Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Polizei-Virus Österreich (https://www.trojaner-board.de/120718-polizei-virus-osterreich.html)

ph1979 29.07.2012 16:36

Polizei-Virus Österreich
 
Hallo,

habe mir den sog. "Polizei-Virus" (AT-Version) eingefangen und bitte um Hilfe bei der Beseitigung der schädlichen Software.

Habe mit Malwarebytes Anti-Malware wie beschrieben eine vollstädnigen Scan durchgeführt und anschließend lt. Anweisung einen System-Scan mit OTL durchgeführt. (2 Logfiles sind angehängt)

Hier das Ergebnis von Malwarebaytes:

Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.26.11

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Peter :: PETER-PC [Administrator]

Schutz: Deaktiviert

26.07.2012 12:37:08
mbam-log-2012-07-26 (12-37-08).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|L:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 1347617
Laufzeit: 3 Stunde(n), 47 Minute(n), 56 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Peter\AppData\Local\Temp\rty0_7z.exe (Spyware.Zbot.DG) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Herzliche Grüße

Peter

cosinus 30.07.2012 14:32

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

ph1979 30.07.2012 14:58

Nein, ich habe in der Vergangenheit noch nie mit Malwarebytes gescannt.

cosinus 30.07.2012 19:35

Führ bitte auch ESET aus, danach sehen wir weiter.

Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden.

ESET Online Scanner

Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen
  • Dein Anti-Virus-Programm während des Scans deaktivieren.

    Button http://img695.imageshack.us/img695/1599/eset1l.jpg (<< klick) drücken.
    • Firefox-User:
      Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User:
      müssen das Installieren eines ActiveX Elements erlauben.
  • Setze den einen Haken bei Yes, i accept the Terms of Use.
  • Drücke den http://img707.imageshack.us/img707/687/starteg.jpg Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Scan archives".
  • Gehe sicher das bei Remove Found Threats kein Hacken gesetzt ist.
  • http://img707.imageshack.us/img707/687/starteg.jpg drücken.
  • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde
  • Klicke Finish.
  • Browser schließen.
Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste und kopiere folgenden Text in das Ausführen Fenster.
Code:

"%PROGRAMFILES%\Eset\Eset Online Scanner\log.txt"
Hinweis: Falls du ein 64-Bit-Windows einsetzt, lautet der Pfad so:

Code:

"%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\log.txt"
Poste nun den Inhalt der log.txt.

ph1979 31.07.2012 08:07

Hallo Arne,

habe nun ESET ausgeführt. Noch ein Hinweis: Ich habe alle bisherigen Aktion im abgesicherten Modus ausgeführt.

Hier der Inhalt der log.txt nach dem Scan mit ESET:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=b10680bfa971ed4e809f39ab040126e7
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-31 02:20:05
# local_time=2012-07-31 04:20:05 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 3743424 3743424 0 0
# compatibility_mode=5893 16776574 100 94 34831260 95306379 0 0
# compatibility_mode=8192 67108863 100 0 200 200 0 0
# scanned=1392807
# found=21
# cleaned=0
# scan_time=24675
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10 a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.11 a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.12 a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.13 a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.14 a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.15 a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5 a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6 a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7 a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8 a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9 a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\pdfforge Toolbar\IE\6.1\pdfforgeToolbarIE.dll a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TV55X907\main[1].htm JS/Kryptik.SN trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\7f3b5be2-4fdd6b19 Java/Exploit.CVE-2012-0507.DG trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\Installer\26adc39.msi a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\Toolbar.exe Win32/Toolbar.AskSBar application (unable to clean) 00000000000000000000000000000000 I
C:\Windows.old\Users\Peter\Downloads\Nero_BackItUpAndBurn-1.2.17b.exe Win32/Toolbar.AskSBar application (unable to clean) 00000000000000000000000000000000 I
C:\Windows.old\Users\Peter\Lokale Einstellungen\Temp\NERO02000121\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\Toolbar.exe Win32/Toolbar.AskSBar application (unable to clean) 00000000000000000000000000000000 I

cosinus 31.07.2012 11:17

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

ph1979 31.07.2012 11:50

Hier der Inhalt der Logdatei von AdwCleaner:

# AdwCleaner v1.703 - Logfile created 07/31/2012 at 12:48:50
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Peter - PETER-PC
# Running from : C:\Users\Peter\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****

Found : Application Updater

***** [Files / Folders] *****

Folder Found : C:\Users\Peter\AppData\LocalLow\pdfforge
Folder Found : C:\Users\Peter\AppData\LocalLow\Search Settings
Folder Found : C:\Users\Peter\AppData\Roaming\pdfforge
Folder Found : C:\Program Files (x86)\Application Updater
Folder Found : C:\Program Files (x86)\pdfforge Toolbar
Folder Found : C:\Program Files (x86)\Common Files\spigot

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\pdfforge
Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\pdfforge
Key Found : HKCU\Software\Search Settings
Key Found : HKLM\SOFTWARE\Application Updater
Key Found : HKLM\SOFTWARE\pdfforge
Key Found : HKLM\SOFTWARE\Search Settings
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]
[x64] Key Found : HKCU\Software\AppDataLow\Software\pdfforge
[x64] Key Found : HKCU\Software\AppDataLow\Software\Search Settings
[x64] Key Found : HKCU\Software\pdfforge
[x64] Key Found : HKCU\Software\Search Settings

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B922D405-6D13-4A2B-AE89-08A030DA4402}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v10.0.2 (de)

Profile name : default
File : C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\rzbgw212.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v20.0.1132.57

File : C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2955 octets] - [31/07/2012 12:48:50]

########## EOF - C:\AdwCleaner[R1].txt - [3083 octets] ##########


Gruß,
Peter

cosinus 31.07.2012 13:42

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

ph1979 31.07.2012 17:55

Hier der Inhalt der Logdatei:

# AdwCleaner v1.703 - Logfile created 07/31/2012 at 17:45:30
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Peter - PETER-PC
# Running from : C:\Users\Peter\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : Application Updater

***** [Files / Folders] *****

Folder Deleted : C:\Users\Peter\AppData\LocalLow\pdfforge
Folder Deleted : C:\Users\Peter\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Peter\AppData\Roaming\pdfforge
Folder Deleted : C:\Program Files (x86)\Application Updater
Folder Deleted : C:\Program Files (x86)\pdfforge Toolbar
Folder Deleted : C:\Program Files (x86)\Common Files\spigot

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\pdfforge
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\pdfforge
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKLM\SOFTWARE\Application Updater
Key Deleted : HKLM\SOFTWARE\pdfforge
Key Deleted : HKLM\SOFTWARE\Search Settings
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B922D405-6D13-4A2B-AE89-08A030DA4402}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v10.0.2 (de)

Profile name : default
File : C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\rzbgw212.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v20.0.1132.57

File : C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3070 octets] - [31/07/2012 12:48:50]
AdwCleaner[S1].txt - [2481 octets] - [31/07/2012 17:45:30]

########## EOF - C:\AdwCleaner[S1].txt - [2609 octets] ##########

Gruß,
Peter

cosinus 01.08.2012 16:25

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

ph1979 01.08.2012 17:36

ad1) Auf den ersten Anschein schaut es danach aus, als ob Windows wieder normal läuft. Habe auch ein paar Programme testhalber gestartet (Outlook, Word, u.ä.) scheint alles zu funktionieren.
ad2) Im Startmenü scheint alles vorhanden zu sein. Unter alle Programme sind keine leeren Ordner vorhanden. --> Müsste also alles vorhanden sein.

Gruß,
Peter

cosinus 02.08.2012 14:28

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT


ph1979 02.08.2012 16:31

Anbei das Logfile:

OTL Logfile:
Code:

OTL logfile created on: 02.08.2012 15:50:56 - Run 2
OTL by OldTimer - Version 3.2.55.0    Folder = C:\Users\Peter\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
7,99 Gb Total Physical Memory | 6,17 Gb Available Physical Memory | 77,19% Memory free
15,98 Gb Paging File | 13,71 Gb Available in Paging File | 85,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916,44 Gb Total Space | 620,20 Gb Free Space | 67,67% Space Free | Partition Type: NTFS
Drive D: | 15,00 Gb Total Space | 8,32 Gb Free Space | 55,49% Space Free | Partition Type: NTFS
Drive L: | 335,27 Gb Total Space | 70,37 Gb Free Space | 20,99% Space Free | Partition Type: FAT32
 
Computer Name: PETER-PC | User Name: Peter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Peter\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
PRC - C:\Program Files (x86)\A-Trust GmbH\Bürgerkartensoftware\acSecurityLayer.exe (A-Trust GmbH)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\SysWOW64\cjpcsc.exe (REINER SCT)
PRC - C:\Program Files (x86)\A-Trust GmbH\a.sign Client\acLauncher.exe (A-Trust GmbH)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()
MOD - C:\Program Files (x86)\A-Trust GmbH\Bürgerkartensoftware\Xalan-C_1_10.dll ()
MOD - C:\Program Files (x86)\A-Trust GmbH\Bürgerkartensoftware\XalanMessages_1_10.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (Amsp) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe File not found
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (cjpcsc) -- C:\Windows\SysWOW64\cjpcsc.exe (REINER SCT)
SRV - (FLEXnet Licensing Service 64) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (RoxLiveShare10) -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (Sonic Solutions)
SRV - (RoxWatch10) -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe (Sonic Solutions)
SRV - (RoxMediaDB10) -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (tmcomm) -- C:\Windows\SysNative\drivers\tmcomm.sys (Trend Micro Inc.)
DRV:64bit: - (tmtdi) -- C:\Windows\SysNative\drivers\tmtdi.sys (Trend Micro Inc.)
DRV:64bit: - (tmactmon) -- C:\Windows\SysNative\drivers\tmactmon.sys (Trend Micro Inc.)
DRV:64bit: - (tmevtmgr) -- C:\Windows\SysNative\drivers\tmevtmgr.sys (Trend Micro Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (cjusb) -- C:\Windows\SysNative\drivers\cjusb.sys (REINER SCT)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (e1yexpress) -- C:\Windows\SysNative\drivers\e1y60x64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - ({1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl (Cyberlink Corp.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-424294854-814867122-1165020317-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.facebook.at/hxxp://www.tibs.at/ [binary data]
IE - HKU\S-1-5-21-424294854-814867122-1165020317-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.schule.at/
IE - HKU\S-1-5-21-424294854-814867122-1165020317-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-424294854-814867122-1165020317-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-424294854-814867122-1165020317-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 36 F4 96 8D B3 52 CB 01  [binary data]
IE - HKU\S-1-5-21-424294854-814867122-1165020317-1001\..\SearchScopes,DefaultScope = {D5CC1CE2-FCD9-4976-A7E9-A20AF4D3A046}
IE - HKU\S-1-5-21-424294854-814867122-1165020317-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-424294854-814867122-1165020317-1001\..\SearchScopes\{6E642548-D1E6-4150-BCCD-74D8ACAE2374}: "URL" = hxxp://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-424294854-814867122-1165020317-1001\..\SearchScopes\{D5CC1CE2-FCD9-4976-A7E9-A20AF4D3A046}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-424294854-814867122-1165020317-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-424294854-814867122-1165020317-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12"
FF - prefs.js..browser.startup.homepage: "https://portal.tirol.gv.at/login.show?cid=1&cmd=start"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
FF - prefs.js..keyword.URL: "hxxp://at.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Peter\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Peter\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\firefoxextension [2012.06.17 13:51:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ [2012.06.17 13:52:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.01 18:44:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.20 13:29:50 | 000,000,000 | ---D | M]
 
[2010.09.12 22:35:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter\AppData\Roaming\mozilla\Extensions
[2012.08.01 18:39:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\rzbgw212.default\extensions
[2012.03.05 14:47:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.06.17 13:51:54 | 000,000,000 | ---D | M] (Trend Micro BEP Firefox Extension) -- C:\PROGRAM FILES\TREND MICRO\AMSP\MODULE\20002\7.1.1102\7.1.1102\FIREFOXEXTENSION
[2012.01.16 18:36:38 | 000,089,806 | ---- | M] () (No name found) -- C:\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RZBGW212.DEFAULT\EXTENSIONS\{1156EFC8-E9C8-495B-BB8E-63FF5EA5E4F5}.XPI
[2012.07.03 11:44:08 | 000,340,198 | ---- | M] () (No name found) -- C:\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RZBGW212.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
[2012.08.01 18:44:42 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.24 15:21:03 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.08.01 18:44:41 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.01 18:44:41 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.08.01 18:44:41 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.01 18:44:41 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.01 18:44:41 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.01 18:44:41 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Peter\AppData\Local\Google\Chrome\Application\17.0.963.78\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Peter\AppData\Local\Google\Chrome\Application\17.0.963.78\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Peter\AppData\Local\Google\Chrome\Application\17.0.963.78\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Peter\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Programme\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Programme\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe64.dll (Trend Micro Inc.)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Programme\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Programme\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe (Sonic Solutions)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-424294854-814867122-1165020317-1001..\Run: [acSecurityLayer] C:\Program Files (x86)\A-Trust GmbH\Bürgerkartensoftware\acSecurityLayer.exe (A-Trust GmbH)
O4 - HKU\S-1-5-21-424294854-814867122-1165020317-1001..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
O4 - HKU\S-1-5-21-424294854-814867122-1165020317-1001..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-424294854-814867122-1165020317-1001..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-424294854-814867122-1165020317-1001..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-424294854-814867122-1165020317-1001\..Trusted Domains: transhimalaya-tours.at ([www.beta] http in Vertrauenswürdige Sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D11C6D3E-EB69-429D-8C0D-AFBF8D24C226}: NameServer = 195.3.96.67,213.33.98.136
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Programme\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe64.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Programme\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Programme\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Programme\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d5805d52-be9b-11df-9402-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d5805d52-be9b-11df-9402-806e6f6e6963}\Shell\AutoRun\command - "" = E:\.\windows\setup.exe .\windows
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {1FF69E3D-3197-6117-7D5A-223B0BF4BFFB} - Browser Customizations
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {37470525-88FB-EEB5-F82E-18233F9A2BB0} - Internet Explorer
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5DABD1FB-7123-EB72-77BD-C7498F92DC93} - Java (Sun)
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {BDCE67CD-83FE-6AB5-DA76-24DD598C64A4} - Microsoft Windows Media Player
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CB0DCC9E-051E-8315-8EC3-1C05C7F0B58E} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.02 15:49:25 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Peter\Desktop\OTL.exe
[2012.08.01 18:44:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.08.01 18:44:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.08.01 09:18:03 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\ElevatedDiagnostics
[2012.07.30 21:25:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.07.26 12:33:27 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\Malwarebytes
[2012.07.26 12:33:18 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.26 12:33:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.26 12:33:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.26 12:33:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.09 13:18:40 | 000,000,000 | ---D | C] -- C:\Users\Peter\Documents\Schwangerschaft
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.02 15:49:26 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Peter\Desktop\OTL.exe
[2012.08.02 15:39:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.02 15:36:05 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.02 15:36:05 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.02 15:28:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.02 15:28:41 | 2140,516,351 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.02 11:23:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-424294854-814867122-1165020317-1001UA.job
[2012.08.02 00:37:31 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-424294854-814867122-1165020317-1001Core.job
[2012.07.31 12:48:20 | 000,632,049 | ---- | M] () -- C:\Users\Peter\Desktop\adwcleaner.exe
[2012.07.26 12:33:19 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.26 00:06:50 | 004,503,728 | ---- | M] () -- C:\ProgramData\z7_0ytr.pad
[2012.07.12 21:07:42 | 000,002,401 | ---- | M] () -- C:\Users\Peter\Desktop\Google Chrome.lnk
[2012.07.12 20:46:00 | 000,665,670 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.12 20:46:00 | 000,627,552 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.12 20:46:00 | 000,133,882 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.12 20:46:00 | 000,110,272 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.12 20:45:58 | 001,530,146 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.12 10:12:51 | 000,529,184 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012.07.31 12:48:20 | 000,632,049 | ---- | C] () -- C:\Users\Peter\Desktop\adwcleaner.exe
[2012.07.26 12:33:19 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.25 10:14:28 | 004,503,728 | ---- | C] () -- C:\ProgramData\z7_0ytr.pad
[2012.01.16 16:15:05 | 000,000,396 | ---- | C] () -- C:\Windows\hbcikrnl.ini
[2012.01.16 16:14:58 | 000,167,936 | ---- | C] () -- C:\Windows\SysWow64\SerialXP.dll
[2012.01.16 16:14:58 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\win32com.dll
[2012.01.16 11:36:32 | 000,014,435 | ---- | C] () -- C:\Users\Peter\.recently-used.xbel
[2011.03.22 18:56:38 | 000,022,223 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2011.03.22 18:42:10 | 000,021,852 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\Kommagetrennte Werte (DOS).ADR
[2011.03.22 18:38:16 | 000,021,856 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2010.12.21 04:27:20 | 000,003,113 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.09.12 21:31:56 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== LOP Check ==========
 
