Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Neuer Tab wird mit "searchsafer" geöffnet Firefox (https://www.trojaner-board.de/124290-neuer-tab-searchsafer-geoeffnet-firefox.html)

BösesM 18.09.2012 21:04

Neuer Tab wird mit "searchsafer" geöffnet Firefox
 
Hallo Leute,
ich hab vor ein paar Tagen von Softonic etwas runtergeladen und mir chatzum und searchsafer dadurch eingefangen, nur im Firefox- IE funktioniert normal.
Aber im Firefox öffnet sich jedes mal beim neuem Tab "searchsafer" statt Google. (hab verschiedene Foren schon durchgelesen).
Habe verschiedene Sachen ausprobiert, manuell gelöscht, Firefox deinstalliert und neu installiert usw.
Mit Hilfe von Malewarebytes hatte ich es löschen können, bekam aber dann jedes mal beim Start meines PCs eine RunDLL Warnung, dass OpenCandy OCBrowserHelper nicht gefunden werden kann. Mir wurde geraten dass ich eine Widerhestellung auf einen früheren Zeitpunkt machen soll. Habe ich getan und nun ist searchsafer wieder im Firefox...
Kann mir bitte jemand helfen das Teil zu entfernen?

cosinus 19.09.2012 19:45

Zitat:

ich hab vor ein paar Tagen von Softonic etwas runtergeladen
Vermüllte Software von Softonic scheint gerade stark in Mode zu sein! :stirn:

Finger weg von Softonic!! :pfui:

Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen

Zitat:

Mit Hilfe von Malewarebytes hatte ich es löschen können,
Ohne die Logs von Malwarebytes und Co wird das hier nichts. :glaskugel:
Alles von Malwarebytes (und evtl. anderen Scannern) muss hier gepostet werden.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

BösesM 20.09.2012 03:28

Das ist der Log von dem Abend... ich hab alle Einträge mit "chatzum" und "searchsafer" aus der Reg gelöscht.


Code:

# AdwCleaner v2.002 - Datei am 09/18/2012 um 22:32:15 erstellt
# Aktualisiert am 16/09/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Jasmin - JASMIN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Jasmin\Downloads\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Ordner Gefunden : C:\Users\Jasmin\AppData\Roaming\OpenCandy

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gefunden : HKCU\Software\Iminent
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\SweetIm
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gefunden : HKLM\Software\Iminent
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gefunden : HKLM\Software\SweetIm
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gefunden : HKU\S-1-5-21-2757323760-757079131-3812645846-1000\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [webbooster@iminent.com]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.chatzum.com/
[HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=1ea0a65c-60ce-4ba4-b941-8a8c4eb63464&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
[HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=1ea0a65c-60ce-4ba4-b941-8a8c4eb63464&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
[HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=1ea0a65c-60ce-4ba4-b941-8a8c4eb63464&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
[HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=1ea0a65c-60ce-4ba4-b941-8a8c4eb63464&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}

-\\ Mozilla Firefox v15.0.1 (de)

Profilname : default
Datei : C:\Users\Jasmin\AppData\Roaming\Mozilla\Firefox\Profiles\354o56dh.default\prefs.js

Gefunden : user_pref("browser.newtab.url", "search.chatzum.com");
Gefunden : user_pref("browser.search.defaultengine", "Ask.com");
Gefunden : user_pref("browser.search.order.1", "Ask.com");
Gefunden : user_pref("id_chatzum.firstlaunch", "0");
Gefunden : user_pref("id_chatzum.guid", "%7B53FEAE48-A30E-E97F-8C2E-BC769C631BA9%7D");
Gefunden : user_pref("id_chatzum.hiddenvisual", 0);
Gefunden : user_pref("id_chatzum.openSearchEngineName", "Search%20Safer");
Gefunden : user_pref("id_chatzum.searchengine", "Google");
Gefunden : user_pref("id_chatzum.variables.SVar1", "%13");
Gefunden : user_pref("id_chatzum.variables.SVar10", "%13");
Gefunden : user_pref("id_chatzum.variables.SVar2", "%13");
Gefunden : user_pref("id_chatzum.variables.SVar3", "%13");
Gefunden : user_pref("id_chatzum.variables.SVar4", "%13");
Gefunden : user_pref("id_chatzum.variables.SVar5", "%13");
Gefunden : user_pref("id_chatzum.variables.SVar6", "%13");
Gefunden : user_pref("id_chatzum.variables.SVar7", "%13");
Gefunden : user_pref("id_chatzum.variables.SVar8", "%13");
Gefunden : user_pref("id_chatzum.variables.SVar9", "%13");
Gefunden : user_pref("id_chatzum.variables.Var1", "0");
Gefunden : user_pref("id_chatzum.variables.Var10", "0");
Gefunden : user_pref("id_chatzum.variables.Var2", "0");
Gefunden : user_pref("id_chatzum.variables.Var3", "0");
Gefunden : user_pref("id_chatzum.variables.Var4", "0");
Gefunden : user_pref("id_chatzum.variables.Var5", "0");
Gefunden : user_pref("id_chatzum.variables.Var6", "0");
Gefunden : user_pref("id_chatzum.variables.Var7", "0");
Gefunden : user_pref("id_chatzum.variables.Var8", "0");
Gefunden : user_pref("id_chatzum.variables.Var9", "0");
Gefunden : user_pref("id_chatzum_installed_version", "1.0.17");
Gefunden : user_pref("id_chatzum_tabpage", "hxxp%3A//searchsafer.com/");
Gefunden : user_pref("keyword.URL", "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=1ea0a65c-60ce[...]

