Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Trojaner AT/ATRAPS.GEN2, Unterstützung beim entfernen (https://www.trojaner-board.de/121855-trojaner-at-atraps-gen2-unterstuetzung-beim-entfernen.html)

Waterdragon 11.08.2012 17:53
Trojaner AT/ATRAPS.GEN2, Unterstützung beim entfernen
 
Hallo zusammen,

ich habe mir den Trojaner AT/ATRAPS.GEN2 eingefangen. Avira meldet sich alle paar Minuten, aber weder Quarantäne noch Entfernen bringen etwas. Könnt Ihr mir bitte helfen, den Trojaner vom System zu entfernen?

Die Logs von Defogger, OTL, MBAM und ESET habe ich vorsorglich schon mal erstellt:

Defogger:
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:39 on 11/08/2012 (Maus)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
OTL.txt:
Code:
OTL logfile created on: 11.08.2012 13:49:11 - Run 2
OTL by OldTimer - Version 3.2.56.0    Folder = C:\Users\Maus\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,46 Gb Available Physical Memory | 61,64% Memory free
8,23 Gb Paging File | 6,35 Gb Available in Paging File | 77,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 15,83 Gb Free Space | 32,41% Space Free | Partition Type: NTFS
Drive D: | 2,87 Gb Total Space | 2,81 Gb Free Space | 97,82% Space Free | Partition Type: NTFS
Drive E: | 48,83 Gb Total Space | 16,11 Gb Free Space | 32,99% Space Free | Partition Type: NTFS
Drive F: | 48,83 Gb Total Space | 22,77 Gb Free Space | 46,63% Space Free | Partition Type: NTFS
Drive G: | 48,83 Gb Total Space | 39,55 Gb Free Space | 80,98% Space Free | Partition Type: NTFS
Drive H: | 78,13 Gb Total Space | 8,05 Gb Free Space | 10,30% Space Free | Partition Type: NTFS
Drive I: | 78,13 Gb Total Space | 58,57 Gb Free Space | 74,97% Space Free | Partition Type: NTFS
Drive J: | 78,13 Gb Total Space | 63,05 Gb Free Space | 80,70% Space Free | Partition Type: NTFS
Drive K: | 78,13 Gb Total Space | 67,97 Gb Free Space | 86,99% Space Free | Partition Type: NTFS
Drive L: | 39,07 Gb Total Space | 16,91 Gb Free Space | 43,29% Space Free | Partition Type: NTFS
Drive M: | 24,42 Gb Total Space | 19,16 Gb Free Space | 78,45% Space Free | Partition Type: NTFS
Drive N: | 9,77 Gb Total Space | 1,62 Gb Free Space | 16,58% Space Free | Partition Type: NTFS
 
Computer Name: MAUS-PC | User Name: Maus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Maus\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Windows\SysWOW64\conime.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ForceWare Intelligent Application Manager (IAM) -- C:\Programme\bin32\nSvcAppFlt.exe ()
SRV - (nSvcIp) -- C:\Programme\bin32\nSvcIp.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\DRIVERS\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\DRIVERS\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdLH6.sys (Advanced Micro Devices)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\DRIVERS\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys ()
DRV - (AODDriver4.1) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1573093539-3000668172-1714174166-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1573093539-3000668172-1714174166-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1573093539-3000668172-1714174166-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 73 32 BE 78 E3 6C CD 01  [binary data]
IE - HKU\S-1-5-21-1573093539-3000668172-1714174166-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1573093539-3000668172-1714174166-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-1573093539-3000668172-1714174166-1000\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
IE - HKU\S-1-5-21-1573093539-3000668172-1714174166-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1573093539-3000668172-1714174166-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=b887fd8b-c7b7-4d99-85f5-a9c4bc37a01b&apn_sauid=041AD562-8D9C-45DF-ADD9-912C499EED13
IE - HKU\S-1-5-21-1573093539-3000668172-1714174166-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=b887fd8b-c7b7-4d99-85f5-a9c4bc37a01b&apn_ptnrs=%5EABT&apn_sauid=041AD562-8D9C-45DF-ADD9-912C499EED13&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.20 14:56:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.20 14:56:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.05.28 21:39:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maus\AppData\Roaming\mozilla\Extensions
[2012.05.30 18:12:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maus\AppData\Roaming\mozilla\Firefox\Profiles\siytadi4.default\extensions
[2012.06.08 10:28:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.20 14:56:42 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-1573093539-3000668172-1714174166-1000\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://javadl-esd.sun.com/update/1.6.0/jinstall-6u7-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {E4CF4E86-D0DC-4864-8F0E-4F6EA2526334} https://img.ui-portal.de/webde/smartdrive/activex/gmxnet_osupload_2002.cab (UI File Upload Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53A81723-D152-4E12-A80E-717200C4D36F}: DhcpNameServer = 192.168.2.1 192.168.2.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.03.13 23:54:45 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012.05.01 16:01:27 | 000,000,000 | ---D | M] - F:\Auto -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.08 21:27:24 | 000,000,000 | ---D | C] -- C:\Users\Maus\AppData\Roaming\Malwarebytes
[2012.08.08 21:27:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.08 21:27:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.08 21:27:16 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.08.08 21:27:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.08.08 21:02:28 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Maus\Desktop\OTL.exe
[2012.08.07 09:25:16 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2012.08.04 12:26:37 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.04 12:26:37 | 000,070,344 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.15 11:58:56 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.07.15 11:58:56 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.07.15 11:58:56 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.07.15 11:58:56 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.07.15 11:58:55 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.07.15 11:58:55 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.07.15 11:58:55 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.07.15 11:58:55 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.07.15 11:58:54 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.07.15 11:58:54 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.07.15 11:58:54 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.07.15 11:58:53 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.07.15 11:58:53 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.07.15 11:57:10 | 001,267,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.07.15 11:57:10 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.07.15 11:57:05 | 000,254,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.11 13:24:10 | 001,418,438 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.11 13:24:10 | 000,618,204 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.11 13:24:10 | 000,586,980 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.11 13:24:10 | 000,122,442 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.11 13:24:10 | 000,101,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.11 13:18:24 | 000,003,952 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.11 13:18:24 | 000,003,952 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.11 13:18:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.08 21:27:17 | 000,000,956 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.08 21:00:10 | 000,000,000 | ---- | M] () -- C:\Users\Maus\defogger_reenable
[2012.08.08 20:57:28 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Maus\Desktop\OTL.exe
[2012.08.08 20:57:15 | 000,050,477 | ---- | M] () -- C:\Users\Maus\Desktop\Defogger.exe
[2012.08.07 09:25:16 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2012.08.07 08:44:17 | 000,003,584 | ---- | M] () -- C:\Users\Maus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.08.04 12:26:37 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.04 12:26:37 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.15 12:07:04 | 000,255,744 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012.08.11 13:22:56 | 000,001,712 | ---- | C] () -- C:\Windows\Installer\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}\U\00000001.@
[2012.08.11 11:08:54 | 000,023,552 | ---- | C] () -- C:\Windows\Installer\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}\U\800000cb.@
[2012.08.11 11:08:54 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}\U\80000000.@
[2012.08.08 21:27:17 | 000,000,956 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.08 21:00:10 | 000,000,000 | ---- | C] () -- C:\Users\Maus\defogger_reenable
[2012.08.08 20:58:13 | 000,050,477 | ---- | C] () -- C:\Users\Maus\Desktop\Defogger.exe
[2012.06.08 08:15:05 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}\@
[2012.06.08 08:15:05 | 000,002,048 | -HS- | C] () -- C:\Users\Maus\AppData\Local\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}\@
[2012.06.02 16:35:43 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012.06.02 16:35:23 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2012.06.02 16:35:06 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2012.06.02 16:35:06 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2012.06.02 11:15:04 | 000,161,792 | ---- | C] () -- C:\Windows\regedit.exe
[2012.06.02 11:14:42 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2012.05.31 11:51:39 | 000,003,584 | ---- | C] () -- C:\Users\Maus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.28 19:13:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.05.28 18:39:29 | 000,025,472 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012.05.28 18:39:11 | 000,025,218 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012.05.28 18:39:10 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2012.05.28 18:34:16 | 000,000,732 | ---- | C] () -- C:\Users\Maus\AppData\Local\d3d9caps64.dat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== LOP Check ==========
 
[2012.06.09 17:52:08 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\FreePDF
[2012.05.29 21:14:17 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\OpenOffice.org
[2012.08.11 11:50:24 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
OTL Extras.txt:
Code:
OTL Extras logfile created on: 11.08.2012 13:49:11 - Run 2
OTL by OldTimer - Version 3.2.56.0    Folder = C:\Users\Maus\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,46 Gb Available Physical Memory | 61,64% Memory free
8,23 Gb Paging File | 6,35 Gb Available in Paging File | 77,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 15,83 Gb Free Space | 32,41% Space Free | Partition Type: NTFS
Drive D: | 2,87 Gb Total Space | 2,81 Gb Free Space | 97,82% Space Free | Partition Type: NTFS
Drive E: | 48,83 Gb Total Space | 16,11 Gb Free Space | 32,99% Space Free | Partition Type: NTFS
Drive F: | 48,83 Gb Total Space | 22,77 Gb Free Space | 46,63% Space Free | Partition Type: NTFS
Drive G: | 48,83 Gb Total Space | 39,55 Gb Free Space | 80,98% Space Free | Partition Type: NTFS
Drive H: | 78,13 Gb Total Space | 8,05 Gb Free Space | 10,30% Space Free | Partition Type: NTFS
Drive I: | 78,13 Gb Total Space | 58,57 Gb Free Space | 74,97% Space Free | Partition Type: NTFS
Drive J: | 78,13 Gb Total Space | 63,05 Gb Free Space | 80,70% Space Free | Partition Type: NTFS
Drive K: | 78,13 Gb Total Space | 67,97 Gb Free Space | 86,99% Space Free | Partition Type: NTFS
Drive L: | 39,07 Gb Total Space | 16,91 Gb Free Space | 43,29% Space Free | Partition Type: NTFS
Drive M: | 24,42 Gb Total Space | 19,16 Gb Free Space | 78,45% Space Free | Partition Type: NTFS
Drive N: | 9,77 Gb Total Space | 1,62 Gb Free Space | 16,58% Space Free | Partition Type: NTFS
 
Computer Name: MAUS-PC | User Name: Maus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe ()
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\regedit.exe ()
 
[HKEY_USERS\S-1-5-21-1573093539-3000668172-1714174166-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1" ()
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "L:\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "L:\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1" ()
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "L:\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "L:\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9D C2 5A C1 A5 40 CD 01  [binary data]
"VistaSp2" = 61 F0 43 92 CF 40 CD 01  [binary data]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0CC4F67D-D41D-8C1A-C605-39154DDEAC63}" = AMD Fuel
"{26A24AE4-039D-4CA4-87B4-2F86416031FF}" = Java(TM) 6 Update 31 (64-bit)
"{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"GPL Ghostscript 9.04" = GPL Ghostscript
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
"{D544AE4C-4152-225B-A897-6756C8986B14}" = AMD VISION Engine Control Center
"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"dm-Fotowelt" = dm-Fotowelt
"FreePDF_XP" = FreePDF (Remove only)
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1573093539-3000668172-1714174166-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 03.07.2012 15:22:07 | Computer Name = Maus-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung GTAIV.exe, Version 1.0.7.0, Zeitstempel 0x4bd9efbe,
 fehlerhaftes Modul xlive.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e39f, Ausnahmecode
 0xc0000138, Fehleroffset 0x0006f52f,  Prozess-ID 0x6fc, Anwendungsstartzeit 01cd59512305e817.
 
Error - 03.07.2012 15:22:39 | Computer Name = Maus-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung GTAIV.exe, Version 1.0.7.0, Zeitstempel 0x4bd9efbe,
 fehlerhaftes Modul xlive.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e39f, Ausnahmecode
 0xc0000138, Fehleroffset 0x0006f52f,  Prozess-ID 0xf20, Anwendungsstartzeit 01cd595135b61617.
 
Error - 05.07.2012 09:42:22 | Computer Name = Maus-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung FlashPlayerPlugin_11_3_300_262.exe, Version
11.3.300.262, Zeitstempel 0x4fe20fae, fehlerhaftes Modul NPSWF32_11_3_300_262.dll,
 Version 11.3.300.262, Zeitstempel 0x4fe21212, Ausnahmecode 0xc0000005, Fehleroffset
 0x0066d2ff,  Prozess-ID 0x414, Anwendungsstartzeit 01cd5ab06224eb93.
 
Error - 06.07.2012 11:18:02 | Computer Name = Maus-PC | Source = EventSystem | ID = 4609
Description =
 
Error - 06.07.2012 16:14:46 | Computer Name = Maus-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung dm-Fotowelt.exe, Version 0.0.0.0, Zeitstempel
 0x4fbc8b1d, fehlerhaftes Modul QtGui4.dll, Version 4.7.1.0, Zeitstempel 0x4e5e511b,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0044c4e3,  Prozess-ID 0x1270, Anwendungsstartzeit
 01cd5bb2c2ffaf20.
 
Error - 03.08.2012 03:25:02 | Computer Name = Maus-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 14.0.1.4577 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
 das Problem zu suchen.  Prozess-ID: d70  Anfangszeit: 01cd7142895c027c  Zeitpunkt der
 Beendigung: 31
 
Error - 07.08.2012 02:38:54 | Computer Name = Maus-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung GTAIV.exe, Version 1.0.6.0, Zeitstempel 0x4bb3ad56,
 fehlerhaftes Modul xlive.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e39f, Ausnahmecode
 0xc0000138, Fehleroffset 0x0006f52f,  Prozess-ID 0x1154, Anwendungsstartzeit 01cd74674ead6fd8.
 
Error - 07.08.2012 03:25:02 | Computer Name = Maus-PC | Source = System Restore | ID = 8193
Description =
 
Error - 07.08.2012 03:30:03 | Computer Name = Maus-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 14.0.1.4577 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
 das Problem zu suchen.  Prozess-ID: f10  Anfangszeit: 01cd74664c50c808  Zeitpunkt der
 Beendigung: 16
 
Error - 08.08.2012 15:39:45 | Computer Name = Maus-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "F:\__TROJANER\Tools\esetsmartinstaller_enu.exe".
 Fehler in Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die
 widersprüchlichen Komponenten sind:  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
 
[ System Events ]
Error - 10.08.2012 11:57:48 | Computer Name = Maus-PC | Source = Service Control Manager | ID = 7003
Description =
 
Error - 10.08.2012 13:18:40 | Computer Name = Maus-PC | Source = Service Control Manager | ID = 7023
Description =
 
Error - 10.08.2012 13:18:40 | Computer Name = Maus-PC | Source = Service Control Manager | ID = 7003
Description =
 
Error - 10.08.2012 13:18:40 | Computer Name = Maus-PC | Source = Service Control Manager | ID = 7003
Description =
 
Error - 11.08.2012 05:05:59 | Computer Name = Maus-PC | Source = Service Control Manager | ID = 7023
Description =
 
Error - 11.08.2012 05:05:59 | Computer Name = Maus-PC | Source = Service Control Manager | ID = 7003
Description =
 
Error - 11.08.2012 05:05:59 | Computer Name = Maus-PC | Source = Service Control Manager | ID = 7003
Description =
 
Error - 11.08.2012 07:20:03 | Computer Name = Maus-PC | Source = Service Control Manager | ID = 7023
Description =
 
Error - 11.08.2012 07:20:03 | Computer Name = Maus-PC | Source = Service Control Manager | ID = 7003
Description =
 
Error - 11.08.2012 07:20:03 | Computer Name = Maus-PC | Source = Service Control Manager | ID = 7003
Description =
 
 
< End of report >
MBAM Quickscan:
Code:
Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.10.07

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Maus :: MAUS-PC [Administrator]

Schutz: Aktiviert

11.08.2012 14:01:01
quick_mbam-log-2012-08-11 (14-02-30).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 187276
Laufzeit: 52 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Windows\Installer\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}\U\00000001.@ (RootKit.0Access.H) -> Keine Aktion durchgeführt.

(Ende)
MBAM Fullscan:

Code:
Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.10.07

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Maus :: MAUS-PC [Administrator]

Schutz: Aktiviert

11.08.2012 14:03:48
fullscan_mbam-log-2012-08-11 (15-49-11).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|L:\|M:\|N:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 546221
Laufzeit: 56 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Windows\Installer\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}\U\00000001.@ (RootKit.0Access.H) -> Keine Aktion durchgeführt.
G:\$RECYCLE.BIN\S-1-5-21-3797951732-3175958356-1652295579-1000\$R2XFZGP.exe (PUP.BundleInstaller.DU) -> Keine Aktion durchgeführt.

(Ende)
ESET:
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=6d8e22ba478565479d53ad3231b62efe
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-11 02:04:43
# local_time=2012-08-11 04:04:43 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 6468947 6468947 0 0
# compatibility_mode=5892 16776574 66 45 6063315 182217704 0 0
# compatibility_mode=8192 67108863 100 0 124 124 0 0
# scanned=3251
# found=0
# cleaned=0
# scan_time=85
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=6d8e22ba478565479d53ad3231b62efe
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-11 04:35:01
# local_time=2012-08-11 06:35:01 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 6469193 6469193 0 0
# compatibility_mode=5892 16776574 66 45 6063561 182217950 0 0
# compatibility_mode=8192 67108863 100 0 370 370 0 0
# scanned=364216
# found=4
# cleaned=0
# scan_time=8857
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\5ad13017-5e4c979f        a variant of Java/Exploit.CVE-2012-1723.AB trojan (unable to clean)        00000000000000000000000000000000        I
C:\Windows\Installer\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}\U\80000000.@        Win64/Sirefef.AL trojan (unable to clean)        00000000000000000000000000000000        I
G:\$RECYCLE.BIN\S-1-5-21-3797951732-3175958356-1652295579-1000\$R2XFZGP.exe        a variant of Win32/DownloadGuru application (unable to clean)        00000000000000000000000000000000        I
G:\$RECYCLE.BIN\S-1-5-21-3797951732-3175958356-1652295579-1000\$RC18HX4.exe        Win32/Toolbar.SearchSuite application (unable to clean)        00000000000000000000000000000000        I
Vielen Dank im Vorraus!

Grüße,
Waterdragon

cosinus 15.08.2012 17:19
Zitat:
ich habe mir den Trojaner AT/ATRAPS.GEN2 eingefangen. Avira meldet sich alle paar Minuten, aber weder Quarantäne noch Entfernen bringen etwas.
Schön und wo sind die Logs dazu? :confused:

Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

Waterdragon 15.08.2012 20:10
Hallo,

zusätzlich zu den obigen Logs hier noch das Log vom Avira:

Code:


Avira Free Antivirus
Erstellungsdatum der Reportdatei: Samstag, 11. August 2012  11:04

Es wird nach 4086926 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer  : Avira AntiVir Personal - Free Antivirus
Seriennummer  : 0000149996-ADJIE-0000001
Plattform      : Windows (TM) Vista Home Premium
Windowsversion : (Service Pack 2)  [6.0.6002]
Boot Modus    : Normal gebootet
Benutzername  : SYSTEM
Computername  : MAUS-PC

Versionsinformationen:
BUILD.DAT      : 12.0.0.1167    40870 Bytes  18.07.2012 19:07:00
AVSCAN.EXE    : 12.3.0.33    468472 Bytes  08.08.2012 17:14:35
AVSCAN.DLL    : 12.3.0.15      66256 Bytes  02.05.2012 00:02:50
LUKE.DLL      : 12.3.0.15      68304 Bytes  01.05.2012 23:31:47
AVSCPLR.DLL    : 12.3.0.14      97032 Bytes  01.05.2012 22:13:36
AVREG.DLL      : 12.3.0.17    232200 Bytes  28.05.2012 17:09:39
VBASE000.VDF  : 7.10.0.0    19875328 Bytes  06.11.2009 18:18:34
VBASE001.VDF  : 7.11.0.0    13342208 Bytes  14.12.2010 23:22:12
VBASE002.VDF  : 7.11.19.170 14374912 Bytes  20.12.2011 23:31:36
VBASE003.VDF  : 7.11.21.238  4472832 Bytes  01.02.2012 09:58:50
VBASE004.VDF  : 7.11.26.44  4329472 Bytes  28.03.2012 10:43:53
VBASE005.VDF  : 7.11.34.116  4034048 Bytes  29.06.2012 15:43:43
VBASE006.VDF  : 7.11.34.117    2048 Bytes  29.06.2012 15:43:43
VBASE007.VDF  : 7.11.34.118    2048 Bytes  29.06.2012 15:43:43
VBASE008.VDF  : 7.11.34.119    2048 Bytes  29.06.2012 15:43:43
VBASE009.VDF  : 7.11.34.120    2048 Bytes  29.06.2012 15:43:43
VBASE010.VDF  : 7.11.34.121    2048 Bytes  29.06.2012 15:43:43
VBASE011.VDF  : 7.11.34.122    2048 Bytes  29.06.2012 15:43:43
VBASE012.VDF  : 7.11.34.123    2048 Bytes  29.06.2012 15:43:43
VBASE013.VDF  : 7.11.34.124    2048 Bytes  29.06.2012 15:43:43
VBASE014.VDF  : 7.11.38.18  2554880 Bytes  30.07.2012 09:48:06
VBASE015.VDF  : 7.11.38.70    556032 Bytes  31.07.2012 09:48:07
VBASE016.VDF  : 7.11.38.143  171008 Bytes  02.08.2012 12:59:02
VBASE017.VDF  : 7.11.38.221  178176 Bytes  06.08.2012 06:35:33
VBASE018.VDF  : 7.11.39.37    168448 Bytes  08.08.2012 17:14:33
VBASE019.VDF  : 7.11.39.89    131072 Bytes  09.08.2012 09:18:42
VBASE020.VDF  : 7.11.39.90      2048 Bytes  09.08.2012 09:18:42
VBASE021.VDF  : 7.11.39.91      2048 Bytes  09.08.2012 09:18:42
VBASE022.VDF  : 7.11.39.92      2048 Bytes  09.08.2012 09:18:42
VBASE023.VDF  : 7.11.39.93      2048 Bytes  09.08.2012 09:18:42
VBASE024.VDF  : 7.11.39.94      2048 Bytes  09.08.2012 09:18:42
VBASE025.VDF  : 7.11.39.95      2048 Bytes  09.08.2012 09:18:42
VBASE026.VDF  : 7.11.39.96      2048 Bytes  09.08.2012 09:18:42
VBASE027.VDF  : 7.11.39.97      2048 Bytes  09.08.2012 09:18:42
VBASE028.VDF  : 7.11.39.98      2048 Bytes  09.08.2012 09:18:42
VBASE029.VDF  : 7.11.39.99      2048 Bytes  09.08.2012 09:18:43
VBASE030.VDF  : 7.11.39.100    2048 Bytes  09.08.2012 09:18:43
VBASE031.VDF  : 7.11.39.120    51712 Bytes  10.08.2012 09:18:43
Engineversion  : 8.2.10.132
AEVDF.DLL      : 8.1.2.10      102772 Bytes  11.07.2012 06:31:23
AESCRIPT.DLL  : 8.1.4.42      459129 Bytes  10.08.2012 09:18:44
AESCN.DLL      : 8.1.8.2      131444 Bytes  16.02.2012 16:11:36
AESBX.DLL      : 8.2.5.12      606578 Bytes  25.06.2012 08:24:58
AERDL.DLL      : 8.1.9.15      639348 Bytes  20.01.2012 23:21:32
AEPACK.DLL    : 8.3.0.24      811381 Bytes  08.08.2012 17:14:34
AEOFFICE.DLL  : 8.1.2.42      201083 Bytes  20.07.2012 07:24:19
AEHEUR.DLL    : 8.1.4.86    5165429 Bytes  10.08.2012 09:18:44
AEHELP.DLL    : 8.1.23.2      258422 Bytes  28.06.2012 15:13:38
AEGEN.DLL      : 8.1.5.34      434548 Bytes  20.07.2012 07:24:14
AEEXP.DLL      : 8.1.0.74      86387 Bytes  03.08.2012 12:59:06
AEEMU.DLL      : 8.1.3.2      393587 Bytes  11.07.2012 06:31:22
AECORE.DLL    : 8.1.27.4      201078 Bytes  08.08.2012 17:14:34
AEBB.DLL      : 8.1.1.0        53618 Bytes  20.01.2012 23:21:28
AVWINLL.DLL    : 12.3.0.15      27344 Bytes  01.05.2012 22:59:21
AVPREF.DLL    : 12.3.0.15      51920 Bytes  01.05.2012 22:44:31
AVREP.DLL      : 12.3.0.15    179208 Bytes  01.05.2012 22:13:35
AVARKT.DLL    : 12.3.0.15    211408 Bytes  01.05.2012 22:21:32
AVEVTLOG.DLL  : 12.3.0.15    169168 Bytes  01.05.2012 22:28:49
SQLITE3.DLL    : 3.7.0.1      398288 Bytes  16.04.2012 21:11:02
AVSMTP.DLL    : 12.3.0.32      63480 Bytes  08.08.2012 17:14:35
NETNT.DLL      : 12.3.0.15      17104 Bytes  01.05.2012 23:33:29
RCIMAGE.DLL    : 12.3.0.31    4444408 Bytes  08.08.2012 17:14:33
RCTEXT.DLL    : 12.3.0.31    100088 Bytes  08.08.2012 17:14:33

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_5026201b\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: reparieren
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig
Abweichende Gefahrenkategorien........: +PFS,+SPR,

Beginn des Suchlaufs: Samstag, 11. August 2012  11:04

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AVWEBGRD.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Reader_sl.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamgui.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'fpassist.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Updater.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SSScheduler.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\Windows\Installer\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}\U\80000000.@'
C:\Windows\Installer\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}\U\80000000.@
  [FUND]      Ist das Trojanische Pferd TR/ATRAPS.Gen
  [HINWEIS]  Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '550389f1.qua' verschoben!
Beginne mit der Suche in 'C:\Windows\Installer\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}\U\800000cb.@'
C:\Windows\Installer\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}\U\800000cb.@
  [FUND]      Ist das Trojanische Pferd TR/ATRAPS.Gen2
  [HINWEIS]  Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4d94a656.qua' verschoben!


Ende des Suchlaufs: Samstag, 11. August 2012  11:05
Benötigte Zeit: 00:08 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

      0 Verzeichnisse wurden überprüft
    14 Dateien wurden geprüft
      2 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      2 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
    12 Dateien ohne Befall
      0 Archive wurden durchsucht
      0 Warnungen
      2 Hinweise

Grüße,
Marco

cosinus 16.08.2012 09:06
adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Waterdragon 16.08.2012 18:23
Hallo,

hier das Log des AdwCleaners:
Code:
# AdwCleaner v1.801 - Logfile created 08/16/2012 at 19:21:57
# Updated 14/08/2012 by Xplode
# Operating system : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# User : Maus - MAUS-PC
# Boot Mode : Normal
# Running from : C:\Users\Maus\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Maus\AppData\Local\AskToolbar
Folder Found : C:\Users\Maus\AppData\Local\Temp\AskSearch
Folder Found : C:\Users\Maus\AppData\LocalLow\AskToolbar
Folder Found : C:\Program Files (x86)\Ask.com
Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Found : HKCU\Software\APN
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\Ask.com.tmp
Key Found : HKCU\Software\AskToolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKLM\SOFTWARE\APN
Key Found : HKLM\SOFTWARE\AskToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
[x64] Key Found : HKCU\Software\APN
[x64] Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
[x64] Key Found : HKCU\Software\Ask.com
[x64] Key Found : HKCU\Software\Ask.com.tmp
[x64] Key Found : HKCU\Software\AskToolbar
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
[x64] Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
[x64] Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
[x64] Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\Maus\AppData\Roaming\Mozilla\Firefox\Profiles\siytadi4.default\prefs.js

Found : user_pref("browser.search.defaultengine", "Ask.com");
Found : user_pref("browser.search.defaultenginename", "Ask.com");
Found : user_pref("browser.search.order.1", "Ask.com");
Found : user_pref("extensions.asktb.ff-original-keyword-url", "");
Found : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&loc[...]

*************************

AdwCleaner[R1].txt - [6299 octets] - [16/08/2012 19:21:57]

########## EOF - C:\AdwCleaner[R1].txt - [6427 octets] ##########
Grüße,
Marco

cosinus 17.08.2012 19:15
adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

Waterdragon 18.08.2012 17:27
Hallo,

und hier das Log nach dem Delete:

Code:
# AdwCleaner v1.801 - Logfile created 08/18/2012 at 18:23:06
# Updated 14/08/2012 by Xplode
# Operating system : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# User : Maus - MAUS-PC
# Boot Mode : Normal
# Running from : C:\Users\Maus\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Users\Maus\AppData\Local\AskToolbar
Deleted on reboot : C:\Users\Maus\AppData\Local\Temp\AskSearch
Deleted on reboot : C:\Users\Maus\AppData\LocalLow\AskToolbar
Deleted on reboot : C:\Program Files (x86)\Ask.com
Deleted on reboot : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Ask.com.tmp
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\APN
Key Deleted : HKLM\SOFTWARE\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\Maus\AppData\Roaming\Mozilla\Firefox\Profiles\siytadi4.default\prefs.js

Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");
Deleted : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&loc[...]

*************************

AdwCleaner[R1].txt - [6378 octets] - [16/08/2012 19:21:57]
AdwCleaner[S1].txt - [4447 octets] - [18/08/2012 18:23:06]

########## EOF - C:\AdwCleaner[S1].txt - [4575 octets] ##########
Grüße,
Marco

cosinus 20.08.2012 16:19
Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Waterdragon 20.08.2012 16:47
Windows läuft ohne Probleme und im Startmenü scheint nichts zu fehlen.