[2012.01.16 17:37:36 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\A-Trust GmbH
[2011.06.27 22:03:23 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Amazon
[2011.03.09 17:17:04 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Autodesk
[2012.04.20 01:19:59 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\FileZilla
[2010.12.13 23:45:39 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\GetRightToGo
[2012.01.16 11:36:32 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\gtk-2.0
[2011.01.05 16:40:59 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\IrfanView
[2012.02.23 18:18:32 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Notepad++
[2011.11.19 10:59:03 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\TeamViewer
[2012.04.05 09:22:13 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.01.16 17:37:36 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\A-Trust GmbH
[2011.02.24 19:23:10 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Adobe
[2011.06.27 22:03:23 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Amazon
[2012.06.09 14:07:15 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Apple Computer
[2011.02.21 18:30:32 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\ATI
[2011.03.09 17:17:04 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Autodesk
[2012.04.20 01:19:59 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\FileZilla
[2010.12.13 23:45:39 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\GetRightToGo
[2011.12.14 19:27:12 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Google
[2012.01.16 11:36:32 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\gtk-2.0
[2010.09.13 19:45:40 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Identities
[2011.01.05 16:40:59 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\IrfanView
[2010.09.13 20:29:07 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Macromedia
[2012.07.26 12:33:27 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Malwarebytes
[2009.07.14 20:18:34 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Media Center Programs
[2012.02.20 12:22:34 | 000,000,000 | --SD | M] -- C:\Users\Peter\AppData\Roaming\Microsoft
[2010.09.12 22:35:57 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Mozilla
[2012.02.23 18:18:32 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Notepad++
[2011.09.23 08:52:30 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Roxio
[2011.05.10 23:04:51 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Roxio Log Files
[2011.11.19 10:59:03 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\TeamViewer
 
< %APPDATA%\*.exe /s >
[2011.05.10 23:07:54 | 000,010,134 | R--- | M] () -- C:\Users\Peter\AppData\Roaming\Microsoft\Installer\{02AD9D20-03D2-4DE0-8793-E8253026AD86}\ARPPRODUCTICON.exe
[2011.05.10 23:06:41 | 000,010,134 | R--- | M] () -- C:\Users\Peter\AppData\Roaming\Microsoft\Installer\{098122AB-C605-4853-B441-C0A4EB359B75}\ARPPRODUCTICON.exe
[2010.09.12 22:38:42 | 000,010,134 | R--- | M] () -- C:\Users\Peter\AppData\Roaming\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\ARPPRODUCTICON.exe
[2010.09.12 22:38:42 | 000,045,056 | R--- | M] (Macrovision Corporation) -- C:\Users\Peter\AppData\Roaming\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\NewShortcut1_42929F0FCE1447AF9FC7FF297A603021_1.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2006.11.02 14:03:16 | 000,062,056 | ---- | M] (Microsoft Corporation) MD5=5CCDD13BC602AE33CD8B62D33C29AB72 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_c41411ff\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
[2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows.old\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_986ce78a\AGP440.sys
[2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_eee87d92\AGP440.sys
[2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows.old\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows.old\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[2008.01.21 04:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_1d87dda2\atapi.sys
[2008.01.21 04:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows.old\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009.05.22 23:09:59 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=5EB9EF6EEC5D873E94992095A1719BF6 -- C:\Windows.old\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_39c3f1ccf31998cb\atapi.sys
[2006.11.02 14:01:02 | 000,020,072 | ---- | M] (Microsoft Corporation) MD5=DF96CF8885724430024B7522E5C95722 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_f8cccc79\atapi.sys
[2009.04.11 09:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_b6d20d6f\atapi.sys
[2009.04.11 09:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows.old\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
[2009.05.22 23:09:59 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=F988BB0690CD660318037908E9B8DBF7 -- C:\Windows.old\Windows\System32\drivers\atapi.sys
[2009.05.22 23:09:59 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=F988BB0690CD660318037908E9B8DBF7 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_2e70e17b\atapi.sys
[2009.05.22 23:09:59 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=F988BB0690CD660318037908E9B8DBF7 -- C:\Windows.old\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_393a5501d9fbf901\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows.old\Windows\System32\cngaudit.dll
[2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows.old\Windows\SysWOW64\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2008.07.20 17:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\Windows.old\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2008.09.28 10:22:14 | 000,402,456 | ---- | M] (Intel Corporation) MD5=FC28E90F2204D8FD147FA9BFA8A51C01 -- C:\Drivers\storage\R200390\IaStor.sys
[2008.07.20 17:44:54 | 000,402,456 | ---- | M] (Intel Corporation) MD5=FC28E90F2204D8FD147FA9BFA8A51C01 -- C:\Windows.old\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2008.09.28 10:22:14 | 000,402,456 | ---- | M] (Intel Corporation) MD5=FC28E90F2204D8FD147FA9BFA8A51C01 -- C:\Windows.old\Windows\System32\drivers\iaStor.sys
[2008.09.28 10:22:14 | 000,402,456 | ---- | M] (Intel Corporation) MD5=FC28E90F2204D8FD147FA9BFA8A51C01 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iaahci.inf_cb9ee48f\iaStor.sys
[2008.07.20 17:44:54 | 000,402,456 | ---- | M] (Intel Corporation) MD5=FC28E90F2204D8FD147FA9BFA8A51C01 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iastor.inf_a4e884f0\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2008.01.21 04:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows.old\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iastorv.inf_fbe95c71\iaStorV.sys
[2008.01.21 04:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows.old\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2006.11.02 13:51:48 | 000,280,680 | ---- | M] (Intel Corporation) MD5=72C3EE7EA3CD75A772E62AE0E5DF8B8C -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iastorv.inf_69d79584\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.01.21 04:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows.old\Windows\SysWOW64\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009.04.11 09:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows.old\Windows\System32\netlogon.dll
[2009.04.11 09:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008.01.21 04:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2006.11.02 14:02:51 | 000,048,232 | ---- | M] (NVIDIA Corporation) MD5=94C5334040A5D500897F4C5FD12AEEDE -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_a5403adf\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
[2008.01.21 04:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows.old\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_63cdbcfd\nvstor.sys
[2008.01.21 04:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows.old\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2008.01.21 04:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008.01.21 04:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows.old\Windows\SysWOW64\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009.04.11 09:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows.old\Windows\System32\scecli.dll
[2009.04.11 09:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 04:48:29 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=32B87D215905F648EBE36A621978442C -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll
[2008.01.21 04:49:14 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.04.11 08:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows.old\Windows\SysWOW64\user32.dll
[2009.04.11 08:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2009.04.11 09:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=F3F5549E69AE8509342E67E4F972CA1C -- C:\Windows.old\Windows\System32\user32.dll
[2009.04.11 09:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=F3F5549E69AE8509342E67E4F972CA1C -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows.old\Windows\SysWOW64\userinit.exe
[2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2008.01.21 04:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows.old\Windows\System32\userinit.exe
[2008.01.21 04:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows.old\Windows\SysWOW64\wininit.exe
[2008.01.21 04:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.21 04:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows.old\Windows\System32\wininit.exe
[2008.01.21 04:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows.old\Windows\System32\winlogon.exe
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008.01.21 04:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows.old\Windows\SysWOW64\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2008.01.21 04:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
[2008.01.21 04:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows.old\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >

--- --- ---

[/code]

cosinus 03.08.2012 15:32

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
FF - prefs.js..keyword.URL: "http://at.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p="
FF - user.js - File not found
O4 - HKLM..\Run: []  File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d5805d52-be9b-11df-9402-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d5805d52-be9b-11df-9402-806e6f6e6963}\Shell\AutoRun\command - "" = E:\.\windows\setup.exe .\windows
:Files
C:\ProgramData\*.pad
C:\Program Files (x86)\Common Files\Spigot
C:\Program Files (x86)\PDFCreator\Toolbar
C:\Program Files (x86)\pdfforge Toolbar
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache
C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5
C:\Windows.old\Users\Peter\AppData\Local\Temp
C:\Windows.old\Users\Peter\Downloads\Nero_BackItUpAndBurn-1.2.17b.exe
C:\Windows.old\Users\Peter\Lokale Einstellungen\Temp
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

ph1979 04.08.2012 12:06

Hier das Logfile nach dem OTL-Fix:
Code:

All processes killed
========== OTL ==========
Prefs.js: pdfforge@mybrowserbar.com:4.3 removed from extensions.enabledItems
Prefs.js: wtxpcom@mybrowserbar.com:4.3 removed from extensions.enabledItems
Prefs.js: "hxxp://at.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=" removed from keyword.URL
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d5805d52-be9b-11df-9402-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d5805d52-be9b-11df-9402-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d5805d52-be9b-11df-9402-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d5805d52-be9b-11df-9402-806e6f6e6963}\ not found.
File E:\.\windows\setup.exe .\windows not found.
========== FILES ==========
C:\ProgramData\z7_0ytr.pad moved successfully.
File\Folder C:\Program Files (x86)\Common Files\Spigot not found.
C:\Program Files (x86)\PDFCreator\Toolbar folder moved successfully.
File\Folder C:\Program Files (x86)\pdfforge Toolbar not found.
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WUIRLBU8 folder moved successfully.
C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WFNFNJXI folder moved successfully.
C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WALFOCV9 folder moved successfully.
C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VLVSABVP folder moved successfully.
C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UA3Y5U19 folder moved successfully.
C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TV55X907 folder moved successfully.
C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T0PGFNV0 folder moved successfully.
C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SVEVCVSF folder moved successfully.
C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SKX921AA folder moved successfully.
C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QLVHARPT folder moved successfully.
C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NU1VBQUE folder moved successfully.
C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NEWNIOID folder moved successfully.
C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KPD0004H folder moved successfully.
C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KKUZHG1F folder moved successfully.
C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JN2FCPI4 folder moved successfully.
C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HINK5RVY folder moved successfully.
C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HDZYK6V3 folder moved successfully.
C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GKX558VT folder moved successfully.
C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G4PU226H folder moved successfully.
C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EY4A4F7W folder moved successfully.
C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ETSOO82G folder moved successfully.
C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9WNAJWVK folder moved successfully.
C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9JVS0VSS folder moved successfully.
C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\64NQDE9A folder moved successfully.
C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5K1WCEZZ folder moved successfully.
C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4IFB5SP7 folder moved successfully.
C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3O76PVP1 folder moved successfully.
C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3J019SG7 folder moved successfully.
C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2HHMIW1U folder moved successfully.
C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0Z67ZA9T folder moved successfully.
C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\03KKVPUH folder moved successfully.
C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\~nsu.tmp folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\{de85e68b-6394-4821-ac45-81c062cf750d} folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\{D5878294-C113-43c5-A24F-FC333C52015A} folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\{CF5C7154-98F4-4D44-A58C-8BC19751CCCC}_927 folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\{CF5C7154-98F4-4D44-A58C-8BC19751CCCC}_745 folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\{CF5C7154-98F4-4D44-A58C-8BC19751CCCC}_710 folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\{c677818c-1e0b-4ca0-aa0c-9b1c495c56ff} folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\{7b84793c-29c3-4e36-83cd-d957083e3c1b} folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\WuaDiagnostics folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\WPDNSE folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\webupdate\Content folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\webupdate folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\VBE folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\Temporary Internet Files\Content.IE5\S7CI3T9N folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\Temporary Internet Files\Content.IE5\NA3IY4J7 folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ECZGMNP0 folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\Temporary Internet Files\Content.IE5\7RVVSVTK folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\Temporary Internet Files\Content.IE5 folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\Temporary Internet Files folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\Temp1_documentation-2.3.3-pdf.zip folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\Temp1_51_dc[1].zip folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\Temp1_212-dc[1].zip folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\TCD5D2.tmp folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\TCD38DF.tmp folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\TCD2A02.tmp folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\PXDF75.tmp folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\Outlook-Protokoll folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\outlook logging folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NSU_206db44831e7437717dba0 folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\nro.log\log folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\nro.log folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\Nokia Remote Data Store\352014042692793-mtp\Files folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\Nokia Remote Data Store\352014042692793-mtp\DataBase folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\Nokia Remote Data Store\352014042692793-mtp folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\Nokia Remote Data Store folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\Nokia Ovi Suite Thumbnail Cache folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\Nokia Ovi Share Cache\p.haupt folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\Nokia Ovi Share Cache folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\Nokia Nseries Update Manager\vcredist2008sp1x86 folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\Nokia Nseries Update Manager\pc-connectivity-solution folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\Nokia Nseries Update Manager\nokia-music-euphoria folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\Nokia Nseries Update Manager\n-cable-driver folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\Nokia Nseries Update Manager\mplatform24 folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\Nokia Nseries Update Manager folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\Nokia Communication Centre - Messages folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NGLATempNokia folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO1005441\unit_tpi_windows-installer-3.1 folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO1005441\unit_tpi_vcredist-x86-2005_KB973544 folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO1005441\unit_tpi_NeroProductPatcher_85531 folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO1005441\unit_tpi_msxml-4 folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO1005441\unit_tpi_lightscribe folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO1005441\unit_tpi_imagxpress-7.0.74.0 folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO1005441\unit_tpi_dotnet-3.0-x86 folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO1005441\unit_tpi_dotnet-3.0-x64 folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO1005441\unit_tpi_directx-9c-redist-d3dx9-30 folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO1005441\unit_tpi_directx-9c-redist folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO1005441\unit_app_75 folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO1005441\unit_app_69 folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO1005441\unit_app_68 folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO1005441\unit_app_67 folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO1005441\unit_app_66 folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO1005441\unit_app_65 folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO1005441\unit_app_64 folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO1005441\unit_app_63 folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO1005441\unit_app_62 folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO1005441\unit_app_61 folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO1005441\unit_app_6 folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO1005441\unit_app_57 folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO1005441\unit_app_50 folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO1005441\unit_app_5 folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO1005441\unit_app_4 folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO1005441\unit_app_30 folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO1005441\unit_app_22 folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO1005441\unit_app_21 folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO1005441\unit_app_20 folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO1005441\unit_app_19 folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO1005441\unit_app_17 folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO1005441\unit_app_16 folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO1005441\unit_app_15 folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO1005441\unit_app_14 folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO1005441\unit_app_13 folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO1005441\unit_app_12 folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO1005441\unit_app_10 folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO1005441 folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\rescueagent\program files\Nero\Nero BackItUp & Burn\Nero RescueAgent folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\rescueagent\program files\Nero\Nero BackItUp & Burn folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\rescueagent\program files\Nero folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\rescueagent\program files folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\rescueagent folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\ISSetupPrerequisites\{F7788C70-253F-42BE-9853-59D90A0CE4C6} folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\ISSetupPrerequisites\{C597C3FC-2110-451E-832E-9352964E56F9} folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB} folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\ISSetupPrerequisites\{a0f7f2eb-ed14-4351-a30e-ef802db4b38f} folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\ISSetupPrerequisites\{8D7309F4-C4B6-4408-8DA9-D3B0E7987822} folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\ISSetupPrerequisites\{6BD3444F-03E6-4E21-BAD0-50E6A5820433} folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\ISSetupPrerequisites\{5CCCB5E2-D83C-42AD-B8BA-6C073D804247} folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\ISSetupPrerequisites\{2AE04573-CA1C-46BC-8430-E226B823BB8C} folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\ISSetupPrerequisites\{22aa129a-8e5d-45ae-a3e4-d110703ef141} folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\ISSetupPrerequisites\{0BAA2166-9896-491F-B078-56AF98EC7051} folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\ISSetupPrerequisites\{074EE22F-2485-4FED-83D1-AAC36C3D9ED0} folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\ISSetupPrerequisites folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\express\program files\Nero\Nero BackItUp & Burn\Nero Express\SMC\plug-ins folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\express\program files\Nero\Nero BackItUp & Burn\Nero Express\SMC folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\express\program files\Nero\Nero BackItUp & Burn\Nero Express\SecurDisc folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\express\program files\Nero\Nero BackItUp & Burn\Nero Express\PTT folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\express\program files\Nero\Nero BackItUp & Burn\Nero Express\OnlineServices folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\express\program files\Nero\Nero BackItUp & Burn\Nero Express\NScCoreComponents folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\express\program files\Nero\Nero BackItUp & Burn\Nero Express\NFD folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\express\program files\Nero\Nero BackItUp & Burn\Nero Express\Nero.NeDiscRecog folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\express\program files\Nero\Nero BackItUp & Burn\Nero Express\Nero.NeDiscManager folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\express\program files\Nero\Nero BackItUp & Burn\Nero Express\Nero.HttpManager folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\express\program files\Nero\Nero BackItUp & Burn\Nero Express\Nero.DiscNavVcd folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\express\program files\Nero\Nero BackItUp & Burn\Nero Express\Nero.DiscNavDvd folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\express\program files\Nero\Nero BackItUp & Burn\Nero Express\Nero.DiscNavBD folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\express\program files\Nero\Nero BackItUp & Burn\Nero Express\Nero.BDThumbnail folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\express\program files\Nero\Nero BackItUp & Burn\Nero Express\Nero.BDGraphic folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\express\program files\Nero\Nero BackItUp & Burn\Nero Express\AudioPluginMgr folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\express\program files\Nero\Nero BackItUp & Burn\Nero Express folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\express\program files\Nero\Nero BackItUp & Burn folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\express\program files\Nero folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\express\program files folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\express\CommonAppData\Nero\OnlineServices\PushMarketingFeeds folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\express\CommonAppData\Nero\OnlineServices\NOSWebConfig\YouTube folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\express\CommonAppData\Nero\OnlineServices\NOSWebConfig\MySpace folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\express\CommonAppData\Nero\OnlineServices\NOSWebConfig\MyNero folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\express\CommonAppData\Nero\OnlineServices\NOSWebConfig folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\express\CommonAppData\Nero\OnlineServices\MetaData folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\express\CommonAppData\Nero\OnlineServices folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\express\CommonAppData\Nero folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\express\CommonAppData folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\express\Common\Nero\SMC folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\express\Common\Nero folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\express\Common folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\express folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\CommonAppData\Nero\OnlineServices folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\CommonAppData\Nero\Nero Container folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\CommonAppData\Nero folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\CommonAppData folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\Common\Nero\AdvrCntr4 folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\Common\Nero folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\Common folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\burnrights\program files\Nero\Nero BackItUp & Burn\Nero BurnRights folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\burnrights\program files\Nero\Nero BackItUp & Burn folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\burnrights\program files\Nero folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\burnrights\program files folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\burnrights folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\backitup\System32 folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\backitup\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\zh-TW folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\backitup\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\zh-CN folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\backitup\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\vc_x86\Microsoft.VC80.MFC folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\backitup\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\vc_x86\Microsoft.VC80.CRT folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\backitup\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\vc_x86 folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\backitup\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\tr-TR folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\backitup\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\th-TH folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\backitup\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\sv-SE folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\backitup\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\ru-RU folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\backitup\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\pt-BR folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\backitup\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\pl-PL folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\backitup\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\nl-NL folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\backitup\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\NeroAPIFiles folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\backitup\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\NCBUI folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\backitup\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\nb-NO folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\backitup\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\ko-KR folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\backitup\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\ja-JP folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\backitup\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\it-IT folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\backitup\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\hu-HU folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\backitup\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\fr-FR folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\backitup\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\fi-FI folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\backitup\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\es-ES folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\backitup\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\es-CL folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\backitup\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\el-GR folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\backitup\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\de-DE folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\backitup\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\da-DK folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\backitup\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\cs-CZ folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\backitup\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\BackItUp_ImageTool folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\backitup\program files\Nero\Nero BackItUp & Burn\Nero BackItUp folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\backitup\program files\Nero\Nero BackItUp & Burn folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\backitup\program files\Nero folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\backitup\program files folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121\backitup folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\NERO02000121 folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\nCommsTempNokia folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\msohtmlclip1\01 folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\msohtmlclip1 folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\msohtmlclip folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\MessengerCache folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\Low\Windows Live Toolbar folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\YGNGWP3Q folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\NQWCFNSD folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\KIBQJFB9 folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CTOUJ2TZ folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\Low\Temporary Internet Files folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\Low\Low\WindowsUpdate folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\Low\Low folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\Low\ImageUploader_Temp folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\Low\hsperfdata_Peter folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\Low\History\History.IE5 folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\Low\History folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\Low\Cookies folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\Low\Adobe\Acrobat\9.0 folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\Low\Adobe\Acrobat folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\Low\Adobe folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\Low folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\itsr2_download folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\hsperfdata_Peter folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\History\History.IE5 folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\History folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\Excel8.0 folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\E917.dir folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\download_temp folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\Deployment folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\D39B4B65_3692_4292_833F_2C81D15845EB folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\Cookies folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\Adobe\Acrobat\9.0 folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\Adobe\Acrobat folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\Adobe folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\abt29892 folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\7zSE29B.tmp\Resources folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\7zSE29B.tmp\EULA folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\7zSE29B.tmp folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp\3j21rvb9.tmp folder moved successfully.
C:\Windows.old\Users\Peter\AppData\Local\Temp folder moved successfully.
C:\Windows.old\Users\Peter\Downloads\Nero_BackItUpAndBurn-1.2.17b.exe moved successfully.
File\Folder C:\Windows.old\Users\Peter\Lokale Einstellungen\Temp not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Peter
->Temp folder emptied: 10551113869 bytes
->Temporary Internet Files folder emptied: 258982922 bytes
->FireFox cache emptied: 102191821 bytes
->Google Chrome cache emptied: 16509673 bytes
->Flash cache emptied: 11993 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 294786319 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 10.704,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Peter
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.55.0 log created on 08042012_115704