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Jasmin\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [17374 octets] - [18/09/2012 03:59:04]
AdwCleaner[S2].txt - [1079 octets] - [18/09/2012 16:56:34]
AdwCleaner[R4].txt - [16429 octets] - [18/09/2012 22:32:15]

########## EOF - C:\AdwCleaner[R4].txt - [16490 octets] ##########

Hiernach bekam ich dann jedes mal beim Start des Pcs eine RunDLL Fehlermeldung das OpenCandy nicht verfügbar ist. Bin auf einen früheren Widerherstellungspunkt zurück- Virus wieder da- in Quarantäne von Maleware gesteckt und Regestry manuell bearbeitet, dann adwcleaner.

Code:

# AdwCleaner v2.002 - Datei am 09/18/2012 um 03:59:04 erstellt
# Aktualisiert am 16/09/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Jasmin - JASMIN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Jasmin\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Datei Gelöscht : C:\Users\Jasmin\AppData\Roaming\Mozilla\Firefox\Profiles\354o56dh.default\searchplugins\Web Search.xml
Datei Gelöscht : C:\Windows\Tasks\OpenCandyHelper.job
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\Users\Jasmin\AppData\Roaming\OpenCandy

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\Iminent
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\SweetIm
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\Software\SweetIm
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [webbooster@iminent.com]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Wiederhergestellt : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.chatzum.com/ --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=1ea0a65c-60ce-4ba4-b941-8a8c4eb63464&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=1ea0a65c-60ce-4ba4-b941-8a8c4eb63464&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=1ea0a65c-60ce-4ba4-b941-8a8c4eb63464&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=1ea0a65c-60ce-4ba4-b941-8a8c4eb63464&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com

-\\ Mozilla Firefox v15.0.1 (de)

Profilname : default
Datei : C:\Users\Jasmin\AppData\Roaming\Mozilla\Firefox\Profiles\354o56dh.default\prefs.js

C:\Users\Jasmin\AppData\Roaming\Mozilla\Firefox\Profiles\354o56dh.default\user.js ... Gelöscht !

Gelöscht : user_pref("browser.newtab.url", "search.chatzum.com");
Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Gelöscht : user_pref("id_chatzum.firstlaunch", "0");
Gelöscht : user_pref("id_chatzum.guid", "%7B53FEAE48-A30E-E97F-8C2E-BC769C631BA9%7D");
Gelöscht : user_pref("id_chatzum.hiddenvisual", 0);
Gelöscht : user_pref("id_chatzum.openSearchEngineName", "Search%20Safer");
Gelöscht : user_pref("id_chatzum.searchengine", "Google");
Gelöscht : user_pref("id_chatzum.variables.SVar1", "%13");
Gelöscht : user_pref("id_chatzum.variables.SVar10", "%13");
Gelöscht : user_pref("id_chatzum.variables.SVar2", "%13");
Gelöscht : user_pref("id_chatzum.variables.SVar3", "%13");
Gelöscht : user_pref("id_chatzum.variables.SVar4", "%13");
Gelöscht : user_pref("id_chatzum.variables.SVar5", "%13");
Gelöscht : user_pref("id_chatzum.variables.SVar6", "%13");
Gelöscht : user_pref("id_chatzum.variables.SVar7", "%13");
Gelöscht : user_pref("id_chatzum.variables.SVar8", "%13");
Gelöscht : user_pref("id_chatzum.variables.SVar9", "%13");
Gelöscht : user_pref("id_chatzum.variables.Var1", "0");
Gelöscht : user_pref("id_chatzum.variables.Var10", "0");
Gelöscht : user_pref("id_chatzum.variables.Var2", "0");
Gelöscht : user_pref("id_chatzum.variables.Var3", "0");
Gelöscht : user_pref("id_chatzum.variables.Var4", "0");
Gelöscht : user_pref("id_chatzum.variables.Var5", "0");
Gelöscht : user_pref("id_chatzum.variables.Var6", "0");
Gelöscht : user_pref("id_chatzum.variables.Var7", "0");
Gelöscht : user_pref("id_chatzum.variables.Var8", "0");
Gelöscht : user_pref("id_chatzum.variables.Var9", "0");
Gelöscht : user_pref("id_chatzum_installed_version", "1.0.17");
Gelöscht : user_pref("id_chatzum_tabpage", "hxxp%3A//searchsafer.com/");
Gelöscht : user_pref("keyword.URL", "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=1ea0a65c-60ce[...]