Grüße,
Marco

cosinus 21.08.2012 11:55
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Waterdragon 21.08.2012 16:00
Hallo,

und hier das Log des OTL-Quickscans:

OTL Logfile:
Code:
OTL logfile created on: 21.08.2012 16:46:30 - Run 3
OTL by OldTimer - Version 3.2.58.1    Folder = C:\Users\Maus\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,72 Gb Available Physical Memory | 67,93% Memory free
8,17 Gb Paging File | 6,63 Gb Available in Paging File | 81,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 10,89 Gb Free Space | 22,31% Space Free | Partition Type: NTFS
Drive D: | 2,87 Gb Total Space | 2,81 Gb Free Space | 97,82% Space Free | Partition Type: NTFS
Drive E: | 48,83 Gb Total Space | 16,11 Gb Free Space | 32,99% Space Free | Partition Type: NTFS
Drive F: | 48,83 Gb Total Space | 24,74 Gb Free Space | 50,66% Space Free | Partition Type: NTFS
Drive G: | 48,83 Gb Total Space | 39,50 Gb Free Space | 80,89% Space Free | Partition Type: NTFS
Drive H: | 78,13 Gb Total Space | 8,05 Gb Free Space | 10,30% Space Free | Partition Type: NTFS
Drive I: | 78,13 Gb Total Space | 53,51 Gb Free Space | 68,49% Space Free | Partition Type: NTFS
Drive J: | 78,13 Gb Total Space | 63,05 Gb Free Space | 80,70% Space Free | Partition Type: NTFS
Drive K: | 78,13 Gb Total Space | 49,26 Gb Free Space | 63,05% Space Free | Partition Type: NTFS
Drive L: | 39,07 Gb Total Space | 16,21 Gb Free Space | 41,49% Space Free | Partition Type: NTFS
Drive M: | 24,42 Gb Total Space | 19,16 Gb Free Space | 78,45% Space Free | Partition Type: NTFS
Drive N: | 9,77 Gb Total Space | 1,62 Gb Free Space | 16,58% Space Free | Partition Type: NTFS
 
Computer Name: MAUS-PC | User Name: Maus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Maus\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
PRC - I:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.)
SRV - (NMSAccess) -- I:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ForceWare Intelligent Application Manager (IAM) -- C:\Programme\bin32\nSvcAppFlt.exe ()
SRV - (nSvcIp) -- C:\Programme\bin32\nSvcIp.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\DRIVERS\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\DRIVERS\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdLH6.sys (Advanced Micro Devices)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\DRIVERS\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\DRIVERS\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\DRIVERS\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (StarOpen) -- C:\Windows\SysNative\drivers\StarOpen.sys ()
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys ()
DRV - (AODDriver4.1) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1573093539-3000668172-1714174166-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1573093539-3000668172-1714174166-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1573093539-3000668172-1714174166-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F8 F3 C7 4D D7 7B CD 01  [binary data]
IE - HKU\S-1-5-21-1573093539-3000668172-1714174166-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1573093539-3000668172-1714174166-1000\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
IE - HKU\S-1-5-21-1573093539-3000668172-1714174166-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1573093539-3000668172-1714174166-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.20 14:56:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.20 14:56:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.05.28 21:39:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maus\AppData\Roaming\mozilla\Extensions
[2012.05.30 18:12:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maus\AppData\Roaming\mozilla\Firefox\Profiles\siytadi4.default\extensions
[2012.06.08 10:28:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.20 14:56:42 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://javadl-esd.sun.com/update/1.6.0/jinstall-6u7-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {E4CF4E86-D0DC-4864-8F0E-4F6EA2526334} https://img.ui-portal.de/webde/smartdrive/activex/gmxnet_osupload_2002.cab (UI File Upload Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53A81723-D152-4E12-A80E-717200C4D36F}: DhcpNameServer = 192.168.2.1 192.168.2.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.03.13 23:54:45 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012.08.16 21:34:10 | 000,000,000 | ---D | M] - F:\Auto -- [ NTFS ]
O32 - AutoRun File - [2012.08.16 21:33:03 | 000,001,582 | ---- | M] () - F:\Auto.md5 -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: WinDefend - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: BFE - Service
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MPSSvc - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WinDefend - Service
SafeBootNet:64bit: WudfPf - Driver
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: BFE - Service
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MPSSvc - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - Service
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.21 16:43:49 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Maus\Desktop\OTL.exe
[2012.08.16 19:51:02 | 000,000,000 | ---D | C] -- C:\Users\Maus\AppData\Local\GHISLER
[2012.08.16 19:36:59 | 000,000,000 | ---D | C] -- C:\totalcmd
[2012.08.16 19:36:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Commander
[2012.08.16 19:36:59 | 000,000,000 | ---D | C] -- C:\Users\Maus\AppData\Roaming\GHISLER
[2012.08.16 19:15:56 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.08.14 20:19:09 | 000,000,000 | ---D | C] -- C:\Users\Maus\AppData\Local\Western Digital
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\2C0A
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0C0A
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0C04
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0816
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0804
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0424
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041F
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041E
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041D
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041B
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0419
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0416
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0415
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0414
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0413
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0412
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0411
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0410
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040E
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040D
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040C
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040B
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040A
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0409
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0408
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0406
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0405
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0404
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0401
[2012.08.14 19:46:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renesas Electronics
[2012.08.14 19:46:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Renesas Electronics
[2012.08.14 19:45:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2012.08.13 19:07:21 | 000,000,000 | ---D | C] -- C:\Users\Maus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DP Hash
[2012.08.13 19:07:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DP Hash
[2012.08.12 12:03:03 | 000,000,000 | ---D | C] -- C:\Users\Maus\AppData\Roaming\Canneverbe Limited
[2012.08.12 12:03:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2012.08.11 16:01:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.08.08 21:27:24 | 000,000,000 | ---D | C] -- C:\Users\Maus\AppData\Roaming\Malwarebytes
[2012.08.08 21:27:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.08 21:27:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.08 21:27:16 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.08.08 21:27:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.08.07 09:25:16 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.21 16:48:54 | 000,618,204 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.21 16:48:54 | 000,586,980 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.21 16:48:54 | 000,101,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.21 16:48:53 | 001,418,438 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.21 16:48:53 | 000,122,442 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.21 16:43:35 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Maus\Desktop\OTL.exe
[2012.08.21 16:41:59 | 000,003,952 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.21 16:41:59 | 000,003,952 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.21 16:41:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.16 19:20:14 | 000,618,227 | ---- | M] () -- C:\Users\Maus\Desktop\adwcleaner.exe
[2012.08.08 21:00:10 | 000,000,000 | ---- | M] () -- C:\Users\Maus\defogger_reenable
[2012.08.07 09:25:16 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2012.08.07 08:44:17 | 000,003,584 | ---- | M] () -- C:\Users\Maus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== Files Created - No Company Name ==========
 
[2012.08.19 09:57:20 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}\U\80000000.@
[2012.08.19 09:57:19 | 000,023,552 | ---- | C] () -- C:\Windows\Installer\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}\U\800000cb.@
[2012.08.17 17:11:36 | 000,001,712 | ---- | C] () -- C:\Windows\Installer\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}\U\00000001.@
[2012.08.16 19:21:00 | 000,618,227 | ---- | C] () -- C:\Users\Maus\Desktop\adwcleaner.exe
[2012.08.12 12:02:53 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2012.08.12 12:02:53 | 000,005,504 | ---- | C] () -- C:\Windows\SysNative\drivers\StarOpen.sys
[2012.08.12 12:02:53 | 000,000,756 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2012.08.08 21:00:10 | 000,000,000 | ---- | C] () -- C:\Users\Maus\defogger_reenable
[2012.06.08 08:15:05 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}\@
[2012.06.08 08:15:05 | 000,002,048 | -HS- | C] () -- C:\Users\Maus\AppData\Local\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}\@
[2012.06.02 16:35:43 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012.06.02 16:35:23 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2012.06.02 16:35:06 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2012.06.02 16:35:06 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2012.06.02 11:15:04 | 000,161,792 | ---- | C] () -- C:\Windows\regedit.exe
[2012.06.02 11:14:42 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2012.05.31 11:51:39 | 000,003,584 | ---- | C] () -- C:\Users\Maus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.28 19:13:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.05.28 18:39:29 | 000,025,472 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012.05.28 18:39:11 | 000,025,218 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012.05.28 18:39:10 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2012.05.28 18:34:16 | 000,000,732 | ---- | C] () -- C:\Users\Maus\AppData\Local\d3d9caps64.dat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== LOP Check ==========
 
[2012.08.12 12:03:03 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\Canneverbe Limited
[2012.06.09 17:52:08 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\FreePDF
[2012.08.16 19:36:59 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\GHISLER
[2012.05.29 21:14:17 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\OpenOffice.org
[2012.08.21 14:51:55 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.06.02 14:36:25 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\Adobe
[2012.05.29 06:32:13 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\ATI
[2012.05.28 19:19:10 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\Avira
[2012.08.12 12:03:03 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\Canneverbe Limited
[2012.06.09 17:52:08 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\FreePDF
[2012.08.16 19:36:59 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\GHISLER
[2012.05.28 18:34:21 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\Identities
[2012.05.28 19:05:49 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\Macromedia
[2012.08.08 21:27:24 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\Malwarebytes
[2006.11.02 17:07:25 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\Media Center Programs
[2012.08.14 20:23:42 | 000,000,000 | --SD | M] -- C:\Users\Maus\AppData\Roaming\Microsoft
[2012.05.28 21:39:27 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\Mozilla
[2012.05.29 21:14:17 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\OpenOffice.org
[2012.07.02 21:52:22 | 000,000,000 | RH-D | M] -- C:\Users\Maus\AppData\Roaming\SecuROM
[2012.07.01 13:13:18 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2006.11.02 14:03:16 | 000,062,056 | ---- | M] (Microsoft Corporation) MD5=5CCDD13BC602AE33CD8B62D33C29AB72 -- C:\Windows\SysNative\drivers\AGP440.sys
[2008.01.19 10:09:09 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008.01.19 10:09:09 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.01.19 06:34:16 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=05001E1FACCE49DB895B8526B05C7302 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_37cb142cf6008bc1\atapi.sys
[2008.01.19 10:07:46 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2008.01.19 07:09:44 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=BB55C79E0595D8CFBE4A80A3C9EB77EA -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_375215c7dcd73562\atapi.sys
[2009.04.11 09:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SoftwareDistribution\Download\0aec2e2b13cd59ce9f4d307c92b135db\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
[2009.04.11 09:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
[2009.04.11 00:15:02 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys
[2009.04.11 00:15:02 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll
[2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 10:11:31 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys
[2006.11.02 13:51:48 | 000,280,680 | ---- | M] (Intel Corporation) MD5=72C3EE7EA3CD75A772E62AE0E5DF8B8C -- C:\Windows\SysNative\drivers\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\0aec2e2b13cd59ce9f4d307c92b135db\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009.04.11 09:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SoftwareDistribution\Download\0aec2e2b13cd59ce9f4d307c92b135db\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2009.04.11 09:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2009.04.11 00:11:18 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SysNative\netlogon.dll
[2009.04.11 00:11:18 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 14:02:51 | 000,048,232 | ---- | M] (NVIDIA Corporation) MD5=94C5334040A5D500897F4C5FD12AEEDE -- C:\Windows\SysNative\drivers\nvstor.sys
[2008.01.19 10:08:50 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\0aec2e2b13cd59ce9f4d307c92b135db\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009.04.11 09:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SoftwareDistribution\Download\0aec2e2b13cd59ce9f4d307c92b135db\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
[2009.04.11 09:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
[2009.04.11 00:11:24 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SysNative\scecli.dll
[2009.04.11 00:11:24 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
 
< MD5 for: USER32.DLL  >
[2012.05.28 20:05:20 | 000,646,656 | ---- | M] (Microsoft Corporation) MD5=296BA70E2A302E639CBD9E2A32DC65C4 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_31ad02315d0545af\user32.dll
[2012.05.28 20:05:20 | 000,646,656 | ---- | M] (Microsoft Corporation) MD5=437C1C0CB2A42EA20083F21E9CAEF461 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_32359eb27623cc22\user32.dll
[2012.05.28 20:05:20 | 000,810,496 | ---- | M] (Microsoft Corporation) MD5=707CD582A4F93DB789336A5CE9527970 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_275857df28a483b4\user32.dll
[2009.04.11 08:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SoftwareDistribution\Download\0aec2e2b13cd59ce9f4d307c92b135db\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
[2009.04.11 08:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
[2009.04.10 23:26:46 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll
[2009.04.10 23:26:46 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
[2012.05.28 20:05:20 | 000,810,496 | ---- | M] (Microsoft Corporation) MD5=E4E3ED1E0D1D8C33A9C94ABEA1C8BC96 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_27e0f46041c30a27\user32.dll
[2009.04.11 09:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=F3F5549E69AE8509342E67E4F972CA1C -- C:\Windows\SoftwareDistribution\Download\0aec2e2b13cd59ce9f4d307c92b135db\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll
[2009.04.11 09:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=F3F5549E69AE8509342E67E4F972CA1C -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll
[2009.04.11 00:11:28 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\user32.dll
[2009.04.11 00:11:28 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.19 10:00:41 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008.01.19 10:00:41 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.19 10:00:45 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe
[2008.01.19 10:00:45 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SoftwareDistribution\Download\0aec2e2b13cd59ce9f4d307c92b135db\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2009.04.11 00:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009.04.11 00:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\0aec2e2b13cd59ce9f4d307c92b135db\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.19 08:37:47 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2008.01.19 08:37:47 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<      >

< End of report >
--- --- ---
Grüße,
Marco

cosinus 30.08.2012 11:26
Code:
Drive C: | 48,83 Gb Total Space | 10,89 Gb Free Space | 22,31% Space Free | Partition Type: NTFS
Drive D: |  2,87 Gb Total Space |  2,81 Gb Free Space | 97,82% Space Free | Partition Type: NTFS
Drive E: | 48,83 Gb Total Space | 16,11 Gb Free Space | 32,99% Space Free | Partition Type: NTFS
Drive F: | 48,83 Gb Total Space | 24,74 Gb Free Space | 50,66% Space Free | Partition Type: NTFS
Drive G: | 48,83 Gb Total Space | 39,50 Gb Free Space | 80,89% Space Free | Partition Type: NTFS
Drive H: | 78,13 Gb Total Space |  8,05 Gb Free Space | 10,30% Space Free | Partition Type: NTFS
Drive I: | 78,13 Gb Total Space | 53,51 Gb Free Space | 68,49% Space Free | Partition Type: NTFS
Drive J: | 78,13 Gb Total Space | 63,05 Gb Free Space | 80,70% Space Free | Partition Type: NTFS
Drive K: | 78,13 Gb Total Space | 49,26 Gb Free Space | 63,05% Space Free | Partition Type: NTFS
Drive L: | 39,07 Gb Total Space | 16,21 Gb Free Space | 41,49% Space Free | Partition Type: NTFS
Drive M: | 24,42 Gb Total Space | 19,16 Gb Free Space | 78,45% Space Free | Partition Type: NTFS
Drive N: |  9,77 Gb Total Space |  1,62 Gb Free Space | 16,58% Space Free | Partition Type: NTFS

Sind das tatsächlich so viele verschiedene Laufwerk oder hast du es mit der Partitionierung ein wenig übertrieben? :confused:

Waterdragon 30.08.2012 12:23
Alles Partitionen. Je eine für Vista, XP, Linux und der Rest "thematisch" getrennt. Wobei die ein oder andere weniger hätte es auch getan ;). Ist das denn ein Problem ?

cosinus 30.08.2012 19:30
Naja, ich hätte nicht so viele Splitter-Partitionen genommen
Pro Betriebssystem eine Partition ist ja logisch aber du meinst du hättest eine für Linux? Ich hab da oben nur NTFS-Partitionen zitiert :pfeiff:

Und zur thematischen Trennung seh ich u.U. auch einige Nachteile, statt unflexiblen "statischen" Partitionen hätte man auch mehrere Verzeichnisse verwenden können, dafür sind Ordner da.

Waterdragon 02.09.2012 18:04
Ja, ext2 und swap gibt's auch noch. Hat das Tool wohl nicht erkannt oder angezeigt ...

Zitat:
Und zur thematischen Trennung seh ich u.U. auch einige Nachteile
Welche Nachteile gibt's denn da?


Wie machen wir denn mit dem Trojaner weiter, oder stört dabei die Anzahl die Partitionen?

Grüße,
Waterdragon

cosinus 03.09.2012 19:34
Zitat:
Ja, ext2 und swap gibt's auch noch. Hat das Tool wohl nicht erkannt oder angezeigt ...
Zeigt OTL auch nicht an - würde bedeuten du hättest noch mehr Partitionen

Zitat:
oder stört dabei die Anzahl die Partitionen?
Nein aber wenn ich sowas sehe frag ich immer nach
Ich finde es ist ziemlich sinnfrei soviele Partitionen zu erstellen, es gibt ja nun seit langem die Möglichkeit Verzeichnisse zu erstellen fast wie man lustig ist

Bitte mal den aktuellen adwCleaner runterladen, also die alte adwcleaner löschen und neu runterladen

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Waterdragon 04.09.2012 18:09
Hi,

der aktuelle adwCleaner liefert folgenden Output:

Code:
# AdwCleaner v2.000 - Datei am 09/04/2012 um 19:05:36 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzer : Maus - MAUS-PC
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\Maus\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Ask.com.tmp
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v14.0.1 (de)

Profilname : default
Datei : C:\Users\Maus\AppData\Roaming\Mozilla\Firefox\Profiles\siytadi4.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [6378 octets] - [16/08/2012 19:21:57]
AdwCleaner[S1].txt - [4570 octets] - [18/08/2012 18:23:06]
AdwCleaner[R2].txt - [1056 octets] - [04/09/2012 19:05:36]

########## EOF - C:\AdwCleaner[R2].txt - [1116 octets] ##########
Grüße,
Waterdragon

cosinus 04.09.2012 19:43
adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

Waterdragon 05.09.2012 18:37
Hi!

Und hier der Output nach dem Löschvorgang:

Code:
# AdwCleaner v2.000 - Datei am 09/05/2012 um 19:31:19 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzer : Maus - MAUS-PC
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\Maus\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Ask.com.tmp
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Wiederhergestellt : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v14.0.1 (de)

Profilname : default
Datei : C:\Users\Maus\AppData\Roaming\Mozilla\Firefox\Profiles\siytadi4.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [6378 octets] - [16/08/2012 19:21:57]
AdwCleaner[S1].txt - [4570 octets] - [18/08/2012 18:23:06]
AdwCleaner[R2].txt - [1185 octets] - [04/09/2012 19:05:36]
AdwCleaner[R3].txt - [1245 octets] - [04/09/2012 19:07:57]
AdwCleaner[S2].txt - [1540 octets] - [05/09/2012 19:31:19]

########## EOF - C:\AdwCleaner[S2].txt - [1600 octets] ##########
Grüße,
Waterdragon

cosinus 06.09.2012 12:39
Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Waterdragon 06.09.2012 17:48
Hi cosinus,

es geht alles normal, im Startmenü fehlt nichts, keine leeren Ordner.

Grüße,
Waterdragon

cosinus 06.09.2012 20:37
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Waterdragon 08.09.2012 18:08
Hi!

Und hier das Log des OTL-Scans:

Code:
OTL logfile created on: 08.09.2012 18:56:09 - Run 4
OTL by OldTimer - Version 3.2.58.1    Folder = C:\Users\Maus\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,79 Gb Available Physical Memory | 69,69% Memory free
8,17 Gb Paging File | 6,80 Gb Available in Paging File | 83,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 12,52 Gb Free Space | 25,64% Space Free | Partition Type: NTFS
Drive D: | 2,87 Gb Total Space | 2,81 Gb Free Space | 97,81% Space Free | Partition Type: NTFS
Drive E: | 48,83 Gb Total Space | 15,33 Gb Free Space | 31,39% Space Free | Partition Type: NTFS
Drive F: | 48,83 Gb Total Space | 24,74 Gb Free Space | 50,66% Space Free | Partition Type: NTFS
Drive G: | 48,83 Gb Total Space | 39,52 Gb Free Space | 80,93% Space Free | Partition Type: NTFS
Drive H: | 78,13 Gb Total Space | 8,05 Gb Free Space | 10,30% Space Free | Partition Type: NTFS
Drive I: | 78,13 Gb Total Space | 51,70 Gb Free Space | 66,18% Space Free | Partition Type: NTFS
Drive J: | 78,13 Gb Total Space | 63,05 Gb Free Space | 80,70% Space Free | Partition Type: NTFS
Drive K: | 78,13 Gb Total Space | 49,26 Gb Free Space | 63,05% Space Free | Partition Type: NTFS
Drive L: | 39,07 Gb Total Space | 16,21 Gb Free Space | 41,49% Space Free | Partition Type: NTFS
Drive M: | 24,42 Gb Total Space | 19,16 Gb Free Space | 78,45% Space Free | Partition Type: NTFS
Drive N: | 9,77 Gb Total Space | 1,62 Gb Free Space | 16,58% Space Free | Partition Type: NTFS
 
Computer Name: MAUS-PC | User Name: Maus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Maus\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
PRC - I:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.)
SRV - (NMSAccess) -- I:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ForceWare Intelligent Application Manager (IAM) -- C:\Programme\bin32\nSvcAppFlt.exe ()
SRV - (nSvcIp) -- C:\Programme\bin32\nSvcIp.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\DRIVERS\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\DRIVERS\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdLH6.sys (Advanced Micro Devices)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\DRIVERS\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\DRIVERS\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\DRIVERS\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (StarOpen) -- C:\Windows\SysNative\drivers\StarOpen.sys ()
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys ()
DRV - (AODDriver4.1) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-1573093539-3000668172-1714174166-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1573093539-3000668172-1714174166-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1573093539-3000668172-1714174166-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5E 49 7C B7 4F 8C CD 01  [binary data]
IE - HKU\S-1-5-21-1573093539-3000668172-1714174166-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1573093539-3000668172-1714174166-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1573093539-3000668172-1714174166-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1573093539-3000668172-1714174166-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Maus\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.20 14:56:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.20 14:56:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.05.28 21:39:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maus\AppData\Roaming\mozilla\Extensions
[2012.05.30 18:12:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maus\AppData\Roaming\mozilla\Firefox\Profiles\siytadi4.default\extensions
[2012.06.08 10:28:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.20 14:56:42 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53A81723-D152-4E12-A80E-717200C4D36F}: DhcpNameServer = 192.168.2.1 192.168.2.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.03.13 23:54:45 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012.08.16 21:34:10 | 000,000,000 | ---D | M] - F:\Auto -- [ NTFS ]
O32 - AutoRun File - [2012.08.16 21:33:03 | 000,001,582 | ---- | M] () - F:\Auto.md5 -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: WinDefend - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: BFE - Service
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MPSSvc - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WinDefend - Service
SafeBootNet:64bit: WudfPf - Driver
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: BFE - Service
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MPSSvc - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - Service
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.25 17:57:50 | 000,000,000 | ---D | C] -- C:\Users\Maus\AppData\Local\NeoSmart_Technologies
[2012.08.25 17:55:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NeoSmart Technologies
[2012.08.22 16:37:32 | 000,000,000 | ---D | C] -- C:\Users\Maus\AppData\Local\Unity
[2012.08.21 16:43:49 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Maus\Desktop\OTL.exe
[2012.08.16 19:51:02 | 000,000,000 | ---D | C] -- C:\Users\Maus\AppData\Local\GHISLER
[2012.08.16 19:36:59 | 000,000,000 | ---D | C] -- C:\totalcmd
[2012.08.16 19:36:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Commander
[2012.08.16 19:36:59 | 000,000,000 | ---D | C] -- C:\Users\Maus\AppData\Roaming\GHISLER
[2012.08.16 19:15:56 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.08.14 20:19:09 | 000,000,000 | ---D | C] -- C:\Users\Maus\AppData\Local\Western Digital
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\2C0A
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0C0A
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0C04
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0816
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0804
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0424
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041F
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041E
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041D
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041B
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0419
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0416
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0415
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0414
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0413
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0412
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0411
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0410
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040E
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040D
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040C
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040B
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040A
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0409
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0408
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0406
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0405
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0404
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0401
[2012.08.14 19:46:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renesas Electronics
[2012.08.14 19:46:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Renesas Electronics
[2012.08.14 19:45:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2012.08.13 19:07:21 | 000,000,000 | ---D | C] -- C:\Users\Maus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DP Hash
[2012.08.13 19:07:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DP Hash
[2012.08.12 12:03:03 | 000,000,000 | ---D | C] -- C:\Users\Maus\AppData\Roaming\Canneverbe Limited
[2012.08.12 12:03:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2012.08.11 16:01:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.08 19:00:36 | 001,418,438 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.08 19:00:36 | 000,618,204 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.08 19:00:36 | 000,586,980 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.08 19:00:36 | 000,122,442 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.08 19:00:36 | 000,101,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.08 18:53:59 | 000,003,952 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.08 18:53:59 | 000,003,952 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.08 18:53:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.04 19:04:56 | 000,511,265 | ---- | M] () -- C:\Users\Maus\Desktop\adwcleaner.exe
[2012.08.21 16:43:35 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Maus\Desktop\OTL.exe
 
========== Files Created - No Company Name ==========
 
[2012.09.04 19:04:55 | 000,511,265 | ---- | C] () -- C:\Users\Maus\Desktop\adwcleaner.exe
[2012.08.24 18:49:39 | 000,023,552 | ---- | C] () -- C:\Windows\Installer\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}\U\800000cb.@
[2012.08.24 18:45:24 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}\U\80000000.@
[2012.08.17 17:11:36 | 000,001,792 | ---- | C] () -- C:\Windows\Installer\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}\U\00000001.@
[2012.08.12 12:02:53 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2012.08.12 12:02:53 | 000,005,504 | ---- | C] () -- C:\Windows\SysNative\drivers\StarOpen.sys
[2012.08.12 12:02:53 | 000,000,756 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2012.08.08 21:00:10 | 000,000,000 | ---- | C] () -- C:\Users\Maus\defogger_reenable
[2012.06.08 08:15:05 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}\@
[2012.06.08 08:15:05 | 000,002,048 | -HS- | C] () -- C:\Users\Maus\AppData\Local\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}\@
[2012.06.02 16:35:43 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012.06.02 16:35:23 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2012.06.02 16:35:06 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2012.06.02 16:35:06 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2012.06.02 11:15:04 | 000,161,792 | ---- | C] () -- C:\Windows\regedit.exe
[2012.06.02 11:14:42 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2012.05.31 11:51:39 | 000,003,584 | ---- | C] () -- C:\Users\Maus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.28 19:13:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.05.28 18:39:29 | 000,025,472 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012.05.28 18:39:11 | 000,025,218 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012.05.28 18:39:10 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2012.05.28 18:34:16 | 000,000,732 | ---- | C] () -- C:\Users\Maus\AppData\Local\d3d9caps64.dat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== LOP Check ==========
 
[2012.08.12 12:03:03 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\Canneverbe Limited
[2012.06.09 17:52:08 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\FreePDF
[2012.08.16 19:36:59 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\GHISLER
[2012.05.29 21:14:17 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\OpenOffice.org
[2012.09.07 12:42:46 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.06.02 14:36:25 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\Adobe
[2012.05.29 06:32:13 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\ATI
[2012.05.28 19:19:10 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\Avira
[2012.08.12 12:03:03 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\Canneverbe Limited
[2012.06.09 17:52:08 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\FreePDF
[2012.08.16 19:36:59 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\GHISLER
[2012.05.28 18:34:21 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\Identities
[2012.05.28 19:05:49 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\Macromedia
[2012.08.08 21:27:24 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\Malwarebytes
[2006.11.02 17:07:25 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\Media Center Programs
[2012.08.14 20:23:42 | 000,000,000 | --SD | M] -- C:\Users\Maus\AppData\Roaming\Microsoft
[2012.05.28 21:39:27 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\Mozilla
[2012.05.29 21:14:17 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\OpenOffice.org
[2012.07.02 21:52:22 | 000,000,000 | RH-D | M] -- C:\Users\Maus\AppData\Roaming\SecuROM
[2012.07.01 13:13:18 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2006.11.02 14:03:16 | 000,062,056 | ---- | M] (Microsoft Corporation) MD5=5CCDD13BC602AE33CD8B62D33C29AB72 -- C:\Windows\SysNative\drivers\AGP440.sys
[2008.01.19 10:09:09 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008.01.19 10:09:09 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.01.19 06:34:16 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=05001E1FACCE49DB895B8526B05C7302 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_37cb142cf6008bc1\atapi.sys
[2008.01.19 10:07:46 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2008.01.19 07:09:44 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=BB55C79E0595D8CFBE4A80A3C9EB77EA -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_375215c7dcd73562\atapi.sys
[2009.04.11 09:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SoftwareDistribution\Download\0aec2e2b13cd59ce9f4d307c92b135db\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
[2009.04.11 09:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
[2009.04.11 00:15:02 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys
[2009.04.11 00:15:02 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll
[2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 10:11:31 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys
[2006.11.02 13:51:48 | 000,280,680 | ---- | M] (Intel Corporation) MD5=72C3EE7EA3CD75A772E62AE0E5DF8B8C -- C:\Windows\SysNative\drivers\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\0aec2e2b13cd59ce9f4d307c92b135db\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009.04.11 09:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SoftwareDistribution\Download\0aec2e2b13cd59ce9f4d307c92b135db\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2009.04.11 09:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2009.04.11 00:11:18 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SysNative\netlogon.dll
[2009.04.11 00:11:18 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 14:02:51 | 000,048,232 | ---- | M] (NVIDIA Corporation) MD5=94C5334040A5D500897F4C5FD12AEEDE -- C:\Windows\SysNative\drivers\nvstor.sys
[2008.01.19 10:08:50 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\0aec2e2b13cd59ce9f4d307c92b135db\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009.04.11 09:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SoftwareDistribution\Download\0aec2e2b13cd59ce9f4d307c92b135db\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
[2009.04.11 09:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
[2009.04.11 00:11:24 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SysNative\scecli.dll
[2009.04.11 00:11:24 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
 
< MD5 for: USER32.DLL  >
[2012.05.28 20:05:20 | 000,646,656 | ---- | M] (Microsoft Corporation) MD5=296BA70E2A302E639CBD9E2A32DC65C4 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_31ad02315d0545af\user32.dll
[2012.05.28 20:05:20 | 000,646,656 | ---- | M] (Microsoft Corporation) MD5=437C1C0CB2A42EA20083F21E9CAEF461 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_32359eb27623cc22\user32.dll
[2012.05.28 20:05:20 | 000,810,496 | ---- | M] (Microsoft Corporation) MD5=707CD582A4F93DB789336A5CE9527970 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_275857df28a483b4\user32.dll
[2009.04.11 08:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SoftwareDistribution\Download\0aec2e2b13cd59ce9f4d307c92b135db\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
[2009.04.11 08:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
[2009.04.10 23:26:46 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll
[2009.04.10 23:26:46 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
[2012.05.28 20:05:20 | 000,810,496 | ---- | M] (Microsoft Corporation) MD5=E4E3ED1E0D1D8C33A9C94ABEA1C8BC96 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_27e0f46041c30a27\user32.dll
[2009.04.11 09:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=F3F5549E69AE8509342E67E4F972CA1C -- C:\Windows\SoftwareDistribution\Download\0aec2e2b13cd59ce9f4d307c92b135db\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll
[2009.04.11 09:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=F3F5549E69AE8509342E67E4F972CA1C -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll
[2009.04.11 00:11:28 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\user32.dll
[2009.04.11 00:11:28 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.19 10:00:41 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008.01.19 10:00:41 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.19 10:00:45 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe
[2008.01.19 10:00:45 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SoftwareDistribution\Download\0aec2e2b13cd59ce9f4d307c92b135db\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2009.04.11 00:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009.04.11 00:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\0aec2e2b13cd59ce9f4d307c92b135db\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.19 08:37:47 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2008.01.19 08:37:47 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<          >

< End of report >
Grüße,
Waterdragon

cosinus 10.09.2012 15:21
Code:
OTL by OldTimer - Version 3.2.58.1
Wieso hast du OTL vorher nicht neu runtergeladen?

Waterdragon 10.09.2012 19:35
Arrr ... hatte ich übersehen. Also hier nochmal das Log nach dem Scan mit der aktuellen Version:

Code:
OTL logfile created on: 10.09.2012 20:23:37 - Run 5
OTL by OldTimer - Version 3.2.61.3    Folder = C:\Users\Maus\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,81 Gb Available Physical Memory | 70,30% Memory free
8,17 Gb Paging File | 6,80 Gb Available in Paging File | 83,28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 13,43 Gb Free Space | 27,50% Space Free | Partition Type: NTFS
Drive D: | 2,87 Gb Total Space | 2,81 Gb Free Space | 97,81% Space Free | Partition Type: NTFS
Drive E: | 48,83 Gb Total Space | 15,33 Gb Free Space | 31,39% Space Free | Partition Type: NTFS
Drive F: | 48,83 Gb Total Space | 24,71 Gb Free Space | 50,60% Space Free | Partition Type: NTFS
Drive G: | 48,83 Gb Total Space | 39,52 Gb Free Space | 80,93% Space Free | Partition Type: NTFS
Drive H: | 78,13 Gb Total Space | 8,05 Gb Free Space | 10,30% Space Free | Partition Type: NTFS
Drive I: | 78,13 Gb Total Space | 51,56 Gb Free Space | 65,99% Space Free | Partition Type: NTFS
Drive J: | 78,13 Gb Total Space | 63,05 Gb Free Space | 80,70% Space Free | Partition Type: NTFS
Drive K: | 78,13 Gb Total Space | 55,27 Gb Free Space | 70,74% Space Free | Partition Type: NTFS
Drive M: | 24,42 Gb Total Space | 19,16 Gb Free Space | 78,45% Space Free | Partition Type: NTFS
Drive N: | 9,77 Gb Total Space | 1,62 Gb Free Space | 16,58% Space Free | Partition Type: NTFS
 
Computer Name: MAUS-PC | User Name: Maus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Maus\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
PRC - I:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.)
SRV - (NMSAccess) -- I:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ForceWare Intelligent Application Manager (IAM) -- C:\Programme\bin32\nSvcAppFlt.exe ()
SRV - (nSvcIp) -- C:\Programme\bin32\nSvcIp.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\DRIVERS\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\DRIVERS\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdLH6.sys (Advanced Micro Devices)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\DRIVERS\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\DRIVERS\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\DRIVERS\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (StarOpen) -- C:\Windows\SysNative\drivers\StarOpen.sys ()
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys ()
DRV - (AODDriver4.1) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-1573093539-3000668172-1714174166-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1573093539-3000668172-1714174166-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1573093539-3000668172-1714174166-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5E 49 7C B7 4F 8C CD 01  [binary data]
IE - HKU\S-1-5-21-1573093539-3000668172-1714174166-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1573093539-3000668172-1714174166-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1573093539-3000668172-1714174166-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1573093539-3000668172-1714174166-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Maus\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.20 14:56:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.20 14:56:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.05.28 21:39:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maus\AppData\Roaming\mozilla\Extensions
[2012.05.30 18:12:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maus\AppData\Roaming\mozilla\Firefox\Profiles\siytadi4.default\extensions
[2012.06.08 10:28:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.20 14:56:42 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53A81723-D152-4E12-A80E-717200C4D36F}: DhcpNameServer = 192.168.2.1 192.168.2.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.03.13 23:54:45 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012.08.16 21:34:10 | 000,000,000 | ---D | M] - F:\Auto -- [ NTFS ]
O32 - AutoRun File - [2012.08.16 21:33:03 | 000,001,582 | ---- | M] () - F:\Auto.md5 -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: WinDefend - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: BFE - Service
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MPSSvc - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WinDefend - Service
SafeBootNet:64bit: WudfPf - Driver
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: BFE - Service
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MPSSvc - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - Service
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.10 20:21:58 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Maus\Desktop\OTL.exe
[2012.09.10 17:31:41 | 000,000,000 | ---D | C] -- C:\Users\Maus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
[2012.08.25 17:57:50 | 000,000,000 | ---D | C] -- C:\Users\Maus\AppData\Local\NeoSmart_Technologies
[2012.08.25 17:55:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NeoSmart Technologies
[2012.08.22 16:37:32 | 000,000,000 | ---D | C] -- C:\Users\Maus\AppData\Local\Unity
[2012.08.16 19:51:02 | 000,000,000 | ---D | C] -- C:\Users\Maus\AppData\Local\GHISLER
[2012.08.16 19:36:59 | 000,000,000 | ---D | C] -- C:\totalcmd
[2012.08.16 19:36:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Commander
[2012.08.16 19:36:59 | 000,000,000 | ---D | C] -- C:\Users\Maus\AppData\Roaming\GHISLER
[2012.08.16 19:15:56 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.08.14 20:19:09 | 000,000,000 | ---D | C] -- C:\Users\Maus\AppData\Local\Western Digital
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\2C0A
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0C0A
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0C04
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0816
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0804
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0424
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041F
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041E
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041D
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041B
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0419
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0416
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0415
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0414
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0413
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0412
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0411
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0410
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040E
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040D
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040C
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040B
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040A
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0409
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0408
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0406
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0405
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0404
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0401
[2012.08.14 19:46:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renesas Electronics
[2012.08.14 19:46:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Renesas Electronics
[2012.08.14 19:45:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2012.08.13 19:07:21 | 000,000,000 | ---D | C] -- C:\Users\Maus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DP Hash
[2012.08.13 19:07:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DP Hash
[2012.08.12 12:03:03 | 000,000,000 | ---D | C] -- C:\Users\Maus\AppData\Roaming\Canneverbe Limited
[2012.08.12 12:03:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.10 20:27:15 | 001,418,438 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.10 20:27:15 | 000,618,204 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.10 20:27:15 | 000,586,980 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.10 20:27:15 | 000,122,442 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.10 20:27:15 | 000,101,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.10 20:22:00 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Maus\Desktop\OTL.exe
[2012.09.10 20:20:04 | 000,003,952 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.10 20:20:04 | 000,003,952 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.10 20:20:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.04 19:04:56 | 000,511,265 | ---- | M] () -- C:\Users\Maus\Desktop\adwcleaner.exe
 