Files\Folders moved on Reboot...
C:\Users\Peter\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\Peter\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

Gruß,
Peter

cosinus 04.08.2012 17:48

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

ph1979 04.08.2012 18:15

Anbei der Report:
Code:

19:09:45.0943 5432        TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
19:09:46.0427 5432        ============================================================
19:09:46.0427 5432        Current date / time: 2012/08/04 19:09:46.0427
19:09:46.0427 5432        SystemInfo:
19:09:46.0427 5432       
19:09:46.0442 5432        OS Version: 6.1.7601 ServicePack: 1.0
19:09:46.0442 5432        Product type: Workstation
19:09:46.0442 5432        ComputerName: PETER-PC
19:09:46.0442 5432        UserName: Peter
19:09:46.0442 5432        Windows directory: C:\Windows
19:09:46.0442 5432        System windows directory: C:\Windows
19:09:46.0442 5432        Running under WOW64
19:09:46.0442 5432        Processor architecture: Intel x64
19:09:46.0442 5432        Number of processors: 8
19:09:46.0442 5432        Page size: 0x1000
19:09:46.0442 5432        Boot type: Normal boot
19:09:46.0442 5432        ============================================================
19:09:47.0269 5432        Drive \Device\Harddisk0\DR0 - Size: 0xE8E1300000 (931.52 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:09:47.0285 5432        Drive \Device\Harddisk1\DR1 - Size: 0x53D67B6000 (335.35 Gb), SectorSize: 0x200, Cylinders: 0xAB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:09:47.0332 5432        ============================================================
19:09:47.0332 5432        \Device\Harddisk0\DR0:
19:09:47.0332 5432        MBR partitions:
19:09:47.0332 5432        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x27800, BlocksNum 0x1E00000
19:09:47.0332 5432        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E27800, BlocksNum 0x728E1800
19:09:47.0332 5432        \Device\Harddisk1\DR1:
19:09:47.0347 5432        MBR partitions:
19:09:47.0347 5432        \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x29EB2982
19:09:47.0347 5432        ============================================================
19:09:47.0363 5432        C: <-> \Device\Harddisk0\DR0\Partition1
19:09:47.0394 5432        D: <-> \Device\Harddisk0\DR0\Partition0
19:09:47.0394 5432        L: <-> \Device\Harddisk1\DR1\Partition0
19:09:47.0394 5432        ============================================================
19:09:47.0394 5432        Initialize success
19:09:47.0394 5432        ============================================================
19:12:47.0422 1384        ============================================================
19:12:47.0422 1384        Scan started
19:12:47.0422 1384        Mode: Manual; SigCheck; TDLFS;
19:12:47.0422 1384        ============================================================
19:12:48.0841 1384        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
19:12:48.0935 1384        1394ohci - ok
19:12:48.0997 1384        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:12:49.0013 1384        ACPI - ok
19:12:49.0060 1384        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:12:49.0091 1384        AcpiPmi - ok
19:12:49.0262 1384        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:12:49.0262 1384        AdobeARMservice - ok
19:12:49.0434 1384        AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:12:49.0450 1384        AdobeFlashPlayerUpdateSvc - ok
19:12:49.0543 1384        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:12:49.0574 1384        adp94xx - ok
19:12:49.0637 1384        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:12:49.0652 1384        adpahci - ok
19:12:49.0699 1384        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:12:49.0715 1384        adpu320 - ok
19:12:49.0746 1384        AeLookupSvc    (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
19:12:49.0793 1384        AeLookupSvc - ok
19:12:49.0871 1384        AFD            (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
19:12:49.0902 1384        AFD - ok
19:12:49.0933 1384        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:12:49.0933 1384        agp440 - ok
19:12:49.0980 1384        ALG            (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
19:12:49.0996 1384        ALG - ok
19:12:50.0011 1384        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:12:50.0027 1384        aliide - ok
19:12:50.0105 1384        AMD External Events Utility (5eba5e837d6635aea999bae47e186c6f) C:\Windows\system32\atiesrxx.exe
19:12:50.0120 1384        AMD External Events Utility - ok
19:12:50.0136 1384        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:12:50.0152 1384        amdide - ok
19:12:50.0167 1384        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:12:50.0214 1384        AmdK8 - ok
19:12:50.0838 1384        amdkmdag        (dcc8177244fe79c61c4e73c65e63922a) C:\Windows\system32\DRIVERS\atikmdag.sys
19:12:51.0025 1384        amdkmdag - ok
19:12:51.0212 1384        amdkmdap        (7fe67d107329dc2cf89136a8e19bceb7) C:\Windows\system32\DRIVERS\atikmpag.sys
19:12:51.0228 1384        amdkmdap - ok
19:12:51.0275 1384        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:12:51.0290 1384        AmdPPM - ok
19:12:51.0337 1384        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
19:12:51.0353 1384        amdsata - ok
19:12:51.0415 1384        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:12:51.0431 1384        amdsbs - ok
19:12:51.0446 1384        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
19:12:51.0462 1384        amdxata - ok
19:12:51.0634 1384        Amsp            (1b7d1f0a0dfadbc797c16364792a7aa5) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
19:12:51.0649 1384        Amsp - ok
19:12:51.0712 1384        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:12:51.0743 1384        AppID - ok
19:12:51.0774 1384        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
19:12:51.0805 1384        AppIDSvc - ok
19:12:51.0852 1384        Appinfo        (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
19:12:51.0899 1384        Appinfo - ok
19:12:52.0024 1384        Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:12:52.0039 1384        Apple Mobile Device - ok
19:12:52.0102 1384        AppMgmt        (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
19:12:52.0133 1384        AppMgmt - ok
19:12:52.0180 1384        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:12:52.0195 1384        arc - ok
19:12:52.0226 1384        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:12:52.0242 1384        arcsas - ok
19:12:52.0258 1384        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:12:52.0304 1384        AsyncMac - ok
19:12:52.0351 1384        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:12:52.0367 1384        atapi - ok
19:12:52.0429 1384        AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
19:12:52.0429 1384        AtiHDAudioService - ok
19:12:53.0022 1384        atikmdag        (dcc8177244fe79c61c4e73c65e63922a) C:\Windows\system32\DRIVERS\atikmdag.sys
19:12:53.0100 1384        atikmdag - ok
19:12:53.0303 1384        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:12:53.0350 1384        AudioEndpointBuilder - ok
19:12:53.0350 1384        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:12:53.0381 1384        AudioSrv - ok
19:12:53.0443 1384        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
19:12:53.0459 1384        AxInstSV - ok
19:12:53.0568 1384        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:12:53.0615 1384        b06bdrv - ok
19:12:53.0708 1384        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:12:53.0724 1384        b57nd60a - ok
19:12:53.0771 1384        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
19:12:53.0802 1384        BDESVC - ok
19:12:53.0864 1384        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:12:53.0896 1384        Beep - ok
19:12:53.0989 1384        BFE            (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
19:12:54.0036 1384        BFE - ok
19:12:54.0114 1384        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
19:12:54.0161 1384        BITS - ok
19:12:54.0208 1384        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:12:54.0223 1384        blbdrive - ok
19:12:54.0364 1384        Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
19:12:54.0379 1384        Bonjour Service - ok
19:12:54.0426 1384        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:12:54.0457 1384        bowser - ok
19:12:54.0473 1384        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:12:54.0520 1384        BrFiltLo - ok
19:12:54.0520 1384        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:12:54.0551 1384        BrFiltUp - ok
19:12:54.0613 1384        Browser        (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
19:12:54.0660 1384        Browser - ok
19:12:54.0707 1384        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:12:54.0769 1384        Brserid - ok
19:12:54.0785 1384        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:12:54.0800 1384        BrSerWdm - ok
19:12:54.0816 1384        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:12:54.0847 1384        BrUsbMdm - ok
19:12:54.0847 1384        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:12:54.0863 1384        BrUsbSer - ok
19:12:54.0894 1384        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:12:54.0910 1384        BTHMODEM - ok
19:12:54.0941 1384        bthserv        (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
19:12:54.0988 1384        bthserv - ok
19:12:55.0034 1384        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:12:55.0050 1384        cdfs - ok
19:12:55.0128 1384        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
19:12:55.0144 1384        cdrom - ok
19:12:55.0175 1384        CertPropSvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:12:55.0222 1384        CertPropSvc - ok
19:12:55.0237 1384        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:12:55.0253 1384        circlass - ok
19:12:55.0456 1384        cjpcsc          (8fee4423d682394eb436c975d0a3a994) C:\Windows\SysWOW64\cjpcsc.exe
19:12:55.0471 1384        cjpcsc - ok
19:12:55.0518 1384        cjusb          (06e1f5228399fc49a8d026da38db6784) C:\Windows\system32\DRIVERS\cjusb.sys
19:12:55.0534 1384        cjusb - ok
19:12:55.0596 1384        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:12:55.0612 1384        CLFS - ok
19:12:55.0705 1384        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:12:55.0721 1384        clr_optimization_v2.0.50727_32 - ok
19:12:55.0799 1384        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:12:55.0814 1384        clr_optimization_v2.0.50727_64 - ok
19:12:55.0892 1384        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:12:55.0908 1384        clr_optimization_v4.0.30319_32 - ok
19:12:55.0939 1384        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:12:55.0955 1384        clr_optimization_v4.0.30319_64 - ok
19:12:56.0002 1384        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:12:56.0017 1384        CmBatt - ok
19:12:56.0064 1384        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
19:12:56.0080 1384        cmdide - ok
19:12:56.0189 1384        CNG            (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
19:12:56.0220 1384        CNG - ok
19:12:56.0236 1384        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:12:56.0236 1384        Compbatt - ok
19:12:56.0267 1384        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
19:12:56.0282 1384        CompositeBus - ok
19:12:56.0298 1384        COMSysApp - ok
19:12:56.0314 1384        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:12:56.0329 1384        crcdisk - ok
19:12:56.0392 1384        CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
19:12:56.0407 1384        CryptSvc - ok
19:12:56.0485 1384        CSC            (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
19:12:56.0516 1384        CSC - ok
19:12:56.0594 1384        CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
19:12:56.0626 1384        CscService - ok
19:12:56.0672 1384        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:12:56.0704 1384        DcomLaunch - ok
19:12:56.0766 1384        defragsvc      (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
19:12:56.0813 1384        defragsvc - ok
19:12:56.0906 1384        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
19:12:56.0938 1384        DfsC - ok
19:12:56.0984 1384        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
19:12:57.0031 1384        Dhcp - ok
19:12:57.0078 1384        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:12:57.0094 1384        discache - ok
19:12:57.0109 1384        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:12:57.0125 1384        Disk - ok
19:12:57.0172 1384        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
19:12:57.0203 1384        Dnscache - ok
19:12:57.0250 1384        dot3svc        (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
19:12:57.0281 1384        dot3svc - ok
19:12:57.0328 1384        DPS            (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
19:12:57.0374 1384        DPS - ok
19:12:57.0406 1384        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:12:57.0437 1384        drmkaud - ok
19:12:57.0530 1384        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
19:12:57.0562 1384        DXGKrnl - ok
19:12:57.0624 1384        e1yexpress      (50ad8fc1dc800ff36087994c8f7fdff2) C:\Windows\system32\DRIVERS\e1y60x64.sys
19:12:57.0655 1384        e1yexpress - ok
19:12:57.0702 1384        EapHost        (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
19:12:57.0749 1384        EapHost - ok
19:12:57.0983 1384        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:12:58.0076 1384        ebdrv - ok
19:12:58.0217 1384        EFS            (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
19:12:58.0232 1384        EFS - ok
19:12:58.0342 1384        ehRecvr        (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
19:12:58.0404 1384        ehRecvr - ok
19:12:58.0435 1384        ehSched        (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
19:12:58.0451 1384        ehSched - ok
19:12:58.0544 1384        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:12:58.0576 1384        elxstor - ok
19:12:58.0591 1384        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
19:12:58.0607 1384        ErrDev - ok
19:12:58.0669 1384        EventSystem    (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
19:12:58.0716 1384        EventSystem - ok
19:12:58.0763 1384        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:12:58.0810 1384        exfat - ok
19:12:58.0856 1384        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:12:58.0888 1384        fastfat - ok
19:12:58.0981 1384        Fax            (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
19:12:59.0012 1384        Fax - ok
19:12:59.0059 1384        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:12:59.0075 1384        fdc - ok
19:12:59.0122 1384        fdPHost        (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
19:12:59.0153 1384        fdPHost - ok
19:12:59.0168 1384        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
19:12:59.0200 1384        FDResPub - ok
19:12:59.0215 1384        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:12:59.0231 1384        FileInfo - ok
19:12:59.0246 1384        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:12:59.0278 1384        Filetrace - ok
19:12:59.0465 1384        FLEXnet Licensing Service 64 (a4297244d4f817278a6ae45b1899ca9c) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
19:12:59.0496 1384        FLEXnet Licensing Service 64 - ok
19:12:59.0636 1384        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:12:59.0636 1384        flpydisk - ok
19:12:59.0699 1384        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
19:12:59.0714 1384        FltMgr - ok
19:12:59.0824 1384        FontCache      (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
19:12:59.0855 1384        FontCache - ok
19:12:59.0980 1384        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:12:59.0995 1384        FontCache3.0.0.0 - ok
19:13:00.0026 1384        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:13:00.0042 1384        FsDepends - ok
19:13:00.0089 1384        Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
19:13:00.0089 1384        Fs_Rec - ok
19:13:00.0198 1384        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:13:00.0214 1384        fvevol - ok
19:13:00.0260 1384        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:13:00.0276 1384        gagp30kx - ok
19:13:00.0338 1384        GEARAspiWDM    (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:13:00.0354 1384        GEARAspiWDM - ok
19:13:00.0448 1384        gpsvc          (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
19:13:00.0494 1384        gpsvc - ok
19:13:00.0510 1384        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:13:00.0526 1384        hcw85cir - ok
19:13:00.0588 1384        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
19:13:00.0619 1384        HdAudAddService - ok
19:13:00.0682 1384        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
19:13:00.0697 1384        HDAudBus - ok
19:13:00.0728 1384        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:13:00.0744 1384        HidBatt - ok
19:13:00.0775 1384        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:13:00.0791 1384        HidBth - ok
19:13:00.0822 1384        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:13:00.0838 1384        HidIr - ok
19:13:00.0869 1384        hidserv        (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
19:13:00.0900 1384        hidserv - ok
19:13:00.0947 1384        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
19:13:00.0947 1384        HidUsb - ok
19:13:01.0009 1384        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
19:13:01.0056 1384        hkmsvc - ok
19:13:01.0118 1384        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
19:13:01.0150 1384        HomeGroupListener - ok
19:13:01.0196 1384        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
19:13:01.0212 1384        HomeGroupProvider - ok
19:13:01.0243 1384        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
19:13:01.0259 1384        HpSAMD - ok
19:13:01.0337 1384        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
19:13:01.0384 1384        HTTP - ok
19:13:01.0415 1384        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
19:13:01.0430 1384        hwpolicy - ok
19:13:01.0446 1384        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
19:13:01.0446 1384        i8042prt - ok
19:13:01.0508 1384        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
19:13:01.0524 1384        iaStorV - ok
19:13:01.0696 1384        idsvc          (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:13:01.0727 1384        idsvc - ok
19:13:01.0758 1384        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
19:13:01.0774 1384        iirsp - ok
19:13:01.0852 1384        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
19:13:01.0898 1384        IKEEXT - ok
19:13:01.0930 1384        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
19:13:01.0930 1384        intelide - ok
19:13:01.0945 1384        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:13:01.0961 1384        intelppm - ok
19:13:02.0023 1384        IPBusEnum      (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
19:13:02.0054 1384        IPBusEnum - ok
19:13:02.0086 1384        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:13:02.0117 1384        IpFilterDriver - ok
19:13:02.0210 1384        iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
19:13:02.0257 1384        iphlpsvc - ok
19:13:02.0288 1384        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
19:13:02.0304 1384        IPMIDRV - ok
19:13:02.0320 1384        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:13:02.0351 1384        IPNAT - ok
19:13:02.0554 1384        iPod Service    (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
19:13:02.0585 1384        iPod Service - ok
19:13:02.0600 1384        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:13:02.0616 1384        IRENUM - ok
19:13:02.0647 1384        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
19:13:02.0663 1384        isapnp - ok
19:13:02.0725 1384        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
19:13:02.0741 1384        iScsiPrt - ok
19:13:02.0772 1384        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
19:13:02.0772 1384        kbdclass - ok
19:13:02.0819 1384        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
19:13:02.0819 1384        kbdhid - ok
19:13:02.0866 1384        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:13:02.0881 1384        KeyIso - ok
19:13:02.0944 1384        KSecDD          (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
19:13:02.0959 1384        KSecDD - ok
19:13:03.0022 1384        KSecPkg        (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
19:13:03.0037 1384        KSecPkg - ok
19:13:03.0053 1384        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:13:03.0084 1384        ksthunk - ok
19:13:03.0162 1384        KtmRm          (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
19:13:03.0209 1384        KtmRm - ok
19:13:03.0271 1384        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
19:13:03.0302 1384        LanmanServer - ok
19:13:03.0349 1384        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
19:13:03.0380 1384        LanmanWorkstation - ok
19:13:03.0427 1384        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:13:03.0458 1384        lltdio - ok
19:13:03.0505 1384        lltdsvc        (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
19:13:03.0536 1384        lltdsvc - ok
19:13:03.0552 1384        lmhosts        (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
19:13:03.0583 1384        lmhosts - ok
19:13:03.0614 1384        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:13:03.0630 1384        LSI_FC - ok
19:13:03.0661 1384        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:13:03.0677 1384        LSI_SAS - ok
19:13:03.0708 1384        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:13:03.0724 1384        LSI_SAS2 - ok
19:13:03.0770 1384        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:13:03.0786 1384        LSI_SCSI - ok
19:13:03.0833 1384        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:13:03.0880 1384        luafv - ok
19:13:03.0942 1384        MBAMProtector  (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
19:13:03.0958 1384        MBAMProtector - ok
19:13:04.0082 1384        MBAMService    (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
19:13:04.0098 1384        MBAMService - ok
19:13:04.0176 1384        Mcx2Svc        (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
19:13:04.0192 1384        Mcx2Svc - ok
19:13:04.0348 1384        MDM            (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
19:13:04.0348 1384        MDM ( UnsignedFile.Multi.Generic ) - warning
19:13:04.0348 1384        MDM - detected UnsignedFile.Multi.Generic (1)
19:13:04.0363 1384        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
19:13:04.0379 1384        megasas - ok
19:13:04.0426 1384        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
19:13:04.0441 1384        MegaSR - ok
19:13:04.0488 1384        Microsoft SharePoint Workspace Audit Service - ok
19:13:04.0535 1384        MMCSS          (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:13:04.0566 1384        MMCSS - ok
19:13:04.0644 1384        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:13:04.0675 1384        Modem - ok
19:13:04.0722 1384        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:13:04.0738 1384        monitor - ok
19:13:04.0784 1384        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:13:04.0800 1384        mouclass - ok
19:13:04.0831 1384        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:13:04.0847 1384        mouhid - ok
19:13:04.0878 1384        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
19:13:04.0878 1384        mountmgr - ok
19:13:04.0972 1384        MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:13:04.0987 1384        MozillaMaintenance - ok
19:13:05.0050 1384        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
19:13:05.0065 1384        mpio - ok
19:13:05.0096 1384        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:13:05.0128 1384        mpsdrv - ok
19:13:05.0190 1384        MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
19:13:05.0252 1384        MpsSvc - ok
19:13:05.0299 1384        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
19:13:05.0315 1384        MRxDAV - ok
19:13:05.0377 1384        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:13:05.0408 1384        mrxsmb - ok
19:13:05.0455 1384        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:13:05.0471 1384        mrxsmb10 - ok
19:13:05.0502 1384        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:13:05.0518 1384        mrxsmb20 - ok
19:13:05.0549 1384        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
19:13:05.0564 1384        msahci - ok
19:13:05.0611 1384        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
19:13:05.0627 1384        msdsm - ok
19:13:05.0658 1384        MSDTC          (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
19:13:05.0689 1384        MSDTC - ok
19:13:05.0720 1384        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:13:05.0767 1384        Msfs - ok
19:13:05.0783 1384        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:13:05.0830 1384        mshidkmdf - ok
19:13:05.0845 1384        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
19:13:05.0845 1384        msisadrv - ok
19:13:05.0908 1384        MSiSCSI        (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
19:13:05.0954 1384        MSiSCSI - ok
19:13:05.0970 1384        msiserver - ok
19:13:06.0001 1384        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:13:06.0032 1384        MSKSSRV - ok
19:13:06.0095 1384        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:13:06.0126 1384        MSPCLOCK - ok
19:13:06.0157 1384        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:13:06.0173 1384        MSPQM - ok
19:13:06.0251 1384        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
19:13:06.0282 1384        MsRPC - ok
19:13:06.0313 1384        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
19:13:06.0313 1384        mssmbios - ok
19:13:06.0329 1384        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:13:06.0344 1384        MSTEE - ok
19:13:06.0360 1384        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:13:06.0376 1384        MTConfig - ok
19:13:06.0407 1384        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:13:06.0407 1384        Mup - ok
19:13:06.0485 1384        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
19:13:06.0516 1384        napagent - ok
19:13:06.0563 1384        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:13:06.0578 1384        NativeWifiP - ok
19:13:06.0688 1384        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
