) D:\Windows\system32\drivers\tdtcp.sys
18:29:17.0892 2744        TDTCP - ok
18:29:17.0938 2744        tdx            (b459575348c20e8121d6039da063c704) D:\Windows\system32\DRIVERS\tdx.sys
18:29:17.0985 2744        tdx - ok
18:29:18.0048 2744        TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) D:\Windows\system32\drivers\termdd.sys
18:29:18.0063 2744        TermDD - ok
18:29:18.0126 2744        TermService    (382c804c92811be57829d8e550a900e2) D:\Windows\System32\termsrv.dll
18:29:18.0204 2744        TermService - ok
18:29:18.0250 2744        Themes          (42fb6afd6b79d9fe07381609172e7ca4) D:\Windows\system32\themeservice.dll
18:29:18.0282 2744        Themes - ok
18:29:18.0313 2744        THREADORDER    (146b6f43a673379a3c670e86d89be5ea) D:\Windows\system32\mmcss.dll
18:29:18.0344 2744        THREADORDER - ok
18:29:18.0406 2744        TomTomHOMEService (3199a477f0f06eede41bd55179f8eb05) D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
18:29:18.0422 2744        TomTomHOMEService - ok
18:29:18.0453 2744        TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) D:\Windows\System32\trkwks.dll
18:29:18.0516 2744        TrkWks - ok
18:29:18.0578 2744        TrustedInstaller (2c49b175aee1d4364b91b531417fe583) D:\Windows\servicing\TrustedInstaller.exe
18:29:18.0625 2744        TrustedInstaller - ok
18:29:18.0656 2744        tssecsrv        (254bb140eee3c59d6114c1a86b636877) D:\Windows\system32\DRIVERS\tssecsrv.sys
18:29:18.0703 2744        tssecsrv - ok
18:29:18.0750 2744        TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) D:\Windows\system32\drivers\tsusbflt.sys
18:29:18.0765 2744        TsUsbFlt - ok
18:29:18.0796 2744        tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) D:\Windows\system32\DRIVERS\tunnel.sys
18:29:18.0859 2744        tunnel - ok
18:29:18.0890 2744        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) D:\Windows\system32\DRIVERS\uagp35.sys
18:29:18.0890 2744        uagp35 - ok
18:29:18.0921 2744        udfs            (ee43346c7e4b5e63e54f927babbb32ff) D:\Windows\system32\DRIVERS\udfs.sys
18:29:18.0984 2744        udfs - ok
18:29:19.0030 2744        UI0Detect      (8344fd4fce927880aa1aa7681d4927e5) D:\Windows\system32\UI0Detect.exe
18:29:19.0062 2744        UI0Detect - ok
18:29:19.0108 2744        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) D:\Windows\system32\drivers\uliagpkx.sys
18:29:19.0124 2744        uliagpkx - ok
18:29:19.0155 2744        umbus          (d295bed4b898f0fd999fcfa9b32b071b) D:\Windows\system32\drivers\umbus.sys
18:29:19.0186 2744        umbus - ok
18:29:19.0218 2744        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) D:\Windows\system32\DRIVERS\umpass.sys
18:29:19.0249 2744        UmPass - ok
18:29:19.0280 2744        upnphost        (833fbb672460efce8011d262175fad33) D:\Windows\System32\upnphost.dll
18:29:19.0342 2744        upnphost - ok
18:29:19.0374 2744        USBAAPL        (eafe1e00739afe6c51487a050e772e17) D:\Windows\system32\Drivers\usbaapl.sys
18:29:19.0389 2744        USBAAPL - ok
18:29:19.0436 2744        usbaudio        (1d9f2bd026e8e2d45033a4df3f16b78c) D:\Windows\system32\drivers\usbaudio.sys
18:29:19.0467 2744        usbaudio - ok
18:29:19.0530 2744        usbccgp        (bd9c55d7023c5de374507acc7a14e2ac) D:\Windows\system32\DRIVERS\usbccgp.sys
18:29:19.0576 2744        usbccgp - ok
18:29:19.0608 2744        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) D:\Windows\system32\drivers\usbcir.sys
18:29:19.0654 2744        usbcir - ok
18:29:19.0670 2744        usbehci        (f92de757e4b7ce9c07c5e65423f3ae3b) D:\Windows\system32\drivers\usbehci.sys
18:29:19.0686 2744        usbehci - ok
18:29:19.0717 2744        usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) D:\Windows\system32\DRIVERS\usbhub.sys
18:29:19.0764 2744        usbhub - ok
18:29:19.0779 2744        usbohci        (e185d44fac515a18d9deddc23c2cdf44) D:\Windows\system32\drivers\usbohci.sys
18:29:19.0810 2744        usbohci - ok
18:29:19.0857 2744        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) D:\Windows\system32\DRIVERS\usbprint.sys
18:29:19.0873 2744        usbprint - ok
18:29:19.0888 2744        usbscan        (576096ccbc07e7c4ea4f5e6686d6888f) D:\Windows\system32\DRIVERS\usbscan.sys
18:29:19.0904 2744        usbscan - ok
18:29:19.0920 2744        USBSTOR        (f991ab9cc6b908db552166768176896a) D:\Windows\system32\DRIVERS\USBSTOR.SYS
18:29:19.0951 2744        USBSTOR - ok
18:29:19.0966 2744        usbuhci        (68df884cf41cdada664beb01daf67e3d) D:\Windows\system32\DRIVERS\usbuhci.sys
18:29:19.0982 2744        usbuhci - ok
18:29:20.0013 2744        UxSms          (081e6e1c91aec36758902a9f727cd23c) D:\Windows\System32\uxsms.dll
18:29:20.0060 2744        UxSms - ok
18:29:20.0076 2744        VaultSvc        (81951f51e318aecc2d68559e47485cc4) D:\Windows\system32\lsass.exe
18:29:20.0076 2744        VaultSvc - ok
18:29:20.0122 2744        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) D:\Windows\system32\drivers\vdrvroot.sys
18:29:20.0138 2744        vdrvroot - ok
18:29:20.0185 2744        vds            (c3cd30495687c2a2f66a65ca6fd89be9) D:\Windows\System32\vds.exe
18:29:20.0247 2744        vds - ok
18:29:20.0294 2744        vga            (17c408214ea61696cec9c66e388b14f3) D:\Windows\system32\DRIVERS\vgapnp.sys
18:29:20.0341 2744        vga - ok
18:29:20.0356 2744        VgaSave        (8e38096ad5c8570a6f1570a61e251561) D:\Windows\System32\drivers\vga.sys
18:29:20.0388 2744        VgaSave - ok
18:29:20.0419 2744        vhdmp          (5461686cca2fda57b024547733ab42e3) D:\Windows\system32\drivers\vhdmp.sys
18:29:20.0434 2744        vhdmp - ok
18:29:20.0466 2744        viaagp          (c829317a37b4bea8f39735d4b076e923) D:\Windows\system32\drivers\viaagp.sys
18:29:20.0497 2744        viaagp - ok
18:29:20.0528 2744        ViaC7          (e02f079a6aa107f06b16549c6e5c7b74) D:\Windows\system32\DRIVERS\viac7.sys
18:29:20.0559 2744        ViaC7 - ok
18:29:20.0590 2744        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) D:\Windows\system32\drivers\viaide.sys
18:29:20.0606 2744        viaide - ok
18:29:20.0622 2744        volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) D:\Windows\system32\drivers\volmgr.sys
18:29:20.0637 2744        volmgr - ok
18:29:20.0653 2744        volmgrx        (b5bb72067ddddbbfb04b2f89ff8c3c87) D:\Windows\system32\drivers\volmgrx.sys
18:29:20.0668 2744        volmgrx - ok
18:29:20.0700 2744        volsnap        (f497f67932c6fa693d7de2780631cfe7) D:\Windows\system32\drivers\volsnap.sys
18:29:20.0715 2744        volsnap - ok
18:29:20.0746 2744        vsmraid        (9dfa0cc2f8855a04816729651175b631) D:\Windows\system32\DRIVERS\vsmraid.sys
18:29:20.0762 2744        vsmraid - ok
18:29:20.0809 2744        VSS            (209a3b1901b83aeb8527ed211cce9e4c) D:\Windows\system32\vssvc.exe
18:29:20.0871 2744        VSS - ok
18:29:20.0887 2744        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) D:\Windows\system32\DRIVERS\vwifibus.sys
18:29:20.0934 2744        vwifibus - ok
18:29:20.0949 2744        vwififlt        (7090d3436eeb4e7da3373090a23448f7) D:\Windows\system32\DRIVERS\vwififlt.sys
18:29:20.0965 2744        vwififlt - ok
18:29:20.0996 2744        vwifimp        (a3f04cbea6c2a10e6cb01f8b47611882) D:\Windows\system32\DRIVERS\vwifimp.sys
18:29:21.0012 2744        vwifimp - ok
18:29:21.0043 2744        W32Time        (55187fd710e27d5095d10a472c8baf1c) D:\Windows\system32\w32time.dll
18:29:21.0090 2744        W32Time - ok
18:29:21.0121 2744        WacomPen        (de3721e89c653aa281428c8a69745d90) D:\Windows\system32\DRIVERS\wacompen.sys
18:29:21.0136 2744        WacomPen - ok
18:29:21.0168 2744        WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) D:\Windows\system32\DRIVERS\wanarp.sys
18:29:21.0183 2744        WANARP - ok
18:29:21.0183 2744        Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) D:\Windows\system32\DRIVERS\wanarp.sys
18:29:21.0214 2744        Wanarpv6 - ok
18:29:21.0292 2744        WatAdminSvc    (353a04c273ec58475d8633e75ccd5604) D:\Windows\system32\Wat\WatAdminSvc.exe
18:29:21.0355 2744        WatAdminSvc - ok
18:29:21.0417 2744        wbengine        (691e3285e53dca558e1a84667f13e15a) D:\Windows\system32\wbengine.exe
18:29:21.0480 2744        wbengine - ok
18:29:21.0495 2744        WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) D:\Windows\System32\wbiosrvc.dll
18:29:21.0558 2744        WbioSrvc - ok
18:29:21.0745 2744        wcncsvc        (34eee0dfaadb4f691d6d5308a51315dc) D:\Windows\System32\wcncsvc.dll
18:29:21.0792 2744        wcncsvc - ok
18:29:21.0823 2744        WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) D:\Windows\System32\WcsPlugInService.dll
18:29:21.0885 2744        WcsPlugInService - ok
18:29:21.0932 2744        Wd              (1112a9badacb47b7c0bb0392e3158dff) D:\Windows\system32\DRIVERS\wd.sys
18:29:21.0948 2744        Wd - ok
18:29:21.0994 2744        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) D:\Windows\system32\drivers\Wdf01000.sys
18:29:22.0026 2744        Wdf01000 - ok
18:29:22.0041 2744        WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) D:\Windows\system32\wdi.dll
18:29:22.0119 2744        WdiServiceHost - ok
18:29:22.0119 2744        WdiSystemHost  (46ef9dc96265fd0b423db72e7c38c2a5) D:\Windows\system32\wdi.dll
18:29:22.0135 2744        WdiSystemHost - ok
18:29:22.0166 2744        WebClient      (a9d880f97530d5b8fee278923349929d) D:\Windows\System32\webclnt.dll
18:29:22.0197 2744        WebClient - ok
18:29:22.0213 2744        Wecsvc          (760f0afe937a77cff27153206534f275) D:\Windows\system32\wecsvc.dll
18:29:22.0244 2744        Wecsvc - ok
18:29:22.0275 2744        wercplsupport  (ac804569bb2364fb6017370258a4091b) D:\Windows\System32\wercplsupport.dll
18:29:22.0306 2744        wercplsupport - ok
18:29:22.0353 2744        WerSvc          (08e420d873e4fd85241ee2421b02c4a4) D:\Windows\System32\WerSvc.dll
18:29:22.0369 2744        WerSvc - ok
18:29:22.0400 2744        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) D:\Windows\system32\DRIVERS\wfplwf.sys
18:29:22.0416 2744        WfpLwf - ok
18:29:22.0431 2744        WIMMount        (5cf95b35e59e2a38023836fff31be64c) D:\Windows\system32\drivers\wimmount.sys
18:29:22.0447 2744        WIMMount - ok
18:29:22.0525 2744        WinDefend      (3fae8f94296001c32eab62cd7d82e0fd) D:\Program Files\Windows Defender\mpsvc.dll
18:29:22.0572 2744        WinDefend - ok
18:29:22.0587 2744        WinHttpAutoProxySvc - ok
18:29:22.0650 2744        Winmgmt        (f62e510b6ad4c21eb9fe8668ed251826) D:\Windows\system32\wbem\WMIsvc.dll
18:29:22.0728 2744        Winmgmt - ok
18:29:22.0790 2744        WinRM          (1b91cd34ea3a90ab6a4ef0550174f4cc) D:\Windows\system32\WsmSvc.dll
18:29:22.0837 2744        WinRM - ok
18:29:22.0946 2744        WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) D:\Windows\system32\DRIVERS\WinUsb.sys
18:29:22.0977 2744        WinUsb - ok
18:29:23.0024 2744        Wlansvc        (16935c98ff639d185086a3529b1f2067) D:\Windows\System32\wlansvc.dll
18:29:23.0086 2744        Wlansvc - ok
18:29:23.0118 2744        WmiAcpi        (0217679b8fca58714c3bf2726d2ca84e) D:\Windows\system32\drivers\wmiacpi.sys
18:29:23.0149 2744        WmiAcpi - ok
18:29:23.0196 2744        wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) D:\Windows\system32\wbem\WmiApSrv.exe
18:29:23.0227 2744        wmiApSrv - ok
18:29:23.0336 2744        WMPNetworkSvc  (3b40d3a61aa8c21b88ae57c58ab3122e) D:\Program Files\Windows Media Player\wmpnetwk.exe
18:29:23.0430 2744        WMPNetworkSvc - ok
18:29:23.0445 2744        WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) D:\Windows\System32\wpcsvc.dll
18:29:23.0492 2744        WPCSvc - ok
18:29:23.0523 2744        WPDBusEnum      (aa53356d60af47eacc85bc617a4f3f66) D:\Windows\system32\wpdbusenum.dll
18:29:23.0554 2744        WPDBusEnum - ok
18:29:23.0617 2744        ws2ifsl        (6db3276587b853bf886b69528fdb048c) D:\Windows\system32\drivers\ws2ifsl.sys
18:29:23.0679 2744        ws2ifsl - ok
18:29:23.0710 2744        wscsvc          (6f5d49efe0e7164e03ae773a3fe25340) D:\Windows\System32\wscsvc.dll
18:29:23.0742 2744        wscsvc - ok
18:29:23.0742 2744        WSearch - ok
18:29:23.0851 2744        wuauserv        (fc3ec24fce372c89423e015a2ac1a31e) D:\Windows\system32\wuaueng.dll
18:29:23.0882 2744        wuauserv - ok
18:29:23.0976 2744        WudfPf          (e714a1c0354636837e20ccbf00888ee7) D:\Windows\system32\drivers\WudfPf.sys
18:29:24.0007 2744        WudfPf - ok
18:29:24.0054 2744        WUDFRd          (1023ee888c9b47178c5293ed5336ab69) D:\Windows\system32\DRIVERS\WUDFRd.sys
18:29:24.0069 2744        WUDFRd - ok
18:29:24.0116 2744        wudfsvc        (8d1e1e529a2c9e9b6a85b55a345f7629) D:\Windows\System32\WUDFSvc.dll
18:29:24.0163 2744        wudfsvc - ok
18:29:24.0194 2744        WwanSvc        (ff2d745b560f7c71b31f30f4d49f73d2) D:\Windows\System32\wwansvc.dll
18:29:24.0225 2744        WwanSvc - ok
18:29:24.0241 2744        XDva398 - ok
18:29:24.0288 2744        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:29:24.0475 2744        \Device\Harddisk0\DR0 - ok
18:29:24.0490 2744        MBR (0x1B8)    (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
18:29:24.0584 2744        \Device\Harddisk1\DR1 - ok
18:29:24.0584 2744        Boot (0x1200)  (db546503e604c31075150c5243fbe409) \Device\Harddisk0\DR0\Partition0
18:29:24.0584 2744        \Device\Harddisk0\DR0\Partition0 - ok
18:29:24.0600 2744        Boot (0x1200)  (ab3d0cc52fd0426a1433539ae1c47d87) \Device\Harddisk0\DR0\Partition1
18:29:24.0600 2744        \Device\Harddisk0\DR0\Partition1 - ok
18:29:24.0615 2744        Boot (0x1200)  (da569e758e6ffef1528a82b6bdd44b39) \Device\Harddisk0\DR0\Partition2
18:29:24.0615 2744        \Device\Harddisk0\DR0\Partition2 - ok
18:29:24.0615 2744        ============================================================
18:29:24.0615 2744        Scan finished
18:29:24.0615 2744        ============================================================
18:29:24.0631 3224        Detected object count: 2
18:29:24.0631 3224        Actual detected object count: 2
18:29:49.0466 3224        sfdrv01 ( UnsignedFile.Multi.Generic ) - skipped by user
18:29:49.0466 3224        sfdrv01 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:29:49.0466 3224        sfhlp02 ( UnsignedFile.Multi.Generic ) - skipped by user
18:29:49.0466 3224        sfhlp02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
lg Don Camillo