========== Files Created - No Company Name ==========
 
[2012.09.04 19:04:55 | 000,511,265 | ---- | C] () -- C:\Users\Maus\Desktop\adwcleaner.exe
[2012.08.24 18:49:39 | 000,023,552 | ---- | C] () -- C:\Windows\Installer\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}\U\800000cb.@
[2012.08.24 18:45:24 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}\U\80000000.@
[2012.08.17 17:11:36 | 000,001,792 | ---- | C] () -- C:\Windows\Installer\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}\U\00000001.@
[2012.08.12 12:02:53 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2012.08.12 12:02:53 | 000,005,504 | ---- | C] () -- C:\Windows\SysNative\drivers\StarOpen.sys
[2012.08.12 12:02:53 | 000,000,756 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2012.08.08 21:00:10 | 000,000,000 | ---- | C] () -- C:\Users\Maus\defogger_reenable
[2012.06.08 08:15:05 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}\@
[2012.06.08 08:15:05 | 000,002,048 | -HS- | C] () -- C:\Users\Maus\AppData\Local\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}\@
[2012.06.02 16:35:43 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012.06.02 16:35:23 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2012.06.02 16:35:06 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2012.06.02 16:35:06 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2012.06.02 11:15:04 | 000,161,792 | ---- | C] () -- C:\Windows\regedit.exe
[2012.06.02 11:14:42 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2012.05.31 11:51:39 | 000,003,584 | ---- | C] () -- C:\Users\Maus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.28 19:13:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.05.28 18:39:29 | 000,025,472 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012.05.28 18:39:11 | 000,025,218 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012.05.28 18:39:10 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2012.05.28 18:34:16 | 000,000,732 | ---- | C] () -- C:\Users\Maus\AppData\Local\d3d9caps64.dat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== LOP Check ==========
 
[2012.08.12 12:03:03 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\Canneverbe Limited
[2012.06.09 17:52:08 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\FreePDF
[2012.08.16 19:36:59 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\GHISLER
[2012.05.29 21:14:17 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\OpenOffice.org
[2012.09.10 17:43:13 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.06.02 14:36:25 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\Adobe
[2012.05.29 06:32:13 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\ATI
[2012.05.28 19:19:10 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\Avira
[2012.08.12 12:03:03 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\Canneverbe Limited
[2012.06.09 17:52:08 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\FreePDF
[2012.08.16 19:36:59 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\GHISLER
[2012.05.28 18:34:21 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\Identities
[2012.05.28 19:05:49 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\Macromedia
[2012.08.08 21:27:24 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\Malwarebytes
[2006.11.02 17:07:25 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\Media Center Programs
[2012.08.14 20:23:42 | 000,000,000 | --SD | M] -- C:\Users\Maus\AppData\Roaming\Microsoft
[2012.05.28 21:39:27 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\Mozilla
[2012.05.29 21:14:17 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\OpenOffice.org
[2012.07.02 21:52:22 | 000,000,000 | RH-D | M] -- C:\Users\Maus\AppData\Roaming\SecuROM
[2012.07.01 13:13:18 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2006.11.02 14:03:16 | 000,062,056 | ---- | M] (Microsoft Corporation) MD5=5CCDD13BC602AE33CD8B62D33C29AB72 -- C:\Windows\SysNative\drivers\AGP440.sys
[2008.01.19 10:09:09 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008.01.19 10:09:09 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.01.19 06:34:16 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=05001E1FACCE49DB895B8526B05C7302 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_37cb142cf6008bc1\atapi.sys
[2008.01.19 10:07:46 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2008.01.19 07:09:44 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=BB55C79E0595D8CFBE4A80A3C9EB77EA -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_375215c7dcd73562\atapi.sys
[2009.04.11 09:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SoftwareDistribution\Download\0aec2e2b13cd59ce9f4d307c92b135db\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
[2009.04.11 09:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
[2009.04.11 00:15:02 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys
[2009.04.11 00:15:02 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll
[2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 10:11:31 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys
[2006.11.02 13:51:48 | 000,280,680 | ---- | M] (Intel Corporation) MD5=72C3EE7EA3CD75A772E62AE0E5DF8B8C -- C:\Windows\SysNative\drivers\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\0aec2e2b13cd59ce9f4d307c92b135db\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009.04.11 09:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SoftwareDistribution\Download\0aec2e2b13cd59ce9f4d307c92b135db\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2009.04.11 09:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2009.04.11 00:11:18 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SysNative\netlogon.dll
[2009.04.11 00:11:18 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 14:02:51 | 000,048,232 | ---- | M] (NVIDIA Corporation) MD5=94C5334040A5D500897F4C5FD12AEEDE -- C:\Windows\SysNative\drivers\nvstor.sys
[2008.01.19 10:08:50 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\0aec2e2b13cd59ce9f4d307c92b135db\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009.04.11 09:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SoftwareDistribution\Download\0aec2e2b13cd59ce9f4d307c92b135db\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
[2009.04.11 09:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
[2009.04.11 00:11:24 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SysNative\scecli.dll
[2009.04.11 00:11:24 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
 
< MD5 for: USER32.DLL  >
[2012.05.28 20:05:20 | 000,646,656 | ---- | M] (Microsoft Corporation) MD5=296BA70E2A302E639CBD9E2A32DC65C4 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_31ad02315d0545af\user32.dll
[2012.05.28 20:05:20 | 000,646,656 | ---- | M] (Microsoft Corporation) MD5=437C1C0CB2A42EA20083F21E9CAEF461 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_32359eb27623cc22\user32.dll
[2012.05.28 20:05:20 | 000,810,496 | ---- | M] (Microsoft Corporation) MD5=707CD582A4F93DB789336A5CE9527970 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_275857df28a483b4\user32.dll
[2009.04.11 08:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SoftwareDistribution\Download\0aec2e2b13cd59ce9f4d307c92b135db\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
[2009.04.11 08:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
[2009.04.10 23:26:46 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll
[2009.04.10 23:26:46 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
[2012.05.28 20:05:20 | 000,810,496 | ---- | M] (Microsoft Corporation) MD5=E4E3ED1E0D1D8C33A9C94ABEA1C8BC96 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_27e0f46041c30a27\user32.dll
[2009.04.11 09:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=F3F5549E69AE8509342E67E4F972CA1C -- C:\Windows\SoftwareDistribution\Download\0aec2e2b13cd59ce9f4d307c92b135db\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll
[2009.04.11 09:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=F3F5549E69AE8509342E67E4F972CA1C -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll
[2009.04.11 00:11:28 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\user32.dll
[2009.04.11 00:11:28 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.19 10:00:41 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008.01.19 10:00:41 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.19 10:00:45 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe
[2008.01.19 10:00:45 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SoftwareDistribution\Download\0aec2e2b13cd59ce9f4d307c92b135db\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2009.04.11 00:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009.04.11 00:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\0aec2e2b13cd59ce9f4d307c92b135db\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.19 08:37:47 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2008.01.19 08:37:47 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<          >

< End of report >
Grüße,
Waterdragon

cosinus 10.09.2012 21:08
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
FF - user.js - File not found
O4 - HKLM..\Run: []  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.03.13 23:54:45 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012.08.16 21:34:10 | 000,000,000 | ---D | M] - F:\Auto -- [ NTFS ]
O32 - AutoRun File - [2012.08.16 21:33:03 | 000,001,582 | ---- | M] () - F:\Auto.md5 -- [ NTFS ]
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\2C0A
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0C0A
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0C04
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0816
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0804
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0424
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041F
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041E
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041D
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041B
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0419
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0416
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0415
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0414
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0413
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0412
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0411
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0410
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040E
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040D
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040C
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040B
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040A
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0409
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0408
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0406
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0405
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0404
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0401
:Files
C:\Windows\Installer\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}
C:\Users\Maus\AppData\Local\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache
G:\$RECYCLE.BIN\S-1-5-21-3797951732-3175958356-1652295579-1000
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Waterdragon 11.09.2012 19:02
Hi!

Hier das Log, welches sich nach dem Reboot geöffnet hat:

Code:
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
D:\AUTOEXEC.BAT moved successfully.
File  not found.
F:\Auto.md5 moved successfully.
Folder move failed. C:\Windows\SysNative\2C0A scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0C0A scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0C04 scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0816 scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0804 scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0424 scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\041F scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\041E scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\041D scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\041B scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0419 scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0416 scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0415 scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0414 scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0413 scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0412 scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0411 scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0410 scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\040E scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\040D scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\040C scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\040B scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\040A scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0409 scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0408 scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0406 scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0405 scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0404 scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0401 scheduled to be moved on reboot.
========== FILES ==========
C:\Windows\Installer\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}\U folder moved successfully.
C:\Windows\Installer\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}\L folder moved successfully.
C:\Windows\Installer\{7d0e6048-10f9-8155-544b-e73b2ccb76e4} folder moved successfully.
C:\Users\Maus\AppData\Local\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}\U folder moved successfully.
C:\Users\Maus\AppData\Local\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}\L folder moved successfully.
C:\Users\Maus\AppData\Local\{7d0e6048-10f9-8155-544b-e73b2ccb76e4} folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
File\Folder G:\$RECYCLE.BIN\S-1-5-21-3797951732-3175958356-1652295579-1000 not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Maus\Desktop\cmd.bat deleted successfully.
C:\Users\Maus\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Maus
->Temp folder emptied: 748102 bytes
->Temporary Internet Files folder emptied: 85484160 bytes
->FireFox cache emptied: 713748275 bytes
->Flash cache emptied: 99202 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 24610300 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 111620528 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 750 bytes
RecycleBin emptied: 12183983 bytes
 
Total Files Cleaned = 905,00 mb
 
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.61.3 log created on 09112012_194748

Files\Folders moved on Reboot...
Folder move failed. C:\Windows\SysNative\2C0A scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0C0A scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0C04 scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0816 scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0804 scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0424 scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\041F scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\041E scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\041D scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\041B scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0419 scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0416 scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0415 scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0414 scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0413 scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0412 scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0411 scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0410 scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\040E scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\040D scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\040C scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\040B scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\040A scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0409 scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0408 scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0406 scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0405 scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0404 scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0401 scheduled to be moved on reboot.
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V2FGXQCJ\adoapn_AppNexusDemoActionTag_1[1].htm not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V2FGXQCJ\adoapn_AppNexusDemoActionTag_1[2].htm not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V2FGXQCJ\gossipcenter[1].htm not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V2FGXQCJ\if[1].htm not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V2FGXQCJ\st[11] not found!
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RNMSNLOQ\banner[5].htm moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RNMSNLOQ\banner[6].htm moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RNMSNLOQ\djs28[1].htm moved successfully.
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RNMSNLOQ\gossipcenter[1].htm not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RNMSNLOQ\iframe3[1].htm not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RNMSNLOQ\like[1].htm not found!
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RNMSNLOQ\NoScript[1].htm moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RNMSNLOQ\NoScript[2].htm moved successfully.
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RNMSNLOQ\pd[2].htm not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RNMSNLOQ\pd[3].htm not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RNMSNLOQ\pd[4].htm not found!
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RNMSNLOQ\pixel[1].gif moved successfully.
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RNMSNLOQ\plusone[2].js not found!
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RNMSNLOQ\statstracker[1].htm moved successfully.
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RNMSNLOQ\st[1].htm not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RNMSNLOQ\st[2].htm not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RNMSNLOQ\st[3].htm not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RNMSNLOQ\st[4] not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RNMSNLOQ\vFBea8GMEQM[1].htm not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RNMSNLOQ\video[1].htm not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RNMSNLOQ\view[1].htm not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RNMSNLOQ\view[3].htm not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OVT58CG9\adoapn_AppNexusDemoActionTag_1[1].htm not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OVT58CG9\banner[5].htm not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OVT58CG9\ca[1].htm not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OVT58CG9\d[1].htm not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OVT58CG9\gossipcenter_com[1].htm not found!
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OVT58CG9\knw79[1].htm moved successfully.
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OVT58CG9\load[1].htm not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NWWU1XW0\chevrolet-corvette-zr1-chases-200-mph-in-europe-epic-drives-episode-3[1].htm not found!
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I5X7SUTQ\zsa52[1].htm moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H83NKII6\pd[1].htm moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ARIXYACZ\xxz97[1].htm moved successfully.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Grüße,
Waterdragon

cosinus 11.09.2012 23:09
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtg4nzy0ywy5/settings_2012-09-04.png

Waterdragon 14.09.2012 18:43
Hi!

Hier das Log vom TDSS-Killer:

Code:
19:38:49.0462 3812  TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
19:38:49.0618 3812  ============================================================
19:38:49.0618 3812  Current date / time: 2012/09/14 19:38:49.0618
19:38:49.0618 3812  SystemInfo:
19:38:49.0618 3812 
19:38:49.0618 3812  OS Version: 6.0.6002 ServicePack: 2.0
19:38:49.0618 3812  Product type: Workstation
19:38:49.0618 3812  ComputerName: MAUS-PC
19:38:49.0618 3812  UserName: Maus
19:38:49.0618 3812  Windows directory: C:\Windows
19:38:49.0618 3812  System windows directory: C:\Windows
19:38:49.0618 3812  Running under WOW64
19:38:49.0618 3812  Processor architecture: Intel x64
19:38:49.0618 3812  Number of processors: 4
19:38:49.0618 3812  Page size: 0x1000
19:38:49.0618 3812  Boot type: Normal boot
19:38:49.0618 3812  ============================================================
19:38:50.0492 3812  Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:38:50.0507 3812  ============================================================
19:38:50.0507 3812  \Device\Harddisk0\DR0:
19:38:50.0507 3812  MBR partitions:
19:38:50.0507 3812  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x5BEC78
19:38:50.0507 3812  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x5BECF6, BlocksNum 0x61AB7E8
19:38:50.0507 3812  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x676A51D, BlocksNum 0x61AB7E8
19:38:50.0523 3812  \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0xC915D44, BlocksNum 0x61AB7E8
19:38:50.0523 3812  \Device\Harddisk0\DR0\Partition5: MBR, Type 0x7, StartLBA 0x12AC156B, BlocksNum 0x61AB7E8
19:38:50.0523 3812  \Device\Harddisk0\DR0\Partition6: MBR, Type 0x7, StartLBA 0x18C6CD92, BlocksNum 0x9C41AD8
19:38:50.0538 3812  \Device\Harddisk0\DR0\Partition7: MBR, Type 0x7, StartLBA 0x228AE8A9, BlocksNum 0x9C41AD8
19:38:50.0554 3812  \Device\Harddisk0\DR0\Partition8: MBR, Type 0x7, StartLBA 0x2C4F03C0, BlocksNum 0x9C41AD8
19:38:50.0554 3812  \Device\Harddisk0\DR0\Partition9: MBR, Type 0x7, StartLBA 0x36131ED7, BlocksNum 0x9C41AD8
19:38:50.0585 3812  \Device\Harddisk0\DR0\Partition10: MBR, Type 0x7, StartLBA 0x44B966DA, BlocksNum 0x30D7B35
19:38:50.0585 3812  \Device\Harddisk0\DR0\Partition11: MBR, Type 0x7, StartLBA 0x47C6E24E, BlocksNum 0x1388AFC
19:38:50.0616 3812  ============================================================
19:38:50.0632 3812  C: <-> \Device\Harddisk0\DR0\Partition3
19:38:50.0663 3812  D: <-> \Device\Harddisk0\DR0\Partition1
19:38:50.0663 3812  E: <-> \Device\Harddisk0\DR0\Partition2
19:38:50.0694 3812  F: <-> \Device\Harddisk0\DR0\Partition4
19:38:50.0710 3812  G: <-> \Device\Harddisk0\DR0\Partition5
19:38:50.0726 3812  H: <-> \Device\Harddisk0\DR0\Partition6
19:38:50.0757 3812  I: <-> \Device\Harddisk0\DR0\Partition7
19:38:50.0804 3812  J: <-> \Device\Harddisk0\DR0\Partition8
19:38:50.0835 3812  K: <-> \Device\Harddisk0\DR0\Partition9
19:38:50.0850 3812  M: <-> \Device\Harddisk0\DR0\Partition10
19:38:50.0866 3812  N: <-> \Device\Harddisk0\DR0\Partition11
19:38:50.0866 3812  ============================================================
19:38:50.0866 3812  Initialize success
19:38:50.0866 3812  ============================================================
19:39:41.0675 2836  ============================================================
19:39:41.0675 2836  Scan started
19:39:41.0675 2836  Mode: Manual; SigCheck; TDLFS;
19:39:41.0675 2836  ============================================================
19:39:42.0206 2836  ================ Scan system memory ========================
19:39:42.0206 2836  System memory - ok
19:39:42.0206 2836  ================ Scan services =============================
19:39:42.0315 2836  [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI            C:\Windows\system32\drivers\acpi.sys
19:39:42.0393 2836  ACPI - ok
19:39:42.0455 2836  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:39:42.0455 2836  AdobeARMservice - ok
19:39:42.0486 2836  [ 9137451D37BA1C325CD6C2DEF3D2D692 ] adp94xx        C:\Windows\system32\drivers\adp94xx.sys
19:39:42.0518 2836  adp94xx - ok
19:39:42.0533 2836  [ 01F80898DF5CC7DF19B3B11351846263 ] adpahci        C:\Windows\system32\drivers\adpahci.sys
19:39:42.0564 2836  adpahci - ok
19:39:42.0580 2836  [ DA001DB13FFF45DFE9109936E265B7CC ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
19:39:42.0596 2836  adpu160m - ok
19:39:42.0611 2836  [ 2B10C35C5B7C5C0C28F572E035319602 ] adpu320        C:\Windows\system32\drivers\adpu320.sys
19:39:42.0611 2836  adpu320 - ok
19:39:42.0642 2836  [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
19:39:42.0720 2836  AeLookupSvc - ok
19:39:42.0752 2836  [ C4F6CE6087760AD70960C9EB130E7943 ] AFD            C:\Windows\system32\drivers\afd.sys
19:39:42.0783 2836  AFD - ok
19:39:42.0798 2836  [ 5CCDD13BC602AE33CD8B62D33C29AB72 ] agp440          C:\Windows\system32\drivers\agp440.sys
19:39:42.0798 2836  agp440 - ok
19:39:42.0814 2836  [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx        C:\Windows\system32\drivers\djsvs.sys
19:39:42.0830 2836  aic78xx - ok
19:39:42.0845 2836  [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG            C:\Windows\System32\alg.exe
19:39:42.0939 2836  ALG - ok
19:39:42.0954 2836  [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:39:42.0970 2836  aliide - ok
19:39:42.0986 2836  [ 20C8A3E435A47F0408A1EA674AFA6194 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:39:43.0048 2836  AMD External Events Utility - ok
19:39:43.0095 2836  AMD FUEL Service - ok
19:39:43.0110 2836  [ 970FA5059E61E30D25307B99903E991E ] amdide          C:\Windows\system32\drivers\amdide.sys
19:39:43.0110 2836  amdide - ok
19:39:43.0126 2836  [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64        C:\Windows\system32\DRIVERS\amdiox64.sys
19:39:43.0142 2836  amdiox64 - ok
19:39:43.0142 2836  [ DE55DC52F7CEB89A967572D6B491ADA2 ] AmdK8          C:\Windows\system32\drivers\amdk8.sys
19:39:43.0266 2836  AmdK8 - ok
19:39:43.0438 2836  [ 0B45C18B0F3EE996D25BAA4E74884B83 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
19:39:43.0781 2836  amdkmdag - ok
19:39:43.0797 2836  [ 0E57258E5CC4CC7A9A9A877AFDF0CEC6 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
19:39:43.0828 2836  amdkmdap - ok
19:39:43.0859 2836  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
19:39:43.0875 2836  AntiVirSchedulerService - ok
19:39:43.0890 2836  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
19:39:43.0890 2836  AntiVirService - ok
19:39:43.0922 2836  [ 676894FA57B671FEC5C3F05F8929E03B ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
19:39:43.0937 2836  AntiVirWebService - ok
19:39:43.0984 2836  [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.1    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
19:39:43.0984 2836  AODDriver4.1 - ok
19:39:44.0000 2836  [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo        C:\Windows\System32\appinfo.dll
19:39:44.0031 2836  Appinfo - ok
19:39:44.0046 2836  [ 2E8623F2FED998A97129A3DB919551C8 ] arc            C:\Windows\system32\drivers\arc.sys
19:39:44.0046 2836  arc - ok
19:39:44.0078 2836  [ 741A003C041A3EC480A2E71AF71E9654 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
19:39:44.0093 2836  arcsas - ok
19:39:44.0109 2836  [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:39:44.0140 2836  AsyncMac - ok
19:39:44.0171 2836  [ E68D9B3A3905619732F7FE039466A623 ] atapi          C:\Windows\system32\drivers\atapi.sys
19:39:44.0187 2836  atapi - ok
19:39:44.0202 2836  [ 917692CDF8E1CE00D9752FA40615338B ] AtiHDAudioService C:\Windows\system32\drivers\AtihdLH6.sys
19:39:44.0218 2836  AtiHDAudioService - ok
19:39:44.0249 2836  [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:39:44.0280 2836  AudioEndpointBuilder - ok
19:39:44.0296 2836  [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
19:39:44.0327 2836  AudioSrv - ok
19:39:44.0343 2836  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
19:39:44.0343 2836  avgntflt - ok
19:39:44.0358 2836  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
19:39:44.0374 2836  avipbb - ok
19:39:44.0374 2836  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
19:39:44.0390 2836  avkmgr - ok
19:39:44.0390 2836  blbdrive - ok
19:39:44.0405 2836  [ 2348447A80920B2493A9B582A23E81E1 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:39:44.0421 2836  bowser - ok
19:39:44.0436 2836  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
19:39:44.0452 2836  BrFiltLo - ok
19:39:44.0468 2836  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
19:39:44.0499 2836  BrFiltUp - ok
19:39:44.0514 2836  [ A1B39DE453433B115B4EA69EE0343816 ] Browser        C:\Windows\System32\browser.dll
19:39:44.0546 2836  Browser - ok
19:39:44.0561 2836  [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid        C:\Windows\system32\drivers\brserid.sys
19:39:44.0608 2836  Brserid - ok
19:39:44.0624 2836  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
19:39:44.0655 2836  BrSerWdm - ok
19:39:44.0670 2836  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
19:39:44.0733 2836  BrUsbMdm - ok
19:39:44.0748 2836  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
19:39:44.0811 2836  BrUsbSer - ok
19:39:44.0826 2836  [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
19:39:44.0858 2836  BTHMODEM - ok
19:39:44.0873 2836  [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:39:44.0936 2836  cdfs - ok
19:39:44.0951 2836  [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
19:39:44.0967 2836  cdrom - ok
19:39:44.0998 2836  [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc    C:\Windows\System32\certprop.dll
19:39:45.0029 2836  CertPropSvc - ok
19:39:45.0029 2836  [ F28F00596824058BC61D5EDF434C9B82 ] circlass        C:\Windows\system32\drivers\circlass.sys
19:39:45.0076 2836  circlass - ok
19:39:45.0092 2836  [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS            C:\Windows\system32\CLFS.sys
19:39:45.0107 2836  CLFS - ok
19:39:45.0170 2836  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:39:45.0170 2836  clr_optimization_v2.0.50727_32 - ok
19:39:45.0201 2836  [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:39:45.0201 2836  clr_optimization_v2.0.50727_64 - ok
19:39:45.0216 2836  [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
19:39:45.0216 2836  cmdide - ok
19:39:45.0232 2836  [ 0E77A445640BF310817F60941C50560C ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
19:39:45.0232 2836  Compbatt - ok
19:39:45.0248 2836  COMSysApp - ok
19:39:45.0248 2836  [ B1192DCD5B9CF46BEED0E2A9E5BCF59A ] crcdisk        C:\Windows\system32\drivers\crcdisk.sys
19:39:45.0248 2836  crcdisk - ok
19:39:45.0279 2836  [ 62740B9D2A137E8CED41A9E4239A7A31 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:39:45.0310 2836  CryptSvc - ok
19:39:45.0326 2836  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:39:45.0388 2836  DcomLaunch - ok
19:39:45.0419 2836  [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:39:45.0450 2836  DfsC - ok
19:39:45.0513 2836  [ C647F468F7DE343DF8C143655C5557D4 ] DFSR            C:\Windows\system32\DFSR.exe
19:39:45.0653 2836  DFSR - ok
19:39:45.0669 2836  [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
19:39:45.0700 2836  Dhcp - ok
19:39:45.0700 2836  [ B0107E40ECDB5FA692EBF832F295D905 ] disk            C:\Windows\system32\drivers\disk.sys
19:39:45.0716 2836  disk - ok
19:39:45.0731 2836  [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:39:45.0762 2836  Dnscache - ok
19:39:45.0778 2836  [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc        C:\Windows\System32\dot3svc.dll
19:39:45.0794 2836  dot3svc - ok
19:39:45.0825 2836  [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS            C:\Windows\system32\dps.dll
19:39:45.0872 2836  DPS - ok
19:39:45.0887 2836  [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
19:39:45.0918 2836  drmkaud - ok
19:39:45.0950 2836  [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
19:39:45.0981 2836  DXGKrnl - ok
19:39:46.0012 2836  [ D57FE09B575545738A73A0C193D0616A ] E1G60          C:\Windows\system32\DRIVERS\E1G6032E.sys
19:39:46.0043 2836  E1G60 - ok
19:39:46.0090 2836  [ C2303883FD9BE49DC36A6400643002EA ] EapHost        C:\Windows\System32\eapsvc.dll
19:39:46.0121 2836  EapHost - ok
19:39:46.0152 2836  [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache          C:\Windows\system32\drivers\ecache.sys
19:39:46.0152 2836  Ecache - ok
19:39:46.0184 2836  [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
19:39:46.0230 2836  ehRecvr - ok
19:39:46.0246 2836  [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched        C:\Windows\ehome\ehsched.exe
19:39:46.0262 2836  ehSched - ok
19:39:46.0277 2836  [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart        C:\Windows\ehome\ehstart.dll
19:39:46.0308 2836  ehstart - ok
19:39:46.0324 2836  [ 3D6298AFF3FE06C0616CE5D090A3EEAA ] elxstor        C:\Windows\system32\drivers\elxstor.sys
19:39:46.0340 2836  elxstor - ok
19:39:46.0355 2836  [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt        C:\Windows\system32\emdmgmt.dll
19:39:46.0386 2836  EMDMgmt - ok
19:39:46.0402 2836  [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem    C:\Windows\system32\es.dll
19:39:46.0449 2836  EventSystem - ok
19:39:46.0464 2836  [ 486844F47B6636044A42454614ED4523 ] exfat          C:\Windows\system32\drivers\exfat.sys
19:39:46.0480 2836  exfat - ok
19:39:46.0496 2836  [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat        C:\Windows\system32\drivers\fastfat.sys
19:39:46.0511 2836  fastfat - ok
19:39:46.0527 2836  [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
19:39:46.0558 2836  fdc - ok
19:39:46.0589 2836  [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost        C:\Windows\system32\fdPHost.dll
19:39:46.0605 2836  fdPHost - ok
19:39:46.0636 2836  [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub        C:\Windows\system32\fdrespub.dll
19:39:46.0667 2836  FDResPub - ok
19:39:46.0698 2836  [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:39:46.0714 2836  FileInfo - ok
19:39:46.0730 2836  [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
19:39:46.0745 2836  Filetrace - ok
19:39:46.0792 2836  [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
19:39:46.0808 2836  flpydisk - ok
19:39:46.0823 2836  [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:39:46.0839 2836  FltMgr - ok
19:39:46.0870 2836  [ DE67B1AFAB1DDB6CA0BBA89A776F26FA ] FontCache      C:\Windows\system32\FntCache.dll
19:39:46.0932 2836  FontCache - ok
19:39:46.0964 2836  [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:39:46.0964 2836  FontCache3.0.0.0 - ok
19:39:47.0010 2836  [ 03EC8C6EEB24E245DAD858C9FC6A1B68 ] ForceWare Intelligent Application Manager (IAM) C:\Program Files\bin32\nSvcAppFlt.exe
19:39:47.0042 2836  ForceWare Intelligent Application Manager (IAM) ( UnsignedFile.Multi.Generic ) - warning
19:39:47.0042 2836  ForceWare Intelligent Application Manager (IAM) - detected UnsignedFile.Multi.Generic (1)
19:39:47.0073 2836  [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:39:47.0088 2836  Fs_Rec - ok
19:39:47.0104 2836  [ B54520CC7B4B55134D7527B1CD3FC1F2 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
19:39:47.0120 2836  gagp30kx - ok
19:39:47.0135 2836  [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc          C:\Windows\System32\gpsvc.dll
19:39:47.0182 2836  gpsvc - ok
19:39:47.0213 2836  [ DF45F8142DC6DF9D18C39B3EFFBD0409 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:39:47.0260 2836  HdAudAddService - ok
19:39:47.0291 2836  [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
19:39:47.0338 2836  HDAudBus - ok
19:39:47.0338 2836  [ B4881C84A180E75B8C25DC1D726C375F ] HidBth          C:\Windows\system32\drivers\hidbth.sys
19:39:47.0385 2836  HidBth - ok
19:39:47.0400 2836  [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr          C:\Windows\system32\drivers\hidir.sys
19:39:47.0432 2836  HidIr - ok
19:39:47.0447 2836  [ 59361D38A297755D46A540E450202B2A ] hidserv        C:\Windows\system32\hidserv.dll
19:39:47.0463 2836  hidserv - ok
19:39:47.0478 2836  [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
19:39:47.0494 2836  HidUsb - ok
19:39:47.0525 2836  [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:39:47.0541 2836  hkmsvc - ok
19:39:47.0556 2836  [ 8EDC820115DF1E04763B2923676EA5B2 ] HpCISSs        C:\Windows\system32\drivers\hpcisss.sys
19:39:47.0572 2836  HpCISSs - ok
19:39:47.0603 2836  [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:39:47.0634 2836  HTTP - ok
19:39:47.0650 2836  [ F2901763845570ECAC48E6A50EC50812 ] i2omp          C:\Windows\system32\drivers\i2omp.sys
19:39:47.0650 2836  i2omp - ok
19:39:47.0681 2836  [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
19:39:47.0712 2836  i8042prt - ok
19:39:47.0728 2836  [ 72C3EE7EA3CD75A772E62AE0E5DF8B8C ] iaStorV        C:\Windows\system32\drivers\iastorv.sys
19:39:47.0728 2836  iaStorV - ok
19:39:47.0759 2836  [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc          C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:39:47.0790 2836  idsvc - ok
19:39:47.0837 2836  [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp          C:\Windows\system32\drivers\iirsp.sys
19:39:47.0837 2836  iirsp - ok
19:39:47.0868 2836  [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT          C:\Windows\System32\ikeext.dll
19:39:47.0915 2836  IKEEXT - ok
19:39:47.0993 2836  [ FFC65872F4B0A1075B2AB16C676A4AEC ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:39:48.0024 2836  IntcAzAudAddService - ok
19:39:48.0056 2836  [ 36A266C673812878996F72B200203FBB ] intelide        C:\Windows\system32\drivers\intelide.sys
19:39:48.0071 2836  intelide - ok
19:39:48.0071 2836  [ CD802075728E514548841DCC3F8B0220 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:39:48.0118 2836  intelppm - ok
19:39:48.0149 2836  [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
19:39:48.0165 2836  IPBusEnum - ok
19:39:48.0180 2836  [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:39:48.0196 2836  IpFilterDriver - ok
19:39:48.0212 2836  IpInIp - ok
19:39:48.0212 2836  [ EACDBBE429C6D170BDEEE0EFFCBC317B ] IPMIDRV        C:\Windows\system32\drivers\ipmidrv.sys
19:39:48.0258 2836  IPMIDRV - ok
19:39:48.0274 2836  [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT          C:\Windows\system32\DRIVERS\ipnat.sys
19:39:48.0305 2836  IPNAT - ok
19:39:48.0305 2836  [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:39:48.0336 2836  IRENUM - ok
19:39:48.0336 2836  [ D3BB520B31F28C1A065CD058E762EE73 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:39:48.0352 2836  isapnp - ok
19:39:48.0368 2836  [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
19:39:48.0383 2836  iScsiPrt - ok
19:39:48.0399 2836  [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
19:39:48.0399 2836  iteatapi - ok
19:39:48.0414 2836  [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid        C:\Windows\system32\drivers\iteraid.sys
19:39:48.0414 2836  iteraid - ok
19:39:48.0430 2836  [ 423696F3BA6472DD17699209B933BC26 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
19:39:48.0446 2836  kbdclass - ok
19:39:48.0446 2836  [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
19:39:48.0477 2836  kbdhid - ok
19:39:48.0492 2836  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso          C:\Windows\system32\lsass.exe
19:39:48.0508 2836  KeyIso - ok
19:39:48.0539 2836  [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:39:48.0555 2836  KSecDD - ok
19:39:48.0602 2836  [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk        C:\Windows\system32\drivers\ksthunk.sys
19:39:48.0633 2836  ksthunk - ok
19:39:48.0648 2836  [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm          C:\Windows\system32\msdtckrm.dll
19:39:48.0695 2836  KtmRm - ok
19:39:48.0711 2836  [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer    C:\Windows\system32\srvsvc.dll
19:39:48.0726 2836  LanmanServer - ok
19:39:48.0742 2836  [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:39:48.0758 2836  LanmanWorkstation - ok
19:39:48.0773 2836  [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:39:48.0804 2836  lltdio - ok
19:39:48.0836 2836  [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc        C:\Windows\System32\lltdsvc.dll
19:39:48.0867 2836  lltdsvc - ok
19:39:48.0882 2836  [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts        C:\Windows\System32\lmhsvc.dll
19:39:48.0898 2836  lmhosts - ok
19:39:48.0929 2836  [ 1572F8D999C0AB4376AFDCE058A78DF9 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
19:39:48.0929 2836  LSI_FC - ok
19:39:48.0945 2836  [ 64470979C3E3C9FF60EDFB5230C56E0E ] LSI_SAS        C:\Windows\system32\drivers\lsi_sas.sys
19:39:48.0945 2836  LSI_SAS - ok
19:39:48.0960 2836  [ 4CED7D3B54BFC5BBAE75C4A73C7F7428 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
19:39:48.0960 2836  LSI_SCSI - ok
19:39:48.0976 2836  [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv          C:\Windows\system32\drivers\luafv.sys
19:39:49.0023 2836  luafv - ok
19:39:49.0054 2836  [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector  C:\Windows\system32\drivers\mbam.sys
19:39:49.0070 2836  MBAMProtector - ok
19:39:49.0101 2836  [ 43683E970F008C93C9429EF428147A54 ] MBAMService    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
19:39:49.0116 2836  MBAMService - ok
19:39:49.0163 2836  [ 22A7776C5D8EB5930EDF9C8DD0884259 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe
19:39:49.0179 2836  McComponentHostService - ok
19:39:49.0194 2836  [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
19:39:49.0210 2836  Mcx2Svc - ok
19:39:49.0226 2836  [ 2F631C2939D5F2E8958935EE701D70D7 ] megasas        C:\Windows\system32\drivers\megasas.sys
19:39:49.0226 2836  megasas - ok
19:39:49.0257 2836  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS          C:\Windows\system32\mmcss.dll
19:39:49.0288 2836  MMCSS - ok
19:39:49.0304 2836  [ 59848D5CC74606F0EE7557983BB73C2E ] Modem          C:\Windows\system32\drivers\modem.sys
19:39:49.0335 2836  Modem - ok
19:39:49.0366 2836  [ 505BDF0B6529338189D6FD3959EE3A89 ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
19:39:49.0413 2836  monitor - ok
19:39:49.0428 2836  [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:39:49.0444 2836  mouclass - ok
19:39:49.0444 2836  [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:39:49.0491 2836  mouhid - ok
19:39:49.0506 2836  [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
19:39:49.0522 2836  MountMgr - ok
19:39:49.0538 2836  [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:39:49.0553 2836  MozillaMaintenance - ok
19:39:49.0569 2836  [ ED48EAC719EE28DB773359EB1B06E2B5 ] mpio            C:\Windows\system32\drivers\mpio.sys
19:39:49.0569 2836  mpio - ok
19:39:49.0600 2836  [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:39:49.0616 2836  mpsdrv - ok
19:39:49.0631 2836  [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
19:39:49.0631 2836  Mraid35x - ok
19:39:49.0647 2836  [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:39:49.0662 2836  MRxDAV - ok
19:39:49.0678 2836  [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:39:49.0694 2836  mrxsmb - ok
19:39:49.0725 2836  [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:39:49.0725 2836  mrxsmb10 - ok
19:39:49.0740 2836  [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:39:49.0756 2836  mrxsmb20 - ok
19:39:49.0772 2836  [ EEADF970795148BFBB1DB3ABCC89C16B ] msahci          C:\Windows\system32\drivers\msahci.sys
19:39:49.0772 2836  msahci - ok
19:39:49.0787 2836  [ 96D7C0A1B98434C6E4FF0C2E26A0E20A ] msdsm          C:\Windows\system32\drivers\msdsm.sys
19:39:49.0787 2836  msdsm - ok
19:39:49.0803 2836  [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC          C:\Windows\System32\msdtc.exe
19:39:49.0834 2836  MSDTC - ok
19:39:49.0850 2836  [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:39:49.0881 2836  Msfs - ok
19:39:49.0896 2836  [ 00EBC952961664780D43DCA157E79B27 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:39:49.0912 2836  msisadrv - ok
19:39:49.0928 2836  [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
19:39:49.0959 2836  MSiSCSI - ok
19:39:49.0959 2836  msiserver - ok
19:39:49.0974 2836  [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
19:39:49.0990 2836  MSKSSRV - ok
19:39:50.0006 2836  [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:39:50.0037 2836  MSPCLOCK - ok
19:39:50.0052 2836  [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
19:39:50.0084 2836  MSPQM - ok
19:39:50.0099 2836  [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
19:39:50.0115 2836  MsRPC - ok
19:39:50.0130 2836  [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
19:39:50.0130 2836  mssmbios - ok
19:39:50.0162 2836  [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
19:39:50.0177 2836  MSTEE - ok
19:39:50.0208 2836  [ 6936198F2CC25B39CF5262436C80DF46 ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
19:39:50.0224 2836  MTsensor - ok
19:39:50.0224 2836  [ 0CC49F78D8ACA0877D885F149084E543 ] Mup            C:\Windows\system32\Drivers\mup.sys
19:39:50.0240 2836  Mup - ok
19:39:50.0255 2836  [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent        C:\Windows\system32\qagentRT.dll
19:39:50.0302 2836  napagent - ok
19:39:50.0318 2836  [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
19:39:50.0333 2836  NativeWifiP - ok
19:39:50.0349 2836  [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:39:50.0380 2836  NDIS - ok
19:39:50.0411 2836  [ 64DF698A425478E321981431AC171334 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:39:50.0442 2836  NdisTapi - ok
19:39:50.0458 2836  [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
19:39:50.0489 2836  Ndisuio - ok
19:39:50.0489 2836  [ F8158771905260982CE724076419EF19 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
19:39:50.0520 2836  NdisWan - ok
19:39:50.0552 2836  [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
19:39:50.0583 2836  NDProxy - ok
19:39:50.0598 2836  [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
19:39:50.0614 2836  NetBIOS - ok
19:39:50.0630 2836  [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt          C:\Windows\system32\DRIVERS\netbt.sys
19:39:50.0645 2836  netbt - ok
19:39:50.0661 2836  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon        C:\Windows\system32\lsass.exe
19:39:50.0676 2836  Netlogon - ok
19:39:50.0692 2836  [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman          C:\Windows\System32\netman.dll
19:39:50.0739 2836  Netman - ok
19:39:50.0770 2836  [ 7846D0136CC2B264926A73047BA7688A ] netprofm        C:\Windows\System32\netprofm.dll
19:39:50.0801 2836  netprofm - ok
19:39:50.0832 2836  [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:39:50.0848 2836  NetTcpPortSharing - ok
19:39:50.0864 2836  [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960        C:\Windows\system32\drivers\nfrd960.sys
19:39:50.0879 2836  nfrd960 - ok
19:39:50.0895 2836  [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:39:50.0926 2836  NlaSvc - ok
19:39:50.0973 2836  [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess      I:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
19:39:50.0988 2836  NMSAccess - ok
19:39:51.0004 2836  [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:39:51.0035 2836  Npfs - ok
19:39:51.0051 2836  [ ACB62BAA1C319B17752553DF3026EEEB ] nsi            C:\Windows\system32\nsisvc.dll
19:39:51.0082 2836  nsi - ok
19:39:51.0098 2836  [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:39:51.0129 2836  nsiproxy - ok
19:39:51.0160 2836  [ C5117E7FF9F373AD470CE5379617F464 ] nSvcIp          C:\Program Files\bin32\nSvcIp.exe
19:39:51.0160 2836  nSvcIp ( UnsignedFile.Multi.Generic ) - warning
19:39:51.0160 2836  nSvcIp - detected UnsignedFile.Multi.Generic (1)
19:39:51.0191 2836  [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:39:51.0254 2836  Ntfs - ok
19:39:51.0269 2836  [ DD5D684975352B85B52E3FD5347C20CB ] Null            C:\Windows\system32\drivers\Null.sys
19:39:51.0300 2836  Null - ok
19:39:51.0316 2836  [ 01266516E6E88D183A2B58722EEB4443 ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
19:39:51.0332 2836  nusb3hub - ok
19:39:51.0363 2836  [ 5EC04F55CC5F165F21752712437DF638 ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
19:39:51.0394 2836  nusb3xhc - ok
19:39:51.0425 2836  [ CF2A023F422CE6E43302B139E4B87B05 ] NVENETFD        C:\Windows\system32\DRIVERS\nvmfdx64.sys
19:39:51.0425 2836  NVENETFD - ok
19:39:51.0441 2836  [ 87A7E98A682B0B20820BE781C7758B94 ] NVHDA          C:\Windows\system32\drivers\nvhda64v.sys
19:39:51.0456 2836  NVHDA - ok
19:39:51.0472 2836  [ CF2A023F422CE6E43302B139E4B87B05 ] NVNET          C:\Windows\system32\DRIVERS\nvmfdx64.sys
19:39:51.0503 2836  NVNET - ok
19:39:51.0534 2836  [ 840EEB44DC49317A6161961F7682CD99 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:39:51.0550 2836  nvraid - ok
19:39:51.0566 2836  [ F6C6D8298DD85507F680437EC2E6899C ] nvsmu          C:\Windows\system32\DRIVERS\nvsmu.sys
19:39:51.0566 2836  nvsmu - ok
19:39:51.0581 2836  [ 94C5334040A5D500897F4C5FD12AEEDE ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:39:51.0581 2836  nvstor - ok
19:39:51.0597 2836  [ AA1B6C86A4763502E20B65C025F39BAD ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:39:51.0597 2836  nv_agp - ok
19:39:51.0597 2836  NwlnkFlt - ok
19:39:51.0612 2836  NwlnkFwd - ok
19:39:51.0628 2836  [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
19:39:51.0659 2836  ohci1394 - ok
19:39:51.0690 2836  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc        C:\Windows\system32\p2psvc.dll
19:39:51.0753 2836  p2pimsvc - ok
19:39:51.0768 2836  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc          C:\Windows\system32\p2psvc.dll
19:39:51.0784 2836  p2psvc - ok
19:39:51.0800 2836  [ AECD57F94C887F58919F307C35498EA0 ] Parport        C:\Windows\system32\drivers\parport.sys
19:39:51.0846 2836  Parport - ok
19:39:51.0878 2836  [ B43751085E2ABE389DA466BC62A4B987 ] partmgr        C:\Windows\system32\drivers\partmgr.sys
19:39:51.0878 2836  partmgr - ok
19:39:51.0893 2836  [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:39:51.0924 2836  PcaSvc - ok
19:39:51.0940 2836  [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci            C:\Windows\system32\drivers\pci.sys
19:39:51.0956 2836  pci - ok
19:39:51.0956 2836  [ 2657F6C0B78C36D95034BE109336E382 ] pciide          C:\Windows\system32\drivers\pciide.sys
19:39:51.0971 2836  pciide - ok
19:39:51.0987 2836  [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
19:39:51.0987 2836  pcmcia - ok
19:39:52.0002 2836  [ 58865916F53592A61549B04941BFD80D ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:39:52.0065 2836  PEAUTH - ok
19:39:52.0127 2836  [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
19:39:52.0158 2836  PerfHost - ok
19:39:52.0205 2836  [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla            C:\Windows\system32\pla.dll
19:39:52.0268 2836  pla - ok
19:39:52.0299 2836  [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:39:52.0314 2836  PlugPlay - ok
19:39:52.0346 2836  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg    C:\Windows\system32\p2psvc.dll
19:39:52.0377 2836  PNRPAutoReg - ok
19:39:52.0377 2836  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc        C:\Windows\system32\p2psvc.dll
19:39:52.0392 2836  PNRPsvc - ok
19:39:52.0424 2836  [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
19:39:52.0470 2836  PolicyAgent - ok
19:39:52.0502 2836  [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:39:52.0533 2836  PptpMiniport - ok
19:39:52.0548 2836  [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor      C:\Windows\system32\DRIVERS\processr.sys
19:39:52.0564 2836  Processor - ok
19:39:52.0595 2836  [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc        C:\Windows\system32\profsvc.dll
19:39:52.0611 2836  ProfSvc - ok
19:39:52.0626 2836  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
19:39:52.0642 2836  ProtectedStorage - ok
19:39:52.0658 2836  [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
19:39:52.0673 2836  PSched - ok
19:39:52.0704 2836  [ 4A29D25704917161BAD9B4659A248DFD ] ql2300          C:\Windows\system32\drivers\ql2300.sys
19:39:52.0736 2836  ql2300 - ok
19:39:52.0767 2836  [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
19:39:52.0767 2836  ql40xx - ok
19:39:52.0798 2836  [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE          C:\Windows\system32\qwave.dll
19:39:52.0814 2836  QWAVE - ok
19:39:52.0829 2836  [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:39:52.0845 2836  QWAVEdrv - ok
19:39:52.0860 2836  [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:39:52.0892 2836  RasAcd - ok
19:39:52.0923 2836  [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto        C:\Windows\System32\rasauto.dll
19:39:52.0954 2836  RasAuto - ok
19:39:52.0970 2836  [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
19:39:53.0001 2836  Rasl2tp - ok
19:39:53.0016 2836  [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan          C:\Windows\System32\rasmans.dll
19:39:53.0032 2836  RasMan - ok
19:39:53.0032 2836  [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:39:53.0063 2836  RasPppoe - ok
19:39:53.0063 2836  [ C6A593B51F34C33E5474539544072527 ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
19:39:53.0079 2836  RasSstp - ok
19:39:53.0094 2836  [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
19:39:53.0110 2836  rdbss - ok
19:39:53.0126 2836  [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:39:53.0157 2836  RDPCDD - ok
19:39:53.0172 2836  [ 2D98DDA8EDCE73DF99854BF3692CCC87 ] rdpdr          C:\Windows\system32\drivers\rdpdr.sys
19:39:53.0235 2836  rdpdr - ok
19:39:53.0235 2836  [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:39:53.0266 2836  RDPENCDD - ok
19:39:53.0282 2836  [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