19:13:06.0703 1384        NDIS - ok
19:13:06.0719 1384        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:13:06.0750 1384        NdisCap - ok
19:13:06.0766 1384        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:13:06.0781 1384        NdisTapi - ok
19:13:06.0812 1384        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
19:13:06.0844 1384        Ndisuio - ok
19:13:06.0906 1384        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
19:13:06.0937 1384        NdisWan - ok
19:13:06.0968 1384        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
19:13:07.0000 1384        NDProxy - ok
19:13:07.0015 1384        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:13:07.0031 1384        NetBIOS - ok
19:13:07.0078 1384        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
19:13:07.0109 1384        NetBT - ok
19:13:07.0140 1384        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:13:07.0140 1384        Netlogon - ok
19:13:07.0234 1384        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
19:13:07.0265 1384        Netman - ok
19:13:07.0327 1384        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
19:13:07.0374 1384        netprofm - ok
19:13:07.0514 1384        NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:13:07.0514 1384        NetTcpPortSharing - ok
19:13:07.0546 1384        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:13:07.0561 1384        nfrd960 - ok
19:13:07.0639 1384        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
19:13:07.0686 1384        NlaSvc - ok
19:13:07.0686 1384        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:13:07.0717 1384        Npfs - ok
19:13:07.0764 1384        nsi            (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
19:13:07.0780 1384        nsi - ok
19:13:07.0795 1384        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:13:07.0811 1384        nsiproxy - ok
19:13:07.0967 1384        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
19:13:07.0998 1384        Ntfs - ok
19:13:08.0123 1384        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:13:08.0170 1384        Null - ok
19:13:08.0232 1384        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
19:13:08.0248 1384        nvraid - ok
19:13:08.0310 1384        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
19:13:08.0326 1384        nvstor - ok
19:13:08.0372 1384        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
19:13:08.0388 1384        nv_agp - ok
19:13:08.0419 1384        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
19:13:08.0435 1384        ohci1394 - ok
19:13:08.0575 1384        ose            (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:13:08.0575 1384        ose - ok
19:13:09.0012 1384        osppsvc        (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:13:09.0074 1384        osppsvc - ok
19:13:09.0246 1384        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:13:09.0277 1384        p2pimsvc - ok
19:13:09.0324 1384        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
19:13:09.0340 1384        p2psvc - ok
19:13:09.0418 1384        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:13:09.0433 1384        Parport - ok
19:13:09.0496 1384        partmgr        (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
19:13:09.0511 1384        partmgr - ok
19:13:09.0542 1384        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
19:13:09.0558 1384        PcaSvc - ok
19:13:09.0620 1384        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
19:13:09.0636 1384        pci - ok
19:13:09.0652 1384        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:13:09.0667 1384        pciide - ok
19:13:09.0714 1384        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:13:09.0730 1384        pcmcia - ok
19:13:09.0745 1384        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:13:09.0761 1384        pcw - ok
19:13:09.0839 1384        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:13:09.0870 1384        PEAUTH - ok
19:13:10.0010 1384        PeerDistSvc    (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
19:13:10.0057 1384        PeerDistSvc - ok
19:13:10.0166 1384        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
19:13:10.0182 1384        PerfHost - ok
19:13:10.0400 1384        pla            (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
19:13:10.0447 1384        pla - ok
19:13:10.0541 1384        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
19:13:10.0556 1384        PlugPlay - ok
19:13:10.0603 1384        PNRPAutoReg    (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
19:13:10.0619 1384        PNRPAutoReg - ok
19:13:10.0666 1384        PNRPsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:13:10.0681 1384        PNRPsvc - ok
19:13:10.0759 1384        PolicyAgent    (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
19:13:10.0806 1384        PolicyAgent - ok
19:13:10.0853 1384        Power          (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
19:13:10.0900 1384        Power - ok
19:13:10.0978 1384        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
19:13:11.0009 1384        PptpMiniport - ok
19:13:11.0056 1384        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:13:11.0071 1384        Processor - ok
19:13:11.0134 1384        ProfSvc        (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
19:13:11.0165 1384        ProfSvc - ok
19:13:11.0196 1384        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:13:11.0196 1384        ProtectedStorage - ok
19:13:11.0243 1384        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
19:13:11.0274 1384        Psched - ok
19:13:11.0305 1384        PxHlpa64        (aed797cca02783296c68aa10d0cff8a9) C:\Windows\system32\Drivers\PxHlpa64.sys
19:13:11.0321 1384        PxHlpa64 - ok
19:13:11.0461 1384        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:13:11.0492 1384        ql2300 - ok
19:13:11.0680 1384        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:13:11.0695 1384        ql40xx - ok
19:13:11.0773 1384        QWAVE          (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
19:13:11.0789 1384        QWAVE - ok
19:13:11.0804 1384        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:13:11.0836 1384        QWAVEdrv - ok
19:13:11.0851 1384        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:13:11.0882 1384        RasAcd - ok
19:13:11.0929 1384        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:13:11.0945 1384        RasAgileVpn - ok
19:13:11.0992 1384        RasAuto        (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
19:13:12.0007 1384        RasAuto - ok
19:13:12.0070 1384        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:13:12.0101 1384        Rasl2tp - ok
19:13:12.0179 1384        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
19:13:12.0210 1384        RasMan - ok
19:13:12.0241 1384        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:13:12.0272 1384        RasPppoe - ok
19:13:12.0288 1384        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:13:12.0319 1384        RasSstp - ok
19:13:12.0366 1384        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
19:13:12.0397 1384        rdbss - ok
19:13:12.0413 1384        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:13:12.0428 1384        rdpbus - ok
19:13:12.0444 1384        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:13:12.0491 1384        RDPCDD - ok
19:13:12.0553 1384        RDPDR          (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
19:13:12.0569 1384        RDPDR - ok
19:13:12.0584 1384        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:13:12.0631 1384        RDPENCDD - ok
19:13:12.0662 1384        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:13:12.0678 1384        RDPREFMP - ok
19:13:12.0740 1384        RDPWD          (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
19:13:12.0772 1384        RDPWD - ok
19:13:12.0834 1384        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
19:13:12.0850 1384        rdyboost - ok
19:13:12.0912 1384        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
19:13:12.0959 1384        RemoteAccess - ok
19:13:13.0006 1384        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
19:13:13.0052 1384        RemoteRegistry - ok
19:13:13.0208 1384        RoxLiveShare10  (e0bef062c8950b698e3d79df432ad250) C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
19:13:13.0224 1384        RoxLiveShare10 - ok
19:13:13.0318 1384        RoxMediaDB10    (8475cef8c9c7de0918c61235ed06606a) C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
19:13:13.0349 1384        RoxMediaDB10 - ok
19:13:13.0396 1384        RoxWatch10      (5ab029b4cf15e5fd7bba73694856c477) C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
19:13:13.0411 1384        RoxWatch10 - ok
19:13:13.0598 1384        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
19:13:13.0645 1384        RpcEptMapper - ok
19:13:13.0676 1384        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
19:13:13.0692 1384        RpcLocator - ok
19:13:13.0770 1384        RpcSs          (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:13:13.0817 1384        RpcSs - ok
19:13:13.0864 1384        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:13:13.0910 1384        rspndr - ok
19:13:13.0942 1384        s3cap          (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
19:13:13.0973 1384        s3cap - ok
19:13:14.0004 1384        SamSs          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:13:14.0020 1384        SamSs - ok
19:13:14.0051 1384        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
19:13:14.0066 1384        sbp2port - ok
19:13:14.0113 1384        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
19:13:14.0160 1384        SCardSvr - ok
19:13:14.0207 1384        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
19:13:14.0254 1384        scfilter - ok
19:13:14.0347 1384        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
19:13:14.0394 1384        Schedule - ok
19:13:14.0456 1384        SCPolicySvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:13:14.0488 1384        SCPolicySvc - ok
19:13:14.0534 1384        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
19:13:14.0534 1384        SDRSVC - ok
19:13:14.0612 1384        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:13:14.0659 1384        secdrv - ok
19:13:14.0690 1384        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
19:13:14.0722 1384        seclogon - ok
19:13:14.0768 1384        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
19:13:14.0800 1384        SENS - ok
19:13:14.0815 1384        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
19:13:14.0831 1384        SensrSvc - ok
19:13:14.0862 1384        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:13:14.0862 1384        Serenum - ok
19:13:14.0909 1384        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:13:14.0924 1384        Serial - ok
19:13:14.0971 1384        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:13:14.0987 1384        sermouse - ok
19:13:15.0018 1384        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
19:13:15.0049 1384        SessionEnv - ok
19:13:15.0080 1384        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
19:13:15.0112 1384        sffdisk - ok
19:13:15.0143 1384        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
19:13:15.0158 1384        sffp_mmc - ok
19:13:15.0174 1384        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
19:13:15.0205 1384        sffp_sd - ok
19:13:15.0236 1384        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:13:15.0252 1384        sfloppy - ok
19:13:15.0330 1384        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
19:13:15.0377 1384        SharedAccess - ok
19:13:15.0439 1384        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
19:13:15.0486 1384        ShellHWDetection - ok
19:13:15.0502 1384        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:13:15.0517 1384        SiSRaid2 - ok
19:13:15.0533 1384        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:13:15.0548 1384        SiSRaid4 - ok
19:13:15.0564 1384        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:13:15.0595 1384        Smb - ok
19:13:15.0626 1384        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
19:13:15.0642 1384        SNMPTRAP - ok
19:13:15.0642 1384        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:13:15.0658 1384        spldr - ok
19:13:15.0720 1384        Spooler        (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
19:13:15.0767 1384        Spooler - ok
19:13:16.0016 1384        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
19:13:16.0079 1384        sppsvc - ok
19:13:16.0204 1384        sppuinotify    (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
19:13:16.0235 1384        sppuinotify - ok
19:13:16.0313 1384        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
19:13:16.0344 1384        srv - ok
19:13:16.0422 1384        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
19:13:16.0438 1384        srv2 - ok
19:13:16.0469 1384        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
19:13:16.0469 1384        srvnet - ok
19:13:16.0547 1384        SSDPSRV        (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
19:13:16.0578 1384        SSDPSRV - ok
19:13:16.0609 1384        SstpSvc        (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
19:13:16.0640 1384        SstpSvc - ok
19:13:16.0734 1384        Steam Client Service - ok
19:13:16.0765 1384        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:13:16.0781 1384        stexstor - ok
19:13:16.0890 1384        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
19:13:16.0921 1384        stisvc - ok
19:13:16.0984 1384        stllssvr        (5889618eebd7d2ff13c30d73fcff8cd0) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
19:13:16.0984 1384        stllssvr - ok
19:13:17.0015 1384        storflt        (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
19:13:17.0030 1384        storflt - ok
19:13:17.0077 1384        StorSvc        (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
19:13:17.0093 1384        StorSvc - ok
19:13:17.0124 1384        storvsc        (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
19:13:17.0140 1384        storvsc - ok
19:13:17.0171 1384        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
19:13:17.0186 1384        swenum - ok
19:13:17.0264 1384        swprv          (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
19:13:17.0311 1384        swprv - ok
19:13:17.0436 1384        SysMain        (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
19:13:17.0467 1384        SysMain - ok
19:13:17.0639 1384        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
19:13:17.0670 1384        TabletInputService - ok
19:13:17.0717 1384        TapiSrv        (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
19:13:17.0764 1384        TapiSrv - ok
19:13:17.0779 1384        TBS            (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
19:13:17.0810 1384        TBS - ok
19:13:17.0998 1384        Tcpip          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
19:13:18.0044 1384        Tcpip - ok
19:13:18.0263 1384        TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
19:13:18.0294 1384        TCPIP6 - ok
19:13:18.0403 1384        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
19:13:18.0434 1384        tcpipreg - ok
19:13:18.0481 1384        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:13:18.0512 1384        TDPIPE - ok
19:13:18.0559 1384        TDTCP          (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
19:13:18.0575 1384        TDTCP - ok
19:13:18.0622 1384        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
19:13:18.0668 1384        tdx - ok
19:13:18.0700 1384        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
19:13:18.0715 1384        TermDD - ok
19:13:18.0809 1384        TermService    (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
19:13:18.0856 1384        TermService - ok
19:13:18.0871 1384        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
19:13:18.0887 1384        Themes - ok
19:13:18.0918 1384        THREADORDER    (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:13:18.0965 1384        THREADORDER - ok
19:13:19.0058 1384        tmactmon        (e386dd8ec68c67ca3e2a3abdc1df5c56) C:\Windows\system32\DRIVERS\tmactmon.sys
19:13:19.0058 1384        tmactmon - ok
19:13:19.0136 1384        tmcomm          (ab011c569487fd65c8944ddf8cbb2572) C:\Windows\system32\DRIVERS\tmcomm.sys
19:13:19.0152 1384        tmcomm - ok
19:13:19.0183 1384        tmevtmgr        (8870a3d7305455b47adccd226f8e51bc) C:\Windows\system32\DRIVERS\tmevtmgr.sys
19:13:19.0183 1384        tmevtmgr - ok
19:13:19.0214 1384        tmtdi          (065cb7d9278d778fb9ef62cead01433f) C:\Windows\system32\DRIVERS\tmtdi.sys
19:13:19.0230 1384        tmtdi - ok
19:13:19.0246 1384        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
19:13:19.0292 1384        TrkWks - ok
19:13:19.0370 1384        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
19:13:19.0417 1384        TrustedInstaller - ok
19:13:19.0464 1384        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:13:19.0495 1384        tssecsrv - ok
19:13:19.0542 1384        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
19:13:19.0573 1384        TsUsbFlt - ok
19:13:19.0636 1384        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
19:13:19.0667 1384        tunnel - ok
19:13:19.0714 1384        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:13:19.0729 1384        uagp35 - ok
19:13:19.0776 1384        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
19:13:19.0823 1384        udfs - ok
19:13:19.0870 1384        UI0Detect      (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
19:13:19.0885 1384        UI0Detect - ok
19:13:19.0932 1384        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
19:13:19.0948 1384        uliagpkx - ok
19:13:19.0979 1384        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
19:13:19.0994 1384        umbus - ok
19:13:20.0010 1384        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
19:13:20.0010 1384        UmPass - ok
19:13:20.0057 1384        UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
19:13:20.0088 1384        UmRdpService - ok
19:13:20.0135 1384        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
19:13:20.0182 1384        upnphost - ok
19:13:20.0228 1384        USBAAPL64      (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
19:13:20.0244 1384        USBAAPL64 - ok
19:13:20.0275 1384        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
19:13:20.0291 1384        usbccgp - ok
19:13:20.0353 1384        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
19:13:20.0369 1384        usbcir - ok
19:13:20.0400 1384        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
19:13:20.0400 1384        usbehci - ok
19:13:20.0462 1384        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
19:13:20.0478 1384        usbhub - ok
19:13:20.0494 1384        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
19:13:20.0509 1384        usbohci - ok
19:13:20.0525 1384        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:13:20.0525 1384        usbprint - ok
19:13:20.0556 1384        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:13:20.0572 1384        USBSTOR - ok
19:13:20.0587 1384        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
19:13:20.0603 1384        usbuhci - ok
19:13:20.0618 1384        UxSms          (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
19:13:20.0650 1384        UxSms - ok
19:13:20.0665 1384        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:13:20.0681 1384        VaultSvc - ok
19:13:20.0728 1384        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
19:13:20.0743 1384        vdrvroot - ok
19:13:20.0821 1384        vds            (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
19:13:20.0868 1384        vds - ok
19:13:20.0915 1384        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:13:20.0930 1384        vga - ok
19:13:20.0946 1384        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:13:20.0977 1384        VgaSave - ok
19:13:21.0024 1384        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
19:13:21.0040 1384        vhdmp - ok
19:13:21.0055 1384        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
19:13:21.0071 1384        viaide - ok
19:13:21.0133 1384        vmbus          (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
19:13:21.0149 1384        vmbus - ok
19:13:21.0164 1384        VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
19:13:21.0196 1384        VMBusHID - ok
19:13:21.0242 1384        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
19:13:21.0258 1384        volmgr - ok
19:13:21.0320 1384        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
19:13:21.0336 1384        volmgrx - ok
19:13:21.0383 1384        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
19:13:21.0398 1384        volsnap - ok
19:13:21.0445 1384        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
19:13:21.0461 1384        vsmraid - ok
19:13:21.0617 1384        VSS            (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
19:13:21.0664 1384        VSS - ok
19:13:21.0788 1384        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
19:13:21.0835 1384        vwifibus - ok
19:13:21.0929 1384        W32Time        (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
19:13:21.0976 1384        W32Time - ok
19:13:21.0976 1384        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
19:13:21.0991 1384        WacomPen - ok
19:13:22.0054 1384        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:13:22.0085 1384        WANARP - ok
19:13:22.0100 1384        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:13:22.0116 1384        Wanarpv6 - ok
19:13:22.0288 1384        WatAdminSvc    (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
19:13:22.0319 1384        WatAdminSvc - ok
19:13:22.0428 1384        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
19:13:22.0475 1384        wbengine - ok
19:13:22.0584 1384        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
19:13:22.0615 1384        WbioSrvc - ok
19:13:22.0662 1384        wcncsvc        (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
19:13:22.0693 1384        wcncsvc - ok
19:13:22.0709 1384        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
19:13:22.0724 1384        WcsPlugInService - ok
19:13:22.0818 1384        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
19:13:22.0834 1384        Wd - ok
19:13:22.0912 1384        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:13:22.0927 1384        Wdf01000 - ok
19:13:22.0958 1384        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:13:23.0021 1384        WdiServiceHost - ok
19:13:23.0036 1384        WdiSystemHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:13:23.0036 1384        WdiSystemHost - ok
19:13:23.0099 1384        WebClient      (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
19:13:23.0114 1384        WebClient - ok
19:13:23.0161 1384        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
19:13:23.0192 1384        Wecsvc - ok
19:13:23.0224 1384        wercplsupport  (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
19:13:23.0255 1384        wercplsupport - ok
19:13:23.0286 1384        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
19:13:23.0317 1384        WerSvc - ok
19:13:23.0395 1384        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:13:23.0426 1384        WfpLwf - ok
19:13:23.0442 1384        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:13:23.0442 1384        WIMMount - ok
19:13:23.0489 1384        WinDefend - ok
19:13:23.0489 1384        WinHttpAutoProxySvc - ok
19:13:23.0582 1384        Winmgmt        (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
19:13:23.0629 1384        Winmgmt - ok
19:13:23.0816 1384        WinRM          (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
19:13:23.0848 1384        WinRM - ok
19:13:24.0019 1384        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
19:13:24.0035 1384        WinUsb - ok
19:13:24.0128 1384        Wlansvc        (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
19:13:24.0160 1384        Wlansvc - ok
19:13:24.0206 1384        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
19:13:24.0222 1384        WmiAcpi - ok
19:13:24.0284 1384        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
19:13:24.0300 1384        wmiApSrv - ok
19:13:24.0362 1384        WMPNetworkSvc - ok
19:13:24.0394 1384        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
19:13:24.0409 1384        WPCSvc - ok
19:13:24.0456 1384        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
19:13:24.0487 1384        WPDBusEnum - ok
19:13:24.0503 1384        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:13:24.0550 1384        ws2ifsl - ok
19:13:24.0581 1384        wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
19:13:24.0612 1384        wscsvc - ok
19:13:24.0612 1384        WSearch - ok
19:13:24.0815 1384        wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
19:13:24.0846 1384        wuauserv - ok
19:13:25.0018 1384        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
19:13:25.0064 1384        WudfPf - ok
19:13:25.0096 1384        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:13:25.0127 1384        WUDFRd - ok
19:13:25.0174 1384        wudfsvc        (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
19:13:25.0220 1384        wudfsvc - ok
19:13:25.0267 1384        WwanSvc        (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
19:13:25.0283 1384        WwanSvc - ok
19:13:25.0345 1384        {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} (177590b0d2f8be513626bb8c8d6e6a08) C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl
19:13:25.0361 1384        {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} - ok
19:13:25.0392 1384        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:13:25.0813 1384        \Device\Harddisk0\DR0 - ok
19:13:25.0844 1384        MBR (0x1B8)    (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
19:13:25.0907 1384        \Device\Harddisk1\DR1 - ok
19:13:25.0938 1384        Boot (0x1200)  (78b56b1f43eb2b2a82c80c6b05d2065a) \Device\Harddisk0\DR0\Partition0
19:13:25.0938 1384        \Device\Harddisk0\DR0\Partition0 - ok
19:13:25.0938 1384        Boot (0x1200)  (52d23be3777fc715608ba07e0dd664bc) \Device\Harddisk0\DR0\Partition1
19:13:25.0938 1384        \Device\Harddisk0\DR0\Partition1 - ok
19:13:25.0954 1384        Boot (0x1200)  (fd08f8bef095f7ab4a09ab114135cda7) \Device\Harddisk1\DR1\Partition0
19:13:25.0954 1384        \Device\Harddisk1\DR1\Partition0 - ok
19:13:25.0954 1384        ============================================================
19:13:25.0954 1384        Scan finished
19:13:25.0954 1384        ============================================================
19:13:25.0954 1284        Detected object count: 1
19:13:25.0954 1284        Actual detected object count: 1
19:13:48.0808 1284        MDM ( UnsignedFile.Multi.Generic ) - skipped by user
19:13:48.0808 1284        MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip


cosinus 04.08.2012 19:12

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

ph1979 04.08.2012 22:07

Anbei der Inhalt der Logdatei von CF:

Combofix Logfile:
Code:

ComboFix 12-08-04.02 - Peter 04.08.2012  22:36:15.1.8 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.43.1031.18.8183.6796 [GMT 2:00]
ausgeführt von:: c:\users\Peter\Desktop\ComboFix.exe
AV: Trend Micro Titanium 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro Titanium 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Peter\AppData\Local\assembly\tmp
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-07-04 bis 2012-08-04  ))))))))))))))))))))))))))))))
.
.
2012-08-04 09:57 . 2012-08-04 09:57        --------        d-----w-        C:\_OTL
2012-08-01 16:44 . 2012-08-01 16:44        --------        d-----w-        c:\program files (x86)\Mozilla Maintenance Service
2012-08-01 16:44 . 2012-08-01 16:44        68576        ----a-w-        c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-08-01 16:44 . 2012-08-01 16:44        573920        ----a-w-        c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-08-01 16:44 . 2012-08-01 16:44        421200        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-08-01 16:44 . 2012-08-01 16:44        157608        ----a-w-        c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-08-01 16:44 . 2012-08-01 16:44        113120        ----a-w-        c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-08-01 16:44 . 2012-08-01 16:44        770384        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-08-01 07:18 . 2012-08-01 07:18        --------        d-----w-        c:\users\Peter\AppData\Local\ElevatedDiagnostics
2012-07-30 19:25 . 2012-07-30 19:25        --------        d-----w-        c:\program files (x86)\ESET
2012-07-26 10:33 . 2012-07-26 10:33        --------        d-----w-        c:\users\Peter\AppData\Roaming\Malwarebytes
2012-07-26 10:33 . 2012-07-26 10:33        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-26 10:33 . 2012-07-26 10:33        --------        d-----w-        c:\programdata\Malwarebytes
2012-07-26 10:33 . 2012-07-03 11:46        24904        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-07-11 11:09 . 2012-06-12 03:08        3148800        ----a-w-        c:\windows\system32\win32k.sys
2012-07-11 07:22 . 2012-06-06 06:06        2004480        ----a-w-        c:\windows\system32\msxml6.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 11:07 . 2012-03-30 14:24        426184        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-03 11:07 . 2011-05-16 12:55        70344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 11:07 . 2010-09-12 20:08        59701280        ----a-w-        c:\windows\system32\MRT.exe
2012-06-17 11:38 . 2012-06-17 11:38        56        ----a-w-        c:\windows\system32\SupportTool.exe.bat
2012-06-17 11:21 . 2012-06-17 11:39        105744        ----a-w-        c:\windows\system32\drivers\tmtdi.sys
2012-06-17 11:21 . 2012-06-17 11:39        91920        ----a-w-        c:\windows\system32\drivers\tmactmon.sys
2012-06-17 11:21 . 2012-06-17 11:39        70928        ----a-w-        c:\windows\system32\drivers\tmevtmgr.sys
2012-06-17 11:21 . 2012-06-17 11:39        167696        ----a-w-        c:\windows\system32\drivers\tmcomm.sys
2012-06-02 22:19 . 2012-06-27 07:06        38424        ----a-w-        c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-27 07:07        2428952        ----a-w-        c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-27 07:07        57880        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-27 07:07        44056        ----a-w-        c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-27 07:06        701976        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-27 07:07        2622464        ----a-w-        c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-27 07:06        99840        ----a-w-        c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-27 07:06        186752        ----a-w-        c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-27 07:06        36864        ----a-w-        c:\windows\system32\wuapp.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-08-04 1353080]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"acSecurityLayer"="c:\program files (x86)\A-Trust GmbH\Bürgerkartensoftware\acSecurityLayer.exe" [2012-04-13 3605664]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
"com.apple.dav.bookmarks.daemon"="c:\program files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-26 336384]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2009-06-10 244208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
a.sign Client.lnk - c:\program files (x86)\A-Trust GmbH\a.sign Client\acLauncher.exe [2010-7-6 1008800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2009-06-10 166384]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-03-01 1436424]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-01 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-10 1124848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-12 1255736]
R4 RoxLiveShare10;LiveShare P2P Server 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2009-06-10 309744]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-05-20 55280]
S1 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2012-06-17 70928]
S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl [2008-06-26 32240]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-01-26 203776]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 cjpcsc;cyberJack PC/SC COM Service ;c:\windows\SysWOW64\cjpcsc.exe [2011-07-22 511920]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-01-26 9085952]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-01-26 299520]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
S3 cjusb;REINER SCT cyberJack USB Driver;c:\windows\system32\DRIVERS\cjusb.sys [2011-03-29 34672]
S3 e1yexpress;Intel(R) Gigabit-Netzwerkverbindungstreiber;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 11:07]
.
2012-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-424294854-814867122-1165020317-1001Core.job
- c:\users\Peter\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-15 13:28]
.
2012-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-424294854-814867122-1165020317-1001UA.job
- c:\users\Peter\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-15 13:28]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-02-27 1304792]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-02-27 213824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.schule.at/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: transhimalaya-tours.at\www.beta
TCP: Interfaces\{D11C6D3E-EB69-429D-8C0D-AFBF8D24C226}: NameServer = 195.3.96.67,213.33.98.136
FF - ProfilePath - c:\users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\rzbgw212.default\
FF - prefs.js: browser.startup.homepage - hxxps://portal.tirol.gv.at/login.show?cid=1&cmd=start
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-08-04  22:49:36 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-08-04 20:49
.
Vor Suchlauf: 15 Verzeichnis(se), 676.490.919.936 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 675.937.574.912 Bytes frei
.
- - End Of File - - 59772CB6D923C3F0DED25656FE12D01F

--- --- ---

Gruß,
Peter

cosinus 05.08.2012 14:17

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

ph1979 07.08.2012 10:42

Anbei die Logs:

GMER:
--> keine Logdatei, Meldung: "GMER has not found any modifications."