cosinus 30.07.2012 20:23
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Don_Camillo 30.07.2012 21:36
Das gewünschte Log-File:

Combofix Logfile:
Code:
ComboFix 12-07-30.01 - Markus 30.07.2012  22:22:23.1.2 - x86
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.43.1031.18.3071.2109 [GMT 2:00]
ausgeführt von:: d:\users\Markus\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
D:\install.exe
d:\program files\xp-AntiSpy
d:\program files\xp-AntiSpy\Uninstall.exe
d:\program files\xp-AntiSpy\xp-AntiSpy.chm
d:\program files\xp-AntiSpy\xp-AntiSpy.exe
d:\program files\xp-AntiSpy\xp-AntiSpy.url
d:\users\Markus\AppData\Roaming\AcroIEHelpe.txt
d:\users\Markus\AppData\Roaming\BAcroIEHelpe172.dll
d:\users\Markus\AppData\Roaming\srvblck5.tmp
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-06-28 bis 2012-07-30  ))))))))))))))))))))))))))))))
.
.
2012-07-30 20:28 . 2012-07-30 20:29        --------        d-----w-        d:\users\Markus\AppData\Local\temp
2012-07-30 20:28 . 2012-07-30 20:28        --------        d-----w-        d:\users\Sonja\AppData\Local\temp
2012-07-30 20:28 . 2012-07-30 20:28        --------        d-----w-        d:\users\Melanie\AppData\Local\temp
2012-07-30 20:28 . 2012-07-30 20:28        --------        d-----w-        d:\users\Lukas\AppData\Local\temp
2012-07-30 20:28 . 2012-07-30 20:28        --------        d-----w-        d:\users\Default\AppData\Local\temp
2012-07-28 21:20 . 2012-07-29 16:03        --------        d-----w-        D:\_OTL
2012-07-28 09:23 . 2012-06-29 08:44        6891424        ----a-w-        d:\programdata\Microsoft\Windows Defender\Definition Updates\{D872AF86-CEDC-4AF3-91A4-46A2B79A1A4B}\mpengine.dll
2012-07-26 21:45 . 2012-07-28 09:18        --------        d-----w-        d:\programdata\AVG2012
2012-07-26 21:44 . 2012-07-26 21:44        --------        d-----w-        d:\program files\AVG
2012-07-26 21:41 . 2012-07-26 21:41        --------        d--h--w-        d:\programdata\Common Files
2012-07-26 21:41 . 2012-07-27 22:01        --------        d-----w-        d:\programdata\MFAData
2012-07-25 06:03 . 2012-07-25 06:03        --------        d-----w-        d:\program files\ESET
2012-07-22 22:04 . 2012-07-22 22:04        --------        d-----w-        d:\program files\iPod
2012-07-22 22:00 . 2012-07-22 22:00        159744        ----a-w-        d:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2012-07-22 22:00 . 2012-07-22 22:00        159744        ----a-w-        d:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2012-07-22 22:00 . 2012-07-22 22:00        159744        ----a-w-        d:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2012-07-22 22:00 . 2012-07-22 22:00        159744        ----a-w-        d:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2012-07-22 22:00 . 2012-07-22 22:00        159744        ----a-w-        d:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2012-07-22 22:00 . 2012-07-22 22:00        159744        ----a-w-        d:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2012-07-22 22:00 . 2012-07-22 22:00        159744        ----a-w-        d:\program files\Internet Explorer\Plugins\npqtplugin.dll
2012-07-22 22:00 . 2012-07-22 22:00        --------        d-----w-        d:\program files\QuickTime
2012-07-21 09:22 . 2012-07-21 09:23        --------        d-----w-        d:\users\Markus\AppData\Roaming\GameRanger
2012-07-20 18:09 . 2012-07-20 18:09        --------        d-----w-        d:\users\Markus\AppData\Roaming\Malwarebytes
2012-07-20 18:08 . 2012-07-20 18:10        --------        d-----w-        d:\program files\Malwarebytes' Anti-Malware
2012-07-20 18:08 . 2012-07-20 18:08        --------        d-----w-        d:\programdata\Malwarebytes
2012-07-20 18:08 . 2012-07-03 11:46        22344        ----a-w-        d:\windows\system32\drivers\mbam.sys
2012-07-11 08:26 . 2012-06-12 02:40        2345984        ----a-w-        d:\windows\system32\win32k.sys
2012-07-11 08:24 . 2012-07-11 08:24        --------        d-----w-        d:\users\Markus\AppData\Roaming\webex
2012-07-11 07:59 . 2012-07-11 07:59        --------        d-----w-        d:\programdata\WebEx
2012-07-09 10:34 . 2012-07-09 10:34        --------        d-----w-        d:\users\Markus\AppData\Local\2DBoy
2012-07-09 10:34 . 2012-07-09 10:34        --------        d-----w-        d:\programdata\2DBoy
2012-07-09 09:50 . 2012-07-09 09:50        --------        d-----w-        d:\programdata\Synetic
2012-07-09 09:02 . 2012-07-09 09:47        --------        d-----w-        d:\program files\Cobra 11 - Highway Nights
2012-07-09 09:01 . 2012-07-09 09:01        --------        d-----w-        d:\program files\WorldOfGoo
2012-07-08 14:34 . 2012-07-08 15:03        --------        d-----w-        d:\program files\GameSpy Arcade
2012-07-08 14:34 . 2012-07-08 14:34        --------        d-----w-        d:\program files\EA GAMES
2012-07-08 14:32 . 2001-09-05 02:18        77824        ----a-w-        d:\program files\Common Files\InstallShield\engine\6\Intel 32\ctor.dll
2012-07-03 07:18 . 2012-07-03 07:18        476936        ----a-w-        d:\windows\system32\npdeployJava1.dll
2012-07-03 07:18 . 2012-07-03 07:18        --------        d-----w-        d:\program files\Java
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 12:53 . 2012-04-12 08:22        426184        ----a-w-        d:\windows\system32\FlashPlayerApp.exe
2012-07-27 12:53 . 2012-01-07 16:00        70344        ----a-w-        d:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 07:18 . 2012-03-25 16:03        472840        ----a-w-        d:\windows\system32\deployJava1.dll
2012-06-02 22:19 . 2012-06-21 10:59        53784        ----a-w-        d:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 10:59        45080        ----a-w-        d:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 10:59        35864        ----a-w-        d:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 10:59        577048        ----a-w-        d:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 10:59        1933848        ----a-w-        d:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 10:59        2422272        ----a-w-        d:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 10:59        88576        ----a-w-        d:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 10:59        171904        ----a-w-        d:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-21 10:59        33792        ----a-w-        d:\windows\system32\wuapp.exe
2012-05-31 10:25 . 2012-01-06 21:53        237072        ------w-        d:\windows\system32\MpSigStub.exe
2012-05-08 16:52 . 2012-01-06 21:47        83392        ----a-w-        d:\windows\system32\drivers\avgntflt.sys
2012-05-08 16:52 . 2012-01-06 21:47        137928        ----a-w-        d:\windows\system32\drivers\avipbb.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="d:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"TomTomHOME.exe"="d:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-01-23 247728]
"iCloudServices"="d:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
"MobileDocuments"="d:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"HP Officejet 6600 (NET)"="d:\program files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe" [2011-09-09 1804648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="d:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="d:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"NeroCheck"="d:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HP Software Update"="d:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"SunJavaUpdateSched"="d:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="d:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"QuickTime Task"="d:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\itunes\iTunesHelper.exe" [2012-06-07 421776]
.
d:\users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Tintenwarnungen überwachen - HP Officejet 6600 (Netzwerk).lnk - d:\windows\system32\RunDll32.exe [2009-7-14 44544]
.
d:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FILSHtray.lnk - d:\program files\FILSHtray\FILSHtray.exe [2012-4-18 594432]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
R2 gupdate;Google Update Service (gupdate);d:\program files\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;d:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;d:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 gupdatem;Google Update-Dienst (gupdatem);d:\program files\Google\Update\GoogleUpdate.exe [x]
R3 TsUsbFlt;TsUsbFlt;d:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;d:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 XDva398;XDva398;d:\windows\system32\XDva398.sys [x]
S1 avkmgr;avkmgr;d:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;d:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;d:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;d:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;d:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 MBAMService;MBAMService;d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;d:\program files\TomTom HOME 2\TomTomHOMEService.exe [x]
S3 MBAMProtector;MBAMProtector;d:\windows\system32\drivers\mbam.sys [x]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;d:\windows\system32\DRIVERS\Ph3xIB32.sys [x]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;d:\windows\system32\DRIVERS\RTL8192su.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;d:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 00969412
*Deregistered* - 00969412
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-30 d:\windows\Tasks\Adobe Flash Player Updater.job
- d:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 12:53]
.
2012-07-30 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files\Google\Update\GoogleUpdate.exe [2012-01-07 18:45]
.
2012-07-30 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files\Google\Update\GoogleUpdate.exe [2012-01-07 18:45]
.
2012-07-30 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3444524948-2078542172-2378634046-1000Core.job
- d:\users\Markus\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-07 19:01]
.
2012-07-30 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3444524948-2078542172-2378634046-1000UA.job
- d:\users\Markus\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-07 19:01]
.
2012-07-30 d:\windows\Tasks\HP Photo Creations Communicator.job
- d:\programdata\HP Photo Creations\MessageCheck.exe [2011-03-02 10:11]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.at/
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - d:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 212.186.211.21 195.34.133.21
FF - ProfilePath - d:\users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\qe4no83y.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.at/
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-xp-AntiSpy - d:\program files\xp-AntiSpy\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-07-30  22:31:57
ComboFix-quarantined-files.txt  2012-07-30 20:31
.
Vor Suchlauf: 11 Verzeichnis(se), 44.841.893.888 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 44.479.492.096 Bytes frei
.
- - End Of File - - 9B5D134759EBA235455C25F1B0095285
--- --- ---

lg Don Camillo

cosinus 31.07.2012 08:18
Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Don_Camillo 31.07.2012 22:03
Das GMER Log:

GMER Logfile:
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-31 23:01:52
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 ST3250820AS rev.3.AAC
Running: xzmlcppf.exe; Driver: D:\Users\Markus\AppData\Local\Temp\pxdiypoc.sys


---- System - GMER 1.0.15 ----

SSDT            97653836                                                                                                ZwCreateSection
SSDT            97653840                                                                                                ZwRequestWaitReplyPort
SSDT            9765383B                                                                                                ZwSetContextThread
SSDT            97653845                                                                                                ZwSetSecurityObject
SSDT            9765384A                                                                                                ZwSystemDebugControl
SSDT            976537D7                                                                                                ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                                82C4D3C9 1 Byte  [06]
.text          ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                  82C86D52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text          ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                                      82C8DEAC 4 Bytes  [36, 38, 65, 97] {CMP SS:[EBP-0x69], AH}
.text          ntkrnlpa.exe!KeRemoveQueueEx + 1553                                                                      82C8E208 4 Bytes  JMP E801228F
.text          ntkrnlpa.exe!KeRemoveQueueEx + 1597                                                                      82C8E24C 4 Bytes  [3B, 38, 65, 97]
.text          ntkrnlpa.exe!KeRemoveQueueEx + 1613                                                                      82C8E2C8 4 Bytes  [45, 38, 65, 97] {INC EBP; CMP [EBP-0x69], AH}
.text          ntkrnlpa.exe!KeRemoveQueueEx + 1667                                                                      82C8E31C 4 Bytes  [4A, 38, 65, 97] {DEC EDX; CMP [EBP-0x69], AH}
.text          ...                                                                                                     
.text          D:\Windows\system32\DRIVERS\atikmdag.sys                                                                section is writeable [0x90C21000, 0x2D5378, 0xE8000020]
.text          D:\Windows\system32\DRIVERS\atksgt.sys                                                                  section is writeable [0x9FA77300, 0x3B6D8, 0xE8000020]
.text          D:\Windows\system32\DRIVERS\lirsgt.sys                                                                  section is writeable [0x9FABA300, 0x1BEE, 0xE8000020]

---- User IAT/EAT - GMER 1.0.15 ----

IAT            D:\Windows\system32\RunDll32.exe[3780] @ D:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]    [75D2FFF6] D:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            D:\Windows\system32\RunDll32.exe[3780] @ D:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]    [75D2FFF6] D:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            D:\Windows\system32\RunDll32.exe[3780] @ D:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]  [75D2FFF6] D:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            D:\Windows\system32\RunDll32.exe[3780] @ D:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]  [75D2FFF6] D:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            D:\Windows\system32\RunDll32.exe[3780] @ D:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress]  [75D2FFF6] D:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            D:\Windows\system32\RunDll32.exe[3780] @ D:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]  [75D2FFF6] D:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume12                                                                  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume13                                                                  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                                  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume6                                                                  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume7                                                                  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume8                                                                  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume9                                                                  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004d                                                                        halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume10                                                                  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume11                                                                  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File            D:\Windows\Temp\TMP0000023FB5FDEC3756FF3C1C                                                              0 bytes

---- EOF - GMER 1.0.15 ----
--- --- ---

lg Don Camillo

Und hier das OSAM Log:

OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 23:13:00 on 31.07.2012

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 32-bit
Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"HP Photo Creations Communicator.job" - ? - D:\ProgramData\HP Photo Creations\MessageCheck.exe  (File found, but it contains no detailed information)
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - D:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - D:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-3444524948-2078542172-2378634046-1000Core.job" - "Google Inc." - D:\Users\Markus\AppData\Local\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-3444524948-2078542172-2378634046-1000UA.job" - "Google Inc." - D:\Users\Markus\AppData\Local\Google\Update\GoogleUpdate.exe
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - D:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - D:\Windows\system32\FlashPlayerCPLApp.cpl
"PhysX.cpl" - "NVIDIA Corporation" - D:\Windows\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - D:\PROGRA~2\MICROS~2\Office12\MLCFG32.CPL
"QuickTime" - "Apple Inc." - D:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"atksgt" (atksgt) - ? - D:\Windows\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"avgntflt" (avgntflt) - "Avira GmbH" - D:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - D:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - D:\Windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - D:\Users\Markus\AppData\Local\Temp\catchme.sys  (File not found)
"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - D:\Windows\System32\Drivers\ElbyCDIO.sys
"lirsgt" (lirsgt) - ? - D:\Windows\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - D:\Windows\system32\drivers\mbam.sys
"pxdiypoc" (pxdiypoc) - ? - D:\Users\Markus\AppData\Local\Temp\pxdiypoc.sys  (Hidden registry entry, rootkit activity | File not found)
"ssmdrv" (ssmdrv) - "Avira GmbH" - D:\Windows\System32\DRIVERS\ssmdrv.sys
"StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology (StarForce)" - D:\Windows\System32\drivers\sfdrv01.sys
"StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology (StarForce)" - D:\Windows\System32\drivers\sfhlp02.sys
"XDva398" (XDva398) - ? - D:\Windows\system32\XDva398.sys  (File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - D:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - D:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - D:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - D:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - D:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - D:\PROGRA~2\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - D:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - D:\PROGRA~2\MICROS~2\Office12\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - D:\Program Files\Avira\AntiVir Desktop\shlext.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - D:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{E06E2E99-0AA1-11D4-ABA6-0060082AA75C} "GpcContainer Class" - "Cisco WebEx LLC" - D:\Windows\Downloaded Program Files\ieatgpc.dll / https://intercalleurope.webex.com/client/WBXclient-T27L10NSP32EP1-13926/webex/ieatgpc1.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_33" - "Sun Microsystems, Inc." - D:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} "Java Plug-in 1.6.0_33" - "Sun Microsystems, Inc." - D:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_33" - "Sun Microsystems, Inc." - D:\Program Files\Java\jre6\bin\npjpi160_33.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - D:\PROGRA~2\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - D:\Windows\system32\Macromed\Flash\Flash32_11_3_300_268.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - D:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Google Toolbar" - "Google Inc." - D:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - D:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - D:\Program Files\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - D:\Program Files\Java\jre6\bin\ssv.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - D:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Tintenwarnungen überwachen - HP Officejet 6600 (Netzwerk).lnk" - "Hewlett-Packard Co." - D:\Program Files\HP\HP Officejet 6600\bin\HPStatusBL.dll  (Shortcut exists | File exists)
"ZooskMessenger.lnk" - ? - D:\Program Files\ZooskMessenger\ZooskMessenger.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"FILSHtray.lnk" - "FILSH Media GmbH" - D:\Program Files\FILSHtray\FILSHtray.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"HP Officejet 6600 (NET)" - "Hewlett-Packard Co." - "D:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe" -deviceID "CN1CP1H0WS05RN:NW" -scfn "HP Officejet 6600 (NET)" -AutoStart 1
"iCloudServices" - "Apple Inc." - D:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
"MobileDocuments" - "Apple Inc." - D:\Program Files\Common Files\Apple\Internet Services\ubd.exe
"TomTomHOME.exe" - "TomTom" - "D:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"APSDaemon" - "Apple Inc." - "D:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"avgnt" - "Avira Operations GmbH & Co. KG" - "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"HP Software Update" - "Hewlett-Packard" - D:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
"iTunesHelper" - "Apple Inc." - "C:\iTunes\iTunesHelper.exe"
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"NeroCheck" - "Ahead Software Gmbh" - D:\Windows\system32\NeroCheck.exe
"QuickTime Task" - "Apple Inc." - "D:\Program Files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "D:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"HP 5D12 Status Monitor" - "Hewlett-Packard Co." - D:\Windows\system32\hpinksts5D12LM.dll
"HP Discovery Port Monitor (HP Officejet 6600)" - "Hewlett-Packard Co." - D:\Windows\system32\HPDiscoPM5D12.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - D:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - D:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - D:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - D:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - D:\Program Files\Avira\AntiVir Desktop\sched.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - D:\Program Files\Bonjour\mDNSResponder.exe
"Google Software Updater" (gusvc) - "Google" - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - D:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - D:\Program Files\Google\Update\GoogleUpdate.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - D:\Program Files\iPod\bin\iPodService.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - D:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Office Source Engine" (ose) - "Microsoft Corporation" - D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"PnkBstrA" (PnkBstrA) - ? - D:\Windows\system32\PnkBstrA.exe  (File found, but it contains no detailed information)
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - D:\Program Files\Skype\Updater\Updater.exe
"TomTomHOMEService" (TomTomHOMEService) - "TomTom" - D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - D:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

lg
Don Camillo

Und hier noch das Log-File von aswMBR:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-31 23:16:40
-----------------------------
23:16:40.276 OS Version: Windows 6.1.7601 Service Pack 1
23:16:40.276 Number of processors: 2 586 0xF06
23:16:40.276 ComputerName: MARKUS-PC UserName: Markus
23:16:41.212 Initialize success
23:18:20.592 AVAST engine defs: 12073102
23:18:41.278 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
23:18:41.278 Disk 0 Vendor: ST3250820AS 3.AAC Size: 238475MB BusType: 3
23:18:41.278 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-2
23:18:41.278 Disk 1 Vendor: ST3250820AS 3.AAC Size: 238475MB BusType: 3
23:18:41.574 Disk 0 MBR read successfully
23:18:41.574 Disk 0 MBR scan
23:18:41.574 Disk 0 Windows 7 default MBR code
23:18:41.637 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
23:18:41.699 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 102300 MB offset 206848
23:18:41.762 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 136073 MB offset 209717248
23:18:41.996 Disk 0 scanning sectors +488394752
23:18:42.557 Disk 0 scanning D:\Windows\system32\drivers
23:20:04.194 Service scanning
23:20:29.232 Modules scanning
23:21:06.438 Disk 0 trace - called modules:
23:21:06.532 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll intelide.sys PCIIDEX.SYS atapi.sys
23:21:06.532 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86378460]
23:21:06.547 3 CLASSPNP.SYS[8b5a759e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x85ec2030]
23:21:07.125 AVAST engine scan D:\Windows
23:21:14.737 AVAST engine scan D:\Windows\system32
23:40:57.059 AVAST engine scan D:\Windows\system32\drivers
23:43:44.871 AVAST engine scan D:\Users\Markus
23:54:18.220 Disk 0 MBR has been saved successfully to "D:\Users\Markus\Desktop\MBR.dat"
23:54:18.235 The log file has been saved successfully to "D:\Users\Markus\Desktop\aswMBR.txt"


lg
Don Camillo

cosinus 01.08.2012 19:51
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Don_Camillo 02.08.2012 07:34
Hier ist die Logdatei von Malwarebytes:
2012/08/01 07:54:59 +0200 MARKUS-PC Markus MESSAGE Starting protection
2012/08/01 07:55:03 +0200 MARKUS-PC Markus MESSAGE Protection started successfully
2012/08/01 07:55:06 +0200 MARKUS-PC Markus MESSAGE Starting IP protection
2012/08/01 07:55:08 +0200 MARKUS-PC Markus MESSAGE IP Protection started successfully
2012/08/01 11:11:47 +0200 MARKUS-PC Markus MESSAGE Starting protection
2012/08/01 11:11:50 +0200 MARKUS-PC Markus MESSAGE Protection started successfully
2012/08/01 11:11:53 +0200 MARKUS-PC Markus MESSAGE Starting IP protection
2012/08/01 11:11:54 +0200 MARKUS-PC Markus MESSAGE IP Protection started successfully
2012/08/01 17:12:20 +0200 MARKUS-PC Markus MESSAGE Executing scheduled update: Daily
2012/08/01 17:12:28 +0200 MARKUS-PC Markus MESSAGE Starting database refresh
2012/08/01 17:12:28 +0200 MARKUS-PC Markus MESSAGE Scheduled update executed successfully: database updated from version v2012.07.31.10 to version v2012.08.01.05
2012/08/01 17:12:28 +0200 MARKUS-PC Markus MESSAGE Stopping IP protection
2012/08/01 17:14:52 +0200 MARKUS-PC Markus MESSAGE IP Protection stopped
2012/08/01 17:14:55 +0200 MARKUS-PC Markus MESSAGE Database refreshed successfully
2012/08/01 17:14:55 +0200 MARKUS-PC Markus MESSAGE Starting IP protection
2012/08/01 17:14:56 +0200 MARKUS-PC Markus MESSAGE IP Protection started successfully
2012/08/01 22:47:42 +0200 MARKUS-PC Markus MESSAGE Starting database refresh
2012/08/01 22:47:42 +0200 MARKUS-PC Markus MESSAGE Stopping IP protection
2012/08/01 22:50:40 +0200 MARKUS-PC Markus MESSAGE IP Protection stopped
2012/08/01 22:51:26 +0200 MARKUS-PC Markus MESSAGE Database refreshed successfully
2012/08/01 22:51:26 +0200 MARKUS-PC Markus MESSAGE Starting IP protection
2012/08/01 22:51:27 +0200 MARKUS-PC Markus MESSAGE IP Protection started successfully