19:39:53.0313 2836  RDPWD - ok
19:39:53.0328 2836  [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:39:53.0360 2836  RemoteAccess - ok
19:39:53.0375 2836  [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:39:53.0391 2836  RemoteRegistry - ok
19:39:53.0406 2836  [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator      C:\Windows\system32\locator.exe
19:39:53.0438 2836  RpcLocator - ok
19:39:53.0453 2836  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs          C:\Windows\system32\rpcss.dll
19:39:53.0484 2836  RpcSs - ok
19:39:53.0516 2836  [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:39:53.0531 2836  rspndr - ok
19:39:53.0547 2836  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs          C:\Windows\system32\lsass.exe
19:39:53.0562 2836  SamSs - ok
19:39:53.0562 2836  [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:39:53.0578 2836  sbp2port - ok
19:39:53.0594 2836  [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:39:53.0625 2836  SCardSvr - ok
19:39:53.0640 2836  [ 0F838C811AD295D2A4489B9993096C63 ] Schedule        C:\Windows\system32\schedsvc.dll
19:39:53.0703 2836  Schedule - ok
19:39:53.0718 2836  [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc    C:\Windows\System32\certprop.dll
19:39:53.0750 2836  SCPolicySvc - ok
19:39:53.0765 2836  [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:39:53.0796 2836  SDRSVC - ok
19:39:53.0796 2836  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:39:53.0843 2836  secdrv - ok
19:39:53.0874 2836  [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon        C:\Windows\system32\seclogon.dll
19:39:53.0906 2836  seclogon - ok
19:39:53.0921 2836  [ 90973A64B96CD647FF81C79443618EED ] SENS            C:\Windows\System32\sens.dll
19:39:53.0952 2836  SENS - ok
19:39:53.0968 2836  [ 2449316316411D65BD2C761A6FFB2CE2 ] Serenum        C:\Windows\system32\DRIVERS\serenum.sys
19:39:53.0999 2836  Serenum - ok
19:39:54.0030 2836  [ 4B438170BE2FC8E0BD35EE87A960F84F ] Serial          C:\Windows\system32\DRIVERS\serial.sys
19:39:54.0062 2836  Serial - ok
19:39:54.0062 2836  [ A842F04833684BCEEA7336211BE478DF ] sermouse        C:\Windows\system32\drivers\sermouse.sys
19:39:54.0093 2836  sermouse - ok
19:39:54.0108 2836  [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv      C:\Windows\system32\sessenv.dll
19:39:54.0140 2836  SessionEnv - ok
19:39:54.0155 2836  [ 541B32F8D6B2DCB92EC43BAB267E79EA ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
19:39:54.0202 2836  sffdisk - ok
19:39:54.0202 2836  [ 446E7CCA3325C7E0AE0FDE7F73CDD9C2 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
19:39:54.0233 2836  sffp_mmc - ok
19:39:54.0249 2836  [ 67EDC221348911E895AF51C57D9A3725 ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
19:39:54.0280 2836  sffp_sd - ok
19:39:54.0296 2836  [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy        C:\Windows\system32\drivers\sfloppy.sys
19:39:54.0327 2836  sfloppy - ok
19:39:54.0358 2836  [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:39:54.0374 2836  ShellHWDetection - ok
19:39:54.0374 2836  [ 08DDA16573FA44F8B13AFE74597AD2E5 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
19:39:54.0389 2836  SiSRaid2 - ok
19:39:54.0389 2836  [ C52259E9DAAF3890D572D87FFEE0979E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
19:39:54.0405 2836  SiSRaid4 - ok
19:39:54.0452 2836  [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc          C:\Windows\system32\SLsvc.exe
19:39:54.0530 2836  slsvc - ok
19:39:54.0545 2836  [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify      C:\Windows\system32\SLUINotify.dll
19:39:54.0561 2836  SLUINotify - ok
19:39:54.0576 2836  [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
19:39:54.0592 2836  Smb - ok
19:39:54.0623 2836  [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:39:54.0639 2836  SNMPTRAP - ok
19:39:54.0654 2836  [ 386C3C63F00A7040C7EC5E384217E89D ] spldr          C:\Windows\system32\drivers\spldr.sys
19:39:54.0654 2836  spldr - ok
19:39:54.0686 2836  [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler        C:\Windows\System32\spoolsv.exe
19:39:54.0701 2836  Spooler - ok
19:39:54.0732 2836  [ 880A57FCCB571EBD063D4DD50E93E46D ] srv            C:\Windows\system32\DRIVERS\srv.sys
19:39:54.0764 2836  srv - ok
19:39:54.0779 2836  [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:39:54.0810 2836  srv2 - ok
19:39:54.0826 2836  [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:39:54.0842 2836  srvnet - ok
19:39:54.0873 2836  [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
19:39:54.0920 2836  SSDPSRV - ok
19:39:54.0935 2836  [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc        C:\Windows\system32\sstpsvc.dll
19:39:54.0951 2836  SstpSvc - ok
19:39:54.0998 2836  [ E57B778208C783D8DEBAB320C16A1B82 ] StarOpen        C:\Windows\system32\drivers\StarOpen.sys
19:39:54.0998 2836  StarOpen ( UnsignedFile.Multi.Generic ) - warning
19:39:54.0998 2836  StarOpen - detected UnsignedFile.Multi.Generic (1)
19:39:55.0013 2836  Steam Client Service - ok
19:39:55.0029 2836  [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc          C:\Windows\System32\wiaservc.dll
19:39:55.0060 2836  stisvc - ok
19:39:55.0076 2836  [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
19:39:55.0076 2836  swenum - ok
19:39:55.0091 2836  [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv          C:\Windows\System32\swprv.dll
19:39:55.0138 2836  swprv - ok
19:39:55.0154 2836  [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx        C:\Windows\system32\drivers\symc8xx.sys
19:39:55.0154 2836  Symc8xx - ok
19:39:55.0154 2836  [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
19:39:55.0169 2836  Sym_hi - ok
19:39:55.0169 2836  [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
19:39:55.0185 2836  Sym_u3 - ok
19:39:55.0200 2836  [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain        C:\Windows\system32\sysmain.dll
19:39:55.0247 2836  SysMain - ok
19:39:55.0263 2836  [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:39:55.0278 2836  TabletInputService - ok
19:39:55.0294 2836  [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv        C:\Windows\System32\tapisrv.dll
19:39:55.0325 2836  TapiSrv - ok
19:39:55.0341 2836  [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS            C:\Windows\System32\tbssvc.dll
19:39:55.0372 2836  TBS - ok
19:39:55.0434 2836  [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
19:39:55.0466 2836  Tcpip - ok
19:39:55.0528 2836  [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
19:39:55.0575 2836  Tcpip6 - ok
19:39:55.0606 2836  [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:39:55.0622 2836  tcpipreg - ok
19:39:55.0653 2836  [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:39:55.0684 2836  TDPIPE - ok
19:39:55.0731 2836  [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
19:39:55.0762 2836  TDTCP - ok
19:39:55.0778 2836  [ 458919C8C42E398DC4802178D5FFEE27 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
19:39:55.0793 2836  tdx - ok
19:39:55.0809 2836  [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
19:39:55.0824 2836  TermDD - ok
19:39:55.0840 2836  [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService    C:\Windows\System32\termsrv.dll
19:39:55.0871 2836  TermService - ok
19:39:55.0887 2836  [ 56793271ECDEDD350C5ADD305603E963 ] Themes          C:\Windows\system32\shsvcs.dll
19:39:55.0902 2836  Themes - ok
19:39:55.0918 2836  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER    C:\Windows\system32\mmcss.dll
19:39:55.0934 2836  THREADORDER - ok
19:39:55.0965 2836  [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks          C:\Windows\System32\trkwks.dll
19:39:55.0996 2836  TrkWks - ok
19:39:56.0027 2836  [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:39:56.0043 2836  TrustedInstaller - ok
19:39:56.0043 2836  [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:39:56.0074 2836  tssecsrv - ok
19:39:56.0090 2836  [ 89EC74A9E602D16A75A4170511029B3C ] tunmp          C:\Windows\system32\DRIVERS\tunmp.sys
19:39:56.0105 2836  tunmp - ok
19:39:56.0121 2836  [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:39:56.0136 2836  tunnel - ok
19:39:56.0152 2836  [ E4722DFBD6232ACF17543EF2C2DCE8D2 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
19:39:56.0152 2836  uagp35 - ok
19:39:56.0168 2836  [ FAF2640A2A76ED03D449E443194C4C34 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:39:56.0199 2836  udfs - ok
19:39:56.0214 2836  [ 060507C4113391394478F6953A79EEDC ] UI0Detect      C:\Windows\system32\UI0Detect.exe
19:39:56.0246 2836  UI0Detect - ok
19:39:56.0246 2836  [ 5663D7696ABBE71F8C9D915C5374118A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:39:56.0261 2836  uliagpkx - ok
19:39:56.0277 2836  [ 6030B68E86A30D1B315B51C4D7778B16 ] uliahci        C:\Windows\system32\drivers\uliahci.sys
19:39:56.0292 2836  uliahci - ok
19:39:56.0292 2836  [ 31707F09846056651EA2C37858F5DDB0 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
19:39:56.0308 2836  UlSata - ok
19:39:56.0324 2836  [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2        C:\Windows\system32\drivers\ulsata2.sys
19:39:56.0324 2836  ulsata2 - ok
19:39:56.0355 2836  [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus          C:\Windows\system32\DRIVERS\umbus.sys
19:39:56.0386 2836  umbus - ok
19:39:56.0386 2836  [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost        C:\Windows\System32\upnphost.dll
19:39:56.0433 2836  upnphost - ok
19:39:56.0480 2836  [ 07E3498FC60834219D2356293DA0FECC ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
19:39:56.0511 2836  usbccgp - ok
19:39:56.0526 2836  [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
19:39:56.0573 2836  usbcir - ok
19:39:56.0589 2836  [ 827E44DE934A736EA31E91D353EB126F ] usbehci        C:\Windows\system32\DRIVERS\usbehci.sys
19:39:56.0604 2836  usbehci - ok
19:39:56.0620 2836  [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:39:56.0636 2836  usbhub - ok
19:39:56.0651 2836  [ E406B003A354776D317762694956B0FC ] usbohci        C:\Windows\system32\DRIVERS\usbohci.sys
19:39:56.0667 2836  usbohci - ok
19:39:56.0682 2836  [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
19:39:56.0714 2836  usbprint - ok
19:39:56.0714 2836  [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:39:56.0745 2836  USBSTOR - ok
19:39:56.0745 2836  [ 7BF55D2538740B25936E93553E5D190D ] usbuhci        C:\Windows\system32\DRIVERS\usbuhci.sys
19:39:56.0792 2836  usbuhci - ok
19:39:56.0823 2836  [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms          C:\Windows\System32\uxsms.dll
19:39:56.0854 2836  UxSms - ok
19:39:56.0885 2836  [ 294945381DFA7CE58CECF0A9896AF327 ] vds            C:\Windows\System32\vds.exe
19:39:56.0901 2836  vds - ok
19:39:56.0916 2836  [ 2998DC48905E9B4821AD8FD75B3E070C ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
19:39:56.0963 2836  vga - ok
19:39:56.0994 2836  [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave        C:\Windows\System32\drivers\vga.sys
19:39:57.0026 2836  VgaSave - ok
19:39:57.0041 2836  [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide          C:\Windows\system32\drivers\viaide.sys
19:39:57.0041 2836  viaide - ok
19:39:57.0057 2836  [ 2B7E885ED951519A12C450D24535DFCA ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:39:57.0072 2836  volmgr - ok
19:39:57.0088 2836  [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
19:39:57.0119 2836  volmgrx - ok
19:39:57.0150 2836  [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap        C:\Windows\system32\drivers\volsnap.sys
19:39:57.0166 2836  volsnap - ok
19:39:57.0166 2836  [ 410AE2C141142C58BC617FC2C677F8B0 ] vsmraid        C:\Windows\system32\drivers\vsmraid.sys
19:39:57.0182 2836  vsmraid - ok
19:39:57.0197 2836  [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS            C:\Windows\system32\vssvc.exe
19:39:57.0260 2836  VSS - ok
19:39:57.0306 2836  [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time        C:\Windows\system32\w32time.dll
19:39:57.0353 2836  W32Time - ok
19:39:57.0353 2836  [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
19:39:57.0400 2836  WacomPen - ok
19:39:57.0431 2836  [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
19:39:57.0447 2836  Wanarp - ok
19:39:57.0447 2836  [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:39:57.0462 2836  Wanarpv6 - ok
19:39:57.0478 2836  [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc        C:\Windows\System32\wcncsvc.dll
19:39:57.0509 2836  wcncsvc - ok
19:39:57.0540 2836  [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:39:57.0556 2836  WcsPlugInService - ok
19:39:57.0572 2836  [ 59B501B0A04C9672142B7FFA2BDBF663 ] Wd              C:\Windows\system32\drivers\wd.sys
19:39:57.0587 2836  Wd - ok
19:39:57.0603 2836  [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:39:57.0618 2836  Wdf01000 - ok
19:39:57.0650 2836  [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:39:57.0681 2836  WdiServiceHost - ok
19:39:57.0681 2836  [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost  C:\Windows\system32\wdi.dll
19:39:57.0712 2836  WdiSystemHost - ok
19:39:57.0728 2836  [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient      C:\Windows\System32\webclnt.dll
19:39:57.0743 2836  WebClient - ok
19:39:57.0743 2836  [ BD9A749F36710FFA02E0E530F7451936 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:39:57.0774 2836  Wecsvc - ok
19:39:57.0774 2836  [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
19:39:57.0806 2836  wercplsupport - ok
19:39:57.0821 2836  [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc          C:\Windows\System32\WerSvc.dll
19:39:57.0837 2836  WerSvc - ok
19:39:57.0852 2836  WinHttpAutoProxySvc - ok
19:39:57.0868 2836  [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
19:39:57.0899 2836  Winmgmt - ok
19:39:57.0915 2836  [ 42717DB2BE3A075D0F0CD5C927C27A43 ] WinRM          C:\Windows\system32\WsmSvc.dll
19:39:57.0977 2836  WinRM - ok
19:39:58.0008 2836  [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc        C:\Windows\System32\wlansvc.dll
19:39:58.0040 2836  Wlansvc - ok
19:39:58.0055 2836  [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi        C:\Windows\system32\DRIVERS\wmiacpi.sys
19:39:58.0071 2836  WmiAcpi - ok
19:39:58.0086 2836  [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:39:58.0118 2836  wmiApSrv - ok
19:39:58.0133 2836  WMPNetworkSvc - ok
19:39:58.0149 2836  [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:39:58.0180 2836  WPCSvc - ok
19:39:58.0196 2836  [ A27C8F92D84E2DDC151978E4692C978E ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:39:58.0227 2836  WPDBusEnum - ok
19:39:58.0242 2836  [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
19:39:58.0274 2836  ws2ifsl - ok
19:39:58.0274 2836  WSearch - ok
19:39:58.0320 2836  [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:39:58.0352 2836  WUDFRd - ok
19:39:58.0367 2836  [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
19:39:58.0398 2836  wudfsvc - ok
19:39:58.0398 2836  ================ Scan global ===============================
19:39:58.0430 2836  [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
19:39:58.0445 2836  [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
19:39:58.0461 2836  [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
19:39:58.0476 2836  [ BC81150939BD52DBC7A08C245F1FB229 ] C:\Windows\system32\services.exe
19:39:58.0492 2836  C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - infected
19:39:58.0492 2836  C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.b (0)
19:39:58.0492 2836  ================ Scan MBR ==================================
19:39:58.0492 2836  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:39:58.0757 2836  \Device\Harddisk0\DR0 - ok
19:39:58.0757 2836  ================ Scan VBR ==================================
19:39:58.0757 2836  [ AF6E1B78A52D7BA39B03D6839392A6AC ] \Device\Harddisk0\DR0\Partition1
19:39:58.0757 2836  \Device\Harddisk0\DR0\Partition1 - ok
19:39:58.0757 2836  [ 9192F4C5E5167E0E4F5D58027EEF9CC6 ] \Device\Harddisk0\DR0\Partition2
19:39:58.0757 2836  \Device\Harddisk0\DR0\Partition2 - ok
19:39:58.0773 2836  [ 51C6248CC81C7F876BAADB6A7D60D8E2 ] \Device\Harddisk0\DR0\Partition3
19:39:58.0773 2836  \Device\Harddisk0\DR0\Partition3 - ok
19:39:58.0788 2836  [ 498AA62793B74B1F1A17E47DCF0E559C ] \Device\Harddisk0\DR0\Partition4
19:39:58.0788 2836  \Device\Harddisk0\DR0\Partition4 - ok
19:39:58.0804 2836  [ E11473E0B50B173780451F496E581DD6 ] \Device\Harddisk0\DR0\Partition5
19:39:58.0804 2836  \Device\Harddisk0\DR0\Partition5 - ok
19:39:58.0820 2836  [ FA17E132BE096306B4A5C1A3189FEAD7 ] \Device\Harddisk0\DR0\Partition6
19:39:58.0820 2836  \Device\Harddisk0\DR0\Partition6 - ok
19:39:58.0835 2836  [ 4127A635E2FC156B1977278DBA3F0E05 ] \Device\Harddisk0\DR0\Partition7
19:39:58.0835 2836  \Device\Harddisk0\DR0\Partition7 - ok
19:39:58.0851 2836  [ 786605C9B7834E6863169016846DAD5F ] \Device\Harddisk0\DR0\Partition8
19:39:58.0851 2836  \Device\Harddisk0\DR0\Partition8 - ok
19:39:58.0866 2836  [ 68C1B7EECECD056403307EF614CAF735 ] \Device\Harddisk0\DR0\Partition9
19:39:58.0866 2836  \Device\Harddisk0\DR0\Partition9 - ok
19:39:58.0866 2836  [ 60A105906FC38A9CDD8E99388A79BF70 ] \Device\Harddisk0\DR0\Partition10
19:39:58.0882 2836  \Device\Harddisk0\DR0\Partition10 - ok
19:39:58.0882 2836  [ 0318AA29F92E3374646BBEE7D566DA44 ] \Device\Harddisk0\DR0\Partition11
19:39:58.0882 2836  \Device\Harddisk0\DR0\Partition11 - ok
19:39:58.0882 2836  ============================================================
19:39:58.0882 2836  Scan finished
19:39:58.0882 2836  ============================================================
19:39:58.0898 2568  Detected object count: 4
19:39:58.0898 2568  Actual detected object count: 4
19:40:23.0452 2568  ForceWare Intelligent Application Manager (IAM) ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:23.0452 2568  ForceWare Intelligent Application Manager (IAM) ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:23.0452 2568  nSvcIp ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:23.0452 2568  nSvcIp ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:23.0452 2568  StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:23.0452 2568  StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:23.0452 2568  C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - skipped by user
19:40:23.0452 2568  C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - User select action: Skip
19:40:34.0778 1448  ============================================================
19:40:34.0778 1448  Scan started
19:40:34.0778 1448  Mode: Manual; SigCheck; TDLFS;
19:40:34.0778 1448  ============================================================
19:40:35.0277 1448  ================ Scan system memory ========================
19:40:35.0277 1448  System memory - ok
19:40:35.0277 1448  ================ Scan services =============================
19:40:35.0370 1448  [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI            C:\Windows\system32\drivers\acpi.sys
19:40:35.0386 1448  ACPI - ok
19:40:35.0448 1448  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:40:35.0448 1448  AdobeARMservice - ok
19:40:35.0480 1448  [ 9137451D37BA1C325CD6C2DEF3D2D692 ] adp94xx        C:\Windows\system32\drivers\adp94xx.sys
19:40:35.0495 1448  adp94xx - ok
19:40:35.0511 1448  [ 01F80898DF5CC7DF19B3B11351846263 ] adpahci        C:\Windows\system32\drivers\adpahci.sys
19:40:35.0526 1448  adpahci - ok
19:40:35.0542 1448  [ DA001DB13FFF45DFE9109936E265B7CC ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
19:40:35.0542 1448  adpu160m - ok
19:40:35.0558 1448  [ 2B10C35C5B7C5C0C28F572E035319602 ] adpu320        C:\Windows\system32\drivers\adpu320.sys
19:40:35.0558 1448  adpu320 - ok
19:40:35.0589 1448  [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
19:40:35.0604 1448  AeLookupSvc - ok
19:40:35.0620 1448  [ C4F6CE6087760AD70960C9EB130E7943 ] AFD            C:\Windows\system32\drivers\afd.sys
19:40:35.0636 1448  AFD - ok
19:40:35.0667 1448  [ 5CCDD13BC602AE33CD8B62D33C29AB72 ] agp440          C:\Windows\system32\drivers\agp440.sys
19:40:35.0682 1448  agp440 - ok
19:40:35.0698 1448  [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx        C:\Windows\system32\drivers\djsvs.sys
19:40:35.0698 1448  aic78xx - ok
19:40:35.0714 1448  [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG            C:\Windows\System32\alg.exe
19:40:35.0745 1448  ALG - ok
19:40:35.0776 1448  [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:40:35.0776 1448  aliide - ok
19:40:35.0792 1448  [ 20C8A3E435A47F0408A1EA674AFA6194 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:40:35.0807 1448  AMD External Events Utility - ok
19:40:35.0854 1448  AMD FUEL Service - ok
19:40:35.0854 1448  [ 970FA5059E61E30D25307B99903E991E ] amdide          C:\Windows\system32\drivers\amdide.sys
19:40:35.0870 1448  amdide - ok
19:40:35.0870 1448  [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64        C:\Windows\system32\DRIVERS\amdiox64.sys
19:40:35.0885 1448  amdiox64 - ok
19:40:35.0885 1448  [ DE55DC52F7CEB89A967572D6B491ADA2 ] AmdK8          C:\Windows\system32\drivers\amdk8.sys
19:40:35.0932 1448  AmdK8 - ok
19:40:36.0088 1448  [ 0B45C18B0F3EE996D25BAA4E74884B83 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
19:40:36.0322 1448  amdkmdag - ok
19:40:36.0338 1448  [ 0E57258E5CC4CC7A9A9A877AFDF0CEC6 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
19:40:36.0353 1448  amdkmdap - ok
19:40:36.0384 1448  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
19:40:36.0384 1448  AntiVirSchedulerService - ok
19:40:36.0400 1448  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
19:40:36.0400 1448  AntiVirService - ok
19:40:36.0416 1448  [ 676894FA57B671FEC5C3F05F8929E03B ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
19:40:36.0431 1448  AntiVirWebService - ok
19:40:36.0447 1448  [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.1    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
19:40:36.0447 1448  AODDriver4.1 - ok
19:40:36.0462 1448  [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo        C:\Windows\System32\appinfo.dll
19:40:36.0478 1448  Appinfo - ok
19:40:36.0478 1448  [ 2E8623F2FED998A97129A3DB919551C8 ] arc            C:\Windows\system32\drivers\arc.sys
19:40:36.0494 1448  arc - ok
19:40:36.0509 1448  [ 741A003C041A3EC480A2E71AF71E9654 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
19:40:36.0509 1448  arcsas - ok
19:40:36.0525 1448  [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:40:36.0556 1448  AsyncMac - ok
19:40:36.0587 1448  [ E68D9B3A3905619732F7FE039466A623 ] atapi          C:\Windows\system32\drivers\atapi.sys
19:40:36.0603 1448  atapi - ok
19:40:36.0618 1448  [ 917692CDF8E1CE00D9752FA40615338B ] AtiHDAudioService C:\Windows\system32\drivers\AtihdLH6.sys
19:40:36.0618 1448  AtiHDAudioService - ok
19:40:36.0650 1448  [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:40:36.0665 1448  AudioEndpointBuilder - ok
19:40:36.0696 1448  [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
19:40:36.0728 1448  AudioSrv - ok
19:40:36.0728 1448  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
19:40:36.0728 1448  avgntflt - ok
19:40:36.0759 1448  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
19:40:36.0759 1448  avipbb - ok
19:40:36.0774 1448  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
19:40:36.0774 1448  avkmgr - ok
19:40:36.0774 1448  blbdrive - ok
19:40:36.0790 1448  [ 2348447A80920B2493A9B582A23E81E1 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:40:36.0806 1448  bowser - ok
19:40:36.0806 1448  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
19:40:36.0837 1448  BrFiltLo - ok
19:40:36.0837 1448  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
19:40:36.0852 1448  BrFiltUp - ok
19:40:36.0868 1448  [ A1B39DE453433B115B4EA69EE0343816 ] Browser        C:\Windows\System32\browser.dll
19:40:36.0884 1448  Browser - ok
19:40:36.0915 1448  [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid        C:\Windows\system32\drivers\brserid.sys
19:40:36.0946 1448  Brserid - ok
19:40:36.0962 1448  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
19:40:37.0008 1448  BrSerWdm - ok
19:40:37.0008 1448  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
19:40:37.0055 1448  BrUsbMdm - ok
19:40:37.0055 1448  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
19:40:37.0086 1448  BrUsbSer - ok
19:40:37.0102 1448  [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
19:40:37.0133 1448  BTHMODEM - ok
19:40:37.0149 1448  [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:40:37.0180 1448  cdfs - ok
19:40:37.0196 1448  [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
19:40:37.0211 1448  cdrom - ok
19:40:37.0227 1448  [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc    C:\Windows\System32\certprop.dll
19:40:37.0242 1448  CertPropSvc - ok
19:40:37.0242 1448  [ F28F00596824058BC61D5EDF434C9B82 ] circlass        C:\Windows\system32\drivers\circlass.sys
19:40:37.0289 1448  circlass - ok
19:40:37.0305 1448  [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS            C:\Windows\system32\CLFS.sys
19:40:37.0320 1448  CLFS - ok
19:40:37.0367 1448  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:40:37.0383 1448  clr_optimization_v2.0.50727_32 - ok
19:40:37.0398 1448  [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:40:37.0414 1448  clr_optimization_v2.0.50727_64 - ok
19:40:37.0414 1448  [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
19:40:37.0414 1448  cmdide - ok
19:40:37.0430 1448  [ 0E77A445640BF310817F60941C50560C ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
19:40:37.0445 1448  Compbatt - ok
19:40:37.0445 1448  COMSysApp - ok
19:40:37.0445 1448  [ B1192DCD5B9CF46BEED0E2A9E5BCF59A ] crcdisk        C:\Windows\system32\drivers\crcdisk.sys
19:40:37.0445 1448  crcdisk - ok
19:40:37.0461 1448  [ 62740B9D2A137E8CED41A9E4239A7A31 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:40:37.0476 1448  CryptSvc - ok
19:40:37.0508 1448  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:40:37.0523 1448  DcomLaunch - ok
19:40:37.0554 1448  [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:40:37.0554 1448  DfsC - ok
19:40:37.0617 1448  [ C647F468F7DE343DF8C143655C5557D4 ] DFSR            C:\Windows\system32\DFSR.exe
19:40:37.0679 1448  DFSR - ok
19:40:37.0695 1448  [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
19:40:37.0710 1448  Dhcp - ok
19:40:37.0726 1448  [ B0107E40ECDB5FA692EBF832F295D905 ] disk            C:\Windows\system32\drivers\disk.sys
19:40:37.0742 1448  disk - ok
19:40:37.0757 1448  [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:40:37.0773 1448  Dnscache - ok
19:40:37.0773 1448  [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc        C:\Windows\System32\dot3svc.dll
19:40:37.0804 1448  dot3svc - ok
19:40:37.0820 1448  [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS            C:\Windows\system32\dps.dll
19:40:37.0835 1448  DPS - ok
19:40:37.0851 1448  [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
19:40:37.0866 1448  drmkaud - ok
19:40:37.0898 1448  [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
19:40:37.0913 1448  DXGKrnl - ok
19:40:37.0944 1448  [ D57FE09B575545738A73A0C193D0616A ] E1G60          C:\Windows\system32\DRIVERS\E1G6032E.sys
19:40:37.0976 1448  E1G60 - ok
19:40:37.0991 1448  [ C2303883FD9BE49DC36A6400643002EA ] EapHost        C:\Windows\System32\eapsvc.dll
19:40:38.0022 1448  EapHost - ok
19:40:38.0022 1448  [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache          C:\Windows\system32\drivers\ecache.sys
19:40:38.0038 1448  Ecache - ok
19:40:38.0069 1448  [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
19:40:38.0085 1448  ehRecvr - ok
19:40:38.0116 1448  [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched        C:\Windows\ehome\ehsched.exe
19:40:38.0116 1448  ehSched - ok
19:40:38.0132 1448  [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart        C:\Windows\ehome\ehstart.dll
19:40:38.0132 1448  ehstart - ok
19:40:38.0163 1448  [ 3D6298AFF3FE06C0616CE5D090A3EEAA ] elxstor        C:\Windows\system32\drivers\elxstor.sys
19:40:38.0163 1448  elxstor - ok
19:40:38.0194 1448  [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt        C:\Windows\system32\emdmgmt.dll
19:40:38.0210 1448  EMDMgmt - ok
19:40:38.0225 1448  [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem    C:\Windows\system32\es.dll
19:40:38.0256 1448  EventSystem - ok
19:40:38.0288 1448  [ 486844F47B6636044A42454614ED4523 ] exfat          C:\Windows\system32\drivers\exfat.sys
19:40:38.0288 1448  exfat - ok
19:40:38.0303 1448  [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat        C:\Windows\system32\drivers\fastfat.sys
19:40:38.0319 1448  fastfat - ok
19:40:38.0334 1448  [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
19:40:38.0366 1448  fdc - ok
19:40:38.0397 1448  [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost        C:\Windows\system32\fdPHost.dll
19:40:38.0428 1448  fdPHost - ok
19:40:38.0444 1448  [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub        C:\Windows\system32\fdrespub.dll
19:40:38.0475 1448  FDResPub - ok
19:40:38.0490 1448  [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:40:38.0490 1448  FileInfo - ok
19:40:38.0506 1448  [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
19:40:38.0537 1448  Filetrace - ok
19:40:38.0537 1448  [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
19:40:38.0568 1448  flpydisk - ok
19:40:38.0584 1448  [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:40:38.0600 1448  FltMgr - ok
19:40:38.0631 1448  [ DE67B1AFAB1DDB6CA0BBA89A776F26FA ] FontCache      C:\Windows\system32\FntCache.dll
19:40:38.0646 1448  FontCache - ok
19:40:38.0678 1448  [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:40:38.0693 1448  FontCache3.0.0.0 - ok
19:40:38.0709 1448  [ 03EC8C6EEB24E245DAD858C9FC6A1B68 ] ForceWare Intelligent Application Manager (IAM) C:\Program Files\bin32\nSvcAppFlt.exe
19:40:38.0724 1448  ForceWare Intelligent Application Manager (IAM) ( UnsignedFile.Multi.Generic ) - warning
19:40:38.0724 1448  ForceWare Intelligent Application Manager (IAM) - detected UnsignedFile.Multi.Generic (1)
19:40:38.0740 1448  [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:40:38.0756 1448  Fs_Rec - ok
19:40:38.0787 1448  [ B54520CC7B4B55134D7527B1CD3FC1F2 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
19:40:38.0802 1448  gagp30kx - ok
19:40:38.0834 1448  [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc          C:\Windows\System32\gpsvc.dll
19:40:38.0865 1448  gpsvc - ok
19:40:38.0896 1448  [ DF45F8142DC6DF9D18C39B3EFFBD0409 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:40:38.0927 1448  HdAudAddService - ok
19:40:38.0958 1448  [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
19:40:38.0990 1448  HDAudBus - ok
19:40:39.0005 1448  [ B4881C84A180E75B8C25DC1D726C375F ] HidBth          C:\Windows\system32\drivers\hidbth.sys
19:40:39.0036 1448  HidBth - ok
19:40:39.0052 1448  [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr          C:\Windows\system32\drivers\hidir.sys
19:40:39.0083 1448  HidIr - ok
19:40:39.0099 1448  [ 59361D38A297755D46A540E450202B2A ] hidserv        C:\Windows\system32\hidserv.dll
19:40:39.0114 1448  hidserv - ok
19:40:39.0114 1448  [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
19:40:39.0146 1448  HidUsb - ok
19:40:39.0146 1448  [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:40:39.0177 1448  hkmsvc - ok
19:40:39.0192 1448  [ 8EDC820115DF1E04763B2923676EA5B2 ] HpCISSs        C:\Windows\system32\drivers\hpcisss.sys
19:40:39.0192 1448  HpCISSs - ok
19:40:39.0224 1448  [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:40:39.0239 1448  HTTP - ok
19:40:39.0239 1448  [ F2901763845570ECAC48E6A50EC50812 ] i2omp          C:\Windows\system32\drivers\i2omp.sys
19:40:39.0255 1448  i2omp - ok
19:40:39.0270 1448  [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
19:40:39.0286 1448  i8042prt - ok
19:40:39.0302 1448  [ 72C3EE7EA3CD75A772E62AE0E5DF8B8C ] iaStorV        C:\Windows\system32\drivers\iastorv.sys
19:40:39.0302 1448  iaStorV - ok
19:40:39.0333 1448  [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc          C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:40:39.0364 1448  idsvc - ok
19:40:39.0411 1448  [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp          C:\Windows\system32\drivers\iirsp.sys
19:40:39.0411 1448  iirsp - ok
19:40:39.0442 1448  [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT          C:\Windows\System32\ikeext.dll
19:40:39.0458 1448  IKEEXT - ok
19:40:39.0520 1448  [ FFC65872F4B0A1075B2AB16C676A4AEC ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:40:39.0551 1448  IntcAzAudAddService - ok
19:40:39.0567 1448  [ 36A266C673812878996F72B200203FBB ] intelide        C:\Windows\system32\drivers\intelide.sys
19:40:39.0582 1448  intelide - ok
19:40:39.0598 1448  [ CD802075728E514548841DCC3F8B0220 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:40:39.0629 1448  intelppm - ok
19:40:39.0660 1448  [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
19:40:39.0676 1448  IPBusEnum - ok
19:40:39.0692 1448  [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:40:39.0707 1448  IpFilterDriver - ok
19:40:39.0707 1448  IpInIp - ok
19:40:39.0707 1448  [ EACDBBE429C6D170BDEEE0EFFCBC317B ] IPMIDRV        C:\Windows\system32\drivers\ipmidrv.sys
19:40:39.0754 1448  IPMIDRV - ok
19:40:39.0770 1448  [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT          C:\Windows\system32\DRIVERS\ipnat.sys
19:40:39.0801 1448  IPNAT - ok
19:40:39.0801 1448  [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:40:39.0832 1448  IRENUM - ok
19:40:39.0832 1448  [ D3BB520B31F28C1A065CD058E762EE73 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:40:39.0848 1448  isapnp - ok