OSAM:
OSAM Logfile:
Code:

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 11:06:20 on 07.08.2012

OS: Windows 7  Service Pack 1 (Build 7601), 64-bit
Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskUserS-1-5-21-424294854-814867122-1165020317-1001Core.job" - "Google Inc." - C:\Users\Peter\AppData\Local\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-424294854-814867122-1165020317-1001UA.job" - "Google Inc." - C:\Users\Peter\AppData\Local\Google\Update\GoogleUpdate.exe
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"plotman.cpl" - "Autodesk, Inc." - C:\Windows\system32\plotman.cpl
"styleman.cpl" - "Autodesk, Inc." - C:\Windows\system32\styleman.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\MLCFG32.CPL
"QuickTime" - "Apple Inc." - C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"Trend Micro TDI Driver" (tmtdi) - "Trend Micro Inc." - C:\Windows\System32\DRIVERS\tmtdi.sys
"{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}" ({1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}) - "Cyberlink Corp." - C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{8A0BC933-7552-42E2-A228-3BE055777227} "{8A0BC933-7552-42E2-A228-3BE055777227}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
{1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} "TmIEPlugInAPP Class" - "Trend Micro Inc." - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
{0E526CB5-7446-41D1-A403-19BFE95E8C23} "TmIEPlugInAPP Class" - "Trend Micro Inc." - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} "Arbeitsbereiche" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{5E2121EE-0300-11D4-8D3B-444553540000} "Catalyst Context Menu extension" - ? -  (File not found | COM-object registry key not found)
{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL
{27887764-0D0A-4C3C-B0C6-91A332FFF6A7} "DWFVShellExt Class" - "Autodesk, Inc." - C:\Program Files (x86)\Common Files\Autodesk Shared\DWF Common\DWF_VShell.dll
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\MLSHEXT.DLL
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\OLKFSTUB.DLL

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~2\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab
{49312E18-AA92-4CC2-BB97-55DEA7BCADD6} "WMI Class" - ? - C:\Windows\SysWOW64\Dell\SYSTEM~1\SysPro.exe / https://support.dell.com/systemprofiler/SysProExe.CAB
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -  (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
{FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} "TmBpIeBHO Class" - "Trend Micro Inc." - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
{1CA1377B-DC1D-4A52-9585-6E06050FAC53} "TmIEPlugInBHO Class" - "Trend Micro Inc." - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"a.sign Client.lnk" - "A-Trust GmbH" - C:\Program Files (x86)\A-Trust GmbH\a.sign Client\acLauncher.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"acSecurityLayer" - "A-Trust GmbH" - C:\Program Files (x86)\A-Trust GmbH\Bürgerkartensoftware\acSecurityLayer.exe
"com.apple.dav.bookmarks.daemon" - "Apple Inc." - C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
"iCloudServices" - "Apple Inc." - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
"MobileDocuments" - "Apple Inc." - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
"Steam" - "Valve Corporation" - "C:\Program Files (x86)\Steam\steam.exe" -silent
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"AppleSyncNotifier" - "Apple Inc." - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
"APSDaemon" - "Apple Inc." - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"ATICustomerCare" - "Advanced Micro Devices, Inc." - "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
"BCSSync" - "Microsoft Corporation" - "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
"iTunesHelper" - "Apple Inc." - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"PDVDDXSrv" - "CyberLink Corp." - "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
"QuickTime Task" - "Apple Inc." - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
"RoxWatchTray" - "Sonic Solutions" - "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll  (File not found)
"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"  (File not found)
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"cyberJack PC/SC COM Service " (cjpcsc) - "REINER SCT" - C:\Windows\SysWOW64\cjpcsc.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"FLEXnet Licensing Service 64" (FLEXnet Licensing Service 64) - "Acresso Software Inc." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft SharePoint Workspace Audit Service" (Microsoft SharePoint Workspace Audit Service) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"Roxio Hard Drive Watcher 10" (RoxWatch10) - "Sonic Solutions" - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
"RoxMediaDB10" (RoxMediaDB10) - "Sonic Solutions" - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
"stllssvr" (stllssvr) - "MicroVision Development, Inc." - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
"Trend Micro Solution Platform" (Amsp) - "Trend Micro Inc." - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files (x86)\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru


aswMBR.txt (AV Scan: none)
Code:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-07 11:35:25
-----------------------------
11:35:25.921    OS Version: Windows x64 6.1.7601 Service Pack 1
11:35:25.921    Number of processors: 8 586 0x1A04
11:35:25.921    ComputerName: PETER-PC  UserName: Peter
11:35:28.354    Initialize success
11:35:32.176    AVAST engine defs: 12080700
11:35:49.336    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-3
11:35:49.352    Disk 0 Vendor: Intel___ 1.0. Size: 953875MB BusType: 8
11:35:49.352    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
11:35:49.352    Disk 1 Vendor: ST336032 3.AF Size: 343399MB BusType: 8
11:35:49.383    Disk 0 MBR read successfully
11:35:49.383    Disk 0 MBR scan
11:35:49.383    Disk 0 Windows 7 default MBR code
11:35:49.399    Disk 0 Partition 1 00    DE Dell Utility Dell 8.0      78 MB offset 63
11:35:49.414    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS        15360 MB offset 161792
11:35:49.430    Disk 0 Partition 3 80 (A) 07    HPFS/NTFS NTFS      938435 MB offset 31619072
11:35:49.461    Disk 0 scanning C:\Windows\system32\drivers
11:36:01.067    Service scanning
11:36:23.313    Modules scanning
11:36:23.313    Disk 0 trace - called modules:
11:36:23.360    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorV.sys hal.dll
11:36:23.375    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007db1790]
11:36:23.375    3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-3[0xfffffa8007b6a050]
11:36:23.391    Scan finished successfully
11:38:58.113    Disk 0 MBR has been saved successfully to "C:\Users\Peter\Desktop\MBR.dat"
11:38:58.129    The log file has been saved successfully to "C:\Users\Peter\Desktop\aswMBR.txt"

Gruß,
Peter

cosinus 08.08.2012 13:30

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

ph1979 10.08.2012 01:21

Log von Malwarebytes:
Code:

Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.08.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Peter :: PETER-PC [Administrator]

Schutz: Deaktiviert

09.08.2012 00:58:22
mbam-log-2012-08-09 (00-58-22).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|L:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 1350219
Laufzeit: 7 Stunde(n), 13 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Log von SuperAntiSpyware:
Code:

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 08/09/2012 at 06:16 PM

Application Version : 5.5.1012

Core Rules Database Version : 9033
Trace Rules Database Version: 6845

Scan type      : Complete Scan
Total Scan Time : 09:16:32

Operating System Information
Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator

Memory items scanned      : 934
Memory threats detected  : 0
Registry items scanned    : 68724
Registry threats detected : 0
File items scanned        : 917070
File threats detected    : 595