Der Suchlauf hat 1 infiszierte Datei gefunden: Trojan.Banker in der Kategorie Registry Key

Das zweite Log folgt...
lg Don Camillo

Und hier noch das zweite Log-File:

Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 08/02/2012 at 12:58 PM

Application Version : 5.5.1012

Core Rules Database Version : 8995
Trace Rules Database Version: 6807

Scan type      : Complete Scan
Total Scan Time : 04:14:59

Operating System Information
Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator

Memory items scanned      : 811
Memory threats detected  : 0
Registry items scanned    : 34776
Registry threats detected : 0
File items scanned        : 379297
File threats detected    : 580

Adware.Tracking Cookie
        D:\Users\Markus\AppData\Roaming\Microsoft\Windows\Cookies\ESYYRRVE.txt [ /invitemedia.com ]
        D:\Users\Markus\AppData\Roaming\Microsoft\Windows\Cookies\3UAJBYL2.txt [ /ad4.adfarm1.adition.com ]
        D:\Users\Markus\AppData\Roaming\Microsoft\Windows\Cookies\B74LJ7WX.txt [ /ad2.adfarm1.adition.com ]
        D:\Users\Markus\AppData\Roaming\Microsoft\Windows\Cookies\LZDDCD8P.txt [ /casalemedia.com ]
        D:\Users\Markus\AppData\Roaming\Microsoft\Windows\Cookies\644PR56Y.txt [ /bs.serving-sys.com ]
        D:\Users\Markus\AppData\Roaming\Microsoft\Windows\Cookies\MRRFAN25.txt [ /specificclick.net ]
        D:\Users\Markus\AppData\Roaming\Microsoft\Windows\Cookies\AC73NA72.txt [ /revsci.net ]
        D:\Users\Markus\AppData\Roaming\Microsoft\Windows\Cookies\YGVLDGKG.txt [ /apmebf.com ]
        D:\Users\Markus\AppData\Roaming\Microsoft\Windows\Cookies\UVP6ZBY0.txt [ /ad.360yield.com ]
        D:\Users\Markus\AppData\Roaming\Microsoft\Windows\Cookies\WWVSHO67.txt [ /rambler.ru ]
        D:\Users\Markus\AppData\Roaming\Microsoft\Windows\Cookies\AYDQYMXO.txt [ /ads.creative-serving.com ]
        D:\Users\Markus\AppData\Roaming\Microsoft\Windows\Cookies\P3TLV07V.txt [ /ad.zanox.com ]
        D:\Users\Markus\AppData\Roaming\Microsoft\Windows\Cookies\HFE1MTL4.txt [ /ad.adc-serv.net ]
        D:\Users\Markus\AppData\Roaming\Microsoft\Windows\Cookies\3IUCLYR8.txt [ /tradedoubler.com ]
        D:\Users\Markus\AppData\Roaming\Microsoft\Windows\Cookies\DD0JYVXA.txt [ /zanox.com ]
        D:\Users\Markus\AppData\Roaming\Microsoft\Windows\Cookies\INYIGRYK.txt [ /fastclick.net ]
        D:\Users\Markus\AppData\Roaming\Microsoft\Windows\Cookies\J0C0C9MY.txt [ /ad.yieldmanager.com ]
        D:\Users\Markus\AppData\Roaming\Microsoft\Windows\Cookies\ECXNXN62.txt [ /lfstmedia.com ]
        D:\Users\Markus\AppData\Roaming\Microsoft\Windows\Cookies\HFM4OBCY.txt [ /mediaplex.com ]
        D:\Users\Markus\AppData\Roaming\Microsoft\Windows\Cookies\F05231OU.txt [ /www.googleadservices.com ]
        D:\Users\Markus\AppData\Roaming\Microsoft\Windows\Cookies\0DOU0EN8.txt [ /hotlog.ru ]
        D:\Users\Markus\AppData\Roaming\Microsoft\Windows\Cookies\UB2AKPA2.txt [ /atdmt.com ]
        D:\Users\Markus\AppData\Roaming\Microsoft\Windows\Cookies\C84CPQL3.txt [ /doubleclick.net ]
        D:\Users\Markus\AppData\Roaming\Microsoft\Windows\Cookies\IK6Q5PDH.txt [ /adbrite.com ]
        D:\Users\Markus\AppData\Roaming\Microsoft\Windows\Cookies\H0HHKCVS.txt [ /serving-sys.com ]
        D:\Users\Markus\AppData\Roaming\Microsoft\Windows\Cookies\FWQ6C24Z.txt [ /adfarm1.adition.com ]
        D:\Users\Markus\AppData\Roaming\Microsoft\Windows\Cookies\SLW0322B.txt [ /adtech.de ]
        D:\Users\Markus\AppData\Roaming\Microsoft\Windows\Cookies\XWGLQ9DD.txt [ /accounts.google.com ]
        D:\USERS\LUKAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\OF5FWUXU.txt [ Cookie:lukas@adfarm1.adition.com/ ]
        D:\USERS\LUKAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\2NTOGIF6.txt [ Cookie:lukas@tradedoubler.com/ ]
        D:\USERS\LUKAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\645DDCDD.txt [ Cookie:lukas@mediaplex.com/ ]
        D:\USERS\LUKAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\S1EJ28BK.txt [ Cookie:lukas@ad.yieldmanager.com/ ]
        D:\USERS\LUKAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\KWYWDU8Q.txt [ Cookie:lukas@a.revenuemax.de/ ]
        D:\USERS\LUKAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\G20CRYXU.txt [ Cookie:lukas@dyntracker.com/ ]
        D:\USERS\LUKAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\AMEZQTW9.txt [ Cookie:lukas@fastclick.net/ ]
        D:\USERS\LUKAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\J4282AP1.txt [ Cookie:lukas@apmebf.com/ ]
        D:\USERS\LUKAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\0YHV40Z0.txt [ Cookie:lukas@eas.apm.emediate.eu/ ]
        D:\USERS\LUKAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\CNQZ1I30.txt [ Cookie:lukas@ad.zanox.com/ ]
        D:\USERS\LUKAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\A0ECR45E.txt [ Cookie:lukas@fl01.ct2.comclick.com/ ]
        D:\USERS\LUKAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z5UBTL4L.txt [ Cookie:lukas@exoclick.com/ ]
        D:\USERS\LUKAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\37W4U1HX.txt [ Cookie:lukas@tracking.quisma.com/ ]
        D:\USERS\LUKAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\YELZGD17.txt [ Cookie:lukas@bs.serving-sys.com/ ]
        D:\USERS\LUKAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\AT1QQQ6I.txt [ Cookie:lukas@track.effiliation.com/ ]
        D:\USERS\LUKAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\VE9O6FL2.txt [ Cookie:lukas@ads.quartermedia.de/ ]
        D:\USERS\LUKAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\PHI3YN6M.txt [ Cookie:lukas@serving-sys.com/ ]
        D:\USERS\LUKAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\BPDHGLW8.txt [ Cookie:lukas@imrworldwide.com/cgi-bin ]
        D:\USERS\LUKAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\DDL1YKAO.txt [ Cookie:lukas@invitemedia.com/ ]
        D:\USERS\LUKAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\D206OTH8.txt [ Cookie:lukas@tns-counter.ru/ ]
        D:\USERS\LUKAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\UH26TL2W.txt [ Cookie:lukas@ad2.adfarm1.adition.com/ ]
        D:\USERS\MARKUS\Cookies\3UAJBYL2.txt [ Cookie:markus@ad4.adfarm1.adition.com/ ]
        D:\USERS\MARKUS\Cookies\644PR56Y.txt [ Cookie:markus@bs.serving-sys.com/ ]
        D:\USERS\MARKUS\Cookies\MRRFAN25.txt [ Cookie:markus@specificclick.net/ ]
        D:\USERS\MARKUS\Cookies\AC73NA72.txt [ Cookie:markus@revsci.net/ ]
        D:\USERS\MARKUS\Cookies\YGVLDGKG.txt [ Cookie:markus@apmebf.com/ ]
        D:\USERS\MARKUS\Cookies\WWVSHO67.txt [ Cookie:markus@rambler.ru/ ]
        D:\USERS\MARKUS\Cookies\3IUCLYR8.txt [ Cookie:markus@tradedoubler.com/ ]
        D:\USERS\MARKUS\Cookies\DD0JYVXA.txt [ Cookie:markus@zanox.com/ ]
        D:\USERS\MARKUS\Cookies\INYIGRYK.txt [ Cookie:markus@fastclick.net/ ]
        D:\USERS\MARKUS\Cookies\J0C0C9MY.txt [ Cookie:markus@ad.yieldmanager.com/ ]
        D:\USERS\MARKUS\Cookies\HFM4OBCY.txt [ Cookie:markus@mediaplex.com/ ]
        D:\USERS\MARKUS\Cookies\0DOU0EN8.txt [ Cookie:markus@hotlog.ru/ ]
        D:\USERS\MARKUS\Cookies\UB2AKPA2.txt [ Cookie:markus@atdmt.com/ ]
        D:\USERS\MARKUS\Cookies\IK6Q5PDH.txt [ Cookie:markus@adbrite.com/ ]
        D:\USERS\MARKUS\Cookies\H0HHKCVS.txt [ Cookie:markus@serving-sys.com/ ]
        D:\USERS\MARKUS\Cookies\FWQ6C24Z.txt [ Cookie:markus@adfarm1.adition.com/ ]
        D:\USERS\MARKUS\Cookies\SLW0322B.txt [ Cookie:markus@adtech.de/ ]
        D:\USERS\MARKUS\Cookies\XWGLQ9DD.txt [ Cookie:markus@accounts.google.com/ ]
        D:\USERS\MELANIE\AppData\Roaming\Microsoft\Windows\Cookies\K9IB9UYK.txt [ Cookie:melanie@fastclick.net/ ]
        D:\USERS\MELANIE\AppData\Roaming\Microsoft\Windows\Cookies\VMVL9VN1.txt [ Cookie:melanie@mediaplex.com/ ]
        D:\USERS\MELANIE\AppData\Roaming\Microsoft\Windows\Cookies\Low\XJ9Z3B2A.txt [ Cookie:melanie@media6degrees.com/ ]
        D:\USERS\MELANIE\AppData\Roaming\Microsoft\Windows\Cookies\Low\SOM6GZRK.txt [ Cookie:melanie@adbrite.com/ ]
        D:\USERS\MELANIE\AppData\Roaming\Microsoft\Windows\Cookies\Low\E8KHITR5.txt [ Cookie:melanie@doubleclick.net/ ]
        D:\USERS\MELANIE\AppData\Roaming\Microsoft\Windows\Cookies\Low\YNQCPQPI.txt [ Cookie:melanie@lfstmedia.com/ ]
        D:\USERS\MELANIE\AppData\Roaming\Microsoft\Windows\Cookies\Low\P2PG9MA3.txt [ Cookie:melanie@www.netdebit-counter.de/ ]
        D:\USERS\MELANIE\AppData\Roaming\Microsoft\Windows\Cookies\Low\YUED963X.txt [ Cookie:melanie@adfarm1.adition.com/ ]
        D:\USERS\MELANIE\AppData\Roaming\Microsoft\Windows\Cookies\Low\W38G6AYW.txt [ Cookie:melanie@dream-multimedia-tv.de/ ]
        D:\USERS\MELANIE\AppData\Roaming\Microsoft\Windows\Cookies\Low\6ONXSP9C.txt [ Cookie:melanie@tracking.quisma.com/ ]
        D:\USERS\MELANIE\AppData\Roaming\Microsoft\Windows\Cookies\Low\11W9QG5P.txt [ Cookie:melanie@www.allthemedia.de/ ]
        D:\USERS\MELANIE\AppData\Roaming\Microsoft\Windows\Cookies\Low\5GU2V6TH.txt [ Cookie:melanie@www.googleadservices.com/pagead/conversion/1072276319/ ]
        D:\USERS\MELANIE\AppData\Roaming\Microsoft\Windows\Cookies\Low\85HX1D3X.txt [ Cookie:melanie@ad.yieldmanager.com/ ]
        D:\USERS\MELANIE\AppData\Roaming\Microsoft\Windows\Cookies\Low\T1NK72PF.txt [ Cookie:melanie@zanox-affiliate.de/ ]
        D:\USERS\MELANIE\AppData\Roaming\Microsoft\Windows\Cookies\Low\189K31VV.txt [ Cookie:melanie@dc.tremormedia.com/ ]
        D:\USERS\MELANIE\AppData\Roaming\Microsoft\Windows\Cookies\Low\6YNVM7GM.txt [ Cookie:melanie@adtech.de/ ]
        D:\USERS\MELANIE\AppData\Roaming\Microsoft\Windows\Cookies\Low\K6HI1I0K.txt [ Cookie:melanie@webmasterplan.com/ ]
        D:\USERS\MELANIE\AppData\Roaming\Microsoft\Windows\Cookies\Low\MP2P9JHP.txt [ Cookie:melanie@tracking.gameforge.de/track/ ]
        D:\USERS\MELANIE\AppData\Roaming\Microsoft\Windows\Cookies\Low\6LJS0DET.txt [ Cookie:melanie@ad3.adfarm1.adition.com/ ]
        D:\USERS\MELANIE\AppData\Roaming\Microsoft\Windows\Cookies\Low\OA6CBAJU.txt [ Cookie:melanie@ad2.adfarm1.adition.com/ ]
        D:\USERS\MELANIE\AppData\Roaming\Microsoft\Windows\Cookies\Low\86RC5Q49.txt [ Cookie:melanie@revsci.net/ ]
        D:\USERS\MELANIE\AppData\Roaming\Microsoft\Windows\Cookies\Low\RBF4Q8SY.txt [ Cookie:melanie@gostats.de/ ]
        D:\USERS\MELANIE\AppData\Roaming\Microsoft\Windows\Cookies\Low\XAN4S83D.txt [ Cookie:melanie@mediaplex.com/ ]
        D:\USERS\MELANIE\AppData\Roaming\Microsoft\Windows\Cookies\Low\6AFGNAPF.txt [ Cookie:melanie@www.googleadservices.com/pagead/conversion/1047264784/ ]
        D:\USERS\MELANIE\AppData\Roaming\Microsoft\Windows\Cookies\Low\D5K6CE1E.txt [ Cookie:melanie@kemmerzell-media.de/ ]
        D:\USERS\MELANIE\AppData\Roaming\Microsoft\Windows\Cookies\Low\IGG544DP.txt [ Cookie:melanie@tradedoubler.com/ ]
        D:\USERS\MELANIE\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y68XI5NJ.txt [ Cookie:melanie@zanox.com/ ]
        D:\USERS\MELANIE\AppData\Roaming\Microsoft\Windows\Cookies\Low\F4VIRHID.txt [ Cookie:melanie@xiti.com/ ]
        D:\USERS\MELANIE\AppData\Roaming\Microsoft\Windows\Cookies\Low\MPF3L5PP.txt [ Cookie:melanie@atdmt.com/ ]
        D:\USERS\MELANIE\AppData\Roaming\Microsoft\Windows\Cookies\Low\VUZVPTK7.txt [ Cookie:melanie@ad.dyntracker.de/ ]
        D:\USERS\MELANIE\AppData\Roaming\Microsoft\Windows\Cookies\Low\H43BVKP6.txt [ Cookie:melanie@ad.adnet.de/ ]
        D:\USERS\MELANIE\AppData\Roaming\Microsoft\Windows\Cookies\Low\A4M7DB1S.txt [ Cookie:melanie@imrworldwide.com/cgi-bin ]
        D:\USERS\MELANIE\AppData\Roaming\Microsoft\Windows\Cookies\Low\9F21WLEH.txt [ Cookie:melanie@serving-sys.com/ ]
        D:\USERS\MELANIE\AppData\Roaming\Microsoft\Windows\Cookies\Low\CS2R2AI5.txt [ Cookie:melanie@7.rotator.wigetmedia.com/ ]
        D:\USERS\MELANIE\AppData\Roaming\Microsoft\Windows\Cookies\Low\STCRVUQT.txt [ Cookie:melanie@www.kemmerzell-media.de/ ]
        D:\USERS\MELANIE\Cookies\K9IB9UYK.txt [ Cookie:melanie@fastclick.net/ ]
        D:\USERS\MELANIE\Cookies\VMVL9VN1.txt [ Cookie:melanie@mediaplex.com/ ]
        D:\USERS\SONJA\AppData\Roaming\Microsoft\Windows\Cookies\Low\54N5B96A.txt [ Cookie:sonja@atdmt.com/ ]
        .doubleclick.net [ D:\USERS\MARKUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .doubleclick.net [ D:\USERS\MARKUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        accounts.google.com [ D:\USERS\MARKUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        accounts.google.com [ D:\USERS\MARKUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        eas4.emediate.eu [ D:\USERS\MARKUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        eas4.emediate.eu [ D:\USERS\MARKUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        eas4.emediate.eu [ D:\USERS\MARKUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .fastclick.net [ D:\USERS\MARKUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .fastclick.net [ D:\USERS\MARKUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ D:\USERS\MARKUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ D:\USERS\MARKUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .apmebf.com [ D:\USERS\MARKUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .mediaplex.com [ D:\USERS\MARKUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .serving-sys.com [ D:\USERS\MARKUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .serving-sys.com [ D:\USERS\MARKUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .atdmt.com [ D:\USERS\MARKUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .atdmt.com [ D:\USERS\MARKUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad.zanox.com [ D:\USERS\MARKUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adfarm1.adition.com [ D:\USERS\MARKUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .tracking.quisma.com [ D:\USERS\MARKUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .tracking.quisma.com [ D:\USERS\MARKUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adfarm1.adition.com [ D:\USERS\MARKUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad2.adfarm1.adition.com [ D:\USERS\MARKUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adfarm1.adition.com [ D:\USERS\MARKUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adfarm1.adition.com [ D:\USERS\MARKUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad3.adfarm1.adition.com [ D:\USERS\MARKUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .serving-sys.com [ D:\USERS\MARKUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .serving-sys.com [ D:\USERS\MARKUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .serving-sys.com [ D:\USERS\MARKUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .mediaplex.com [ D:\USERS\MARKUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .invitemedia.com [ D:\USERS\MARKUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .2o7.net [ D:\USERS\MARKUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QE4NO83Y.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ D:\USERS\MARKUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QE4NO83Y.DEFAULT\COOKIES.SQLITE ]