19:40:39.0848 1448  [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
19:40:39.0863 1448  iScsiPrt - ok
19:40:39.0879 1448  [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
19:40:39.0879 1448  iteatapi - ok
19:40:39.0894 1448  [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid        C:\Windows\system32\drivers\iteraid.sys
19:40:39.0894 1448  iteraid - ok
19:40:39.0910 1448  [ 423696F3BA6472DD17699209B933BC26 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
19:40:39.0926 1448  kbdclass - ok
19:40:39.0941 1448  [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
19:40:39.0957 1448  kbdhid - ok
19:40:39.0957 1448  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso          C:\Windows\system32\lsass.exe
19:40:39.0972 1448  KeyIso - ok
19:40:39.0988 1448  [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:40:40.0019 1448  KSecDD - ok
19:40:40.0050 1448  [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk        C:\Windows\system32\drivers\ksthunk.sys
19:40:40.0082 1448  ksthunk - ok
19:40:40.0097 1448  [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm          C:\Windows\system32\msdtckrm.dll
19:40:40.0113 1448  KtmRm - ok
19:40:40.0144 1448  [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer    C:\Windows\system32\srvsvc.dll
19:40:40.0144 1448  LanmanServer - ok
19:40:40.0160 1448  [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:40:40.0175 1448  LanmanWorkstation - ok
19:40:40.0191 1448  [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:40:40.0222 1448  lltdio - ok
19:40:40.0238 1448  [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc        C:\Windows\System32\lltdsvc.dll
19:40:40.0269 1448  lltdsvc - ok
19:40:40.0269 1448  [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts        C:\Windows\System32\lmhsvc.dll
19:40:40.0300 1448  lmhosts - ok
19:40:40.0316 1448  [ 1572F8D999C0AB4376AFDCE058A78DF9 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
19:40:40.0331 1448  LSI_FC - ok
19:40:40.0331 1448  [ 64470979C3E3C9FF60EDFB5230C56E0E ] LSI_SAS        C:\Windows\system32\drivers\lsi_sas.sys
19:40:40.0347 1448  LSI_SAS - ok
19:40:40.0347 1448  [ 4CED7D3B54BFC5BBAE75C4A73C7F7428 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
19:40:40.0362 1448  LSI_SCSI - ok
19:40:40.0378 1448  [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv          C:\Windows\system32\drivers\luafv.sys
19:40:40.0394 1448  luafv - ok
19:40:40.0409 1448  [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector  C:\Windows\system32\drivers\mbam.sys
19:40:40.0425 1448  MBAMProtector - ok
19:40:40.0456 1448  [ 43683E970F008C93C9429EF428147A54 ] MBAMService    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
19:40:40.0487 1448  MBAMService - ok
19:40:40.0518 1448  [ 22A7776C5D8EB5930EDF9C8DD0884259 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe
19:40:40.0534 1448  McComponentHostService - ok
19:40:40.0550 1448  [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
19:40:40.0565 1448  Mcx2Svc - ok
19:40:40.0565 1448  [ 2F631C2939D5F2E8958935EE701D70D7 ] megasas        C:\Windows\system32\drivers\megasas.sys
19:40:40.0581 1448  megasas - ok
19:40:40.0596 1448  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS          C:\Windows\system32\mmcss.dll
19:40:40.0628 1448  MMCSS - ok
19:40:40.0628 1448  [ 59848D5CC74606F0EE7557983BB73C2E ] Modem          C:\Windows\system32\drivers\modem.sys
19:40:40.0659 1448  Modem - ok
19:40:40.0674 1448  [ 505BDF0B6529338189D6FD3959EE3A89 ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
19:40:40.0721 1448  monitor - ok
19:40:40.0737 1448  [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:40:40.0752 1448  mouclass - ok
19:40:40.0752 1448  [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:40:40.0784 1448  mouhid - ok
19:40:40.0784 1448  [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
19:40:40.0799 1448  MountMgr - ok
19:40:40.0815 1448  [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:40:40.0815 1448  MozillaMaintenance - ok
19:40:40.0830 1448  [ ED48EAC719EE28DB773359EB1B06E2B5 ] mpio            C:\Windows\system32\drivers\mpio.sys
19:40:40.0846 1448  mpio - ok
19:40:40.0862 1448  [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:40:40.0877 1448  mpsdrv - ok
19:40:40.0893 1448  [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
19:40:40.0893 1448  Mraid35x - ok
19:40:40.0908 1448  [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:40:40.0908 1448  MRxDAV - ok
19:40:40.0924 1448  [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:40:40.0940 1448  mrxsmb - ok
19:40:40.0940 1448  [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:40:40.0955 1448  mrxsmb10 - ok
19:40:40.0955 1448  [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:40:40.0971 1448  mrxsmb20 - ok
19:40:40.0971 1448  [ EEADF970795148BFBB1DB3ABCC89C16B ] msahci          C:\Windows\system32\drivers\msahci.sys
19:40:40.0986 1448  msahci - ok
19:40:40.0986 1448  [ 96D7C0A1B98434C6E4FF0C2E26A0E20A ] msdsm          C:\Windows\system32\drivers\msdsm.sys
19:40:41.0002 1448  msdsm - ok
19:40:41.0002 1448  [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC          C:\Windows\System32\msdtc.exe
19:40:41.0033 1448  MSDTC - ok
19:40:41.0049 1448  [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:40:41.0064 1448  Msfs - ok
19:40:41.0080 1448  [ 00EBC952961664780D43DCA157E79B27 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:40:41.0096 1448  msisadrv - ok
19:40:41.0111 1448  [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
19:40:41.0127 1448  MSiSCSI - ok
19:40:41.0127 1448  msiserver - ok
19:40:41.0142 1448  [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
19:40:41.0174 1448  MSKSSRV - ok
19:40:41.0174 1448  [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:40:41.0205 1448  MSPCLOCK - ok
19:40:41.0205 1448  [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
19:40:41.0236 1448  MSPQM - ok
19:40:41.0252 1448  [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
19:40:41.0267 1448  MsRPC - ok
19:40:41.0283 1448  [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
19:40:41.0283 1448  mssmbios - ok
19:40:41.0298 1448  [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
19:40:41.0330 1448  MSTEE - ok
19:40:41.0345 1448  [ 6936198F2CC25B39CF5262436C80DF46 ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
19:40:41.0345 1448  MTsensor - ok
19:40:41.0361 1448  [ 0CC49F78D8ACA0877D885F149084E543 ] Mup            C:\Windows\system32\Drivers\mup.sys
19:40:41.0361 1448  Mup - ok
19:40:41.0392 1448  [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent        C:\Windows\system32\qagentRT.dll
19:40:41.0423 1448  napagent - ok
19:40:41.0439 1448  [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
19:40:41.0454 1448  NativeWifiP - ok
19:40:41.0454 1448  [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:40:41.0486 1448  NDIS - ok
19:40:41.0486 1448  [ 64DF698A425478E321981431AC171334 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:40:41.0517 1448  NdisTapi - ok
19:40:41.0532 1448  [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
19:40:41.0548 1448  Ndisuio - ok
19:40:41.0564 1448  [ F8158771905260982CE724076419EF19 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
19:40:41.0579 1448  NdisWan - ok
19:40:41.0595 1448  [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
19:40:41.0610 1448  NDProxy - ok
19:40:41.0610 1448  [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
19:40:41.0642 1448  NetBIOS - ok
19:40:41.0642 1448  [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt          C:\Windows\system32\DRIVERS\netbt.sys
19:40:41.0673 1448  netbt - ok
19:40:41.0673 1448  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon        C:\Windows\system32\lsass.exe
19:40:41.0673 1448  Netlogon - ok
19:40:41.0704 1448  [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman          C:\Windows\System32\netman.dll
19:40:41.0735 1448  Netman - ok
19:40:41.0751 1448  [ 7846D0136CC2B264926A73047BA7688A ] netprofm        C:\Windows\System32\netprofm.dll
19:40:41.0782 1448  netprofm - ok
19:40:41.0798 1448  [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:40:41.0798 1448  NetTcpPortSharing - ok
19:40:41.0829 1448  [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960        C:\Windows\system32\drivers\nfrd960.sys
19:40:41.0844 1448  nfrd960 - ok
19:40:41.0860 1448  [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:40:41.0891 1448  NlaSvc - ok
19:40:41.0954 1448  [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess      I:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
19:40:41.0969 1448  NMSAccess - ok
19:40:41.0985 1448  [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:40:42.0000 1448  Npfs - ok
19:40:42.0016 1448  [ ACB62BAA1C319B17752553DF3026EEEB ] nsi            C:\Windows\system32\nsisvc.dll
19:40:42.0047 1448  nsi - ok
19:40:42.0063 1448  [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:40:42.0078 1448  nsiproxy - ok
19:40:42.0110 1448  [ C5117E7FF9F373AD470CE5379617F464 ] nSvcIp          C:\Program Files\bin32\nSvcIp.exe
19:40:42.0110 1448  nSvcIp ( UnsignedFile.Multi.Generic ) - warning
19:40:42.0110 1448  nSvcIp - detected UnsignedFile.Multi.Generic (1)
19:40:42.0141 1448  [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:40:42.0188 1448  Ntfs - ok
19:40:42.0219 1448  [ DD5D684975352B85B52E3FD5347C20CB ] Null            C:\Windows\system32\drivers\Null.sys
19:40:42.0234 1448  Null - ok
19:40:42.0250 1448  [ 01266516E6E88D183A2B58722EEB4443 ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
19:40:42.0266 1448  nusb3hub - ok
19:40:42.0297 1448  [ 5EC04F55CC5F165F21752712437DF638 ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
19:40:42.0297 1448  nusb3xhc - ok
19:40:42.0328 1448  [ CF2A023F422CE6E43302B139E4B87B05 ] NVENETFD        C:\Windows\system32\DRIVERS\nvmfdx64.sys
19:40:42.0344 1448  NVENETFD - ok
19:40:42.0344 1448  [ 87A7E98A682B0B20820BE781C7758B94 ] NVHDA          C:\Windows\system32\drivers\nvhda64v.sys
19:40:42.0359 1448  NVHDA - ok
19:40:42.0375 1448  [ CF2A023F422CE6E43302B139E4B87B05 ] NVNET          C:\Windows\system32\DRIVERS\nvmfdx64.sys
19:40:42.0390 1448  NVNET - ok
19:40:42.0422 1448  [ 840EEB44DC49317A6161961F7682CD99 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:40:42.0437 1448  nvraid - ok
19:40:42.0453 1448  [ F6C6D8298DD85507F680437EC2E6899C ] nvsmu          C:\Windows\system32\DRIVERS\nvsmu.sys
19:40:42.0453 1448  nvsmu - ok
19:40:42.0468 1448  [ 94C5334040A5D500897F4C5FD12AEEDE ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:40:42.0468 1448  nvstor - ok
19:40:42.0484 1448  [ AA1B6C86A4763502E20B65C025F39BAD ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:40:42.0484 1448  nv_agp - ok
19:40:42.0500 1448  NwlnkFlt - ok
19:40:42.0500 1448  NwlnkFwd - ok
19:40:42.0515 1448  [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
19:40:42.0531 1448  ohci1394 - ok
19:40:42.0578 1448  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc        C:\Windows\system32\p2psvc.dll
19:40:42.0593 1448  p2pimsvc - ok
19:40:42.0640 1448  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc          C:\Windows\system32\p2psvc.dll
19:40:42.0656 1448  p2psvc - ok
19:40:42.0671 1448  [ AECD57F94C887F58919F307C35498EA0 ] Parport        C:\Windows\system32\drivers\parport.sys
19:40:42.0702 1448  Parport - ok
19:40:42.0718 1448  [ B43751085E2ABE389DA466BC62A4B987 ] partmgr        C:\Windows\system32\drivers\partmgr.sys
19:40:42.0734 1448  partmgr - ok
19:40:42.0749 1448  [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:40:42.0749 1448  PcaSvc - ok
19:40:42.0765 1448  [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci            C:\Windows\system32\drivers\pci.sys
19:40:42.0780 1448  pci - ok
19:40:42.0780 1448  [ 2657F6C0B78C36D95034BE109336E382 ] pciide          C:\Windows\system32\drivers\pciide.sys
19:40:42.0796 1448  pciide - ok
19:40:42.0812 1448  [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
19:40:42.0812 1448  pcmcia - ok
19:40:42.0827 1448  [ 58865916F53592A61549B04941BFD80D ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:40:42.0874 1448  PEAUTH - ok
19:40:42.0936 1448  [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
19:40:42.0968 1448  PerfHost - ok
19:40:42.0983 1448  [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla            C:\Windows\system32\pla.dll
19:40:43.0030 1448  pla - ok
19:40:43.0061 1448  [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:40:43.0077 1448  PlugPlay - ok
19:40:43.0108 1448  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg    C:\Windows\system32\p2psvc.dll
19:40:43.0124 1448  PNRPAutoReg - ok
19:40:43.0139 1448  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc        C:\Windows\system32\p2psvc.dll
19:40:43.0155 1448  PNRPsvc - ok
19:40:43.0186 1448  [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
19:40:43.0217 1448  PolicyAgent - ok
19:40:43.0248 1448  [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:40:43.0264 1448  PptpMiniport - ok
19:40:43.0280 1448  [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor      C:\Windows\system32\DRIVERS\processr.sys
19:40:43.0311 1448  Processor - ok
19:40:43.0326 1448  [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc        C:\Windows\system32\profsvc.dll
19:40:43.0342 1448  ProfSvc - ok
19:40:43.0342 1448  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
19:40:43.0358 1448  ProtectedStorage - ok
19:40:43.0373 1448  [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
19:40:43.0389 1448  PSched - ok
19:40:43.0420 1448  [ 4A29D25704917161BAD9B4659A248DFD ] ql2300          C:\Windows\system32\drivers\ql2300.sys
19:40:43.0436 1448  ql2300 - ok
19:40:43.0467 1448  [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
19:40:43.0467 1448  ql40xx - ok
19:40:43.0482 1448  [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE          C:\Windows\system32\qwave.dll
19:40:43.0498 1448  QWAVE - ok
19:40:43.0514 1448  [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:40:43.0514 1448  QWAVEdrv - ok
19:40:43.0529 1448  [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:40:43.0560 1448  RasAcd - ok
19:40:43.0576 1448  [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto        C:\Windows\System32\rasauto.dll
19:40:43.0607 1448  RasAuto - ok
19:40:43.0623 1448  [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
19:40:43.0638 1448  Rasl2tp - ok
19:40:43.0654 1448  [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan          C:\Windows\System32\rasmans.dll
19:40:43.0670 1448  RasMan - ok
19:40:43.0670 1448  [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:40:43.0701 1448  RasPppoe - ok
19:40:43.0701 1448  [ C6A593B51F34C33E5474539544072527 ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
19:40:43.0701 1448  RasSstp - ok
19:40:43.0716 1448  [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
19:40:43.0732 1448  rdbss - ok
19:40:43.0763 1448  [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:40:43.0779 1448  RDPCDD - ok
19:40:43.0794 1448  [ 2D98DDA8EDCE73DF99854BF3692CCC87 ] rdpdr          C:\Windows\system32\drivers\rdpdr.sys
19:40:43.0841 1448  rdpdr - ok
19:40:43.0841 1448  [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:40:43.0857 1448  RDPENCDD - ok
19:40:43.0872 1448  [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
19:40:43.0888 1448  RDPWD - ok
19:40:43.0888 1448  [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:40:43.0919 1448  RemoteAccess - ok
19:40:43.0935 1448  [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:40:43.0950 1448  RemoteRegistry - ok
19:40:43.0966 1448  [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator      C:\Windows\system32\locator.exe
19:40:43.0982 1448  RpcLocator - ok
19:40:43.0997 1448  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs          C:\Windows\system32\rpcss.dll
19:40:44.0028 1448  RpcSs - ok
19:40:44.0060 1448  [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:40:44.0075 1448  rspndr - ok
19:40:44.0091 1448  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs          C:\Windows\system32\lsass.exe
19:40:44.0091 1448  SamSs - ok
19:40:44.0106 1448  [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:40:44.0106 1448  sbp2port - ok
19:40:44.0122 1448  [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:40:44.0138 1448  SCardSvr - ok
19:40:44.0169 1448  [ 0F838C811AD295D2A4489B9993096C63 ] Schedule        C:\Windows\system32\schedsvc.dll
19:40:44.0184 1448  Schedule - ok
19:40:44.0200 1448  [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc    C:\Windows\System32\certprop.dll
19:40:44.0231 1448  SCPolicySvc - ok
19:40:44.0231 1448  [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:40:44.0247 1448  SDRSVC - ok
19:40:44.0247 1448  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:40:44.0294 1448  secdrv - ok
19:40:44.0309 1448  [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon        C:\Windows\system32\seclogon.dll
19:40:44.0325 1448  seclogon - ok
19:40:44.0340 1448  [ 90973A64B96CD647FF81C79443618EED ] SENS            C:\Windows\System32\sens.dll
19:40:44.0356 1448  SENS - ok
19:40:44.0372 1448  [ 2449316316411D65BD2C761A6FFB2CE2 ] Serenum        C:\Windows\system32\DRIVERS\serenum.sys
19:40:44.0403 1448  Serenum - ok
19:40:44.0418 1448  [ 4B438170BE2FC8E0BD35EE87A960F84F ] Serial          C:\Windows\system32\DRIVERS\serial.sys
19:40:44.0434 1448  Serial - ok
19:40:44.0450 1448  [ A842F04833684BCEEA7336211BE478DF ] sermouse        C:\Windows\system32\drivers\sermouse.sys
19:40:44.0481 1448  sermouse - ok
19:40:44.0496 1448  [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv      C:\Windows\system32\sessenv.dll
19:40:44.0528 1448  SessionEnv - ok
19:40:44.0528 1448  [ 541B32F8D6B2DCB92EC43BAB267E79EA ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
19:40:44.0574 1448  sffdisk - ok
19:40:44.0574 1448  [ 446E7CCA3325C7E0AE0FDE7F73CDD9C2 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
19:40:44.0621 1448  sffp_mmc - ok
19:40:44.0621 1448  [ 67EDC221348911E895AF51C57D9A3725 ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
19:40:44.0652 1448  sffp_sd - ok
19:40:44.0668 1448  [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy        C:\Windows\system32\drivers\sfloppy.sys
19:40:44.0699 1448  sfloppy - ok
19:40:44.0715 1448  [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:40:44.0730 1448  ShellHWDetection - ok
19:40:44.0746 1448  [ 08DDA16573FA44F8B13AFE74597AD2E5 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
19:40:44.0746 1448  SiSRaid2 - ok
19:40:44.0762 1448  [ C52259E9DAAF3890D572D87FFEE0979E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
19:40:44.0762 1448  SiSRaid4 - ok
19:40:44.0824 1448  [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc          C:\Windows\system32\SLsvc.exe
19:40:44.0886 1448  slsvc - ok
19:40:44.0902 1448  [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify      C:\Windows\system32\SLUINotify.dll
19:40:44.0918 1448  SLUINotify - ok
19:40:44.0933 1448  [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
19:40:44.0949 1448  Smb - ok
19:40:44.0964 1448  [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:40:44.0980 1448  SNMPTRAP - ok
19:40:44.0996 1448  [ 386C3C63F00A7040C7EC5E384217E89D ] spldr          C:\Windows\system32\drivers\spldr.sys
19:40:44.0996 1448  spldr - ok
19:40:45.0027 1448  [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler        C:\Windows\System32\spoolsv.exe
19:40:45.0027 1448  Spooler - ok
19:40:45.0058 1448  [ 880A57FCCB571EBD063D4DD50E93E46D ] srv            C:\Windows\system32\DRIVERS\srv.sys
19:40:45.0058 1448  srv - ok
19:40:45.0074 1448  [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:40:45.0089 1448  srv2 - ok
19:40:45.0089 1448  [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:40:45.0105 1448  srvnet - ok
19:40:45.0120 1448  [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
19:40:45.0152 1448  SSDPSRV - ok
19:40:45.0167 1448  [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc        C:\Windows\system32\sstpsvc.dll
19:40:45.0167 1448  SstpSvc - ok
19:40:45.0198 1448  [ E57B778208C783D8DEBAB320C16A1B82 ] StarOpen        C:\Windows\system32\drivers\StarOpen.sys
19:40:45.0198 1448  StarOpen ( UnsignedFile.Multi.Generic ) - warning
19:40:45.0198 1448  StarOpen - detected UnsignedFile.Multi.Generic (1)
19:40:45.0214 1448  Steam Client Service - ok
19:40:45.0230 1448  [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc          C:\Windows\System32\wiaservc.dll
19:40:45.0245 1448  stisvc - ok
19:40:45.0261 1448  [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
19:40:45.0261 1448  swenum - ok
19:40:45.0276 1448  [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv          C:\Windows\System32\swprv.dll
19:40:45.0308 1448  swprv - ok
19:40:45.0323 1448  [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx        C:\Windows\system32\drivers\symc8xx.sys
19:40:45.0323 1448  Symc8xx - ok
19:40:45.0339 1448  [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
19:40:45.0339 1448  Sym_hi - ok
19:40:45.0354 1448  [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
19:40:45.0354 1448  Sym_u3 - ok
19:40:45.0370 1448  [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain        C:\Windows\system32\sysmain.dll
19:40:45.0401 1448  SysMain - ok
19:40:45.0448 1448  [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:40:45.0448 1448  TabletInputService - ok
19:40:45.0479 1448  [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv        C:\Windows\System32\tapisrv.dll
19:40:45.0495 1448  TapiSrv - ok
19:40:45.0510 1448  [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS            C:\Windows\System32\tbssvc.dll
19:40:45.0542 1448  TBS - ok
19:40:45.0573 1448  [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
19:40:45.0604 1448  Tcpip - ok
19:40:45.0635 1448  [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
19:40:45.0698 1448  Tcpip6 - ok
19:40:45.0729 1448  [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:40:45.0729 1448  tcpipreg - ok
19:40:45.0744 1448  [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:40:45.0776 1448  TDPIPE - ok
19:40:45.0776 1448  [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
19:40:45.0807 1448  TDTCP - ok
19:40:45.0807 1448  [ 458919C8C42E398DC4802178D5FFEE27 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
19:40:45.0822 1448  tdx - ok
19:40:45.0822 1448  [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
19:40:45.0838 1448  TermDD - ok
19:40:45.0854 1448  [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService    C:\Windows\System32\termsrv.dll
19:40:45.0885 1448  TermService - ok
19:40:45.0900 1448  [ 56793271ECDEDD350C5ADD305603E963 ] Themes          C:\Windows\system32\shsvcs.dll
19:40:45.0916 1448  Themes - ok
19:40:45.0916 1448  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER    C:\Windows\system32\mmcss.dll
19:40:45.0947 1448  THREADORDER - ok
19:40:45.0963 1448  [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks          C:\Windows\System32\trkwks.dll
19:40:45.0994 1448  TrkWks - ok
19:40:46.0010 1448  [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:40:46.0025 1448  TrustedInstaller - ok
19:40:46.0041 1448  [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:40:46.0056 1448  tssecsrv - ok
19:40:46.0072 1448  [ 89EC74A9E602D16A75A4170511029B3C ] tunmp          C:\Windows\system32\DRIVERS\tunmp.sys
19:40:46.0088 1448  tunmp - ok
19:40:46.0088 1448  [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:40:46.0088 1448  tunnel - ok
19:40:46.0103 1448  [ E4722DFBD6232ACF17543EF2C2DCE8D2 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
19:40:46.0119 1448  uagp35 - ok
19:40:46.0134 1448  [ FAF2640A2A76ED03D449E443194C4C34 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:40:46.0150 1448  udfs - ok
19:40:46.0166 1448  [ 060507C4113391394478F6953A79EEDC ] UI0Detect      C:\Windows\system32\UI0Detect.exe
19:40:46.0181 1448  UI0Detect - ok
19:40:46.0197 1448  [ 5663D7696ABBE71F8C9D915C5374118A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:40:46.0212 1448  uliagpkx - ok
19:40:46.0228 1448  [ 6030B68E86A30D1B315B51C4D7778B16 ] uliahci        C:\Windows\system32\drivers\uliahci.sys
19:40:46.0228 1448  uliahci - ok
19:40:46.0244 1448  [ 31707F09846056651EA2C37858F5DDB0 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
19:40:46.0259 1448  UlSata - ok
19:40:46.0275 1448  [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2        C:\Windows\system32\drivers\ulsata2.sys
19:40:46.0275 1448  ulsata2 - ok
19:40:46.0306 1448  [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus          C:\Windows\system32\DRIVERS\umbus.sys
19:40:46.0322 1448  umbus - ok
19:40:46.0337 1448  [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost        C:\Windows\System32\upnphost.dll
19:40:46.0368 1448  upnphost - ok
19:40:46.0384 1448  [ 07E3498FC60834219D2356293DA0FECC ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
19:40:46.0415 1448  usbccgp - ok
19:40:46.0415 1448  [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
19:40:46.0446 1448  usbcir - ok
19:40:46.0462 1448  [ 827E44DE934A736EA31E91D353EB126F ] usbehci        C:\Windows\system32\DRIVERS\usbehci.sys
19:40:46.0478 1448  usbehci - ok
19:40:46.0493 1448  [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:40:46.0509 1448  usbhub - ok
19:40:46.0524 1448  [ E406B003A354776D317762694956B0FC ] usbohci        C:\Windows\system32\DRIVERS\usbohci.sys
19:40:46.0540 1448  usbohci - ok
19:40:46.0556 1448  [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
19:40:46.0587 1448  usbprint - ok
19:40:46.0587 1448  [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:40:46.0602 1448  USBSTOR - ok
19:40:46.0618 1448  [ 7BF55D2538740B25936E93553E5D190D ] usbuhci        C:\Windows\system32\DRIVERS\usbuhci.sys
19:40:46.0649 1448  usbuhci - ok
19:40:46.0665 1448  [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms          C:\Windows\System32\uxsms.dll
19:40:46.0680 1448  UxSms - ok
19:40:46.0696 1448  [ 294945381DFA7CE58CECF0A9896AF327 ] vds            C:\Windows\System32\vds.exe
19:40:46.0712 1448  vds - ok
19:40:46.0727 1448  [ 2998DC48905E9B4821AD8FD75B3E070C ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
19:40:46.0758 1448  vga - ok
19:40:46.0774 1448  [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave        C:\Windows\System32\drivers\vga.sys
19:40:46.0790 1448  VgaSave - ok
19:40:46.0805 1448  [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide          C:\Windows\system32\drivers\viaide.sys
19:40:46.0805 1448  viaide - ok
19:40:46.0821 1448  [ 2B7E885ED951519A12C450D24535DFCA ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:40:46.0836 1448  volmgr - ok
19:40:46.0852 1448  [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
19:40:46.0868 1448  volmgrx - ok
19:40:46.0883 1448  [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap        C:\Windows\system32\drivers\volsnap.sys
19:40:46.0899 1448  volsnap - ok
19:40:46.0914 1448  [ 410AE2C141142C58BC617FC2C677F8B0 ] vsmraid        C:\Windows\system32\drivers\vsmraid.sys
19:40:46.0930 1448  vsmraid - ok
19:40:46.0961 1448  [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS            C:\Windows\system32\vssvc.exe
19:40:46.0992 1448  VSS - ok
19:40:47.0008 1448  [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time        C:\Windows\system32\w32time.dll
19:40:47.0039 1448  W32Time - ok
19:40:47.0055 1448  [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
19:40:47.0086 1448  WacomPen - ok
19:40:47.0102 1448  [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
19:40:47.0117 1448  Wanarp - ok
19:40:47.0117 1448  [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:40:47.0133 1448  Wanarpv6 - ok
19:40:47.0148 1448  [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc        C:\Windows\System32\wcncsvc.dll
19:40:47.0164 1448  wcncsvc - ok
19:40:47.0195 1448  [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:40:47.0211 1448  WcsPlugInService - ok
19:40:47.0226 1448  [ 59B501B0A04C9672142B7FFA2BDBF663 ] Wd              C:\Windows\system32\drivers\wd.sys
19:40:47.0226 1448  Wd - ok
19:40:47.0242 1448  [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:40:47.0273 1448  Wdf01000 - ok
19:40:47.0289 1448  [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:40:47.0320 1448  WdiServiceHost - ok
19:40:47.0320 1448  [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost  C:\Windows\system32\wdi.dll
19:40:47.0336 1448  WdiSystemHost - ok
19:40:47.0367 1448  [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient      C:\Windows\System32\webclnt.dll
19:40:47.0367 1448  WebClient - ok
19:40:47.0382 1448  [ BD9A749F36710FFA02E0E530F7451936 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:40:47.0398 1448  Wecsvc - ok
19:40:47.0414 1448  [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
19:40:47.0429 1448  wercplsupport - ok
19:40:47.0445 1448  [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc          C:\Windows\System32\WerSvc.dll
19:40:47.0460 1448  WerSvc - ok
19:40:47.0460 1448  WinHttpAutoProxySvc - ok
19:40:47.0492 1448  [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
19:40:47.0507 1448  Winmgmt - ok
19:40:47.0538 1448  [ 42717DB2BE3A075D0F0CD5C927C27A43 ] WinRM          C:\Windows\system32\WsmSvc.dll
19:40:47.0570 1448  WinRM - ok
19:40:47.0616 1448  [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc        C:\Windows\System32\wlansvc.dll
19:40:47.0632 1448  Wlansvc - ok
19:40:47.0663 1448  [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi        C:\Windows\system32\DRIVERS\wmiacpi.sys
19:40:47.0679 1448  WmiAcpi - ok
19:40:47.0694 1448  [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:40:47.0710 1448  wmiApSrv - ok
19:40:47.0726 1448  WMPNetworkSvc - ok
19:40:47.0741 1448  [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:40:47.0757 1448  WPCSvc - ok
19:40:47.0772 1448  [ A27C8F92D84E2DDC151978E4692C978E ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:40:47.0788 1448  WPDBusEnum - ok
19:40:47.0804 1448  [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
19:40:47.0819 1448  ws2ifsl - ok
19:40:47.0819 1448  WSearch - ok
19:40:47.0835 1448  [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:40:47.0866 1448  WUDFRd - ok
19:40:47.0882 1448  [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
19:40:47.0913 1448  wudfsvc - ok
19:40:47.0913 1448  ================ Scan global ===============================
19:40:47.0928 1448  [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
19:40:47.0960 1448  [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
19:40:47.0960 1448  [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
19:40:47.0991 1448  [ BC81150939BD52DBC7A08C245F1FB229 ] C:\Windows\system32\services.exe
19:40:47.0991 1448  C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - infected
19:40:47.0991 1448  C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.b (0)
19:40:47.0991 1448  ================ Scan MBR ==================================
19:40:48.0006 1448  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:40:48.0256 1448  \Device\Harddisk0\DR0 - ok
19:40:48.0256 1448  ================ Scan VBR ==================================
19:40:48.0256 1448  [ AF6E1B78A52D7BA39B03D6839392A6AC ] \Device\Harddisk0\DR0\Partition1
19:40:48.0256 1448  \Device\Harddisk0\DR0\Partition1 - ok
19:40:48.0256 1448  [ 9192F4C5E5167E0E4F5D58027EEF9CC6 ] \Device\Harddisk0\DR0\Partition2
19:40:48.0256 1448  \Device\Harddisk0\DR0\Partition2 - ok
19:40:48.0272 1448  [ 51C6248CC81C7F876BAADB6A7D60D8E2 ] \Device\Harddisk0\DR0\Partition3
19:40:48.0272 1448  \Device\Harddisk0\DR0\Partition3 - ok
19:40:48.0287 1448  [ 498AA62793B74B1F1A17E47DCF0E559C ] \Device\Harddisk0\DR0\Partition4
19:40:48.0287 1448  \Device\Harddisk0\DR0\Partition4 - ok
19:40:48.0303 1448  [ E11473E0B50B173780451F496E581DD6 ] \Device\Harddisk0\DR0\Partition5
19:40:48.0303 1448  \Device\Harddisk0\DR0\Partition5 - ok
19:40:48.0318 1448  [ FA17E132BE096306B4A5C1A3189FEAD7 ] \Device\Harddisk0\DR0\Partition6
19:40:48.0318 1448  \Device\Harddisk0\DR0\Partition6 - ok
19:40:48.0334 1448  [ 4127A635E2FC156B1977278DBA3F0E05 ] \Device\Harddisk0\DR0\Partition7
19:40:48.0334 1448  \Device\Harddisk0\DR0\Partition7 - ok
19:40:48.0350 1448  [ 786605C9B7834E6863169016846DAD5F ] \Device\Harddisk0\DR0\Partition8
19:40:48.0350 1448  \Device\Harddisk0\DR0\Partition8 - ok
19:40:48.0365 1448  [ 68C1B7EECECD056403307EF614CAF735 ] \Device\Harddisk0\DR0\Partition9
19:40:48.0365 1448  \Device\Harddisk0\DR0\Partition9 - ok
19:40:48.0381 1448  [ 60A105906FC38A9CDD8E99388A79BF70 ] \Device\Harddisk0\DR0\Partition10
19:40:48.0381 1448  \Device\Harddisk0\DR0\Partition10 - ok
19:40:48.0381 1448  [ 0318AA29F92E3374646BBEE7D566DA44 ] \Device\Harddisk0\DR0\Partition11
19:40:48.0381 1448  \Device\Harddisk0\DR0\Partition11 - ok
19:40:48.0381 1448  ============================================================
19:40:48.0381 1448  Scan finished
19:40:48.0381 1448  ============================================================
19:40:48.0396 4804  Detected object count: 4
19:40:48.0396 4804  Actual detected object count: 4
19:40:52.0218 4804  ForceWare Intelligent Application Manager (IAM) ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:52.0218 4804  ForceWare Intelligent Application Manager (IAM) ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:52.0218 4804  nSvcIp ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:52.0218 4804  nSvcIp ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:52.0218 4804  StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:52.0218 4804  StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:52.0218 4804  C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - skipped by user
19:40:52.0218 4804  C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - User select action: Skip
Grüße,
Waterdragon