Adware.Tracking Cookie
        C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\28R0115W.txt [ /liveperson.net ]
        C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\ILAY45S4.txt [ /liveperson.net ]
        C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\CP891DIX.txt [ /invitemedia.com ]
        C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\HWYG9VIM.txt [ /a.revenuemax.de ]
        C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\5IOI73L9.txt [ /adtech.de ]
        C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\L4KXQ79L.txt [ /statse.webtrendslive.com ]
        C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\0RE5KFU6.txt [ /track.adform.net ]
        C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\20IQEN0T.txt [ /adfarm1.adition.com ]
        C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\9WCOH8T6.txt [ /ad1.adfarm1.adition.com ]
        C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\85GRQ9F1.txt [ /media6degrees.com ]
        C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\PHJTZORJ.txt [ /kontera.com ]
        C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\MR1PPGFN.txt [ /serving-sys.com ]
        C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\RD26MZ8I.txt [ /ad.12mnkys.com ]
        C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\93I9XZRH.txt [ /www.googleadservices.com ]
        C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\3ZG9PNCI.txt [ /amazon-adsystem.com ]
        C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Z5NLAM39.txt [ /atdmt.com ]
        C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\VX97VFDI.txt [ /adform.net ]
        C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\D7SOKKA0.txt [ /server.iad.liveperson.net ]
        C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\5TA7PIEI.txt [ /im.banner.t-online.de ]
        C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\POUA0PHD.txt [ /www.googleadservices.com ]
        C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\TBHY1HGZ.txt [ /at.atwola.com ]
        C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\3TLJ0NEL.txt [ /photobox.112.2o7.net ]
        C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\CKOBUP0T.txt [ /apmebf.com ]
        C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\I26H6LTJ.txt [ /ad.yieldmanager.com ]
        C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\XM5PWCY4.txt [ /ad.ad-srv.net ]
        C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\LF8J6CLQ.txt [ /eas.apm.emediate.eu ]
        C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\WYHA45R2.txt [ /stats.paypal.com ]
        C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\EMFOU51C.txt [ /ad3.adfarm1.adition.com ]
        C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\LJRX6P0A.txt [ /ads.ookla.com ]
        C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\QQ5ZGE54.txt [ /mediaplex.com ]
        C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\CJAS9XP6.txt [ /adbrite.com ]
        C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\WMR22KQ2.txt [ /doubleclick.net ]
        C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\SFWB7JHI.txt [ /www.etracker.de ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\PXW34T7R.txt [ Cookie:peter@liveperson.net/ ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z796GC6V.txt [ Cookie:peter@hightraffic.hugoboss.com/ ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\OWDV0687.txt [ Cookie:peter@ad2.adfarm1.adition.com/ ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\P9OIXQA8.txt [ Cookie:peter@smartadserver.com/ ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\L27LTUOI.txt [ Cookie:peter@specificclick.net/ ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\2IHYDTLK.txt [ Cookie:peter@invitemedia.com/ ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\WLKQGPHK.txt [ Cookie:peter@statse.webtrendslive.com/ ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\I43GV1VS.txt [ Cookie:peter@liveperson.net/hc/82753263 ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\WCC2A6HZ.txt [ Cookie:peter@adfarm1.adition.com/ ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\1T4QBZXJ.txt [ Cookie:peter@ad.zanox.com/ ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\F93ZQ6S7.txt [ Cookie:peter@lucidmedia.com/ ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\T941D1CR.txt [ Cookie:peter@ad1.adfarm1.adition.com/ ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\G4P1DTX0.txt [ Cookie:peter@ads2.vincentz.de/ ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\SR1Z4CTB.txt [ Cookie:peter@zanox.com/ ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\9BB3HP8Q.txt [ Cookie:peter@serving-sys.com/ ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\ICFK9ET3.txt [ Cookie:peter@ar.atwola.com/ ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\77R2DN7D.txt [ Cookie:peter@de.sitestat.com/sport1/softclick/ ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\M52MVAMM.txt [ Cookie:peter@atdmt.com/ ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\9DBM85HD.txt [ Cookie:peter@ad.adnet.de/ ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\UWCOUW76.txt [ Cookie:peter@ad.adserver01.de/ ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\LJOCSK1G.txt [ Cookie:peter@exoclick.com/ ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\D9CQDUU3.txt [ Cookie:peter@server.adformdsp.net/ ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\0H11AR0U.txt [ Cookie:peter@clickfuse.com/ ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\2B10B6QW.txt [ Cookie:peter@tradedoubler.com/ ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\YA7D2X9P.txt [ Cookie:peter@zanox-affiliate.de/ ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\SK5DS4NK.txt [ Cookie:peter@ads2.zeusclicks.com/ ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\2XHIK8MR.txt [ Cookie:peter@im.banner.t-online.de/ ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\B2EX5DRM.txt [ Cookie:peter@www.zanox-affiliate.de/ ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\14Z611EZ.txt [ Cookie:peter@traffictrack.de/ ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\9O9AP1HU.txt [ Cookie:peter@at.atwola.com/ ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\W2ZQR39V.txt [ Cookie:peter@conrad.122.2o7.net/ ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\LE83CJ7W.txt [ Cookie:peter@ad4.adfarm1.adition.com/ ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\M4J8F25B.txt [ Cookie:peter@apmebf.com/ ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\P1G0YES3.txt [ Cookie:peter@server.lon.liveperson.net/ ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\QC23EQEM.txt [ Cookie:peter@tracking.quisma.com/ ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\KKGHCEZI.txt [ Cookie:peter@ads20.wwe-media.de/ ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\6ABVMT13.txt [ Cookie:peter@partners.webmasterplan.com/ ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\OUUE3D9M.txt [ Cookie:peter@mediaplex.com/ ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\CNM4WRT5.txt [ Cookie:peter@adbrite.com/ ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\2MEDWXO0.txt [ Cookie:peter@doubleclick.net/ ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\KU088OKD.txt [ Cookie:peter@www.etracker.de/ ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\13UEMHCH.txt [ Cookie:peter@fastclick.net/ ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZS8NW68K.txt [ Cookie:peter@adviva.net/ ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\BQUVWNMF.txt [ Cookie:peter@c.atdmt.com/ ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\NX99ZKIQ.txt [ Cookie:peter@bs.serving-sys.com/ ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\6YHPH3IY.txt [ Cookie:peter@a.revenuemax.de/ ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\U6E95LVG.txt [ Cookie:peter@adtech.de/ ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\0IK8XBG2.txt [ Cookie:peter@skydeutschland.122.2o7.net/ ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\TQ6DZIW4.txt [ Cookie:peter@track.adform.net/ ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y39OM546.txt [ Cookie:peter@c1.atdmt.com/ ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\BPHMNPZ4.txt [ Cookie:peter@www.googleadservices.com/pagead/conversion/1058626934/ ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\A82STY5S.txt [ Cookie:peter@adform.net/ ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\QLKNYO6L.txt [ Cookie:peter@weborama.fr/ ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\QZ0O3QIC.txt [ Cookie:peter@www.google.com/accounts ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\D56Q2BLX.txt [ Cookie:peter@www.googleadservices.com/pagead/conversion/1006616793/ ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\5BKWL28J.txt [ Cookie:peter@fr.sitestat.com/eurosport/yahoode/ ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\EPE3TZ8Y.txt [ Cookie:peter@www.google.at/accounts ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\AXTW8J06.txt [ Cookie:peter@de.sitestat.com/sport1/ ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\CE6HT3DT.txt [ Cookie:peter@docfinder.at/ ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\KR6RV4G1.txt [ Cookie:peter@www.mediamarkt.at/ ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\8D72KNKS.txt [ Cookie:peter@eas.apm.emediate.eu/ ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\0JSX5OO2.txt [ Cookie:peter@accounts.google.com/ ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\26526ND8.txt [ Cookie:peter@ad.dyntracker.de/ ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\UP7MJJDA.txt [ Cookie:peter@www.docfinder.at/ ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\3NBTBXZK.txt [ Cookie:peter@livestat.derstandard.at/ ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\K1INY1ED.txt [ Cookie:peter@de.sitestat.com/sport1/mediathek/ ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\QWHI9J8K.txt [ Cookie:peter@adserver.cusoon.com/ ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\6L69XR0F.txt [ Cookie:peter@www.googleadservices.com/pagead/conversion/1045321740/ ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\J70XGUP4.txt [ Cookie:peter@fr.sitestat.com/eurosport/eurosportde/ ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\YMYX53KL.txt [ Cookie:peter@de.sitestat.com/sport1/sport1-de/ ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\UHKE3PHT.txt [ Cookie:peter@dmtracker.com/ ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZX71LTX7.txt [ Cookie:peter@secure-niketown.nike.com/niketown/account/ ]
        C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\3A7RTQ42.txt [ Cookie:peter@tomtailor.dyntracker.com/ ]
        C:\USERS\PETER\Cookies\28R0115W.txt [ Cookie:peter@liveperson.net/ ]
        C:\USERS\PETER\Cookies\CP891DIX.txt [ Cookie:peter@invitemedia.com/ ]
        C:\USERS\PETER\Cookies\HWYG9VIM.txt [ Cookie:peter@a.revenuemax.de/ ]
        C:\USERS\PETER\Cookies\5IOI73L9.txt [ Cookie:peter@adtech.de/ ]
        C:\USERS\PETER\Cookies\L4KXQ79L.txt [ Cookie:peter@statse.webtrendslive.com/ ]
        C:\USERS\PETER\Cookies\0RE5KFU6.txt [ Cookie:peter@track.adform.net/ ]
        C:\USERS\PETER\Cookies\20IQEN0T.txt [ Cookie:peter@adfarm1.adition.com/ ]
        C:\USERS\PETER\Cookies\9WCOH8T6.txt [ Cookie:peter@ad1.adfarm1.adition.com/ ]
        C:\USERS\PETER\Cookies\PHJTZORJ.txt [ Cookie:peter@kontera.com/ ]
        C:\USERS\PETER\Cookies\MR1PPGFN.txt [ Cookie:peter@serving-sys.com/ ]
        C:\USERS\PETER\Cookies\93I9XZRH.txt [ Cookie:peter@www.googleadservices.com/pagead/conversion/970872302/ ]
        C:\USERS\PETER\Cookies\Z5NLAM39.txt [ Cookie:peter@atdmt.com/ ]
        C:\USERS\PETER\Cookies\VX97VFDI.txt [ Cookie:peter@adform.net/ ]
        C:\USERS\PETER\Cookies\D7SOKKA0.txt [ Cookie:peter@server.iad.liveperson.net/ ]
        C:\USERS\PETER\Cookies\5TA7PIEI.txt [ Cookie:peter@im.banner.t-online.de/ ]
        C:\USERS\PETER\Cookies\POUA0PHD.txt [ Cookie:peter@www.googleadservices.com/pagead/conversion/1061953847/ ]
        C:\USERS\PETER\Cookies\TBHY1HGZ.txt [ Cookie:peter@at.atwola.com/ ]
        C:\USERS\PETER\Cookies\CKOBUP0T.txt [ Cookie:peter@apmebf.com/ ]
        C:\USERS\PETER\Cookies\I26H6LTJ.txt [ Cookie:peter@ad.yieldmanager.com/ ]
        C:\USERS\PETER\Cookies\LF8J6CLQ.txt [ Cookie:peter@eas.apm.emediate.eu/ ]
        C:\USERS\PETER\Cookies\QQ5ZGE54.txt [ Cookie:peter@mediaplex.com/ ]
        C:\USERS\PETER\Cookies\CJAS9XP6.txt [ Cookie:peter@adbrite.com/ ]
        C:\USERS\PETER\Cookies\WMR22KQ2.txt [ Cookie:peter@doubleclick.net/ ]
        C:\USERS\PETER\Cookies\SFWB7JHI.txt [ Cookie:peter@www.etracker.de/ ]
        .divx.112.2o7.net [ L:\HARDDISK_CW\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        L:\HARDDISK_CW\CHRISTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\CHRISTIAN@ATDMT[1].TXT [ /ATDMT ]
        L:\HARDDISK_CW\CHRISTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\CHRISTIAN@BS.SERVING-SYS[2].TXT [ /BS.SERVING-SYS ]
        L:\HARDDISK_CW\CHRISTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\CHRISTIAN@SERVING-SYS[2].TXT [ /SERVING-SYS ]
        L:\HARDDISK_CW\CHRISTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHRISTIAN@2O7[1].TXT [ /2O7 ]
        L:\HARDDISK_CW\CHRISTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHRISTIAN@ATDMT[2].TXT [ /ATDMT ]
        L:\HARDDISK_CW\CHRISTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHRISTIAN@MSNPORTAL.112.2O7[1].TXT [ /MSNPORTAL.112.2O7 ]
        www.etracker.de [ L:\HARDDISK_CW\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4UE6LK9.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ L:\HARDDISK_CW\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4UE6LK9.DEFAULT\COOKIES.SQLITE ]
        .msnportal.112.2o7.net [ L:\HARDDISK_CW\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4UE6LK9.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ L:\HARDDISK_CW\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4UE6LK9.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ L:\HARDDISK_CW\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4UE6LK9.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ L:\HARDDISK_CW\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4UE6LK9.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ L:\HARDDISK_CW\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4UE6LK9.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ L:\HARDDISK_CW\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4UE6LK9.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ L:\HARDDISK_CW\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4UE6LK9.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ L:\HARDDISK_CW\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4UE6LK9.DEFAULT\COOKIES.SQLITE ]
        statse.webtrendslive.com [ L:\HARDDISK_CW\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4UE6LK9.DEFAULT\COOKIES.SQLITE ]
        .first-internet-sex-shop.at [ L:\HARDDISK_CW\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4UE6LK9.DEFAULT\COOKIES.SQLITE ]
        .first-internet-sex-shop.at [ L:\HARDDISK_CW\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4UE6LK9.DEFAULT\COOKIES.SQLITE ]
        .divx.112.2o7.net [ L:\HARDDISK_CW\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4UE6LK9.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ L:\HARDDISK_CW\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4UE6LK9.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ L:\HARDDISK_CW\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4UE6LK9.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ L:\HARDDISK_CW\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4UE6LK9.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ L:\HARDDISK_CW\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4UE6LK9.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ L:\HARDDISK_CW\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4UE6LK9.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ L:\HARDDISK_CW\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4UE6LK9.DEFAULT\COOKIES.SQLITE ]
        .statcounter.com [ L:\HARDDISK_CW\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4UE6LK9.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ L:\HARDDISK_CW\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4UE6LK9.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ L:\HARDDISK_CW\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4UE6LK9.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ L:\HARDDISK_CW\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4UE6LK9.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ L:\HARDDISK_CW\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4UE6LK9.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ L:\HARDDISK_CW\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4UE6LK9.DEFAULT\COOKIES.SQLITE ]
        clickz.lonelycheatingwives.com [ L:\HARDDISK_CW\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4UE6LK9.DEFAULT\COOKIES.SQLITE ]
        .adultfriendfinder.com [ L:\HARDDISK_CW\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4UE6LK9.DEFAULT\COOKIES.SQLITE ]
        .adultfriendfinder.com [ L:\HARDDISK_CW\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4UE6LK9.DEFAULT\COOKIES.SQLITE ]
        .adultfriendfinder.com [ L:\HARDDISK_CW\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4UE6LK9.DEFAULT\COOKIES.SQLITE ]
        .adultfriendfinder.com [ L:\HARDDISK_CW\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4UE6LK9.DEFAULT\COOKIES.SQLITE ]
        .adultfriendfinder.com [ L:\HARDDISK_CW\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4UE6LK9.DEFAULT\COOKIES.SQLITE ]
        .adultfriendfinder.com [ L:\HARDDISK_CW\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4UE6LK9.DEFAULT\COOKIES.SQLITE ]
        .adultfriendfinder.com [ L:\HARDDISK_CW\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4UE6LK9.DEFAULT\COOKIES.SQLITE ]
        clickz.gettraffic.com [ L:\HARDDISK_CW\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4UE6LK9.DEFAULT\COOKIES.SQLITE ]
        .fastclick.net [ L:\HARDDISK_CW\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4UE6LK9.DEFAULT\COOKIES.SQLITE ]
        .fastclick.net [ L:\HARDDISK_CW\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4UE6LK9.DEFAULT\COOKIES.SQLITE ]
        .fastclick.net [ L:\HARDDISK_CW\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4UE6LK9.DEFAULT\COOKIES.SQLITE ]
        .fastclick.net [ L:\HARDDISK_CW\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4UE6LK9.DEFAULT\COOKIES.SQLITE ]
        .tribalfusion.com [ L:\HARDDISK_CW\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4UE6LK9.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ L:\HARDDISK_CW\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4UE6LK9.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ L:\HARDDISK_CW\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4UE6LK9.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ L:\HARDDISK_CW\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4UE6LK9.DEFAULT\COOKIES.SQLITE ]
        livestat.derstandard.at [ L:\HARDDISK_CW\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4UE6LK9.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ L:\HARDDISK_CW\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4UE6LK9.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ L:\HARDDISK_CW\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4UE6LK9.DEFAULT\COOKIES.SQLITE ]
        .bs.serving-sys.com [ L:\HARDDISK_CW\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4UE6LK9.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ L:\HARDDISK_CW\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4UE6LK9.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ L:\HARDDISK_CW\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4UE6LK9.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ L:\HARDDISK_CW\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4UE6LK9.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ L:\HARDDISK_CW\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4UE6LK9.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ L:\HARDDISK_CW\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4UE6LK9.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ L:\HARDDISK_CW\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4UE6LK9.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ L:\HARDDISK_CW\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4UE6LK9.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ L:\HARDDISK_CW\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4UE6LK9.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ L:\HARDDISK_CW\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4UE6LK9.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ L:\HARDDISK_CW\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4UE6LK9.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ L:\HARDDISK_CW\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4UE6LK9.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ L:\HARDDISK_CW\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4UE6LK9.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ L:\HARDDISK_CW\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4UE6LK9.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ L:\HARDDISK_CW\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4UE6LK9.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ L:\HARDDISK_CW\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4UE6LK9.DEFAULT\COOKIES.SQLITE ]
        www.first-internet-sex-shop.at [ L:\HARDDISK_CW\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4UE6LK9.DEFAULT\COOKIES.SQLITE ]
        .first-internet-sex-shop.at [ L:\HARDDISK_CW\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4UE6LK9.DEFAULT\COOKIES.SQLITE ]
        .adultfriendfinder.com [ L:\HARDDISK_CW\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4UE6LK9.DEFAULT\COOKIES.SQLITE ]
        .adultfriendfinder.com [ L:\HARDDISK_CW\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4UE6LK9.DEFAULT\COOKIES.SQLITE ]
        L:\HARDDISK_CW\HELGA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HELGA@AD.YIELDMANAGER[2].TXT [ /AD.YIELDMANAGER ]
        L:\HARDDISK_CW\HELGA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HELGA@ATDMT[2].TXT [ /ATDMT ]
        accounts.youtube.com [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .accounts.google.com [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .accounts.google.com [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        accounts.google.com [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        accounts.google.com [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ads2.vincentz.de [ C:\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RZBGW212.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RZBGW212.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RZBGW212.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RZBGW212.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RZBGW212.DEFAULT\COOKIES.SQLITE ]
        .exoclick.com [ C:\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RZBGW212.DEFAULT\COOKIES.SQLITE ]
        statse.webtrendslive.com [ C:\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RZBGW212.DEFAULT\COOKIES.SQLITE ]
        cdn2.invitemedia.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Q7VVKA97 ]
        content.yieldmanager.edgesuite.net [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Q7VVKA97 ]
        s0.2mdn.net [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Q7VVKA97 ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@FINDCDCOVERS[2].TXT [ /FINDCDCOVERS ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@AD1.CHEFKOCH[1].TXT [ /AD1.CHEFKOCH ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@COLLECTIVE-MEDIA[2].TXT [ /COLLECTIVE-MEDIA ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@WWW.GOOGLEADSERVICES[6].TXT [ /WWW.GOOGLEADSERVICES ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@WWW.GOOGLEADSERVICES[7].TXT [ /WWW.GOOGLEADSERVICES ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@SEVENONEINTERMEDIA.112.2O7[1].TXT [ /SEVENONEINTERMEDIA.112.2O7 ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@WWW.GOOGLEADSERVICES[4].TXT [ /WWW.GOOGLEADSERVICES ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@WWW.GOOGLEADSERVICES[5].TXT [ /WWW.GOOGLEADSERVICES ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@WWW.GOOGLEADSERVICES[2].TXT [ /WWW.GOOGLEADSERVICES ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@WWW.GOOGLEADSERVICES[3].TXT [ /WWW.GOOGLEADSERVICES ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@WWW.GOOGLEADSERVICES[1].TXT [ /WWW.GOOGLEADSERVICES ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@EHG-ADIDAS.HITBOX[2].TXT [ /EHG-ADIDAS.HITBOX ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@ADS.TREIBER[2].TXT [ /ADS.TREIBER ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@WWW.CLICKMANAGE[2].TXT [ /WWW.CLICKMANAGE ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@AD.TRUSTEDOPINION[1].TXT [ /AD.TRUSTEDOPINION ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@ADS.BRIDGETRACK[2].TXT [ /ADS.BRIDGETRACK ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@AT.ATWOLA[2].TXT [ /AT.ATWOLA ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@WEBCOUNT.FERATEL[2].TXT [ /WEBCOUNT.FERATEL ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@TRACKING.3GNET[1].TXT [ /TRACKING.3GNET ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@MEDIA.ADREVOLVER[1].TXT [ /MEDIA.ADREVOLVER ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@TRACKER.TREKWORLD[1].TXT [ /TRACKER.TREKWORLD ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@BROWNSHOE.112.2O7[1].TXT [ /BROWNSHOE.112.2O7 ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@MEDIAMARKT[2].TXT [ /MEDIAMARKT ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@TRACK.ADFORM[2].TXT [ /TRACK.ADFORM ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@WWW.GOOGLEADSERVICES[8].TXT [ /WWW.GOOGLEADSERVICES ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@WWW.GOOGLEADSERVICES[9].TXT [ /WWW.GOOGLEADSERVICES ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@TACODA[1].TXT [ /TACODA ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@SKYDEUTSCHLAND.122.2O7[1].TXT [ /SKYDEUTSCHLAND.122.2O7 ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@UNITYMEDIA[2].TXT [ /UNITYMEDIA ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@OPENXXX.VIRAGEMEDIA[2].TXT [ /OPENXXX.VIRAGEMEDIA ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@FL01.CT2.COMCLICK[1].TXT [ /FL01.CT2.COMCLICK ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@TTO2.TRAFFICTRACK[1].TXT [ /TTO2.TRAFFICTRACK ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@LFSTMEDIA[2].TXT [ /LFSTMEDIA ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@CHITIKA[2].TXT [ /CHITIKA ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@TRAFFICMP[1].TXT [ /TRAFFICMP ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@AD.YIELDMANAGER[2].TXT [ /AD.YIELDMANAGER ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@WOTIFCOM.112.2O7[1].TXT [ /WOTIFCOM.112.2O7 ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@STATS.N1Q[1].TXT [ /STATS.N1Q ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@SERVER.IAD.LIVEPERSON[1].TXT [ /SERVER.IAD.LIVEPERSON ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@TRIBALFUSION[1].TXT [ /TRIBALFUSION ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@WWW.MAD4MEDIA[1].TXT [ /WWW.MAD4MEDIA ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@E-2DJ6WNLOWGC5OGP.STATS.ESOMNITURE[2].TXT [ /E-2DJ6WNLOWGC5OGP.STATS.ESOMNITURE ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@NEXTAG[2].TXT [ /NEXTAG ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@CASALEMEDIA[2].TXT [ /CASALEMEDIA ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@REVSCI[1].TXT [ /REVSCI ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@ADBRITE[1].TXT [ /ADBRITE ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@ADS.MAMBOCOMMUNITIES[2].TXT [ /ADS.MAMBOCOMMUNITIES ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@MEDIA6DEGREES[1].TXT [ /MEDIA6DEGREES ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@CLICKANDBUY[1].TXT [ /CLICKANDBUY ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@TRACKING.QUISMA[1].TXT [ /TRACKING.QUISMA ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@SOULCOUNTRY[1].TXT [ /SOULCOUNTRY ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@IM.BANNER.T-ONLINE[1].TXT [ /IM.BANNER.T-ONLINE ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@SERVING-SYS[1].TXT [ /SERVING-SYS ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@NERO.122.2O7[1].TXT [ /NERO.122.2O7 ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@ADSERVER.3DIGIT[1].TXT [ /ADSERVER.3DIGIT ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@SERVING-SYS[2].TXT [ /SERVING-SYS ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@TRACKALYZER[1].TXT [ /TRACKALYZER ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@SONYEUROPE.112.2O7[1].TXT [ /SONYEUROPE.112.2O7 ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@YADRO[1].TXT [ /YADRO ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@WWW.ZANOX-AFFILIATE[1].TXT [ /WWW.ZANOX-AFFILIATE ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@ADSERVER.TRAFFICTRACK[2].TXT [ /ADSERVER.TRAFFICTRACK ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@ADS.CRAKMEDIA[1].TXT [ /ADS.CRAKMEDIA ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@DFB.STATS.YUM[1].TXT [ /DFB.STATS.YUM ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@IACAS.ADBUREAU[1].TXT [ /IACAS.ADBUREAU ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@ADSERVX.OMG.COM[1].TXT [ /ADSERVX.OMG.COM ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@ADS.QUARTERMEDIA[2].TXT [ /ADS.QUARTERMEDIA ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@ADS.ZEUSCLICKS[1].TXT [ /ADS.ZEUSCLICKS ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@LIVESTAT.DERSTANDARD[1].TXT [ /LIVESTAT.DERSTANDARD ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@EAS4.EMEDIATE[2].TXT [ /EAS4.EMEDIATE ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@TRAVELADVERTISING[2].TXT [ /TRAVELADVERTISING ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@SHOPPING.112.2O7[1].TXT [ /SHOPPING.112.2O7 ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@MEDIA.SENSIS.COM[1].TXT [ /MEDIA.SENSIS.COM ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@ATDMT[2].TXT [ /ATDMT ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@REVENUE[2].TXT [ /REVENUE ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@MICROSOFTINTERNETEXPLORER.112.2O7[1].TXT [ /MICROSOFTINTERNETEXPLORER.112.2O7 ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@CDN5.SPECIFICCLICK[1].TXT [ /CDN5.SPECIFICCLICK ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@AD.ZANOX[2].TXT [ /AD.ZANOX ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@REALMEDIA[2].TXT [ /REALMEDIA ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@SPORT-FINDEN[2].TXT [ /SPORT-FINDEN ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@MICROSOFTMACHINETRANSLATION.112.2O7[1].TXT [ /MICROSOFTMACHINETRANSLATION.112.2O7 ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@PHOTOBOX.112.2O7[1].TXT [ /PHOTOBOX.112.2O7 ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@FASTCLICK[1].TXT [ /FASTCLICK ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@WWW.BIGTRACKER[2].TXT [ /WWW.BIGTRACKER ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@STATS.PAYPAL[2].TXT [ /STATS.PAYPAL ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@SOCIALMEDIA[1].TXT [ /SOCIALMEDIA ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@APMEBF[2].TXT [ /APMEBF ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@SENSISMEDIASMART.COM[1].TXT [ /SENSISMEDIASMART.COM ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@EHG-IMATION.HITBOX[2].TXT [ /EHG-IMATION.HITBOX ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@BLUESTREAK[1].TXT [ /BLUESTREAK ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@BIZRATE[1].TXT [ /BIZRATE ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@PARTY-DISCOUNT[2].TXT [ /PARTY-DISCOUNT ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@E-2DJ6WNMYUJDPECO.STATS.ESOMNITURE[2].TXT [ /E-2DJ6WNMYUJDPECO.STATS.ESOMNITURE ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@ZANOX-AFFILIATE[1].TXT [ /ZANOX-AFFILIATE ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@ADS.MEDIENHAUS[1].TXT [ /ADS.MEDIENHAUS ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@AD.ADSERVER01[1].TXT [ /AD.ADSERVER01 ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@A6.ADSERVER01[1].TXT [ /A6.ADSERVER01 ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@F2NETWORK.112.2O7[1].TXT [ /F2NETWORK.112.2O7 ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@ADS2.ADULTADVERTISING[1].TXT [ /ADS2.ADULTADVERTISING ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@MAD4MEDIA[2].TXT [ /MAD4MEDIA ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@ADS.WARMNETWORKS[2].TXT [ /ADS.WARMNETWORKS ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@ADS1.ADULTADVERTISING[1].TXT [ /ADS1.ADULTADVERTISING ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@TRACKING.MLSAT02[1].TXT [ /TRACKING.MLSAT02 ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@LIVEPERSON[3].TXT [ /LIVEPERSON ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@LIVEPERSON[1].TXT [ /LIVEPERSON ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@INTERCLICK[2].TXT [ /INTERCLICK ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@EHG-FUTUREPUB.HITBOX[1].TXT [ /EHG-FUTUREPUB.HITBOX ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@CN.CLICKABLE[1].TXT [ /CN.CLICKABLE ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@E-2DJ6WDLIAHDZIEP.STATS.ESOMNITURE[2].TXT [ /E-2DJ6WDLIAHDZIEP.STATS.ESOMNITURE ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@ADS.POINTROLL[2].TXT [ /ADS.POINTROLL ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@AD.ADC-SERV[1].TXT [ /AD.ADC-SERV ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@ROTATOR.ADJUGGLER[1].TXT [ /ROTATOR.ADJUGGLER ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@EAS.APM.EMEDIATE[2].TXT [ /EAS.APM.EMEDIATE ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@DOUBLECLICK[1].TXT [ /DOUBLECLICK ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@FARHEAP.122.2O7[1].TXT [ /FARHEAP.122.2O7 ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@TRACKING.MINDSHARE[1].TXT [ /TRACKING.MINDSHARE ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@WWW.MEDIAMARKT[2].TXT [ /WWW.MEDIAMARKT ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@NIKE.112.2O7[1].TXT [ /NIKE.112.2O7 ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@ZBOX.ZANOX[2].TXT [ /ZBOX.ZANOX ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@MICROSOFTWINDOWS.112.2O7[1].TXT [ /MICROSOFTWINDOWS.112.2O7 ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@REWETOURISTIK.112.2O7[1].TXT [ /REWETOURISTIK.112.2O7 ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@MSNACCOUNTSERVICES.112.2O7[1].TXT [ /MSNACCOUNTSERVICES.112.2O7 ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@CONTENT.YIELDMANAGER[1].TXT [ /CONTENT.YIELDMANAGER ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@XITI[1].TXT [ /XITI ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@BWINCOM.122.2O7[1].TXT [ /BWINCOM.122.2O7 ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@ZEDO[1].TXT [ /ZEDO ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@SERVER.LON.LIVEPERSON[4].TXT [ /SERVER.LON.LIVEPERSON ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@ADSERVER.ADREACTOR[1].TXT [ /ADSERVER.ADREACTOR ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@ACCOUNT.LIVE[2].TXT [ /ACCOUNT.LIVE ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@IMRWORLDWIDE[2].TXT [ /IMRWORLDWIDE ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@E-2DJ6WGLYONAZCGO.STATS.ESOMNITURE[2].TXT [ /E-2DJ6WGLYONAZCGO.STATS.ESOMNITURE ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@CREATIVES.COMMINDO-MEDIA[2].TXT [ /CREATIVES.COMMINDO-MEDIA ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@SERVER.LON.LIVEPERSON[1].TXT [ /SERVER.LON.LIVEPERSON ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@ADSERVER.ADTECHUS[1].TXT [ /ADSERVER.ADTECHUS ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@ADS.GLISPA[2].TXT [ /ADS.GLISPA ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@LINK.MERCENT[1].TXT [ /LINK.MERCENT ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@LIVENATION.122.2O7[1].TXT [ /LIVENATION.122.2O7 ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@WWW.ETRACKER[2].TXT [ /WWW.ETRACKER ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@SERVER.LON.LIVEPERSON[3].TXT [ /SERVER.LON.LIVEPERSON ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@TRACK.WEBTREKK[3].TXT [ /TRACK.WEBTREKK ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@WWW.TENNISEXPRESS[1].TXT [ /WWW.TENNISEXPRESS ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@WW251.SMARTADSERVER[1].TXT [ /WW251.SMARTADSERVER ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@STAT.DEALTIME[2].TXT [ /STAT.DEALTIME ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@HOTLOG[1].TXT [ /HOTLOG ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@SMARTADSERVER[1].TXT [ /SMARTADSERVER ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@TRACK.WEBTREKK[5].TXT [ /TRACK.WEBTREKK ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@TRACK.WEBTREKK[4].TXT [ /TRACK.WEBTREKK ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@TRACK.WEBTREKK[1].TXT [ /TRACK.WEBTREKK ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@TRACK.WEBTREKK[2].TXT [ /TRACK.WEBTREKK ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@DREAMSINC.112.2O7[1].TXT [ /DREAMSINC.112.2O7 ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@STATCOUNTER[1].TXT [ /STATCOUNTER ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@STATS.ARVIS[2].TXT [ /STATS.ARVIS ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@ADS.ADULTADVERTISING[2].TXT [ /ADS.ADULTADVERTISING ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@STATSE.WEBTRENDSLIVE[1].TXT [ /STATSE.WEBTRENDSLIVE ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@ADS.CLUBPORTAL[1].TXT [ /ADS.CLUBPORTAL ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@ADFARM1.ADITION[2].TXT [ /ADFARM1.ADITION ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@POINTROLL[2].TXT [ /POINTROLL ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@HITBOX[2].TXT [ /HITBOX ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@BEACON.DMSINSIGHTS[2].TXT [ /BEACON.DMSINSIGHTS ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@2O7[1].TXT [ /2O7 ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@AD2.DOUBLEPIMP[1].TXT [ /AD2.DOUBLEPIMP ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@SPECIFICCLICK[1].TXT [ /SPECIFICCLICK ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@RAINBOWMEDIA.122.2O7[1].TXT [ /RAINBOWMEDIA.122.2O7 ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@ZANOX[2].TXT [ /ZANOX ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@A.REVENUEMAX[1].TXT [ /A.REVENUEMAX ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@ADX.CHIP[2].TXT [ /ADX.CHIP ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@ADREVOLVER[2].TXT [ /ADREVOLVER ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@WWW.BURSTNET[1].TXT [ /WWW.BURSTNET ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@E-2DJ6WFKIUOC5MBP.STATS.ESOMNITURE[2].TXT [ /E-2DJ6WFKIUOC5MBP.STATS.ESOMNITURE ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@AD.HTTPOOL[1].TXT [ /AD.HTTPOOL ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@ADS.DOODLE[1].TXT [ /ADS.DOODLE ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@AUDIT.MEDIAN[1].TXT [ /AUDIT.MEDIAN ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@EHG-FIFA.HITBOX[1].TXT [ /EHG-FIFA.HITBOX ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@ADS.UNDERTONE[2].TXT [ /ADS.UNDERTONE ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@EHG-NOKIAFIN.HITBOX[2].TXT [ /EHG-NOKIAFIN.HITBOX ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@ADVERTISER.CONTEXTMATTERS[1].TXT [ /ADVERTISER.CONTEXTMATTERS ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@WWW.GOOGLEADSERVICES[10].TXT [ /WWW.GOOGLEADSERVICES ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@ADVIVA[1].TXT [ /ADVIVA ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@WWW.GOOGLEADSERVICES[11].TXT [ /WWW.GOOGLEADSERVICES ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@EUROS4CLICK[1].TXT [ /EUROS4CLICK ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@BS.SERVING-SYS[1].TXT [ /BS.SERVING-SYS ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@COUNTER.TOP[2].TXT [ /COUNTER.TOP ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@PASSENDE-GEDICHTE-FINDEN[2].TXT [ /PASSENDE-GEDICHTE-FINDEN ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@AD.BEEPWORLD[1].TXT [ /AD.BEEPWORLD ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@AD2.ADFARM1.ADITION[2].TXT [ /AD2.ADFARM1.ADITION ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@AD.AD-SRV[2].TXT [ /AD.AD-SRV ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@AD.ADNET[2].TXT [ /AD.ADNET ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@TRADEDOUBLER[1].TXT [ /TRADEDOUBLER ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@DEUTSCHEPOSTAG.112.2O7[1].TXT [ /DEUTSCHEPOSTAG.112.2O7 ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@IN.GETCLICKY[1].TXT [ /IN.GETCLICKY ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@INVITEMEDIA[1].TXT [ /INVITEMEDIA ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@TOPLIST[1].TXT [ /TOPLIST ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@WEBMASTERPLAN[1].TXT [ /WEBMASTERPLAN ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@DEALTIME[2].TXT [ /DEALTIME ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@IMGW.ADBUREAU[2].TXT [ /IMGW.ADBUREAU ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@WWW.BIZRATE[2].TXT [ /WWW.BIZRATE ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@TRAFFICTRACK[2].TXT [ /TRAFFICTRACK ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@ADVERTISING[1].TXT [ /ADVERTISING ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@PARTYPOKER[2].TXT [ /PARTYPOKER ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@BURSTNET[2].TXT [ /BURSTNET ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@RTS.PGMEDIASERVE[2].TXT [ /RTS.PGMEDIASERVE ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@VIDEO.SOULCOUNTRY[2].TXT [ /VIDEO.SOULCOUNTRY ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@PAYPAL.112.2O7[1].TXT [ /PAYPAL.112.2O7 ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@EDSA.122.2O7[1].TXT [ /EDSA.122.2O7 ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@ADS.KOHSAMUIWEBDESIGN[2].TXT [ /ADS.KOHSAMUIWEBDESIGN ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@STAT.ALDI[1].TXT [ /STAT.ALDI ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PETER@MSNPORTAL.112.2O7[1].TXT [ /MSNPORTAL.112.2O7 ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\PETER@SERVING-SYS[1].TXT [ /SERVING-SYS ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\PETER@ATDMT[1].TXT [ /ATDMT ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\PETER@TRACK.WEBTREKK[1].TXT [ /TRACK.WEBTREKK ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\PETER@TRACK.WEBTREKK[2].TXT [ /TRACK.WEBTREKK ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\PETER@2O7[2].TXT [ /2O7 ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\PETER@STATSE.WEBTRENDSLIVE[2].TXT [ /STATSE.WEBTRENDSLIVE ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\PETER@BS.SERVING-SYS[1].TXT [ /BS.SERVING-SYS ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\PETER@ADTECH[2].TXT [ /ADTECH ]
        C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\PETER@PERF.OVERTURE[1].TXT [ /PERF.OVERTURE ]
        .2o7.net [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .ad.adnet.de [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .ad.adnet.de [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .ad.yieldmanager.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .ad.yieldmanager.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .ad.yieldmanager.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .adrevolver.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .adrevolver.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .ads.quartermedia.de [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .ads.quartermedia.de [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .ads.quartermedia.de [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .adviva.net [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .adviva.net [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .adx.chip.de [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .audit.median.hu [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .bs.serving-sys.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .burstnet.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .bwincom.122.2o7.net [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .cdn5.specificclick.net [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .clickandbuy.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .clickandbuy.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .collective-media.net [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .de.sitestat.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .de.sitestat.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .de.sitestat.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .de.sitestat.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .de.sitestat.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .dfb.stats.yum.de [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .dfb.stats.yum.de [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wfkiuoc5mbp.stats.esomniture.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .eas.apm.emediate.eu [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .farheap.122.2o7.net [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .fastclick.net [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .fastclick.net [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .fastclick.net [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .fastclick.net [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .fastclick.net [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .findcdcovers.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .fl01.ct2.comclick.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .fl01.ct2.comclick.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .imgw.adbureau.net [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .interclick.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .interclick.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .lfstmedia.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .livenation.122.2o7.net [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .mad4media.de [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .media.adrevolver.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .media.sensis.com.au [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .media.sensis.com.au [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .microsoftinternetexplorer.112.2o7.net [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .microsoftmachinetranslation.112.2o7.net [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .msnaccountservices.112.2o7.net [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .msnportal.112.2o7.net [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .nero.122.2o7.net [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .nike.112.2o7.net [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .openxxx.viragemedia.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .party-discount.de [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .paypal.112.2o7.net [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .rainbowmedia.122.2o7.net [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .realmedia.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .realmedia.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .realmedia.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .revenue.net [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .rewetouristik.112.2o7.net [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .rts.pgmediaserve.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .sevenoneintermedia.112.2o7.net [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .socialmedia.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .sonyeurope.112.2o7.net [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .soulcountry.at [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .specificclick.net [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .specificclick.net [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .specificclick.net [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .specificclick.net [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .specificclick.net [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .specificclick.net [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .specificclick.net [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .sport-finden.de [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .statcounter.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .statcounter.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .statcounter.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .statcounter.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .statcounter.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .statcounter.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .stats.arvis.it [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .stats.paypal.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .statse.webtrendslive.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .track.webtrekk.de [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .track.webtrekk.de [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .track.webtrekk.de [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .trackalyzer.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .tracking.3gnet.de [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .trafficmp.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .trafficmp.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .trafficmp.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .traffictrack.de [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .traffictrack.de [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .tribalfusion.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .tribalfusion.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .tribalfusion.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .tribalfusion.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .tribalfusion.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .tto2.traffictrack.de [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .video.soulcountry.at [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .webcount.feratel.at [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .wotifcom.112.2o7.net [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .www.bigtracker.de [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .www.zanox-affiliate.de [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .xiti.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .yadro.ru [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .zbox.zanox.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\WINDOWS.OLD\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MR2X52I9.DEFAULT\COOKIES.SQLITE ]