        .c.atdmt.com [ D:\USERS\MARKUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QE4NO83Y.DEFAULT\COOKIES.SQLITE ]
        .c.atdmt.com [ D:\USERS\MARKUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QE4NO83Y.DEFAULT\COOKIES.SQLITE ]
        account.goodgamestudios.com [ C:\USERS\MARKUS\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L43A746D ]
        C:\USERS\MARKUS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MARKUS@AD4.ADFARM1.ADITION[1].TXT [ /AD4.ADFARM1.ADITION ]
        C:\USERS\MARKUS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MARKUS@ZEDO[1].TXT [ /ZEDO ]
        C:\USERS\MARKUS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MARKUS@ADFARM1.ADITION[1].TXT [ /ADFARM1.ADITION ]
        C:\USERS\MARKUS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MARKUS@RTS.PGMEDIASERVE[1].TXT [ /RTS.PGMEDIASERVE ]
        C:\USERS\MARKUS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MARKUS@INVITEMEDIA[1].TXT [ /INVITEMEDIA ]
        C:\USERS\MARKUS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MARKUS@ZANOX-AFFILIATE[2].TXT [ /ZANOX-AFFILIATE ]
        C:\USERS\MARKUS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MARKUS@BUTLERS.TRAFFECTIVE-TRACKING[2].TXT [ /BUTLERS.TRAFFECTIVE-TRACKING ]
        C:\USERS\MARKUS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MARKUS@AD.AD-SRV[1].TXT [ /AD.AD-SRV ]
        C:\USERS\MARKUS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MARKUS@AD3.ADFARM1.ADITION[1].TXT [ /AD3.ADFARM1.ADITION ]
        C:\USERS\MARKUS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MARKUS@TRACKING.QUISMA[1].TXT [ /TRACKING.QUISMA ]
        C:\USERS\MARKUS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MARKUS@R1-ADS.ACE.ADVERTISING[1].TXT [ /R1-ADS.ACE.ADVERTISING ]
        C:\USERS\MARKUS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MARKUS@AD2.ADFARM1.ADITION[1].TXT [ /AD2.ADFARM1.ADITION ]
        C:\USERS\MARKUS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MARKUS@YIELDMANAGER[1].TXT [ /YIELDMANAGER ]
        C:\USERS\MARKUS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MARKUS@AD.YIELDMANAGER[1].TXT [ /AD.YIELDMANAGER ]
        C:\USERS\MARKUS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MARKUS@EXOCLICK[1].TXT [ /EXOCLICK ]
        C:\USERS\MARKUS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MARKUS@APMEBF[2].TXT [ /APMEBF ]
        C:\USERS\MARKUS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MARKUS@ADVERTISING[1].TXT [ /ADVERTISING ]
        C:\USERS\MARKUS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MARKUS@RU4[2].TXT [ /RU4 ]
        C:\USERS\MARKUS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MARKUS@ACCOUNTS.GOOGLE[2].TXT [ /ACCOUNTS.GOOGLE ]
        C:\USERS\MARKUS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MARKUS@MEDIA6DEGREES[2].TXT [ /MEDIA6DEGREES ]
        C:\USERS\MARKUS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MARKUS@WW251.SMARTADSERVER[1].TXT [ /WW251.SMARTADSERVER ]
        C:\USERS\MARKUS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MARKUS@SERVING-SYS[1].TXT [ /SERVING-SYS ]
        C:\USERS\MARKUS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MARKUS@MEDIAPLEX[2].TXT [ /MEDIAPLEX ]
        C:\USERS\MARKUS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MARKUS@2O7[1].TXT [ /2O7 ]
        C:\USERS\MARKUS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MARKUS@ATDMT[2].TXT [ /ATDMT ]
        C:\USERS\MARKUS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MARKUS@TRACKING.MLSAT02[1].TXT [ /TRACKING.MLSAT02 ]
        C:\USERS\MARKUS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MARKUS@DOUBLECLICK[2].TXT [ /DOUBLECLICK ]
        C:\USERS\MARKUS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MARKUS@WWW.ZANOX-AFFILIATE[1].TXT [ /WWW.ZANOX-AFFILIATE ]
        C:\USERS\MARKUS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MARKUS@EAEACOM.112.2O7[1].TXT [ /EAEACOM.112.2O7 ]
        C:\USERS\MARKUS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MARKUS@ADBRITE[2].TXT [ /ADBRITE ]
        C:\USERS\MARKUS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MARKUS@ZANOX[2].TXT [ /ZANOX ]
        C:\USERS\MARKUS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MARKUS@LUCIDMEDIA[1].TXT [ /LUCIDMEDIA ]
        C:\USERS\MARKUS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MARKUS@SMARTADSERVER[1].TXT [ /SMARTADSERVER ]
        C:\USERS\MARKUS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MARKUS@TRADEDOUBLER[2].TXT [ /TRADEDOUBLER ]
        C:\USERS\MARKUS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MARKUS@EAS4.EMEDIATE[2].TXT [ /EAS4.EMEDIATE ]
        C:\USERS\MARKUS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MARKUS@WEBMASTERPLAN[2].TXT [ /WEBMASTERPLAN ]
        C:\USERS\MARKUS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MARKUS@PARTYPOKER[2].TXT [ /PARTYPOKER ]
        C:\USERS\MARKUS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MARKUS@AD.DYNTRACKER[1].TXT [ /AD.DYNTRACKER ]
        C:\USERS\MARKUS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MARKUS@AD1.ADFARM1.ADITION[1].TXT [ /AD1.ADFARM1.ADITION ]
        C:\USERS\MARKUS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MARKUS@ADXPOSE[1].TXT [ /ADXPOSE ]
        C:\USERS\MARKUS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MARKUS@AT.ATWOLA[1].TXT [ /AT.ATWOLA ]
        C:\USERS\MARKUS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MARKUS@TRAFFICTRACK[1].TXT [ /TRAFFICTRACK ]
        C:\USERS\MARKUS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MARKUS@AD.ZANOX[2].TXT [ /AD.ZANOX ]
        C:\USERS\MARKUS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MARKUS@DE.PARTYPOKER[1].TXT [ /DE.PARTYPOKER ]
        C:\USERS\MARKUS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MARKUS@AD.BEEPWORLD[1].TXT [ /AD.BEEPWORLD ]
        C:\USERS\MARKUS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MARKUS@ADTECH[1].TXT [ /ADTECH ]
        C:\USERS\MARKUS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\MARKUS@PARTYPOKER[2].TXT [ /PARTYPOKER ]
        C:\USERS\MELANIE\APPDATA\LOCAL\TEMP\COOKIES\MELANIE@MICROSOFTWLLIVEMKT.112.2O7[1].TXT [ /MICROSOFTWLLIVEMKT.112.2O7 ]
        C:\USERS\MELANIE\APPDATA\LOCAL\TEMP\COOKIES\MELANIE@ATDMT[2].TXT [ /ATDMT ]
        C:\USERS\MELANIE\APPDATA\LOCAL\TEMP\COOKIES\MELANIE@ATDMT.COMBING[2].TXT [ /ATDMT.COMBING ]
        C:\USERS\MELANIE\APPDATA\LOCAL\TEMP\COOKIES\MELANIE@ZEDO[2].TXT [ /ZEDO ]
        account.goodgamestudios.com [ C:\USERS\MELANIE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\CGE829GS ]
        cdn.eyewonder.com [ C:\USERS\MELANIE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\CGE829GS ]
        cdn1.static1.pornrabbit.com [ C:\USERS\MELANIE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\CGE829GS ]
        cdn5.specificclick.net [ C:\USERS\MELANIE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\CGE829GS ]
        media01.kyte.tv [ C:\USERS\MELANIE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\CGE829GS ]
        www.naiadsystems.com [ C:\USERS\MELANIE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\CGE829GS ]
        www.sexkiste.com [ C:\USERS\MELANIE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\CGE829GS ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@XITI[2].TXT [ /XITI ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@STATSE.WEBTRENDSLIVE[2].TXT [ /STATSE.WEBTRENDSLIVE ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ADV.RTL[1].TXT [ /ADV.RTL ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ADXPANSION[1].TXT [ /ADXPANSION ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ADS.CREATIVE-SERVING[2].TXT [ /ADS.CREATIVE-SERVING ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@AD.DYNTRACKER[1].TXT [ /AD.DYNTRACKER ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@WWW.BIGTRACKER[1].TXT [ /WWW.BIGTRACKER ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@WWW.TRAFFICTRACK[2].TXT [ /WWW.TRAFFICTRACK ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ADSERVER.KINO-ZEIT[2].TXT [ /ADSERVER.KINO-ZEIT ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@HARRENMEDIANETWORK[1].TXT [ /HARRENMEDIANETWORK ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@TRACKING.QUISMA[1].TXT [ /TRACKING.QUISMA ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@TRACKING.GAMEFORGE[1].TXT [ /TRACKING.GAMEFORGE ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@STATSE.WEBTRENDSLIVE[3].TXT [ /STATSE.WEBTRENDSLIVE ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@OVERTURE[3].TXT [ /OVERTURE ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ADS.ADDYNAMIX[2].TXT [ /ADS.ADDYNAMIX ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@WEBMASTERPLAN[2].TXT [ /WEBMASTERPLAN ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@SMARTADSERVER[1].TXT [ /SMARTADSERVER ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@AD.WSOD[2].TXT [ /AD.WSOD ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@DELIVERY.ATKMEDIA[1].TXT [ /DELIVERY.ATKMEDIA ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@LFSTMEDIA[1].TXT [ /LFSTMEDIA ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@API15.THETRAFFICSTAT[1].TXT [ /API15.THETRAFFICSTAT ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@THETRAFFICSTAT[2].TXT [ /THETRAFFICSTAT ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@AD.ADNET[1].TXT [ /AD.ADNET ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@API18.THETRAFFICSTAT[2].TXT [ /API18.THETRAFFICSTAT ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@IMRWORLDWIDE[2].TXT [ /IMRWORLDWIDE ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@TRACK.EFFILIATION[5].TXT [ /TRACK.EFFILIATION ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ADS.PARTY[1].TXT [ /ADS.PARTY ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@PROFILBANNER[1].TXT [ /PROFILBANNER ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@LUCIDMEDIA[2].TXT [ /LUCIDMEDIA ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ADS.OE4[2].TXT [ /ADS.OE4 ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@PORNRABBIT[1].TXT [ /PORNRABBIT ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ADBRITE[1].TXT [ /ADBRITE ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@EXOCLICK[1].TXT [ /EXOCLICK ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@SPECIFICCLICK[2].TXT [ /SPECIFICCLICK ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@EAS4.EMEDIATE[2].TXT [ /EAS4.EMEDIATE ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ZBOX.ZANOX[1].TXT [ /ZBOX.ZANOX ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@EAS4.EMEDIATE[3].TXT [ /EAS4.EMEDIATE ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@TRADEDOUBLER[1].TXT [ /TRADEDOUBLER ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@LUCIDMEDIA[1].TXT [ /LUCIDMEDIA ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@AD1.ADFARM1.ADITION[3].TXT [ /AD1.ADFARM1.ADITION ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@COLLECTIVE-MEDIA[3].TXT [ /COLLECTIVE-MEDIA ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@STATS.LINX[1].TXT [ /STATS.LINX ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@MICROSOFTINTERNETEXPLORER.112.2O7[1].TXT [ /MICROSOFTINTERNETEXPLORER.112.2O7 ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@FASTCLICK[1].TXT [ /FASTCLICK ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ADS.HEIAS[1].TXT [ /ADS.HEIAS ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@WEBMASTERPLAN[3].TXT [ /WEBMASTERPLAN ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@API25.THETRAFFICSTAT[2].TXT [ /API25.THETRAFFICSTAT ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@EAS.APM.EMEDIATE[1].TXT [ /EAS.APM.EMEDIATE ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@REALMEDIA[2].TXT [ /REALMEDIA ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ADXPOSE[1].TXT [ /ADXPOSE ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@REVSCI[1].TXT [ /REVSCI ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ZANOX[2].TXT [ /ZANOX ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ADS.GLISPA[2].TXT [ /ADS.GLISPA ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@TRACKING.MLSAT02[1].TXT [ /TRACKING.MLSAT02 ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@WWW.NETDEBIT-COUNTER[2].TXT [ /WWW.NETDEBIT-COUNTER ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ATDMT[3].TXT [ /ATDMT ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@GOODADVERT[1].TXT [ /GOODADVERT ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@BURSTNET[2].TXT [ /BURSTNET ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@EHG-NOKIAFIN.HITBOX[1].TXT [ /EHG-NOKIAFIN.HITBOX ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@STUDIVZ.ADFARM1.ADITION[1].TXT [ /STUDIVZ.ADFARM1.ADITION ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ATWOLA[1].TXT [ /ATWOLA ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@SEXKISTE[1].TXT [ /SEXKISTE ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ADS.AUDXCH[1].TXT [ /ADS.AUDXCH ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@DE.LIKE.FAKEACCOUNT[2].TXT [ /DE.LIKE.FAKEACCOUNT ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@M1.WEBSTATS.MOTIGO[2].TXT [ /M1.WEBSTATS.MOTIGO ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@WWW.ETRACKER[1].TXT [ /WWW.ETRACKER ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@AD4.ADFARM1.ADITION[1].TXT [ /AD4.ADFARM1.ADITION ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@AZJMP[3].TXT [ /AZJMP ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@TRACK.EFFILIATION[3].TXT [ /TRACK.EFFILIATION ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@AD2.ADFARM1.ADITION[2].TXT [ /AD2.ADFARM1.ADITION ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@TRAFFICTRACK[1].TXT [ /TRAFFICTRACK ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ADS.QUARTERMEDIA[2].TXT [ /ADS.QUARTERMEDIA ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@MICROSOFTSTO.112.2O7[1].TXT [ /MICROSOFTSTO.112.2O7 ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ADTECH[3].TXT [ /ADTECH ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@TRACKING.HANNOVERSCHE[2].TXT [ /TRACKING.HANNOVERSCHE ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ADS.EASYAD[1].TXT [ /ADS.EASYAD ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ADSERVER.INTRO[1].TXT [ /ADSERVER.INTRO ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@AD.ADC-SERV[3].TXT [ /AD.ADC-SERV ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@INADSERVE[1].TXT [ /INADSERVE ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ADS.POINTROLL[2].TXT [ /ADS.POINTROLL ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@IM.BANNER.T-ONLINE[1].TXT [ /IM.BANNER.T-ONLINE ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@WWW.PORNRABBIT[1].TXT [ /WWW.PORNRABBIT ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@GUJ.122.2O7[1].TXT [ /GUJ.122.2O7 ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@CONTENT.YIELDMANAGER[4].TXT [ /CONTENT.YIELDMANAGER ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ZEDO[2].TXT [ /ZEDO ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@MEDIA6DEGREES[1].TXT [ /MEDIA6DEGREES ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@SMILEYCENTRAL[3].TXT [ /SMILEYCENTRAL ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@API16.THETRAFFICSTAT[1].TXT [ /API16.THETRAFFICSTAT ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@NETWORLDMEDIA[1].TXT [ /NETWORLDMEDIA ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@COLLECTIVE-MEDIA[1].TXT [ /COLLECTIVE-MEDIA ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@WWW.ZANOX-AFFILIATE[1].TXT [ /WWW.ZANOX-AFFILIATE ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ZANOX-AFFILIATE[1].TXT [ /ZANOX-AFFILIATE ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@QUESTIONMARKET[2].TXT [ /QUESTIONMARKET ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@DE.AT.ATWOLA[1].TXT [ /DE.AT.ATWOLA ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@STATCOUNTER[3].TXT [ /STATCOUNTER ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@SERVER.LON.LIVEPERSON[3].TXT [ /SERVER.LON.LIVEPERSON ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@AD1.ADFARM.ADTELLIGENCE[1].TXT [ /AD1.ADFARM.ADTELLIGENCE ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ADS.QUARTERMEDIA[1].TXT [ /ADS.QUARTERMEDIA ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ADS.NETWORLDMEDIA[1].TXT [ /ADS.NETWORLDMEDIA ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@TRIBALFUSION[1].TXT [ /TRIBALFUSION ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@EYEWONDER[2].TXT [ /EYEWONDER ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ROTATOR.ADJUGGLER[1].TXT [ /ROTATOR.ADJUGGLER ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@HOTLOG[1].TXT [ /HOTLOG ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@MEDIAEVENT[1].TXT [ /MEDIAEVENT ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ADCENTRICONLINE[1].TXT [ /ADCENTRICONLINE ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@EDSA.122.2O7[1].TXT [ /EDSA.122.2O7 ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@YADRO[3].TXT [ /YADRO ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@SEVENONEINTERMEDIA.112.2O7[1].TXT [ /SEVENONEINTERMEDIA.112.2O7 ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@KOMTRACK[2].TXT [ /KOMTRACK ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@METROLEAP.ROTATOR.HADJ7.ADJUGGLER[2].TXT [ /METROLEAP.ROTATOR.HADJ7.ADJUGGLER ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@TRACK.EFFILIATION[1].TXT [ /TRACK.EFFILIATION ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@SERVING-SYS[1].TXT [ /SERVING-SYS ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@WWW.ETRACKER[3].TXT [ /WWW.ETRACKER ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@CASALEMEDIA[1].TXT [ /CASALEMEDIA ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@TNS-COUNTER[1].TXT [ /TNS-COUNTER ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@WWW.GOOGLEADSERVICES[1].TXT [ /WWW.GOOGLEADSERVICES ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@AD3.ADFARM1.ADITION[3].TXT [ /AD3.ADFARM1.ADITION ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@TRACK.WEBTREKK[1].TXT [ /TRACK.WEBTREKK ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ADTECH[2].TXT [ /ADTECH ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@SONYERICSSON.112.2O7[1].TXT [ /SONYERICSSON.112.2O7 ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@CLICKSOR[2].TXT [ /CLICKSOR ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ADS.ADK2[3].TXT [ /ADS.ADK2 ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@TOPLIST[1].TXT [ /TOPLIST ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@MEDIA.PHOTOBUCKET[1].TXT [ /MEDIA.PHOTOBUCKET ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@AD.BAUERVERLAG[1].TXT [ /AD.BAUERVERLAG ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@INVITEMEDIA[2].TXT [ /INVITEMEDIA ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@AIRFRANCE.BANNERFACTORY[2].TXT [ /AIRFRANCE.BANNERFACTORY ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@BWINCOM.122.2O7[1].TXT [ /BWINCOM.122.2O7 ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@MEDIA6DEGREES[3].TXT [ /MEDIA6DEGREES ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ADS.PUBMATIC[2].TXT [ /ADS.PUBMATIC ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ADS.CTASNET[1].TXT [ /ADS.CTASNET ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@APMEBF[1].TXT [ /APMEBF ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ICE.112.2O7[1].TXT [ /ICE.112.2O7 ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ADS.OE4[3].TXT [ /ADS.OE4 ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ACCOUNTS.GOOGLE[1].TXT [ /ACCOUNTS.GOOGLE ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@AD.ADSERVER01[1].TXT [ /AD.ADSERVER01 ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ADX.CHIP[2].TXT [ /ADX.CHIP ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@TRACKING.9FLATS[2].TXT [ /TRACKING.9FLATS ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@GOTACHA.ROTATOR.HADJ7.ADJUGGLER[3].TXT [ /GOTACHA.ROTATOR.HADJ7.ADJUGGLER ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ADSERVER.ADREACTOR[2].TXT [ /ADSERVER.ADREACTOR ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@AT.ATWOLA[2].TXT [ /AT.ATWOLA ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@AD.LEADBOLT[1].TXT [ /AD.LEADBOLT ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@RU4[1].TXT [ /RU4 ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@TRACK.WEBTREKK[2].TXT [ /TRACK.WEBTREKK ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@WWW.USENEXT[1].TXT [ /WWW.USENEXT ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@AD.AD-SRV[1].TXT [ /AD.AD-SRV ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@SECMEDIA[1].TXT [ /SECMEDIA ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@TACODA[2].TXT [ /TACODA ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@SERVING-SYS[2].TXT [ /SERVING-SYS ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@RU4[2].TXT [ /RU4 ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@XM.XTENDMEDIA[3].TXT [ /XM.XTENDMEDIA ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@EHG-UPCCHELLOMEDIA.HITBOX[2].TXT [ /EHG-UPCCHELLOMEDIA.HITBOX ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@A6.ADSERVER01[2].TXT [ /A6.ADSERVER01 ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@TIMESOFINDIA.FEEDSPORTAL[1].TXT [ /TIMESOFINDIA.FEEDSPORTAL ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ACCOUNT.FROGSTER-ONLINE[1].TXT [ /ACCOUNT.FROGSTER-ONLINE ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ADS2.ONTECNIA[1].TXT [ /ADS2.ONTECNIA ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@TRACKING.GAMEFORGE[2].TXT [ /TRACKING.GAMEFORGE ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@MEDIAMARKT[1].TXT [ /MEDIAMARKT ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@FAME-SOUNDTRACK[2].TXT [ /FAME-SOUNDTRACK ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@TRIBALFUSION[3].TXT [ /TRIBALFUSION ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@WW251.SMARTADSERVER[2].TXT [ /WW251.SMARTADSERVER ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ADSERVER.ADTECHUS[2].TXT [ /ADSERVER.ADTECHUS ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@TRADEDOUBLER[3].TXT [ /TRADEDOUBLER ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@LYRICFIND.ROTATOR.HADJ7.ADJUGGLER[2].TXT [ /LYRICFIND.ROTATOR.HADJ7.ADJUGGLER ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@CONTENT.YIELDMANAGER[1].TXT [ /CONTENT.YIELDMANAGER ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ADS.OE4[1].TXT [ /ADS.OE4 ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@UNITYMEDIA[3].TXT [ /UNITYMEDIA ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@EHG-REED.HITBOX[2].TXT [ /EHG-REED.HITBOX ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@UNITYMEDIA[2].TXT [ /UNITYMEDIA ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@VIDEOEGG.ADBUREAU[2].TXT [ /VIDEOEGG.ADBUREAU ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@API20.THETRAFFICSTAT[1].TXT [ /API20.THETRAFFICSTAT ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@APMEBF[3].TXT [ /APMEBF ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@YIELDMANAGER[1].TXT [ /YIELDMANAGER ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@OVERTURE[2].TXT [ /OVERTURE ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@API10.THETRAFFICSTAT[2].TXT [ /API10.THETRAFFICSTAT ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@A2.ADSERVER01[1].TXT [ /A2.ADSERVER01 ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@TRACKING.QUISMA[2].TXT [ /TRACKING.QUISMA ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@BLUESTREAK[1].TXT [ /BLUESTREAK ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@AD.YIELDMANAGER[1].TXT [ /AD.YIELDMANAGER ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@SERVER.LON.LIVEPERSON[1].TXT [ /SERVER.LON.LIVEPERSON ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@AD1.ADFARM1.ADITION[1].TXT [ /AD1.ADFARM1.ADITION ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ADSRV1.ADMEDIATE[2].TXT [ /ADSRV1.ADMEDIATE ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ADFORM[1].TXT [ /ADFORM ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ADJUGGLER[1].TXT [ /ADJUGGLER ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@AD.ZANOX[1].TXT [ /AD.ZANOX ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@CHITIKA[1].TXT [ /CHITIKA ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@XITI[1].TXT [ /XITI ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ADSERVER.ADTECHUS[1].TXT [ /ADSERVER.ADTECHUS ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@COUNT.BRAT-ONLINE[2].TXT [ /COUNT.BRAT-ONLINE ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@API6.THETRAFFICSTAT[2].TXT [ /API6.THETRAFFICSTAT ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@WEBMASTERPLAN[1].TXT [ /WEBMASTERPLAN ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@AD.YIELDMANAGER[2].TXT [ /AD.YIELDMANAGER ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@LIVEPERSON[3].TXT [ /LIVEPERSON ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@EYEWONDER[3].TXT [ /EYEWONDER ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@WWW.USENEXT[2].TXT [ /WWW.USENEXT ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@SOCIALMEDIA[1].TXT [ /SOCIALMEDIA ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@VITAMINE.NETWORLDMEDIA[1].TXT [ /VITAMINE.NETWORLDMEDIA ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ADS.AD4GAME[1].TXT [ /ADS.AD4GAME ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@KONTERA[1].TXT [ /KONTERA ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ADSERVER.ADREACTOR[1].TXT [ /ADSERVER.ADREACTOR ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@AD.360YIELD[2].TXT [ /AD.360YIELD ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ADVERTISING.SUPERWEB[2].TXT [ /ADVERTISING.SUPERWEB ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@AD.ADC-SERV[1].TXT [ /AD.ADC-SERV ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@AD.PREIS[1].TXT [ /AD.PREIS ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@WWW.GOOGLEADSERVICES[5].TXT [ /WWW.GOOGLEADSERVICES ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@MEDIA.CONTEXTWEB[1].TXT [ /MEDIA.CONTEXTWEB ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ADS.ADGO-ONLINE[1].TXT [ /ADS.ADGO-ONLINE ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@SNAPFISH.112.2O7[1].TXT [ /SNAPFISH.112.2O7 ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@LFSTMEDIA[3].TXT [ /LFSTMEDIA ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ADS.LINGUEE[1].TXT [ /ADS.LINGUEE ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@WWW.GOOGLEADSERVICES[6].TXT [ /WWW.GOOGLEADSERVICES ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@C.ATDMT[2].TXT [ /C.ATDMT ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@AD.AD-SRV[2].TXT [ /AD.AD-SRV ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@AD.ADITION[2].TXT [ /AD.ADITION ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@WWW.SEXKISTE[2].TXT [ /WWW.SEXKISTE ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@AD.ZANOX[3].TXT [ /AD.ZANOX ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@YADRO[2].TXT [ /YADRO ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ADECN[1].TXT [ /ADECN ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@MEDIALAND[1].TXT [ /MEDIALAND ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ADS.IMMOBILIENSCOUT24[1].TXT [ /ADS.IMMOBILIENSCOUT24 ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@HIMEDIA.INDIVIDUAD[1].TXT [ /HIMEDIA.INDIVIDUAD ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@STATCOUNTER[1].TXT [ /STATCOUNTER ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@WW251.SMARTADSERVER[1].TXT [ /WW251.SMARTADSERVER ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@TRAFFICMP[2].TXT [ /TRAFFICMP ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@LIVEPERSON[1].TXT [ /LIVEPERSON ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@TRACKING.MINDSHARE[1].TXT [ /TRACKING.MINDSHARE ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@USENEXT[1].TXT [ /USENEXT ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@AD3.ADFARM1.ADITION[1].TXT [ /AD3.ADFARM1.ADITION ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@TRACKING.OE24[1].TXT [ /TRACKING.OE24 ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@SMILEYCENTRAL[1].TXT [ /SMILEYCENTRAL ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@DOUBLECLICK[2].TXT [ /DOUBLECLICK ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@AD.ADSERVER01[2].TXT [ /AD.ADSERVER01 ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ADS.OE4[4].TXT [ /ADS.OE4 ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@AUSTRIANAIRLINES.122.2O7[1].TXT [ /AUSTRIANAIRLINES.122.2O7 ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@2O7[3].TXT [ /2O7 ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@WWW.GRATIS-COUNTER[1].TXT [ /WWW.GRATIS-COUNTER ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ADSERVER.MATCHCRAFT[1].TXT [ /ADSERVER.MATCHCRAFT ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@USER.LUCIDMEDIA[1].TXT [ /USER.LUCIDMEDIA ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@INVITEMEDIA[1].TXT [ /INVITEMEDIA ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@MEDIAPLEX[2].TXT [ /MEDIAPLEX ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@CONTENT.YIELDMANAGER[3].TXT [ /CONTENT.YIELDMANAGER ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ADSRV.ADMEDIATE[3].TXT [ /ADSRV.ADMEDIATE ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@AZJMP[1].TXT [ /AZJMP ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@MYWEBSEARCH[2].TXT [ /MYWEBSEARCH ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@COUNTOMAT[1].TXT [ /COUNTOMAT ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@MICROSOFTWLLIVEMKT.112.2O7[1].TXT [ /MICROSOFTWLLIVEMKT.112.2O7 ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@247REALMEDIA[1].TXT [ /247REALMEDIA ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ADSERVER.NYX[1].TXT [ /ADSERVER.NYX ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@XM.XTENDMEDIA[1].TXT [ /XM.XTENDMEDIA ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@WWW.ADULTREVADS[1].TXT [ /WWW.ADULTREVADS ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@MICROSOFTWINDOWS.112.2O7[1].TXT [ /MICROSOFTWINDOWS.112.2O7 ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@WWW.ZANOX-AFFILIATE[2].TXT [ /WWW.ZANOX-AFFILIATE ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ADFARM1.ADITION[1].TXT [ /ADFARM1.ADITION ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@MEDIAPLEX[1].TXT [ /MEDIAPLEX ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@AD.ADOPM[2].TXT [ /AD.ADOPM ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@DE.LIKE.FAKEACCOUNT[1].TXT [ /DE.LIKE.FAKEACCOUNT ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@TRACKING.MLSAT02[2].TXT [ /TRACKING.MLSAT02 ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@SERVER.LON.LIVEPERSON[4].TXT [ /SERVER.LON.LIVEPERSON ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@AXELSPRINGER.122.2O7[1].TXT [ /AXELSPRINGER.122.2O7 ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@AD.BEEPWORLD[1].TXT [ /AD.BEEPWORLD ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@SALES.LIVEPERSON[2].TXT [ /SALES.LIVEPERSON ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@TRACK.ADFORM[2].TXT [ /TRACK.ADFORM ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ATDMT[2].TXT [ /ATDMT ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@BS.SERVING-SYS[2].TXT [ /BS.SERVING-SYS ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@2O7[2].TXT [ /2O7 ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@WWW.FAME-SOUNDTRACK[1].TXT [ /WWW.FAME-SOUNDTRACK ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ADS.NETLOG[1].TXT [ /ADS.NETLOG ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ADFARM1.ADITION[2].TXT [ /ADFARM1.ADITION ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@WWW.NETDEBIT-COUNTER[1].TXT [ /WWW.NETDEBIT-COUNTER ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@WWW.GOOGLEADSERVICES[2].TXT [ /WWW.GOOGLEADSERVICES ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@TRACK.GRIDLOCKPARADISE[1].TXT [ /TRACK.GRIDLOCKPARADISE ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@TRACK.EFFILIATION[2].TXT [ /TRACK.EFFILIATION ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@TRAFFICTRACK[2].TXT [ /TRAFFICTRACK ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@SPYLOG[2].TXT [ /SPYLOG ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@HITBOX[1].TXT [ /HITBOX ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ROTATOR.ADJUGGLER[2].TXT [ /ROTATOR.ADJUGGLER ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@VINVEST.122.2O7[1].TXT [ /VINVEST.122.2O7 ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ADSRV.ADMEDIATE[1].TXT [ /ADSRV.ADMEDIATE ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@CASALEMEDIA[3].TXT [ /CASALEMEDIA ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@API19.THETRAFFICSTAT[1].TXT [ /API19.THETRAFFICSTAT ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ADVIVA[2].TXT [ /ADVIVA ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@SMARTADSERVER[3].TXT [ /SMARTADSERVER ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@MYROITRACKING[2].TXT [ /MYROITRACKING ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ADS.ETELEON[2].TXT [ /ADS.ETELEON ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@API21.THETRAFFICSTAT[2].TXT [ /API21.THETRAFFICSTAT ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@API22.THETRAFFICSTAT[2].TXT [ /API22.THETRAFFICSTAT ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@QUESTIONMARKET[1].TXT [ /QUESTIONMARKET ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@CDN5.SPECIFICCLICK[1].TXT [ /CDN5.SPECIFICCLICK ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ZANOX-AFFILIATE[2].TXT [ /ZANOX-AFFILIATE ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ADS.247ACTIVEMEDIA[2].TXT [ /ADS.247ACTIVEMEDIA ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ADS.ADK2[1].TXT [ /ADS.ADK2 ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@FASTCLICK[2].TXT [ /FASTCLICK ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@DOUBLECLICK[1].TXT [ /DOUBLECLICK ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@CDN4.SPECIFICCLICK[2].TXT [ /CDN4.SPECIFICCLICK ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@BS.SERVING-SYS[1].TXT [ /BS.SERVING-SYS ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@SALES.LIVEPERSON[3].TXT [ /SALES.LIVEPERSON ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@CONTENT.YIELDMANAGER[5].TXT [ /CONTENT.YIELDMANAGER ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ADS.GLISPA[3].TXT [ /ADS.GLISPA ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ZANOX[1].TXT [ /ZANOX ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@IM.BANNER.T-ONLINE[2].TXT [ /IM.BANNER.T-ONLINE ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@REVSCI[2].TXT [ /REVSCI ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ADBRITE[2].TXT [ /ADBRITE ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@SPECIFICCLICK[1].TXT [ /SPECIFICCLICK ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@4STATS[2].TXT [ /4STATS ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@WWW.GOOGLEADSERVICES[4].TXT [ /WWW.GOOGLEADSERVICES ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@MSNACCOUNTSERVICES.112.2O7[1].TXT [ /MSNACCOUNTSERVICES.112.2O7 ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@AD2.ADFARM1.ADITION[1].TXT [ /AD2.ADFARM1.ADITION ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@AD.ADC-SERV[2].TXT [ /AD.ADC-SERV ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@AD.ADNET[2].TXT [ /AD.ADNET ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@VITAMINE.NETWORLDMEDIA[2].TXT [ /VITAMINE.NETWORLDMEDIA ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@IMRWORLDWIDE[3].TXT [ /IMRWORLDWIDE ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@API26.THETRAFFICSTAT[1].TXT [ /API26.THETRAFFICSTAT ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@MYLYRICSFINDER[2].TXT [ /MYLYRICSFINDER ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@MSNPORTAL.112.2O7[1].TXT [ /MSNPORTAL.112.2O7 ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ADVERTISING[2].TXT [ /ADVERTISING ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ADVERTISER.CONTEXTMATTERS[1].TXT [ /ADVERTISER.CONTEXTMATTERS ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@GOSTATS[1].TXT [ /GOSTATS ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@MM.CHITIKA[1].TXT [ /MM.CHITIKA ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@UK.AT.ATWOLA[1].TXT [ /UK.AT.ATWOLA ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@POINTROLL[2].TXT [ /POINTROLL ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ACCOUNT.LIVE[2].TXT [ /ACCOUNT.LIVE ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ADSERVER.S-NETWORK[1].TXT [ /ADSERVER.S-NETWORK ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@ADS.ECHONET[1].TXT [ /ADS.ECHONET ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@GOTACHA.ROTATOR.HADJ7.ADJUGGLER[1].TXT [ /GOTACHA.ROTATOR.HADJ7.ADJUGGLER ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MELANIE@STATS.CSITES[2].TXT [ /STATS.CSITES ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\MELANIE@ATDMT.COMBING[4].TXT [ /ATDMT.COMBING ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\MELANIE@TRADEDOUBLER[2].TXT [ /TRADEDOUBLER ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\MELANIE@BS.SERVING-SYS[3].TXT [ /BS.SERVING-SYS ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\MELANIE@ZEDO[2].TXT [ /ZEDO ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\MELANIE@SERVING-SYS[1].TXT [ /SERVING-SYS ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\MELANIE@ATDMT[1].TXT [ /ATDMT ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\MELANIE@APMEBF[1].TXT [ /APMEBF ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\MELANIE@DOUBLECLICK[3].TXT [ /DOUBLECLICK ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\MELANIE@SERVING-SYS[4].TXT [ /SERVING-SYS ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\MELANIE@AD.ZANOX[1].TXT [ /AD.ZANOX ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\MELANIE@ATDMT.COMBING[3].TXT [ /ATDMT.COMBING ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\MELANIE@APMEBF[2].TXT [ /APMEBF ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\MELANIE@SERVING-SYS[3].TXT [ /SERVING-SYS ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\MELANIE@C.ATDMT[2].TXT [ /C.ATDMT ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\MELANIE@MEDIAPLEX[2].TXT [ /MEDIAPLEX ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\MELANIE@ADFARM1.ADITION[1].TXT [ /ADFARM1.ADITION ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\MELANIE@MEDIAPLEX[1].TXT [ /MEDIAPLEX ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\MELANIE@ATDMT[2].TXT [ /ATDMT ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\MELANIE@BS.SERVING-SYS[2].TXT [ /BS.SERVING-SYS ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\MELANIE@ADTECH[1].TXT [ /ADTECH ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\MELANIE@DOUBLECLICK[1].TXT [ /DOUBLECLICK ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\MELANIE@BS.SERVING-SYS[1].TXT [ /BS.SERVING-SYS ]
        C:\USERS\MELANIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\MELANIE@ATDMT.COMBING[2].TXT [ /ATDMT.COMBING ]
        C:\USERS\SONJA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SONJA@BLUESTREAK[1].TXT [ /BLUESTREAK ]
        C:\USERS\SONJA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SONJA@UNITYMEDIA[1].TXT [ /UNITYMEDIA ]
        C:\USERS\SONJA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SONJA@TRACKING.QUISMA[1].TXT [ /TRACKING.QUISMA ]
        C:\USERS\SONJA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SONJA@AD.ZANOX[2].TXT [ /AD.ZANOX ]
        C:\USERS\SONJA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SONJA@WWW.GOOGLEADSERVICES[1].TXT [ /WWW.GOOGLEADSERVICES ]
        C:\USERS\SONJA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SONJA@TRACK.WEBTREKK[1].TXT [ /TRACK.WEBTREKK ]
        C:\USERS\SONJA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SONJA@EDSA.122.2O7[1].TXT [ /EDSA.122.2O7 ]
        C:\USERS\SONJA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SONJA@BS.SERVING-SYS[1].TXT [ /BS.SERVING-SYS ]
        C:\USERS\SONJA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SONJA@ATDMT[1].TXT [ /ATDMT ]
        C:\USERS\SONJA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SONJA@EHG-UPCCHELLOMEDIA.HITBOX[2].TXT [ /EHG-UPCCHELLOMEDIA.HITBOX ]
        C:\USERS\SONJA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SONJA@APMEBF[1].TXT [ /APMEBF ]
        C:\USERS\SONJA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SONJA@SERVING-SYS[2].TXT [ /SERVING-SYS ]
        C:\USERS\SONJA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SONJA@TRACKING.MLSAT02[1].TXT [ /TRACKING.MLSAT02 ]
        C:\USERS\SONJA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SONJA@TIMESOFINDIA.FEEDSPORTAL[1].TXT [ /TIMESOFINDIA.FEEDSPORTAL ]
        C:\USERS\SONJA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SONJA@DOUBLECLICK[1].TXT [ /DOUBLECLICK ]
        C:\USERS\SONJA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SONJA@TRADEDOUBLER[1].TXT [ /TRADEDOUBLER ]
        C:\USERS\SONJA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SONJA@ADFORM[1].TXT [ /ADFORM ]
        C:\USERS\SONJA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SONJA@WEBMASTERPLAN[1].TXT [ /WEBMASTERPLAN ]
        C:\USERS\SONJA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SONJA@ZANOX[1].TXT [ /ZANOX ]
        C:\USERS\SONJA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SONJA@ADFARM1.ADITION[2].TXT [ /ADFARM1.ADITION ]
        C:\USERS\SONJA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SONJA@ZEDO[2].TXT [ /ZEDO ]
        C:\USERS\SONJA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SONJA@WWW.ETRACKER[2].TXT [ /WWW.ETRACKER ]
        C:\USERS\SONJA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SONJA@TRACK.EFFILIATION[3].TXT [ /TRACK.EFFILIATION ]
        C:\USERS\SONJA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SONJA@TRACK.ADFORM[2].TXT [ /TRACK.ADFORM ]
        C:\USERS\SONJA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SONJA@MEDIAPLEX[1].TXT [ /MEDIAPLEX ]
        C:\USERS\SONJA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SONJA@ADTECH[1].TXT [ /ADTECH ]
        C:\USERS\SONJA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SONJA@HITBOX[1].TXT [ /HITBOX ]
        C:\USERS\SONJA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SONJA@SECMEDIA[1].TXT [ /SECMEDIA ]
        C:\USERS\SONJA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SONJA@TRACK.EFFILIATION[1].TXT [ /TRACK.EFFILIATION ]
        C:\USERS\SONJA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SONJA@MSNPORTAL.112.2O7[1].TXT [ /MSNPORTAL.112.2O7 ]
        C:\USERS\SONJA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SONJA@EAEACOM.112.2O7[1].TXT [ /EAEACOM.112.2O7 ]