cosinus 14.09.2012 23:00
Code:
C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - skipped by user
Diesen Eintrag bitte mit dem TDSS-Killer fixen. Aber bitte nur diesen Eintrag!
Starte Windows danach neu und mach wieder ein komplett neues Log mit dem TDSS-Killer. Wie immer wieder in CODE-Tags posten.

Waterdragon 15.09.2012 16:08
Hi!

Ich habe den genannten Eintrag fixen lassen. Hier das Log nach dem Reboot:

Code:
17:06:15.0457 3000  TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
17:06:15.0597 3000  ============================================================
17:06:15.0597 3000  Current date / time: 2012/09/15 17:06:15.0597
17:06:15.0597 3000  SystemInfo:
17:06:15.0597 3000 
17:06:15.0597 3000  OS Version: 6.0.6002 ServicePack: 2.0
17:06:15.0597 3000  Product type: Workstation
17:06:15.0597 3000  ComputerName: MAUS-PC
17:06:15.0597 3000  UserName: Maus
17:06:15.0597 3000  Windows directory: C:\Windows
17:06:15.0597 3000  System windows directory: C:\Windows
17:06:15.0597 3000  Running under WOW64
17:06:15.0597 3000  Processor architecture: Intel x64
17:06:15.0597 3000  Number of processors: 4
17:06:15.0597 3000  Page size: 0x1000
17:06:15.0597 3000  Boot type: Normal boot
17:06:15.0597 3000  ============================================================
17:06:16.0689 3000  BG loaded
17:06:17.0235 3000  Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:06:17.0251 3000  ============================================================
17:06:17.0251 3000  \Device\Harddisk0\DR0:
17:06:17.0251 3000  MBR partitions:
17:06:17.0251 3000  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x5BEC78
17:06:17.0251 3000  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x5BECF6, BlocksNum 0x61AB7E8
17:06:17.0251 3000  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x676A51D, BlocksNum 0x61AB7E8
17:06:17.0267 3000  \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0xC915D44, BlocksNum 0x61AB7E8
17:06:17.0267 3000  \Device\Harddisk0\DR0\Partition5: MBR, Type 0x7, StartLBA 0x12AC156B, BlocksNum 0x61AB7E8
17:06:17.0282 3000  \Device\Harddisk0\DR0\Partition6: MBR, Type 0x7, StartLBA 0x18C6CD92, BlocksNum 0x9C41AD8
17:06:17.0282 3000  \Device\Harddisk0\DR0\Partition7: MBR, Type 0x7, StartLBA 0x228AE8A9, BlocksNum 0x9C41AD8
17:06:17.0298 3000  \Device\Harddisk0\DR0\Partition8: MBR, Type 0x7, StartLBA 0x2C4F03C0, BlocksNum 0x9C41AD8
17:06:17.0313 3000  \Device\Harddisk0\DR0\Partition9: MBR, Type 0x7, StartLBA 0x36131ED7, BlocksNum 0x9C41AD8
17:06:17.0329 3000  \Device\Harddisk0\DR0\Partition10: MBR, Type 0x7, StartLBA 0x44B966DA, BlocksNum 0x30D7B35
17:06:17.0345 3000  \Device\Harddisk0\DR0\Partition11: MBR, Type 0x7, StartLBA 0x47C6E24E, BlocksNum 0x1388AFC
17:06:17.0360 3000  ============================================================
17:06:17.0391 3000  C: <-> \Device\Harddisk0\DR0\Partition3
17:06:17.0423 3000  D: <-> \Device\Harddisk0\DR0\Partition1
17:06:17.0454 3000  E: <-> \Device\Harddisk0\DR0\Partition2
17:06:17.0485 3000  F: <-> \Device\Harddisk0\DR0\Partition4
17:06:17.0547 3000  G: <-> \Device\Harddisk0\DR0\Partition5
17:06:17.0563 3000  H: <-> \Device\Harddisk0\DR0\Partition6
17:06:17.0672 3000  I: <-> \Device\Harddisk0\DR0\Partition7
17:06:17.0797 3000  J: <-> \Device\Harddisk0\DR0\Partition8
17:06:17.0859 3000  K: <-> \Device\Harddisk0\DR0\Partition9
17:06:17.0906 3000  M: <-> \Device\Harddisk0\DR0\Partition10
17:06:17.0969 3000  N: <-> \Device\Harddisk0\DR0\Partition11
17:06:17.0969 3000  ============================================================
17:06:17.0969 3000  Initialize success
17:06:17.0969 3000  ============================================================
17:06:44.0774 3404  ============================================================
17:06:44.0774 3404  Scan started
17:06:44.0774 3404  Mode: Manual; SigCheck; TDLFS;
17:06:44.0774 3404  ============================================================
17:06:47.0379 3404  ================ Scan system memory ========================
17:06:47.0379 3404  System memory - ok
17:06:47.0379 3404  ================ Scan services =============================
17:06:47.0457 3404  [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI            C:\Windows\system32\drivers\acpi.sys
17:06:47.0566 3404  ACPI - ok
17:06:47.0629 3404  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:06:47.0644 3404  AdobeARMservice - ok
17:06:47.0676 3404  [ 9137451D37BA1C325CD6C2DEF3D2D692 ] adp94xx        C:\Windows\system32\drivers\adp94xx.sys
17:06:47.0707 3404  adp94xx - ok
17:06:47.0722 3404  [ 01F80898DF5CC7DF19B3B11351846263 ] adpahci        C:\Windows\system32\drivers\adpahci.sys
17:06:47.0738 3404  adpahci - ok
17:06:47.0738 3404  [ DA001DB13FFF45DFE9109936E265B7CC ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
17:06:47.0754 3404  adpu160m - ok
17:06:47.0754 3404  [ 2B10C35C5B7C5C0C28F572E035319602 ] adpu320        C:\Windows\system32\drivers\adpu320.sys
17:06:47.0769 3404  adpu320 - ok
17:06:47.0785 3404  [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
17:06:52.0418 3404  AeLookupSvc - ok
17:06:52.0434 3404  [ C4F6CE6087760AD70960C9EB130E7943 ] AFD            C:\Windows\system32\drivers\afd.sys
17:06:52.0465 3404  AFD - ok
17:06:52.0480 3404  [ 5CCDD13BC602AE33CD8B62D33C29AB72 ] agp440          C:\Windows\system32\drivers\agp440.sys
17:06:52.0496 3404  agp440 - ok
17:06:52.0512 3404  [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx        C:\Windows\system32\drivers\djsvs.sys
17:06:52.0512 3404  aic78xx - ok
17:06:52.0527 3404  [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG            C:\Windows\System32\alg.exe
17:06:52.0621 3404  ALG - ok
17:06:52.0652 3404  [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide          C:\Windows\system32\drivers\aliide.sys
17:06:52.0652 3404  aliide - ok
17:06:52.0683 3404  [ 20C8A3E435A47F0408A1EA674AFA6194 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
17:06:52.0746 3404  AMD External Events Utility - ok
17:06:52.0792 3404  AMD FUEL Service - ok
17:06:52.0792 3404  [ 970FA5059E61E30D25307B99903E991E ] amdide          C:\Windows\system32\drivers\amdide.sys
17:06:52.0808 3404  amdide - ok
17:06:52.0808 3404  [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64        C:\Windows\system32\DRIVERS\amdiox64.sys
17:06:52.0824 3404  amdiox64 - ok
17:06:52.0824 3404  [ DE55DC52F7CEB89A967572D6B491ADA2 ] AmdK8          C:\Windows\system32\drivers\amdk8.sys
17:06:52.0948 3404  AmdK8 - ok
17:06:53.0416 3404  [ 0B45C18B0F3EE996D25BAA4E74884B83 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
17:06:53.0650 3404  amdkmdag - ok
17:06:53.0682 3404  [ 0E57258E5CC4CC7A9A9A877AFDF0CEC6 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
17:06:53.0713 3404  amdkmdap - ok
17:06:53.0744 3404  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
17:06:53.0760 3404  AntiVirSchedulerService - ok
17:06:53.0775 3404  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
17:06:53.0775 3404  AntiVirService - ok
17:06:53.0791 3404  [ 676894FA57B671FEC5C3F05F8929E03B ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
17:06:53.0806 3404  AntiVirWebService - ok
17:06:53.0822 3404  [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.1    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
17:06:53.0822 3404  AODDriver4.1 - ok
17:06:53.0838 3404  [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo        C:\Windows\System32\appinfo.dll
17:06:53.0869 3404  Appinfo - ok
17:06:53.0884 3404  [ 2E8623F2FED998A97129A3DB919551C8 ] arc            C:\Windows\system32\drivers\arc.sys
17:06:53.0884 3404  arc - ok
17:06:53.0916 3404  [ 741A003C041A3EC480A2E71AF71E9654 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
17:06:53.0931 3404  arcsas - ok
17:06:53.0947 3404  [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
17:06:53.0978 3404  AsyncMac - ok
17:06:54.0025 3404  [ E68D9B3A3905619732F7FE039466A623 ] atapi          C:\Windows\system32\drivers\atapi.sys
17:06:54.0025 3404  atapi - ok
17:06:54.0056 3404  [ 917692CDF8E1CE00D9752FA40615338B ] AtiHDAudioService C:\Windows\system32\drivers\AtihdLH6.sys
17:06:54.0056 3404  AtiHDAudioService - ok
17:06:54.0087 3404  [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:06:54.0118 3404  AudioEndpointBuilder - ok
17:06:54.0134 3404  [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
17:06:54.0150 3404  AudioSrv - ok
17:06:54.0181 3404  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
17:06:54.0196 3404  avgntflt - ok
17:06:54.0212 3404  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
17:06:54.0212 3404  avipbb - ok
17:06:54.0243 3404  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
17:06:54.0243 3404  avkmgr - ok
17:06:54.0243 3404  blbdrive - ok
17:06:54.0274 3404  [ 2348447A80920B2493A9B582A23E81E1 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:06:54.0290 3404  bowser - ok
17:06:54.0306 3404  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
17:06:54.0337 3404  BrFiltLo - ok
17:06:54.0352 3404  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
17:06:54.0384 3404  BrFiltUp - ok
17:06:54.0399 3404  [ A1B39DE453433B115B4EA69EE0343816 ] Browser        C:\Windows\System32\browser.dll
17:06:54.0415 3404  Browser - ok
17:06:54.0446 3404  [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid        C:\Windows\system32\drivers\brserid.sys
17:06:54.0493 3404  Brserid - ok
17:06:54.0508 3404  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
17:06:54.0555 3404  BrSerWdm - ok
17:06:54.0555 3404  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
17:06:54.0618 3404  BrUsbMdm - ok
17:06:54.0633 3404  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
17:06:54.0680 3404  BrUsbSer - ok
17:06:54.0696 3404  [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
17:06:54.0742 3404  BTHMODEM - ok
17:06:54.0774 3404  [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:06:54.0820 3404  cdfs - ok
17:06:54.0836 3404  [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
17:06:54.0852 3404  cdrom - ok
17:06:54.0867 3404  [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc    C:\Windows\System32\certprop.dll
17:06:54.0898 3404  CertPropSvc - ok
17:06:54.0898 3404  [ F28F00596824058BC61D5EDF434C9B82 ] circlass        C:\Windows\system32\drivers\circlass.sys
17:06:54.0945 3404  circlass - ok
17:06:54.0976 3404  [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS            C:\Windows\system32\CLFS.sys
17:06:54.0992 3404  CLFS - ok
17:06:55.0039 3404  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:06:55.0054 3404  clr_optimization_v2.0.50727_32 - ok
17:06:55.0070 3404  [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:06:55.0086 3404  clr_optimization_v2.0.50727_64 - ok
17:06:55.0086 3404  [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
17:06:55.0101 3404  cmdide - ok
17:06:55.0117 3404  [ 0E77A445640BF310817F60941C50560C ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
17:06:55.0117 3404  Compbatt - ok
17:06:55.0117 3404  COMSysApp - ok
17:06:55.0132 3404  [ B1192DCD5B9CF46BEED0E2A9E5BCF59A ] crcdisk        C:\Windows\system32\drivers\crcdisk.sys
17:06:55.0132 3404  crcdisk - ok
17:06:55.0164 3404  [ 62740B9D2A137E8CED41A9E4239A7A31 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
17:06:55.0195 3404  CryptSvc - ok
17:06:55.0210 3404  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch      C:\Windows\system32\rpcss.dll
17:06:55.0242 3404  DcomLaunch - ok
17:06:55.0273 3404  [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
17:06:55.0320 3404  DfsC - ok
17:06:55.0398 3404  [ C647F468F7DE343DF8C143655C5557D4 ] DFSR            C:\Windows\system32\DFSR.exe
17:06:55.0522 3404  DFSR - ok
17:06:55.0538 3404  [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
17:06:55.0569 3404  Dhcp - ok
17:06:55.0569 3404  [ B0107E40ECDB5FA692EBF832F295D905 ] disk            C:\Windows\system32\drivers\disk.sys
17:06:55.0585 3404  disk - ok
17:06:55.0600 3404  [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
17:06:55.0632 3404  Dnscache - ok
17:06:55.0647 3404  [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc        C:\Windows\System32\dot3svc.dll
17:06:55.0663 3404  dot3svc - ok
17:06:55.0694 3404  [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS            C:\Windows\system32\dps.dll
17:06:55.0741 3404  DPS - ok
17:06:55.0756 3404  [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
17:06:55.0788 3404  drmkaud - ok
17:06:55.0803 3404  [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
17:06:55.0834 3404  DXGKrnl - ok
17:06:55.0850 3404  [ D57FE09B575545738A73A0C193D0616A ] E1G60          C:\Windows\system32\DRIVERS\E1G6032E.sys
17:06:55.0897 3404  E1G60 - ok
17:06:55.0912 3404  [ C2303883FD9BE49DC36A6400643002EA ] EapHost        C:\Windows\System32\eapsvc.dll
17:06:55.0944 3404  EapHost - ok
17:06:55.0959 3404  [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache          C:\Windows\system32\drivers\ecache.sys
17:06:55.0975 3404  Ecache - ok
17:06:56.0006 3404  [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
17:06:56.0037 3404  ehRecvr - ok
17:06:56.0053 3404  [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched        C:\Windows\ehome\ehsched.exe
17:06:56.0068 3404  ehSched - ok
17:06:56.0084 3404  [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart        C:\Windows\ehome\ehstart.dll
17:06:56.0100 3404  ehstart - ok
17:06:56.0115 3404  [ 3D6298AFF3FE06C0616CE5D090A3EEAA ] elxstor        C:\Windows\system32\drivers\elxstor.sys
17:06:56.0131 3404  elxstor - ok
17:06:56.0146 3404  [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt        C:\Windows\system32\emdmgmt.dll
17:06:56.0193 3404  EMDMgmt - ok
17:06:56.0224 3404  [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem    C:\Windows\system32\es.dll
17:06:56.0256 3404  EventSystem - ok
17:06:56.0256 3404  [ 486844F47B6636044A42454614ED4523 ] exfat          C:\Windows\system32\drivers\exfat.sys
17:06:56.0287 3404  exfat - ok
17:06:56.0302 3404  [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat        C:\Windows\system32\drivers\fastfat.sys
17:06:56.0318 3404  fastfat - ok
17:06:56.0334 3404  [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
17:06:56.0365 3404  fdc - ok
17:06:56.0396 3404  [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost        C:\Windows\system32\fdPHost.dll
17:06:56.0427 3404  fdPHost - ok
17:06:56.0443 3404  [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub        C:\Windows\system32\fdrespub.dll
17:06:56.0490 3404  FDResPub - ok
17:06:56.0505 3404  [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
17:06:56.0521 3404  FileInfo - ok
17:06:56.0536 3404  [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
17:06:56.0568 3404  Filetrace - ok
17:06:56.0583 3404  [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
17:06:56.0599 3404  flpydisk - ok
17:06:56.0614 3404  [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
17:06:56.0630 3404  FltMgr - ok
17:06:56.0677 3404  [ DE67B1AFAB1DDB6CA0BBA89A776F26FA ] FontCache      C:\Windows\system32\FntCache.dll
17:06:56.0708 3404  FontCache - ok
17:06:56.0739 3404  [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:06:56.0739 3404  FontCache3.0.0.0 - ok
17:06:56.0770 3404  [ 03EC8C6EEB24E245DAD858C9FC6A1B68 ] ForceWare Intelligent Application Manager (IAM) C:\Program Files\bin32\nSvcAppFlt.exe
17:06:56.0833 3404  ForceWare Intelligent Application Manager (IAM) ( UnsignedFile.Multi.Generic ) - warning
17:06:56.0833 3404  ForceWare Intelligent Application Manager (IAM) - detected UnsignedFile.Multi.Generic (1)
17:06:56.0848 3404  [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
17:06:56.0880 3404  Fs_Rec - ok
17:06:56.0895 3404  [ B54520CC7B4B55134D7527B1CD3FC1F2 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
17:06:56.0911 3404  gagp30kx - ok
17:06:56.0926 3404  [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc          C:\Windows\System32\gpsvc.dll
17:06:56.0958 3404  gpsvc - ok
17:06:56.0989 3404  [ DF45F8142DC6DF9D18C39B3EFFBD0409 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:06:57.0036 3404  HdAudAddService - ok
17:06:57.0114 3404  [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
17:06:57.0223 3404  HDAudBus - ok
17:06:57.0238 3404  [ B4881C84A180E75B8C25DC1D726C375F ] HidBth          C:\Windows\system32\drivers\hidbth.sys
17:06:57.0316 3404  HidBth - ok
17:06:57.0316 3404  [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr          C:\Windows\system32\drivers\hidir.sys
17:06:57.0363 3404  HidIr - ok
17:06:57.0379 3404  [ 59361D38A297755D46A540E450202B2A ] hidserv        C:\Windows\system32\hidserv.dll
17:06:57.0394 3404  hidserv - ok
17:06:57.0394 3404  [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
17:06:57.0426 3404  HidUsb - ok
17:06:57.0441 3404  [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc          C:\Windows\system32\kmsvc.dll
17:06:57.0488 3404  hkmsvc - ok
17:06:57.0488 3404  [ 8EDC820115DF1E04763B2923676EA5B2 ] HpCISSs        C:\Windows\system32\drivers\hpcisss.sys
17:06:57.0504 3404  HpCISSs - ok
17:06:57.0519 3404  [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
17:06:57.0566 3404  HTTP - ok
17:06:57.0566 3404  [ F2901763845570ECAC48E6A50EC50812 ] i2omp          C:\Windows\system32\drivers\i2omp.sys
17:06:57.0582 3404  i2omp - ok
17:06:57.0597 3404  [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
17:06:57.0628 3404  i8042prt - ok
17:06:57.0644 3404  [ 72C3EE7EA3CD75A772E62AE0E5DF8B8C ] iaStorV        C:\Windows\system32\drivers\iastorv.sys
17:06:57.0660 3404  iaStorV - ok
17:06:57.0691 3404  [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc          C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:06:57.0722 3404  idsvc - ok
17:06:57.0753 3404  [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp          C:\Windows\system32\drivers\iirsp.sys
17:06:57.0769 3404  iirsp - ok
17:06:57.0800 3404  [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT          C:\Windows\System32\ikeext.dll
17:06:57.0831 3404  IKEEXT - ok
17:06:57.0894 3404  [ FFC65872F4B0A1075B2AB16C676A4AEC ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
17:06:57.0925 3404  IntcAzAudAddService - ok
17:06:57.0940 3404  [ 36A266C673812878996F72B200203FBB ] intelide        C:\Windows\system32\drivers\intelide.sys
17:06:57.0956 3404  intelide - ok
17:06:57.0972 3404  [ CD802075728E514548841DCC3F8B0220 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
17:06:58.0018 3404  intelppm - ok
17:06:58.0065 3404  [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
17:06:58.0081 3404  IPBusEnum - ok
17:06:58.0096 3404  [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:06:58.0128 3404  IpFilterDriver - ok
17:06:58.0128 3404  IpInIp - ok
17:06:58.0128 3404  [ EACDBBE429C6D170BDEEE0EFFCBC317B ] IPMIDRV        C:\Windows\system32\drivers\ipmidrv.sys
17:06:58.0174 3404  IPMIDRV - ok
17:06:58.0190 3404  [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT          C:\Windows\system32\DRIVERS\ipnat.sys
17:06:58.0221 3404  IPNAT - ok
17:06:58.0237 3404  [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
17:06:58.0268 3404  IRENUM - ok
17:06:58.0284 3404  [ D3BB520B31F28C1A065CD058E762EE73 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
17:06:58.0299 3404  isapnp - ok
17:06:58.0315 3404  [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
17:06:58.0330 3404  iScsiPrt - ok
17:06:58.0377 3404  [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
17:06:58.0393 3404  iteatapi - ok
17:06:58.0440 3404  [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid        C:\Windows\system32\drivers\iteraid.sys
17:06:58.0440 3404  iteraid - ok
17:06:58.0471 3404  [ 423696F3BA6472DD17699209B933BC26 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
17:06:58.0471 3404  kbdclass - ok
17:06:58.0486 3404  [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
17:06:58.0502 3404  kbdhid - ok
17:06:58.0518 3404  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso          C:\Windows\system32\lsass.exe
17:06:58.0549 3404  KeyIso - ok
17:06:58.0564 3404  [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:06:58.0580 3404  KSecDD - ok
17:06:58.0596 3404  [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk        C:\Windows\system32\drivers\ksthunk.sys
17:06:58.0627 3404  ksthunk - ok
17:06:58.0642 3404  [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm          C:\Windows\system32\msdtckrm.dll
17:06:58.0689 3404  KtmRm - ok
17:06:58.0705 3404  [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer    C:\Windows\system32\srvsvc.dll
17:06:58.0720 3404  LanmanServer - ok
17:06:58.0752 3404  [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:06:58.0767 3404  LanmanWorkstation - ok
17:06:58.0798 3404  [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
17:06:58.0830 3404  lltdio - ok
17:06:58.0845 3404  [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc        C:\Windows\System32\lltdsvc.dll
17:06:58.0892 3404  lltdsvc - ok
17:06:58.0908 3404  [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts        C:\Windows\System32\lmhsvc.dll
17:06:58.0939 3404  lmhosts - ok
17:06:58.0954 3404  [ 1572F8D999C0AB4376AFDCE058A78DF9 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
17:06:58.0970 3404  LSI_FC - ok
17:06:58.0970 3404  [ 64470979C3E3C9FF60EDFB5230C56E0E ] LSI_SAS        C:\Windows\system32\drivers\lsi_sas.sys
17:06:58.0986 3404  LSI_SAS - ok
17:06:59.0001 3404  [ 4CED7D3B54BFC5BBAE75C4A73C7F7428 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
17:06:59.0001 3404  LSI_SCSI - ok
17:06:59.0032 3404  [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv          C:\Windows\system32\drivers\luafv.sys
17:06:59.0064 3404  luafv - ok
17:06:59.0095 3404  [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector  C:\Windows\system32\drivers\mbam.sys
17:06:59.0110 3404  MBAMProtector - ok
17:06:59.0142 3404  [ 43683E970F008C93C9429EF428147A54 ] MBAMService    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
17:06:59.0173 3404  MBAMService - ok
17:06:59.0204 3404  [ 22A7776C5D8EB5930EDF9C8DD0884259 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe
17:06:59.0220 3404  McComponentHostService - ok
17:06:59.0235 3404  [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
17:06:59.0251 3404  Mcx2Svc - ok
17:06:59.0266 3404  [ 2F631C2939D5F2E8958935EE701D70D7 ] megasas        C:\Windows\system32\drivers\megasas.sys
17:06:59.0282 3404  megasas - ok
17:06:59.0298 3404  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS          C:\Windows\system32\mmcss.dll
17:06:59.0329 3404  MMCSS - ok
17:06:59.0344 3404  [ 59848D5CC74606F0EE7557983BB73C2E ] Modem          C:\Windows\system32\drivers\modem.sys
17:06:59.0391 3404  Modem - ok
17:06:59.0422 3404  [ 505BDF0B6529338189D6FD3959EE3A89 ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
17:06:59.0454 3404  monitor - ok
17:06:59.0485 3404  [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
17:06:59.0500 3404  mouclass - ok
17:06:59.0516 3404  [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
17:06:59.0547 3404  mouhid - ok
17:06:59.0563 3404  [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
17:06:59.0578 3404  MountMgr - ok
17:06:59.0594 3404  [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:06:59.0610 3404  MozillaMaintenance - ok
17:06:59.0625 3404  [ ED48EAC719EE28DB773359EB1B06E2B5 ] mpio            C:\Windows\system32\drivers\mpio.sys
17:06:59.0625 3404  mpio - ok
17:06:59.0656 3404  [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:06:59.0672 3404  mpsdrv - ok
17:06:59.0688 3404  [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
17:06:59.0688 3404  Mraid35x - ok
17:06:59.0703 3404  [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:06:59.0719 3404  MRxDAV - ok
17:06:59.0734 3404  [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:06:59.0750 3404  mrxsmb - ok
17:06:59.0766 3404  [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:06:59.0781 3404  mrxsmb10 - ok
17:06:59.0812 3404  [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:06:59.0812 3404  mrxsmb20 - ok
17:06:59.0828 3404  [ EEADF970795148BFBB1DB3ABCC89C16B ] msahci          C:\Windows\system32\drivers\msahci.sys
17:06:59.0844 3404  msahci - ok
17:06:59.0844 3404  [ 96D7C0A1B98434C6E4FF0C2E26A0E20A ] msdsm          C:\Windows\system32\drivers\msdsm.sys
17:06:59.0859 3404  msdsm - ok
17:06:59.0859 3404  [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC          C:\Windows\System32\msdtc.exe
17:06:59.0890 3404  MSDTC - ok
17:06:59.0906 3404  [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs            C:\Windows\system32\drivers\Msfs.sys
17:06:59.0937 3404  Msfs - ok
17:06:59.0953 3404  [ 00EBC952961664780D43DCA157E79B27 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
17:06:59.0968 3404  msisadrv - ok
17:06:59.0984 3404  [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
17:07:00.0015 3404  MSiSCSI - ok
17:07:00.0015 3404  msiserver - ok
17:07:00.0031 3404  [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
17:07:00.0062 3404  MSKSSRV - ok
17:07:00.0062 3404  [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
17:07:00.0093 3404  MSPCLOCK - ok
17:07:00.0109 3404  [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
17:07:00.0140 3404  MSPQM - ok
17:07:00.0171 3404  [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
17:07:00.0187 3404  MsRPC - ok
17:07:00.0202 3404  [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
17:07:00.0202 3404  mssmbios - ok
17:07:00.0218 3404  [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
17:07:00.0249 3404  MSTEE - ok
17:07:00.0280 3404  [ 6936198F2CC25B39CF5262436C80DF46 ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
17:07:00.0280 3404  MTsensor - ok
17:07:00.0280 3404  [ 0CC49F78D8ACA0877D885F149084E543 ] Mup            C:\Windows\system32\Drivers\mup.sys
17:07:00.0296 3404  Mup - ok
17:07:00.0327 3404  [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent        C:\Windows\system32\qagentRT.dll
17:07:00.0358 3404  napagent - ok
17:07:00.0374 3404  [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
17:07:00.0390 3404  NativeWifiP - ok
17:07:00.0405 3404  [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS            C:\Windows\system32\drivers\ndis.sys
17:07:00.0436 3404  NDIS - ok
17:07:00.0436 3404  [ 64DF698A425478E321981431AC171334 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:07:00.0468 3404  NdisTapi - ok
17:07:00.0483 3404  [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
17:07:00.0514 3404  Ndisuio - ok
17:07:00.0530 3404  [ F8158771905260982CE724076419EF19 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
17:07:00.0561 3404  NdisWan - ok
17:07:00.0577 3404  [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
17:07:00.0608 3404  NDProxy - ok
17:07:00.0624 3404  [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
17:07:00.0655 3404  NetBIOS - ok
17:07:00.0670 3404  [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt          C:\Windows\system32\DRIVERS\netbt.sys
17:07:00.0702 3404  netbt - ok
17:07:00.0717 3404  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon        C:\Windows\system32\lsass.exe
17:07:00.0717 3404  Netlogon - ok
17:07:00.0748 3404  [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman          C:\Windows\System32\netman.dll
17:07:00.0795 3404  Netman - ok
17:07:00.0826 3404  [ 7846D0136CC2B264926A73047BA7688A ] netprofm        C:\Windows\System32\netprofm.dll
17:07:00.0858 3404  netprofm - ok
17:07:00.0858 3404  [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:07:00.0873 3404  NetTcpPortSharing - ok
17:07:00.0904 3404  [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960        C:\Windows\system32\drivers\nfrd960.sys
17:07:00.0904 3404  nfrd960 - ok
17:07:00.0920 3404  [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc          C:\Windows\System32\nlasvc.dll
17:07:00.0967 3404  NlaSvc - ok
17:07:01.0029 3404  [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess      I:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
17:07:01.0029 3404  NMSAccess - ok
17:07:01.0076 3404  [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
17:07:01.0092 3404  Npfs - ok
17:07:01.0107 3404  [ ACB62BAA1C319B17752553DF3026EEEB ] nsi            C:\Windows\system32\nsisvc.dll
17:07:01.0138 3404  nsi - ok
17:07:01.0154 3404  [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:07:01.0185 3404  nsiproxy - ok
17:07:01.0216 3404  [ C5117E7FF9F373AD470CE5379617F464 ] nSvcIp          C:\Program Files\bin32\nSvcIp.exe
17:07:01.0216 3404  nSvcIp ( UnsignedFile.Multi.Generic ) - warning
17:07:01.0216 3404  nSvcIp - detected UnsignedFile.Multi.Generic (1)
17:07:01.0248 3404  [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
17:07:01.0310 3404  Ntfs - ok
17:07:01.0341 3404  [ DD5D684975352B85B52E3FD5347C20CB ] Null            C:\Windows\system32\drivers\Null.sys
17:07:01.0372 3404  Null - ok
17:07:01.0388 3404  [ 01266516E6E88D183A2B58722EEB4443 ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
17:07:01.0404 3404  nusb3hub - ok
17:07:01.0435 3404  [ 5EC04F55CC5F165F21752712437DF638 ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
17:07:01.0466 3404  nusb3xhc - ok
17:07:01.0482 3404  [ CF2A023F422CE6E43302B139E4B87B05 ] NVENETFD        C:\Windows\system32\DRIVERS\nvmfdx64.sys
17:07:01.0497 3404  NVENETFD - ok
17:07:01.0513 3404  [ 87A7E98A682B0B20820BE781C7758B94 ] NVHDA          C:\Windows\system32\drivers\nvhda64v.sys
17:07:01.0528 3404  NVHDA - ok
17:07:01.0544 3404  [ CF2A023F422CE6E43302B139E4B87B05 ] NVNET          C:\Windows\system32\DRIVERS\nvmfdx64.sys
17:07:01.0560 3404  NVNET - ok
17:07:01.0575 3404  [ 840EEB44DC49317A6161961F7682CD99 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
17:07:01.0591 3404  nvraid - ok
17:07:01.0591 3404  [ F6C6D8298DD85507F680437EC2E6899C ] nvsmu          C:\Windows\system32\DRIVERS\nvsmu.sys
17:07:01.0606 3404  nvsmu - ok
17:07:01.0606 3404  [ 94C5334040A5D500897F4C5FD12AEEDE ] nvstor          C:\Windows\system32\drivers\nvstor.sys
17:07:01.0622 3404  nvstor - ok
17:07:01.0622 3404  [ AA1B6C86A4763502E20B65C025F39BAD ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
17:07:01.0638 3404  nv_agp - ok
17:07:01.0638 3404  NwlnkFlt - ok
17:07:01.0638 3404  NwlnkFwd - ok
17:07:01.0669 3404  [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
17:07:01.0700 3404  ohci1394 - ok
17:07:01.0716 3404  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc        C:\Windows\system32\p2psvc.dll
17:07:01.0747 3404  p2pimsvc - ok
17:07:01.0778 3404  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc          C:\Windows\system32\p2psvc.dll
17:07:01.0794 3404  p2psvc - ok
17:07:01.0809 3404  [ AECD57F94C887F58919F307C35498EA0 ] Parport        C:\Windows\system32\drivers\parport.sys
17:07:01.0856 3404  Parport - ok
17:07:01.0872 3404  [ B43751085E2ABE389DA466BC62A4B987 ] partmgr        C:\Windows\system32\drivers\partmgr.sys
17:07:01.0887 3404  partmgr - ok
17:07:01.0903 3404  [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc          C:\Windows\System32\pcasvc.dll
17:07:01.0934 3404  PcaSvc - ok
17:07:01.0950 3404  [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci            C:\Windows\system32\drivers\pci.sys
17:07:01.0965 3404  pci - ok
17:07:01.0981 3404  [ 2657F6C0B78C36D95034BE109336E382 ] pciide          C:\Windows\system32\drivers\pciide.sys
17:07:01.0981 3404  pciide - ok
17:07:01.0996 3404  [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
17:07:02.0012 3404  pcmcia - ok
17:07:02.0028 3404  [ 58865916F53592A61549B04941BFD80D ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:07:02.0074 3404  PEAUTH - ok
17:07:02.0121 3404  [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
17:07:02.0152 3404  PerfHost - ok
17:07:02.0215 3404  [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla            C:\Windows\system32\pla.dll
17:07:02.0277 3404  pla - ok
17:07:02.0340 3404  [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:07:02.0371 3404  PlugPlay - ok
17:07:02.0433 3404  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg    C:\Windows\system32\p2psvc.dll
17:07:02.0464 3404  PNRPAutoReg - ok
17:07:02.0496 3404  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc        C:\Windows\system32\p2psvc.dll
17:07:02.0511 3404  PNRPsvc - ok
17:07:02.0542 3404  [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
17:07:02.0589 3404  PolicyAgent - ok
17:07:02.0620 3404  [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:07:02.0636 3404  PptpMiniport - ok
17:07:02.0652 3404  [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor      C:\Windows\system32\DRIVERS\processr.sys
17:07:02.0683 3404  Processor - ok
17:07:02.0698 3404  [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc        C:\Windows\system32\profsvc.dll
17:07:02.0730 3404  ProfSvc - ok
17:07:02.0730 3404  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
17:07:02.0745 3404  ProtectedStorage - ok
17:07:02.0761 3404  [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
17:07:02.0776 3404  PSched - ok
17:07:02.0808 3404  [ 4A29D25704917161BAD9B4659A248DFD ] ql2300          C:\Windows\system32\drivers\ql2300.sys
17:07:02.0839 3404  ql2300 - ok
17:07:02.0854 3404  [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
17:07:02.0870 3404  ql40xx - ok
17:07:02.0886 3404  [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE          C:\Windows\system32\qwave.dll
17:07:02.0901 3404  QWAVE - ok
17:07:02.0917 3404  [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:07:02.0932 3404  QWAVEdrv - ok
17:07:02.0964 3404  [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:07:02.0979 3404  RasAcd - ok
17:07:03.0010 3404  [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto        C:\Windows\System32\rasauto.dll
17:07:03.0057 3404  RasAuto - ok
17:07:03.0057 3404  [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
17:07:03.0104 3404  Rasl2tp - ok
17:07:03.0120 3404  [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan          C:\Windows\System32\rasmans.dll
17:07:03.0135 3404  RasMan - ok
17:07:03.0135 3404  [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:07:03.0166 3404  RasPppoe - ok
17:07:03.0166 3404  [ C6A593B51F34C33E5474539544072527 ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
17:07:03.0182 3404  RasSstp - ok
17:07:03.0182 3404  [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
17:07:03.0213 3404  rdbss - ok
17:07:03.0229 3404  [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:07:03.0260 3404  RDPCDD - ok
17:07:03.0291 3404  [ 2D98DDA8EDCE73DF99854BF3692CCC87 ] rdpdr          C:\Windows\system32\drivers\rdpdr.sys
17:07:03.0338 3404  rdpdr - ok
17:07:03.0354 3404  [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:07:03.0385 3404  RDPENCDD - ok
17:07:03.0400 3404  [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
17:07:03.0432 3404  RDPWD - ok
17:07:03.0447 3404  [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:07:03.0463 3404  RemoteAccess - ok
17:07:03.0478 3404  [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:07:03.0494 3404  RemoteRegistry - ok
17:07:03.0510 3404  [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator      C:\Windows\system32\locator.exe
17:07:03.0541 3404  RpcLocator - ok
17:07:03.0556 3404  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs          C:\Windows\system32\rpcss.dll
17:07:03.0588 3404  RpcSs - ok
17:07:03.0603 3404  [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:07:03.0634 3404  rspndr - ok
17:07:03.0650 3404  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs          C:\Windows\system32\lsass.exe
17:07:03.0650 3404  SamSs - ok
17:07:03.0666 3404  [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
17:07:03.0666 3404  sbp2port - ok
17:07:03.0681 3404  [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:07:03.0712 3404  SCardSvr - ok
17:07:03.0728 3404  [ 0F838C811AD295D2A4489B9993096C63 ] Schedule        C:\Windows\system32\schedsvc.dll
17:07:03.0775 3404  Schedule - ok
17:07:03.0790 3404  [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc    C:\Windows\System32\certprop.dll
17:07:03.0806 3404  SCPolicySvc - ok
17:07:03.0837 3404  [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:07:03.0868 3404  SDRSVC - ok
17:07:03.0868 3404  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
17:07:03.0915 3404  secdrv - ok
17:07:03.0946 3404  [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon        C:\Windows\system32\seclogon.dll
17:07:03.0978 3404  seclogon - ok
17:07:04.0009 3404  [ 90973A64B96CD647FF81C79443618EED ] SENS            C:\Windows\System32\sens.dll
17:07:04.0040 3404  SENS - ok
17:07:04.0056 3404  [ 2449316316411D65BD2C761A6FFB2CE2 ] Serenum        C:\Windows\system32\DRIVERS\serenum.sys
17:07:04.0087 3404  Serenum - ok
17:07:04.0118 3404  [ 4B438170BE2FC8E0BD35EE87A960F84F ] Serial          C:\Windows\system32\DRIVERS\serial.sys
17:07:04.0149 3404  Serial - ok
17:07:04.0149 3404  [ A842F04833684BCEEA7336211BE478DF ] sermouse        C:\Windows\system32\drivers\sermouse.sys
17:07:04.0180 3404  sermouse - ok
17:07:04.0212 3404  [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv      C:\Windows\system32\sessenv.dll
17:07:04.0243 3404  SessionEnv - ok
17:07:04.0243 3404  [ 541B32F8D6B2DCB92EC43BAB267E79EA ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
17:07:04.0290 3404  sffdisk - ok
17:07:04.0290 3404  [ 446E7CCA3325C7E0AE0FDE7F73CDD9C2 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
17:07:04.0336 3404  sffp_mmc - ok
17:07:04.0336 3404  [ 67EDC221348911E895AF51C57D9A3725 ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
17:07:04.0368 3404  sffp_sd - ok
17:07:04.0383 3404  [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy        C:\Windows\system32\drivers\sfloppy.sys
17:07:04.0430 3404  sfloppy - ok
17:07:04.0446 3404  [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:07:04.0461 3404  ShellHWDetection - ok
17:07:04.0461 3404  [ 08DDA16573FA44F8B13AFE74597AD2E5 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
17:07:04.0477 3404  SiSRaid2 - ok
17:07:04.0492 3404  [ C52259E9DAAF3890D572D87FFEE0979E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
17:07:04.0492 3404  SiSRaid4 - ok
17:07:04.0586 3404  [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc          C:\Windows\system32\SLsvc.exe
17:07:04.0648 3404  slsvc - ok
17:07:04.0648 3404  [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify      C:\Windows\system32\SLUINotify.dll
17:07:04.0664 3404  SLUINotify - ok
17:07:04.0680 3404  [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
17:07:04.0711 3404  Smb - ok
17:07:04.0726 3404  [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:07:04.0742 3404  SNMPTRAP - ok
17:07:04.0758 3404  [ 386C3C63F00A7040C7EC5E384217E89D ] spldr          C:\Windows\system32\drivers\spldr.sys
17:07:04.0773 3404  spldr - ok
17:07:04.0789 3404  [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler        C:\Windows\System32\spoolsv.exe
17:07:04.0820 3404  Spooler - ok
17:07:04.0836 3404  [ 880A57FCCB571EBD063D4DD50E93E46D ] srv            C:\Windows\system32\DRIVERS\srv.sys
17:07:04.0867 3404  srv - ok
17:07:04.0867 3404  [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:07:04.0898 3404  srv2 - ok
17:07:04.0914 3404  [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:07:04.0914 3404  srvnet - ok
17:07:04.0960 3404  [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
17:07:04.0992 3404  SSDPSRV - ok
17:07:05.0054 3404  [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc        C:\Windows\system32\sstpsvc.dll
17:07:05.0085 3404  SstpSvc - ok
17:07:05.0116 3404  [ E57B778208C783D8DEBAB320C16A1B82 ] StarOpen        C:\Windows\system32\drivers\StarOpen.sys
17:07:05.0116 3404  StarOpen ( UnsignedFile.Multi.Generic ) - warning
17:07:05.0116 3404  StarOpen - detected UnsignedFile.Multi.Generic (1)
17:07:05.0148 3404  Steam Client Service - ok
17:07:05.0163 3404  [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc          C:\Windows\System32\wiaservc.dll
17:07:05.0194 3404  stisvc - ok
17:07:05.0210 3404  [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
17:07:05.0210 3404  swenum - ok
17:07:05.0226 3404  [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv          C:\Windows\System32\swprv.dll
17:07:05.0257 3404  swprv - ok
17:07:05.0272 3404  [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx        C:\Windows\system32\drivers\symc8xx.sys
17:07:05.0288 3404  Symc8xx - ok
17:07:05.0288 3404  [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
17:07:05.0304 3404  Sym_hi - ok
17:07:05.0304 3404  [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
17:07:05.0319 3404  Sym_u3 - ok
17:07:05.0335 3404  [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain        C:\Windows\system32\sysmain.dll
17:07:05.0366 3404  SysMain - ok
17:07:05.0382 3404  [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:07:05.0397 3404  TabletInputService - ok
17:07:05.0413 3404  [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv        C:\Windows\System32\tapisrv.dll
17:07:05.0444 3404  TapiSrv - ok
17:07:05.0460 3404  [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS            C:\Windows\System32\tbssvc.dll
17:07:05.0491 3404  TBS - ok
17:07:05.0522 3404  [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
17:07:05.0569 3404  Tcpip - ok
17:07:05.0631 3404  [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
17:07:05.0709 3404  Tcpip6 - ok
17:07:05.0725 3404  [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:07:05.0756 3404  tcpipreg - ok
17:07:05.0787 3404  [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:07:05.0818 3404  TDPIPE - ok
17:07:05.0834 3404  [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
17:07:05.0881 3404  TDTCP - ok
17:07:05.0881 3404  [ 458919C8C42E398DC4802178D5FFEE27 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
17:07:05.0912 3404  tdx - ok
17:07:05.0928 3404  [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
17:07:05.0928 3404  TermDD - ok
17:07:05.0943 3404  [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService    C:\Windows\System32\termsrv.dll
17:07:05.0974 3404  TermService - ok
17:07:05.0990 3404  [ 56793271ECDEDD350C5ADD305603E963 ] Themes          C:\Windows\system32\shsvcs.dll
17:07:06.0006 3404  Themes - ok
17:07:06.0006 3404  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER    C:\Windows\system32\mmcss.dll
17:07:06.0037 3404  THREADORDER - ok
17:07:06.0068 3404  [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks          C:\Windows\System32\trkwks.dll
17:07:06.0099 3404  TrkWks - ok
17:07:06.0115 3404  [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:07:06.0130 3404  TrustedInstaller - ok
17:07:06.0146 3404  [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:07:06.0177 3404  tssecsrv - ok
17:07:06.0193 3404  [ 89EC74A9E602D16A75A4170511029B3C ] tunmp          C:\Windows\system32\DRIVERS\tunmp.sys
17:07:06.0208 3404  tunmp - ok
17:07:06.0224 3404  [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:07:06.0224 3404  tunnel - ok
17:07:06.0255 3404  [ E4722DFBD6232ACF17543EF2C2DCE8D2 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
17:07:06.0255 3404  uagp35 - ok
17:07:06.0271 3404  [ FAF2640A2A76ED03D449E443194C4C34 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:07:06.0302 3404  udfs - ok
17:07:06.0333 3404  [ 060507C4113391394478F6953A79EEDC ] UI0Detect      C:\Windows\system32\UI0Detect.exe
17:07:06.0349 3404  UI0Detect - ok
17:07:06.0364 3404  [ 5663D7696ABBE71F8C9D915C5374118A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
17:07:06.0364 3404  uliagpkx - ok
17:07:06.0396 3404  [ 6030B68E86A30D1B315B51C4D7778B16 ] uliahci        C:\Windows\system32\drivers\uliahci.sys
17:07:06.0411 3404  uliahci - ok
17:07:06.0427 3404  [ 31707F09846056651EA2C37858F5DDB0 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
17:07:06.0442 3404  UlSata - ok
17:07:06.0474 3404  [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2        C:\Windows\system32\drivers\ulsata2.sys
17:07:06.0489 3404  ulsata2 - ok
17:07:06.0489 3404  [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus          C:\Windows\system32\DRIVERS\umbus.sys
17:07:06.0520 3404  umbus - ok
17:07:06.0552 3404  [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost        C:\Windows\System32\upnphost.dll
17:07:06.0583 3404  upnphost - ok
17:07:06.0614 3404  [ 07E3498FC60834219D2356293DA0FECC ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
17:07:06.0645 3404  usbccgp - ok
17:07:06.0661 3404  [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
17:07:06.0708 3404  usbcir - ok
17:07:06.0708 3404  [ 827E44DE934A736EA31E91D353EB126F ] usbehci        C:\Windows\system32\DRIVERS\usbehci.sys
17:07:06.0723 3404  usbehci - ok
17:07:06.0739 3404  [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
17:07:06.0770 3404  usbhub - ok
17:07:06.0770 3404  [ E406B003A354776D317762694956B0FC ] usbohci        C:\Windows\system32\DRIVERS\usbohci.sys
17:07:06.0786 3404  usbohci - ok
17:07:06.0801 3404  [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
17:07:06.0832 3404  usbprint - ok
17:07:06.0832 3404  [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:07:06.0864 3404  USBSTOR - ok
17:07:06.0864 3404  [ 7BF55D2538740B25936E93553E5D190D ] usbuhci        C:\Windows\system32\DRIVERS\usbuhci.sys
17:07:06.0910 3404  usbuhci - ok
17:07:06.0942 3404  [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms          C:\Windows\System32\uxsms.dll
17:07:06.0957 3404  UxSms - ok
17:07:06.0988 3404  [ 294945381DFA7CE58CECF0A9896AF327 ] vds            C:\Windows\System32\vds.exe
17:07:07.0020 3404  vds - ok
17:07:07.0035 3404  [ 2998DC48905E9B4821AD8FD75B3E070C ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
17:07:07.0082 3404  vga - ok
17:07:07.0098 3404  [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave        C:\Windows\System32\drivers\vga.sys
17:07:07.0129 3404  VgaSave - ok
17:07:07.0129 3404  [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide          C:\Windows\system32\drivers\viaide.sys
17:07:07.0144 3404  viaide - ok
17:07:07.0144 3404  [ 2B7E885ED951519A12C450D24535DFCA ] volmgr          C:\Windows\system32\drivers\volmgr.sys
17:07:07.0160 3404  volmgr - ok
17:07:07.0191 3404  [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
17:07:07.0207 3404  volmgrx - ok
17:07:07.0222 3404  [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap        C:\Windows\system32\drivers\volsnap.sys
17:07:07.0238 3404  volsnap - ok
17:07:07.0238 3404  [ 410AE2C141142C58BC617FC2C677F8B0 ] vsmraid        C:\Windows\system32\drivers\vsmraid.sys
17:07:07.0269 3404  vsmraid - ok
17:07:07.0285 3404  [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS            C:\Windows\system32\vssvc.exe
17:07:07.0363 3404  VSS - ok
17:07:07.0378 3404  [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time        C:\Windows\system32\w32time.dll
17:07:07.0410 3404  W32Time - ok
17:07:07.0425 3404  [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
17:07:07.0456 3404  WacomPen - ok
17:07:07.0488 3404  [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
17:07:07.0503 3404  Wanarp - ok
17:07:07.0519 3404  [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:07:07.0520 3404  Wanarpv6 - ok
17:07:07.0598 3404  [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc        C:\Windows\System32\wcncsvc.dll
17:07:07.0660 3404  wcncsvc - ok
17:07:07.0691 3404  [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:07:07.0722 3404  WcsPlugInService - ok
17:07:07.0738 3404  [ 59B501B0A04C9672142B7FFA2BDBF663 ] Wd              C:\Windows\system32\drivers\wd.sys
17:07:07.0738 3404  Wd - ok
17:07:07.0769 3404  [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:07:07.0800 3404  Wdf01000 - ok
17:07:07.0816 3404  [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:07:07.0847 3404  WdiServiceHost - ok
17:07:07.0847 3404  [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost  C:\Windows\system32\wdi.dll
17:07:07.0878 3404  WdiSystemHost - ok
17:07:07.0894 3404  [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient      C:\Windows\System32\webclnt.dll
17:07:07.0910 3404  WebClient - ok
17:07:07.0956 3404  [ BD9A749F36710FFA02E0E530F7451936 ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:07:07.0972 3404  Wecsvc - ok
17:07:07.0988 3404  [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
17:07:08.0003 3404  wercplsupport - ok
17:07:08.0034 3404  [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc          C:\Windows\System32\WerSvc.dll
17:07:08.0050 3404  WerSvc - ok
17:07:08.0050 3404  WinHttpAutoProxySvc - ok
17:07:08.0268 3404  [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
17:07:08.0284 3404  Winmgmt - ok
17:07:08.0315 3404  [ 42717DB2BE3A075D0F0CD5C927C27A43 ] WinRM          C:\Windows\system32\WsmSvc.dll
17:07:08.0409 3404  WinRM - ok
17:07:08.0456 3404  [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc        C:\Windows\System32\wlansvc.dll
17:07:08.0502 3404  Wlansvc - ok
17:07:08.0534 3404  [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi        C:\Windows\system32\DRIVERS\wmiacpi.sys
17:07:08.0565 3404  WmiAcpi - ok
17:07:08.0565 3404  [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:07:08.0596 3404  wmiApSrv - ok
17:07:08.0612 3404  WMPNetworkSvc - ok
17:07:08.0643 3404  [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
17:07:08.0674 3404  WPCSvc - ok
17:07:08.0690 3404  [ A27C8F92D84E2DDC151978E4692C978E ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:07:08.0721 3404  WPDBusEnum - ok
17:07:08.0721 3404  [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
17:07:08.0768 3404  ws2ifsl - ok
17:07:08.0768 3404  WSearch - ok
17:07:08.0799 3404  [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
17:07:08.0830 3404  WUDFRd - ok
17:07:08.0846 3404  [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
17:07:08.0877 3404  wudfsvc - ok
17:07:08.0877 3404  ================ Scan global ===============================
17:07:08.0908 3404  [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
17:07:08.0924 3404  [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
17:07:08.0939 3404  [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
17:07:08.0970 3404  [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
17:07:08.0970 3404  [Global] - ok
17:07:08.0970 3404  ================ Scan MBR ==================================
17:07:08.0986 3404  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:07:09.0298 3404  \Device\Harddisk0\DR0 - ok
17:07:09.0298 3404  ================ Scan VBR ==================================
17:07:09.0298 3404  [ AF6E1B78A52D7BA39B03D6839392A6AC ] \Device\Harddisk0\DR0\Partition1
17:07:09.0298 3404  \Device\Harddisk0\DR0\Partition1 - ok
17:07:09.0298 3404  [ 9192F4C5E5167E0E4F5D58027EEF9CC6 ] \Device\Harddisk0\DR0\Partition2
17:07:09.0298 3404  \Device\Harddisk0\DR0\Partition2 - ok
17:07:09.0329 3404  [ 51C6248CC81C7F876BAADB6A7D60D8E2 ] \Device\Harddisk0\DR0\Partition3
17:07:09.0329 3404  \Device\Harddisk0\DR0\Partition3 - ok
17:07:09.0345 3404  [ 498AA62793B74B1F1A17E47DCF0E559C ] \Device\Harddisk0\DR0\Partition4
17:07:09.0345 3404  \Device\Harddisk0\DR0\Partition4 - ok
17:07:09.0360 3404  [ E11473E0B50B173780451F496E581DD6 ] \Device\Harddisk0\DR0\Partition5
17:07:09.0360 3404  \Device\Harddisk0\DR0\Partition5 - ok
17:07:09.0376 3404  [ FA17E132BE096306B4A5C1A3189FEAD7 ] \Device\Harddisk0\DR0\Partition6
17:07:09.0376 3404  \Device\Harddisk0\DR0\Partition6 - ok
17:07:09.0376 3404  [ 4127A635E2FC156B1977278DBA3F0E05 ] \Device\Harddisk0\DR0\Partition7
17:07:09.0376 3404  \Device\Harddisk0\DR0\Partition7 - ok
17:07:09.0392 3404  [ 786605C9B7834E6863169016846DAD5F ] \Device\Harddisk0\DR0\Partition8
17:07:09.0392 3404  \Device\Harddisk0\DR0\Partition8 - ok
17:07:09.0407 3404  [ 68C1B7EECECD056403307EF614CAF735 ] \Device\Harddisk0\DR0\Partition9
17:07:09.0407 3404  \Device\Harddisk0\DR0\Partition9 - ok
17:07:09.0423 3404  [ 60A105906FC38A9CDD8E99388A79BF70 ] \Device\Harddisk0\DR0\Partition10
17:07:09.0423 3404  \Device\Harddisk0\DR0\Partition10 - ok
17:07:09.0423 3404  [ 0318AA29F92E3374646BBEE7D566DA44 ] \Device\Harddisk0\DR0\Partition11
17:07:09.0423 3404  \Device\Harddisk0\DR0\Partition11 - ok
17:07:09.0423 3404  ============================================================
17:07:09.0423 3404  Scan finished
17:07:09.0423 3404  ============================================================
17:07:09.0438 3396  Detected object count: 3
17:07:09.0438 3396  Actual detected object count: 3
17:07:16.0646 3396  ForceWare Intelligent Application Manager (IAM) ( UnsignedFile.Multi.Generic ) - skipped by user
17:07:16.0646 3396  ForceWare Intelligent Application Manager (IAM) ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:07:16.0661 3396  nSvcIp ( UnsignedFile.Multi.Generic ) - skipped by user
17:07:16.0661 3396  nSvcIp ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:07:16.0661 3396  StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
17:07:16.0661 3396  StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
Grüße,
Waterdragon

cosinus 16.09.2012 15:43
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Waterdragon 20.09.2012 20:33
Hi!

Hier das Log von ComboFix nach dem Reboot. CombiFix meldete, dass Avira noch aktiv sei, obwohl ich es deaktiviert habe. Wahrscheinlich liefen da noch Hintergrundprozesse. Ich hoffe, das stellt kein Problem dar. Falls doch, gib bescheid. Dann lasse ich ComboFix nochmal laufen und kille die Avira-Prozesse vorher über den Taskmanager.