Trojan.Agent/Gen-FakeDoc
        L:\BILDER\ICONS\NEW ICON LWNMWRMAN.DEVIANTART UPDATE.ICL
        C:\USERS\PETER\PICTURES\ICONS\NEW ICON LWNMWRMAN.DEVIANTART UPDATE.ICL
        C:\WINDOWS.OLD\USERS\PETER\PICTURES\ICONS\NEW ICON LWNMWRMAN.DEVIANTART UPDATE.ICL

Trojan.Dropper/Win-NV
        C:\WINDOWS.OLD\PROGRAM FILES (X86)\DELL SUPPORT CENTER\HWDIAG\BIN\HTTP.DLL
        C:\WINDOWS.OLD\PROGRAM FILES (X86)\WIN2DAY POKER\UPDATE.EXE

Gruß,
Peter

cosinus 11.08.2012 15:14

IMHO nur Fehlalarme von SASW und Cookies

Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )


Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

ph1979 13.08.2012 11:12

Das klingt ja schon sehr gut. Mein System läuft so weit ich es beurteilen kann wieder ohne Probleme.

Vielen Dank für die detailierten Ausführungen betreffend den Cookies.

- Kann ich SuperAntiSpyware wieder deinstallieren?
- Was ist mit den restlichen Tools (OTL, aswMBR, ComboFix, tdsskiller, OSAM, etc.) soll ich sie wieder entfernen?

Herzliche Grüße,

Peter

cosinus 13.08.2012 17:40

Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.


Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks => Adobe Flash Player Distribution | Adobe

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

ph1979 14.08.2012 11:05

Super. :dankeschoen:

Möchte mich ganz herzlich bei dir für die ausgezeichnete Betreuung und Hilfeleistung zu meinem Problem bedanken.

Finde es toll, dass es euch gibt! Danke nochmals!

Herzliche Grüße,

Peter


Alle Zeitangaben in WEZ +1. Es ist jetzt 14:20 Uhr.

Copyright ©2000-2021, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58