Adware.Rogue-Installer
        D:\USERS\MARKUS\FAVORITES\MARKUS\MGV\HQTUBE.URL

Trojan.Agent/Gen-OnlineGames[Wilao]
        E:\DOKUMENTE\HEROLD-CD\MKCDLIZENZ.EXE
lg Don Camillo

cosinus 03.08.2012 09:15
Sry das ist ja nun wirklich nicht das MBAM Log was ich sehen wollte :pfeiff:


Code:
Adware.Rogue-Installer
        D:\USERS\MARKUS\FAVORITES\MARKUS\MGV\HQTUBE.URL

Trojan.Agent/Gen-OnlineGames[Wilao]
        E:\DOKUMENTE\HEROLD-CD\MKCDLIZENZ.EXE
Die Dateien sind dir bekannt?

Don_Camillo 03.08.2012 09:47
Ja sind mir bekannt. D ist ein Link zu einer Webseite und E ist die Exe-Datei eines von mir oft verwendeten Programms.

lg Don Camillo

cosinus 03.08.2012 18:49
Und was ist mit dem angeforderten Vollscan als Kontrolle von Malwarebytes?

Don_Camillo 04.08.2012 08:11
Hier ist das gewünschte Log:

Code:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.03.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Markus :: MARKUS-PC [Administrator]

Schutz: Aktiviert

03.08.2012 21:56:09
mbam-log-2012-08-04 (09-08-42).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|Q:\|Z:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 648799
Laufzeit: 3 Stunde(n), 33 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DD31495E-290C-41CF-8C66-7415383F82DE} (Trojan.Banker) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
D:\_OTL\MovedFiles\07282012_232032\D_Users\Markus\AppData\Roaming\AcroIEHelpe172.dll (Trojan.Agent) -> Keine Aktion durchgeführt.
D:\_OTL\MovedFiles\07282012_232032\D_Users\Markus\AppData\Roaming\09001.064\components\AcroFF064.dll (Trojan.Agent) -> Keine Aktion durchgeführt.
D:\_OTL\MovedFiles\07282012_232032\D_Users\Markus\AppData\Roaming\09001.065\components\AcroFF065.dll (Trojan.Agent) -> Keine Aktion durchgeführt.

(Ende)
lg Don Camillo

cosinus 04.08.2012 14:19
Ok, das sind nur isolierte Schädlinge, allerdings waren das Bankingtrojaner - macht ihr OnlineBanking mit diesem Rechner oder habt ihr es gemacht?

Don_Camillo 04.08.2012 15:28
Mit dem Rechner wird Online-Banking gemacht. Muss ich mir jetzt Sorgen machen?

lg Don Camillo

cosinus 04.08.2012 18:41
Ähm ja...sry das ich das jetzt erst sage
Weiterhin OnlineBanking zu betreiben ist ein Risiko, denn es gibt keine Garantie, dass der Bankingtrojaner komplett weg ist auch wenn die Logs alle nun ok sind. Banking auf eigenes Risiko oder ihr lasst es sein, zumindest unter Windows und macht Banking nur noch unter Linux - entweder parallel installiert oder per Live-Session hiermit => Sicheres Online-Banking mit Bankix | c't


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:25 Uhr.
Seite 3 von 3 12 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131