Code:
ComboFix 12-09-20.02 - Maus 20.09.2012  21:14:52.1.4 - x64
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.4094.2862 [GMT 2:00]
ausgeführt von:: c:\users\Maus\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
I:\install.exe
J:\install.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-08-20 bis 2012-09-20  ))))))))))))))))))))))))))))))
.
.
2012-09-18 07:59 . 2012-09-18 07:59        73696        ----a-w-        c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-09-15 15:06 . 2012-09-15 15:06        208216        ----a-w-        c:\windows\system32\drivers\44311390.sys
2012-09-15 15:02 . 2012-09-15 15:02        --------        d-----w-        C:\TDSSKiller_Quarantine
2012-09-11 17:47 . 2012-09-11 17:47        --------        d-----w-        C:\_OTL
2012-08-25 15:57 . 2012-08-25 15:57        --------        d-----w-        c:\users\Maus\AppData\Local\NeoSmart_Technologies
2012-08-22 14:37 . 2012-08-22 14:37        --------        d-----w-        c:\users\Maus\AppData\Local\Unity
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-15 15:05 . 2012-06-02 14:34        384512        ----a-w-        c:\windows\system32\services.exe
2012-08-07 07:25 . 2012-08-07 07:25        178800        ----a-w-        c:\windows\SysWow64\CmdLineExt_x64.dll
2012-08-04 10:26 . 2012-08-04 10:26        70344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-04 10:26 . 2012-08-04 10:26        426184        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-15 10:00 . 2006-11-02 12:35        59701280        ----a-w-        c:\windows\system32\mrt.exe
2012-07-03 11:46 . 2012-08-08 19:27        24904        ----a-w-        c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1555968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 641664]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2011-02-23 371200]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-04-14 113288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-05-20 6296064]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\users\Maus\AppData\Roaming\Mozilla\Firefox\Profiles\siytadi4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-34042434.sys
AddRemove-dm-Fotowelt - l:\dm-fotowelt\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1573093539-3000668172-1714174166-1000\Software\SecuROM\License information*]
"datasecu"=hex:66,b7,d7,db,ab,af,b8,22,c3,03,4d,c9,ce,e6,ac,8a,91,eb,48,4a,e4,
  3e,a1,c2,0d,7e,7c,e6,46,26,08,2f,fc,2f,ad,35,bb,61,0e,b7,f2,0a,03,eb,a8,c3,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\sched.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
i:\program files (x86)\CDBurnerXP\NMSAccessU.exe
c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-09-20  21:24:26 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-09-20 19:24
.
Vor Suchlauf: 9 Verzeichnis(se), 13.894.844.416 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 14.483.804.160 Bytes frei
.
- - End Of File - - 43C55704A4AAD0442209B5FA8473E3CF
Grüße,
Waterdragon

cosinus 21.09.2012 12:17
Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Waterdragon 22.09.2012 15:58
Hallo,

hier schonmal das Log von GMER. Der Rest kommt gleich...

Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-22 16:58:12
Windows 6.0.6002 Service Pack 2
Running: gmer.exe


---- Files - GMER 1.0.15 ----

File  C:\Users\Maus\AppData\Roaming\Microsoft\Internet Explorer\UserData\AVBZGE1E\at[1].xml  58 bytes
File  C:\Users\Maus\AppData\Roaming\Microsoft\Windows\Cookies\AYJNSXVF.txt                  372 bytes
File  C:\Users\Maus\AppData\Roaming\Microsoft\Windows\Cookies\D2DKG52Z.txt                  171 bytes
File  C:\Users\Maus\AppData\Roaming\Microsoft\Windows\Cookies\GB69X8U0.txt                  241 bytes
File  C:\Users\Maus\AppData\Roaming\Microsoft\Windows\Cookies\XCDVF0GY.txt                  309 bytes

---- EOF - GMER 1.0.15 ----

Das Log von OSAM lässt sich nicht speichern. Beim Klicken auf "Save Log" passiert einfach nichts. Weder erscheint ein Dateimenü zum Speichern noch ist in den Unterverzeichnissen von OSAM ein Log zu finden.

Hättest Du eine Idee, wo es hier klemmen könnte?

Und hier noch das Log vom aswMBR:

Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-22 17:17:44
-----------------------------
17:17:44.911    OS Version: Windows x64 6.0.6002 Service Pack 2
17:17:44.911    Number of processors: 4 586 0x402
17:17:44.911    ComputerName: MAUS-PC  UserName: Maus
17:17:45.332    Initialize success
17:17:53.226    AVAST engine defs: 12092200
17:17:59.388    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
17:17:59.388    Disk 0 Vendor: WDC_WD6401AALS-00L3B2 01.03B01 Size: 610480MB BusType: 3
17:17:59.419    Disk 0 MBR read successfully
17:17:59.419    Disk 0 MBR scan
17:17:59.419    Disk 0 Windows 7 default MBR code
17:17:59.419    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        2941 MB offset 63
17:17:59.419    Disk 0 Partition - 00    0F Extended LBA            607536 MB offset 6024436
17:17:59.435    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS        50006 MB offset 6024438
17:17:59.435    Disk 0 Partition - 00    05    Extended            50007 MB offset 108438750
17:17:59.450    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS        50006 MB offset 108438813
17:17:59.450    Disk 0 Partition - 00    05    Extended            50007 MB offset 313267439
17:17:59.466    Disk 0 Partition 4 00    07    HPFS/NTFS NTFS        50006 MB offset 210853188
17:17:59.466    Disk 0 Partition - 00    05    Extended            50007 MB offset 518096189
17:17:59.481    Disk 0 Partition 5 00    07    HPFS/NTFS NTFS        50006 MB offset 313267563
17:17:59.481    Disk 0 Partition - 00    05    Extended            80003 MB offset 722924939
17:17:59.528    Disk 0 Partition 6 00    07    HPFS/NTFS NTFS        80003 MB offset 415681938
17:17:59.528    Disk 0 Partition - 00    05    Extended            80003 MB offset 989186249
17:17:59.575    Disk 0 Partition 7 00    07    HPFS/NTFS NTFS        80003 MB offset 579528873
17:17:59.575    Disk 0 Partition - 00    05    Extended            80003 MB offset 1316880119
17:17:59.622    Disk 0 Partition 8 00    07    HPFS/NTFS NTFS        80003 MB offset 743375808
17:17:59.637    Disk 0 Partition - 00    05    Extended            80003 MB offset 1644573989
17:17:59.684    Disk 0 Partition 9 00    07    HPFS/NTFS NTFS        80003 MB offset 907222743
17:17:59.684    Disk 0 Partition - 00    05    Extended            40005 MB offset 1972267859
17:17:59.747    Disk 0 Partition 10 00    83        Linux            40005 MB offset 1071069678
17:17:59.747    Disk 0 Partition - 00    05    Extended            25007 MB offset 2218046294
17:17:59.809    Disk 0 Partition 11 00    07    HPFS/NTFS NTFS        25007 MB offset 1153001178
17:17:59.825    Disk 0 Partition - 00    05    Extended            10001 MB offset 2351193014
17:17:59.903    Disk 0 Partition 12 00    07    HPFS/NTFS NTFS        10001 MB offset 1204216398
17:17:59.903    Disk 0 Partition - 00    05    Extended            10424 MB offset 2422891109
17:17:59.981    Disk 0 Partition 13 00    83        Linux            10424 MB offset 1224699273
17:17:59.981    Disk 0 Partition - 00    05    Extended              2055 MB offset 2464724369
17:18:00.012    Disk 0 Partition 14 00    82  Linux swap              2055 MB offset 1246049658
17:18:00.121    Disk 0 scanning C:\Windows\system32\drivers
17:18:06.408    Service scanning
17:18:18.389    Modules scanning
17:18:18.389    Disk 0 trace - called modules:
17:18:18.404    ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
17:18:18.404    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80049b6790]
17:18:18.420    3 CLASSPNP.SYS[fffffa6000fcec33] -> nt!IofCallDriver -> [0xfffffa8003b029b0]
17:18:18.420    5 acpi.sys[fffffa60008fcfde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0xfffffa8003b04060]
17:18:19.122    AVAST engine scan C:\Windows
17:18:20.947    AVAST engine scan C:\Windows\system32
17:20:04.531    AVAST engine scan C:\Windows\system32\drivers
17:20:11.504    AVAST engine scan C:\Users\Maus
17:21:25.277    Disk 0 MBR has been saved successfully to "C:\Users\Maus\Desktop\MBR.dat"
17:21:25.292    The log file has been saved successfully to "C:\Users\Maus\Desktop\aswMBR.txt"
Grüße,
Waterdragon

cosinus 22.09.2012 19:39
Das mit OSAM könnte an Vista liegen. Ist nicht weiter tragisch

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Waterdragon 23.09.2012 21:49
Hi!

Hier das Log vom MBAM:

Code:
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.23.04

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Maus :: MAUS-PC [Administrator]

23.09.2012 18:44:44
mbam-log-2012-09-23 (20-15-24).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|M:\|N:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 563049
Laufzeit: 1 Stunde(n), 3 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\_OTL\MovedFiles\09112012_194748\C_Windows\Installer\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}\U\80000000.@ (Rootkit.0Access.64) -> Keine Aktion durchgeführt.

(Ende)
und das "kurze" Log von SASW:

Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 09/23/2012 at 10:32 PM

Application Version : 5.5.1016

Core Rules Database Version : 9275
Trace Rules Database Version: 7087

Scan type      : Complete Scan
Total Scan Time : 02:07:41

Operating System Information
Windows Vista Home Premium 64-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Administrator

Memory items scanned      : 691
Memory threats detected  : 0
Registry items scanned    : 63306
Registry threats detected : 0
File items scanned        : 384369
File threats detected    : 568

Adware.Tracking Cookie
        C:\Users\Maus\AppData\Roaming\Microsoft\Windows\Cookies\maus@apmebf[2].txt [ /apmebf ]
        C:\Users\Maus\AppData\Roaming\Microsoft\Windows\Cookies\maus@www.zanox-affiliate[2].txt [ /www.zanox-affiliate ]
        C:\Users\Maus\AppData\Roaming\Microsoft\Windows\Cookies\maus@zanox-affiliate[2].txt [ /zanox-affiliate ]
        C:\Users\Maus\AppData\Roaming\Microsoft\Windows\Cookies\47O9ST6U.txt [ /ad.zanox.com ]
        C:\Users\Maus\AppData\Roaming\Microsoft\Windows\Cookies\NIULIU21.txt [ /track.adform.net ]
        C:\Users\Maus\AppData\Roaming\Microsoft\Windows\Cookies\4I2D3D4J.txt [ /adfarm1.adition.com ]
        C:\Users\Maus\AppData\Roaming\Microsoft\Windows\Cookies\3457L650.txt [ /imrworldwide.com ]
        C:\Users\Maus\AppData\Roaming\Microsoft\Windows\Cookies\G2VY0OS0.txt [ /fastclick.net ]
        C:\Users\Maus\AppData\Roaming\Microsoft\Windows\Cookies\TJ9RK6R3.txt [ /atdmt.com ]
        C:\Users\Maus\AppData\Roaming\Microsoft\Windows\Cookies\NPFMQ4JV.txt [ /c.atdmt.com ]
        C:\Users\Maus\AppData\Roaming\Microsoft\Windows\Cookies\DR8W6P1F.txt [ /doubleclick.net ]
        C:\Users\Maus\AppData\Roaming\Microsoft\Windows\Cookies\67RJLUG9.txt [ /bs.serving-sys.com ]
        C:\Users\Maus\AppData\Roaming\Microsoft\Windows\Cookies\61NP7LZW.txt [ /serving-sys.com ]
        C:\Users\Maus\AppData\Roaming\Microsoft\Windows\Cookies\YNR3WKN5.txt [ /ad1.adfarm1.adition.com ]
        C:\Users\Maus\AppData\Roaming\Microsoft\Windows\Cookies\0UGCC2WC.txt [ /zanox.com ]
        C:\Users\Maus\AppData\Roaming\Microsoft\Windows\Cookies\64G9HFAR.txt [ /tracking.quisma.com ]
        C:\Users\Maus\AppData\Roaming\Microsoft\Windows\Cookies\Y056GB2W.txt [ /accountingbusinessservice.com ]
        C:\Users\Maus\AppData\Roaming\Microsoft\Windows\Cookies\V438OPDM.txt [ /adform.net ]
        C:\Users\Maus\AppData\Roaming\Microsoft\Windows\Cookies\RGAFDK09.txt [ /mediaplex.com ]
        C:\USERS\MAUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\JLVBMXE8.txt [ Cookie:maus@ad.zanox.com/ ]
        C:\USERS\MAUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\19L20QQ6.txt [ Cookie:maus@track.adform.net/ ]
        C:\USERS\MAUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\maus@eas.apm.emediate[2].txt [ Cookie:maus@eas.apm.emediate.eu/ ]
        C:\USERS\MAUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\TAG0HDZ4.txt [ Cookie:maus@adfarm1.adition.com/ ]
        C:\USERS\MAUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\maus@verticaltechmedia[1].txt [ Cookie:maus@verticaltechmedia.de/ ]
        C:\USERS\MAUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\maus@revsci[2].txt [ Cookie:maus@revsci.net/ ]
        C:\USERS\MAUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\BH25MBFU.txt [ Cookie:maus@imrworldwide.com/cgi-bin ]
        C:\USERS\MAUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\XI0F0XL9.txt [ Cookie:maus@atdmt.com/ ]
        C:\USERS\MAUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\maus@adxpose[1].txt [ Cookie:maus@adxpose.com/ ]
        C:\USERS\MAUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\1A5CP69R.txt [ Cookie:maus@c.atdmt.com/ ]
        C:\USERS\MAUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\2ZR266VY.txt [ Cookie:maus@superrtl.122.2o7.net/ ]
        C:\USERS\MAUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZE27T8SS.txt [ Cookie:maus@doubleclick.net/ ]
        C:\USERS\MAUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\MHIO2WG1.txt [ Cookie:maus@invitemedia.com/ ]
        C:\USERS\MAUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\6ZEPMYG2.txt [ Cookie:maus@serving-sys.com/ ]
        C:\USERS\MAUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\maus@media-manager.ksk-koeln[2].txt [ Cookie:maus@media-manager.ksk-koeln.de/ ]
        C:\USERS\MAUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\maus@adx.chip[1].txt [ Cookie:maus@adx.chip.de/ ]
        C:\USERS\MAUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\7V1U80UN.txt [ Cookie:maus@questionmarket.com/ ]
        C:\USERS\MAUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\1R035IQX.txt [ Cookie:maus@www.googleadservices.com/pagead/conversion/1071841491/ ]
        C:\USERS\MAUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\X0G81UTU.txt [ Cookie:maus@c1.atdmt.com/ ]
        C:\USERS\MAUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\maus@webmasterplan[1].txt [ Cookie:maus@webmasterplan.com/ ]
        C:\USERS\MAUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\maus@count.asnetworks[1].txt [ Cookie:maus@count.asnetworks.de/ ]
        C:\USERS\MAUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\CYD0W02L.txt [ Cookie:maus@ad.yieldmanager.com/ ]
        C:\USERS\MAUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\2Y28DRMQ.txt [ Cookie:maus@adform.net/ ]
        C:\USERS\MAUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\maus@mediaplex[1].txt [ Cookie:maus@mediaplex.com/ ]
        C:\USERS\MAUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\maus@unitymedia[2].txt [ Cookie:maus@unitymedia.de/ ]
        C:\USERS\MAUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\F70OX112.txt [ Cookie:maus@fl01.ct2.comclick.com/ ]
        C:\USERS\MAUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\OJ5VR3UW.txt [ Cookie:maus@ad3.adfarm1.adition.com/ ]
        C:\USERS\MAUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\U7ZOCYUV.txt [ Cookie:maus@adtech.de/ ]
        C:\USERS\MAUS\Cookies\47O9ST6U.txt [ Cookie:maus@ad.zanox.com/ ]
        C:\USERS\MAUS\Cookies\NIULIU21.txt [ Cookie:maus@track.adform.net/ ]
        C:\USERS\MAUS\Cookies\4I2D3D4J.txt [ Cookie:maus@adfarm1.adition.com/ ]
        C:\USERS\MAUS\Cookies\3457L650.txt [ Cookie:maus@imrworldwide.com/cgi-bin ]
        C:\USERS\MAUS\Cookies\maus@zanox-affiliate[2].txt [ Cookie:maus@zanox-affiliate.de/ ]
        C:\USERS\MAUS\Cookies\G2VY0OS0.txt [ Cookie:maus@fastclick.net/ ]
        C:\USERS\MAUS\Cookies\TJ9RK6R3.txt [ Cookie:maus@atdmt.com/ ]
        C:\USERS\MAUS\Cookies\NPFMQ4JV.txt [ Cookie:maus@c.atdmt.com/ ]
        C:\USERS\MAUS\Cookies\DR8W6P1F.txt [ Cookie:maus@doubleclick.net/ ]
        C:\USERS\MAUS\Cookies\61NP7LZW.txt [ Cookie:maus@serving-sys.com/ ]
        C:\USERS\MAUS\Cookies\YNR3WKN5.txt [ Cookie:maus@ad1.adfarm1.adition.com/ ]
        C:\USERS\MAUS\Cookies\0UGCC2WC.txt [ Cookie:maus@zanox.com/ ]
        C:\USERS\MAUS\Cookies\Y056GB2W.txt [ Cookie:maus@accountingbusinessservice.com/ ]
        C:\USERS\MAUS\Cookies\V438OPDM.txt [ Cookie:maus@adform.net/ ]
        C:\USERS\MAUS\Cookies\RGAFDK09.txt [ Cookie:maus@mediaplex.com/ ]
        C:\USERS\MAUS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MAUS@AD.AD-SRV[1].TXT [ /AD.AD-SRV ]
        C:\USERS\MAUS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MAUS@TRACKING.QUISMA[1].TXT [ /TRACKING.QUISMA ]
        C:\USERS\MAUS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MAUS@AD.360YIELD[2].TXT [ /AD.360YIELD ]
        C:\USERS\MAUS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MAUS@MEDIA6DEGREES[1].TXT [ /MEDIA6DEGREES ]
        C:\USERS\MAUS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MAUS@LUCIDMEDIA[1].TXT [ /LUCIDMEDIA ]
        C:\USERS\MAUS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MAUS@RU4[1].TXT [ /RU4 ]
        C:\USERS\MAUS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MAUS@TRACKING.MLSAT02[1].TXT [ /TRACKING.MLSAT02 ]
        .atdmt.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .fastclick.net [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .secmedia.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .ru4.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .microsoftwllivemkt.112.2o7.net [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        tracking.tchibo.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .amazon-adsystem.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .amazon-adsystem.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .a.revenuemax.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adinterax.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        tracking.quisma.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .specificclick.net [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .xiti.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .histats.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .lego.112.2o7.net [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .guj.122.2o7.net [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .dealtime.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .stepstone.112.2o7.net [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        fr.sitestat.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        fr.sitestat.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .paypal.112.2o7.net [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .deutschepostag.112.2o7.net [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .audiag.112.2o7.net [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .kontera.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .ikea.122.2o7.net [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        adserver1.vest-netz.net [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .insightexpressai.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .insightexpressai.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .insightexpressai.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .insightexpressai.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6afkyehazehp.stats.esomniture.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        wstat.wibiya.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .statcounter.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .eyewonder.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .eyewonder.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .yadro.ru [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        track.zalando.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .collective-media.net [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .interclick.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .interclick.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .pro-market.net [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .pro-market.net [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .pro-market.net [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .gmeurope.112.2o7.net [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        eas4.emediate.eu [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        tracking.quisma.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        tracking.quisma.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .directadvert.ru [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .tns-counter.ru [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .movitex.122.2o7.net [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .pro-market.net [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        in.getclicky.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .game-advertising-online.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .weborama.fr [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        adserver.yopi.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        adserver.yopi.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        adserver.yopi.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        tracking.olx-st.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        tracking.quisma.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        teufel-media.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .ru4.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .histats.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6aekikjajobp.stats.esomniture.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        media1.tchibo-content.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        tracking.point-rouge.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        tracking.point-rouge.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .discounto.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .discounto.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .discounto.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        media-manager.ksk-koeln.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .estat.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .legolas-media.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .overture.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        tracking.decorativecoatings.biz [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .aok.122.2o7.net [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .blogads.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        stat.dealtime.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .mmstat.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        www.active-tracking.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        www.active-tracking.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        www.active-tracking.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adviva.net [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .kaspersky.122.2o7.net [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        track.adform.net [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .conrad.122.2o7.net [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        statse.webtrendslive.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .quartermedia.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .at.atwola.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .dmtracker.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .interclick.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .tribalfusion.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .stats.paypal.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .microsoftsto.112.2o7.net [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        media-manager.ksk-koeln.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wmkiwgczigp.stats.esomniture.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        track.adform.net [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        media3.tchibo-content.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        server.adform.net [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .flagcounter.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .ads.pointroll.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .pointroll.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .ads.pointroll.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .pointroll.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .ads.pointroll.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .ads.pointroll.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .ads.pointroll.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .ads.pointroll.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .ads.pointroll.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .ads.pointroll.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .myroitracking.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .clicksor.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .clicksor.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .clicksor.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .clicksor.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        www.linuxquestions.org [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        www.linuxquestions.org [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        account.thequestionsnetwork.org [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        account.thequestionsnetwork.org [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .www.linuxquestions.org [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .www.linuxquestions.org [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .www.linuxquestions.org [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        counters.gigya.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .c1.atdmt.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .c1.atdmt.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .realmedia.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .realmedia.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .bs.serving-sys.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        media4.tchibo-content.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .ad-emea.doubleclick.net [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        server.adform.net [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .burstnet.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .questionmarket.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .statcounter.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        www4.smartadserver.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        www4.smartadserver.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .lfstmedia.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .zanox-affiliate.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .accounts.google.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .accounts.google.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        accounts.google.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        accounts.google.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .cewecolor.112.2o7.net [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adinterax.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .clickfuse.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .tracking.mindshare.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .questionmarket.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .www.burstnet.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .burstnet.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .lucidmedia.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .tradetracker.net [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        ad4.adfarm1.adition.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .urbia.wwe-media.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        tomtailor.dyntracker.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        track.adform.net [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        track.adform.net [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        track.adform.net [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adform.net [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .bs.serving-sys.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .c.atdmt.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .c.atdmt.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .fastclick.net [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .traffictrack.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .ad.adnet.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .ad.adnet.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .c.atdmt.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .c.atdmt.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .c.atdmt.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .c.atdmt.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .yieldmanager.net [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .msnportal.112.2o7.net [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .h.atdmt.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .h.atdmt.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .h.atdmt.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .h.atdmt.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .clickfuse.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .zanox-affiliate.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        www.zanox-affiliate.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        ad.dyntracker.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .unitymedia.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .unitymedia.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        partners.webmasterplan.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .ad.adnet.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .cunda.122.2o7.net [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        adfarm1.adition.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        ad.adserver01.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        ad.adserver01.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .tracker.vinsight.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        adx2.chip.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .zanox.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        ad2.adfarm1.adition.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        ad1.adfarm1.adition.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        ww251.smartadserver.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        ad3.adfarm1.adition.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\MAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SIYTADI4.DEFAULT\COOKIES.SQLITE ]
        cdn1.eyewonder.com [ E:\USERS\WATERDRAGON\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KV8H7UK7 ]
        www.alphaporno.com [ E:\USERS\WATERDRAGON\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KV8H7UK7 ]
        E:\USERS\WATERDRAGON\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WATERDRAGON@TRIBALFUSION[2].TXT [ /TRIBALFUSION ]
        E:\USERS\WATERDRAGON\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WATERDRAGON@ADFARM1.ADITION[1].TXT [ /ADFARM1.ADITION ]
        E:\USERS\WATERDRAGON\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WATERDRAGON@TRACK.WEBTREKK[1].TXT [ /TRACK.WEBTREKK ]
        E:\USERS\WATERDRAGON\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WATERDRAGON@DOUBLECLICK[2].TXT [ /DOUBLECLICK ]
        E:\USERS\WATERDRAGON\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WATERDRAGON@ATDMT[1].TXT [ /ATDMT ]
        E:\USERS\WATERDRAGON\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WATERDRAGON@ADX.CHIP[1].TXT [ /ADX.CHIP ]
        E:\USERS\WATERDRAGON\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WATERDRAGON@KOMTRACK[1].TXT [ /KOMTRACK ]
        E:\USERS\WATERDRAGON\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WATERDRAGON@ADSRV.ADMEDIATE[1].TXT [ /ADSRV.ADMEDIATE ]
        E:\USERS\WATERDRAGON\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WATERDRAGON@ZBOX.ZANOX[2].TXT [ /ZBOX.ZANOX ]
        E:\USERS\WATERDRAGON\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WATERDRAGON@ADOPT.EUROCLICK[1].TXT [ /ADOPT.EUROCLICK ]
        E:\USERS\WATERDRAGON\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WATERDRAGON@TTO2.TRAFFICTRACK[2].TXT [ /TTO2.TRAFFICTRACK ]
        E:\USERS\WATERDRAGON\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WATERDRAGON@ADSERVER.71I[1].TXT [ /ADSERVER.71I ]
        E:\USERS\WATERDRAGON\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WATERDRAGON@APMEBF[1].TXT [ /APMEBF ]
        E:\USERS\WATERDRAGON\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WATERDRAGON@AD.ADSERVER01[1].TXT [ /AD.ADSERVER01 ]
        E:\USERS\WATERDRAGON\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WATERDRAGON@BS.SERVING-SYS[1].TXT [ /BS.SERVING-SYS ]
        E:\USERS\WATERDRAGON\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WATERDRAGON@REVENUE[2].TXT [ /REVENUE ]
        E:\USERS\WATERDRAGON\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WATERDRAGON@AD.AD-SRV[2].TXT [ /AD.AD-SRV ]
        E:\USERS\WATERDRAGON\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WATERDRAGON@IM.BANNER.T-ONLINE[2].TXT [ /IM.BANNER.T-ONLINE ]
        E:\USERS\WATERDRAGON\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WATERDRAGON@2O7[2].TXT [ /2O7 ]
        E:\USERS\WATERDRAGON\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WATERDRAGON@STAT.ALDI[2].TXT [ /STAT.ALDI ]
        E:\USERS\WATERDRAGON\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WATERDRAGON@ADS.SUN[1].TXT [ /ADS.SUN ]
        E:\USERS\WATERDRAGON\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WATERDRAGON@XITI[1].TXT [ /XITI ]
        E:\USERS\WATERDRAGON\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WATERDRAGON@EUROCLICK[1].TXT [ /EUROCLICK ]
        E:\USERS\WATERDRAGON\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WATERDRAGON@AD.ADITION[1].TXT [ /AD.ADITION ]
        E:\USERS\WATERDRAGON\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WATERDRAGON@WWW.ETRACKER[2].TXT [ /WWW.ETRACKER ]
        E:\USERS\WATERDRAGON\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WATERDRAGON@MICROSOFTWINDOWS.112.2O7[1].TXT [ /MICROSOFTWINDOWS.112.2O7 ]
        E:\USERS\WATERDRAGON\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WATERDRAGON@WWW.NETDEBIT-COUNTER[1].TXT [ /WWW.NETDEBIT-COUNTER ]
        E:\USERS\WATERDRAGON\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WATERDRAGON@SPECIFICCLICK[1].TXT [ /SPECIFICCLICK ]
        E:\USERS\WATERDRAGON\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WATERDRAGON@ADS.HEIAS[1].TXT [ /ADS.HEIAS ]
        E:\USERS\WATERDRAGON\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WATERDRAGON@AD.YIELDMANAGER[1].TXT [ /AD.YIELDMANAGER ]
        E:\USERS\WATERDRAGON\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WATERDRAGON@CONTENT.YIELDMANAGER[1].TXT [ /CONTENT.YIELDMANAGER ]
        E:\USERS\WATERDRAGON\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WATERDRAGON@SALES.LIVEPERSON[4].TXT [ /SALES.LIVEPERSON ]
        E:\USERS\WATERDRAGON\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WATERDRAGON@SALES.LIVEPERSON[2].TXT [ /SALES.LIVEPERSON ]
        E:\USERS\WATERDRAGON\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WATERDRAGON@SALES.LIVEPERSON[3].TXT [ /SALES.LIVEPERSON ]
        E:\USERS\WATERDRAGON\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WATERDRAGON@TRACKING.QUISMA[2].TXT [ /TRACKING.QUISMA ]
        E:\USERS\WATERDRAGON\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WATERDRAGON@ZANOX[2].TXT [ /ZANOX ]
        E:\USERS\WATERDRAGON\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WATERDRAGON@MICROSOFTSTO.112.2O7[1].TXT [ /MICROSOFTSTO.112.2O7 ]
        E:\USERS\WATERDRAGON\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WATERDRAGON@ROTATOR.ADJUGGLER[1].TXT [ /ROTATOR.ADJUGGLER ]
        E:\USERS\WATERDRAGON\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WATERDRAGON@EAS.APM.EMEDIATE[1].TXT [ /EAS.APM.EMEDIATE ]
        E:\USERS\WATERDRAGON\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WATERDRAGON@PENTONADS.ADVERTISING[1].TXT [ /PENTONADS.ADVERTISING ]
        E:\USERS\WATERDRAGON\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WATERDRAGON@STATSE.WEBTRENDSLIVE[1].TXT [ /STATSE.WEBTRENDSLIVE ]
        E:\USERS\WATERDRAGON\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WATERDRAGON@AD.71I[1].TXT [ /AD.71I ]
        E:\USERS\WATERDRAGON\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WATERDRAGON@ADVERTISING[1].TXT [ /ADVERTISING ]
        E:\USERS\WATERDRAGON\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WATERDRAGON@DDL-WAREZ[1].TXT [ /DDL-WAREZ ]
        E:\USERS\WATERDRAGON\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WATERDRAGON@ADVIVA[2].TXT [ /ADVIVA ]
        E:\USERS\WATERDRAGON\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WATERDRAGON@WWW.ADSERVEX[1].TXT [ /WWW.ADSERVEX ]
        E:\USERS\WATERDRAGON\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WATERDRAGON@WEBMASTERPLAN[1].TXT [ /WEBMASTERPLAN ]
        E:\USERS\WATERDRAGON\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WATERDRAGON@ADTECH[2].TXT [ /ADTECH ]
        E:\USERS\WATERDRAGON\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WATERDRAGON@MICROSOFTINTERNETEXPLORER.112.2O7[1].TXT [ /MICROSOFTINTERNETEXPLORER.112.2O7 ]
        E:\USERS\WATERDRAGON\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WATERDRAGON@CASALEMEDIA[1].TXT [ /CASALEMEDIA ]
        E:\USERS\WATERDRAGON\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WATERDRAGON@TRAFFICTRACK[2].TXT [ /TRAFFICTRACK ]
        E:\USERS\WATERDRAGON\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WATERDRAGON@DE.AT.ATWOLA[2].TXT [ /DE.AT.ATWOLA ]
        E:\USERS\WATERDRAGON\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WATERDRAGON@AD.ZANOX[1].TXT [ /AD.ZANOX ]
        E:\USERS\WATERDRAGON\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WATERDRAGON@MEDIAPLEX[1].TXT [ /MEDIAPLEX ]
        E:\USERS\WATERDRAGON\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WATERDRAGON@WWW.DDLWAREZ[1].TXT [ /WWW.DDLWAREZ ]
        E:\USERS\WATERDRAGON\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WATERDRAGON@WWW.DDL-WAREZ[2].TXT [ /WWW.DDL-WAREZ ]
        E:\USERS\WATERDRAGON\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WATERDRAGON@MSNPORTAL.112.2O7[1].TXT [ /MSNPORTAL.112.2O7 ]
        E:\USERS\WATERDRAGON\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WATERDRAGON@SERVING-SYS[1].TXT [ /SERVING-SYS ]
        E:\USERS\WATERDRAGON\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WATERDRAGON@TRADEDOUBLER[1].TXT [ /TRADEDOUBLER ]
        E:\USERS\WATERDRAGON\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WATERDRAGON@WWW8.ADDFREESTATS[1].TXT [ /WWW8.ADDFREESTATS ]
        E:\USERS\WATERDRAGON\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\WATERDRAGON@APMEBF[2].TXT [ /APMEBF ]
        E:\USERS\WATERDRAGON\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\WATERDRAGON@WWW.ZANOX-AFFILIATE[1].TXT [ /WWW.ZANOX-AFFILIATE ]
        E:\USERS\WATERDRAGON\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\WATERDRAGON@SMARTADSERVER[2].TXT [ /SMARTADSERVER ]
        E:\USERS\WATERDRAGON\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\WATERDRAGON@ZANOX[2].TXT [ /ZANOX ]
        E:\USERS\WATERDRAGON\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\WATERDRAGON@FASTCLICK[2].TXT [ /FASTCLICK ]
        E:\USERS\WATERDRAGON\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\WATERDRAGON@ZANOX-AFFILIATE[1].TXT [ /ZANOX-AFFILIATE ]
        E:\USERS\WATERDRAGON\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\WATERDRAGON@MEDIAPLEX[1].TXT [ /MEDIAPLEX ]

Trojan.Agent/Gen-FakeAV
        E:\PROGRAM FILES (X86)\WINRAR\DEFAULT.SFX
        G:\WIN RAR\DEFAULT.SFX
Grüße,
Waterdragon

cosinus 24.09.2012 14:01
Sieht ok aus, da wurden nur Cookies gefunden, der angebliche Fund bei WinRAR ist ein Fehalarm. Malwarebytes hat nur einen Fund in der Q von OTL gemeldet.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )


Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Waterdragon 27.09.2012 15:08
Hi!

Ja, mein System scheint ok zu sein. Kein Gemecker von Virenscannern und sonst auch keine Probleme.

D.h., mein System ist nun sauber - also nicht nur das Windows-Laufwerk sondern auch die Datenpartitionen?

Grüße,
Waterdragon

cosinus 27.09.2012 16:34
Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.


Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks => Adobe Flash Player Distribution | Adobe

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 02:21 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19