*************************

AdwCleaner[R1].txt - [16432 octets] - [18/09/2012 03:56:35]
AdwCleaner[R2].txt - [16493 octets] - [18/09/2012 03:58:02]
AdwCleaner[S1].txt - [17345 octets] - [18/09/2012 03:59:04]

########## EOF - C:\AdwCleaner[S1].txt - [17406 octets] ##########


Log von Maleware von heute:

Code:

Malwarebytes Anti-Malware (Test) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.18.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jasmin :: JASMIN-PC [Administrator]

Schutz: Deaktiviert

20.09.2012 04:18:37
mbam-log-2012-09-20 (04-18-37).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 221544
Laufzeit: 6 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


adwcleaner von heute:

Code:

# AdwCleaner v2.002 - Datei am 09/20/2012 um 04:26:58 erstellt
# Aktualisiert am 16/09/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Jasmin - JASMIN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Jasmin\Downloads\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0.1 (de)

Profilname : default
Datei : C:\Users\Jasmin\AppData\Roaming\Mozilla\Firefox\Profiles\354o56dh.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Jasmin\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S2].txt - [1079 octets] - [18/09/2012 16:56:34]
AdwCleaner[R4].txt - [16462 octets] - [18/09/2012 22:32:15]
AdwCleaner[R5].txt - [15266 octets] - [18/09/2012 23:13:54]
AdwCleaner[R6].txt - [14488 octets] - [18/09/2012 23:34:12]
AdwCleaner[R7].txt - [1171 octets] - [20/09/2012 04:26:58]

########## EOF - C:\AdwCleaner[R7].txt - [1231 octets] ##########


cosinus 20.09.2012 14:44

Toll so ein Log von Malwarebytes ohne Funde, jetzt weiß ich ja auch was es gefunden und entfernt hat!

BösesM 21.09.2012 00:17

Oh sorry gefunden hat er dieses:

Code:

Malwarebytes Anti-Malware (Test) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.18.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jasmin :: JASMIN-PC [Administrator]

Schutz: Deaktiviert

18.09.2012 19:42:35
mbam-log-2012-09-18 (19-42-35).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 223308
Laufzeit: 15 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Jasmin\AppData\Local\Temp\Shortcut_sweetimsetup.exe (Adware.Sweetim.Force) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jasmin\Downloads\VLCVideoConverterSetup.exe (PUP.BundleInstaller.BI) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)


cosinus 21.09.2012 14:58

Und das sind jetzt wirklich auch alle Logs von Malwarebytes?

BösesM 21.09.2012 19:30

Ja, das sind alle. Den von Maleware was er gefunden hat, hab ich drei mal- genau identisch!

cosinus 21.09.2012 21:58


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset



Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

BösesM 24.09.2012 23:48

So sorry erstmal das ich jetzt erst wieder antworte- ich war das WE nicht zuhause. Habe ESET nun ausgeführt (Virenprog + Firewall deaktiviert). Hier das Ergebnis:

Code:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=db6e60e114861d44896625e09e69415c
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-24 10:42:40
# local_time=2012-09-25 12:42:40 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 29734988 29734988 0 0
# compatibility_mode=5893 16776573 100 94 10668 100145225 0 0
# compatibility_mode=8192 67108863 100 0 201 201 0 0
# scanned=304275
# found=1
# cleaned=0
# scan_time=11205
C:\Users\Jasmin\Downloads\Progs\asc-setup.exe        a variant of Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I


cosinus 25.09.2012 12:06

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

BösesM 25.09.2012 18:23

Neu geladen und ausgeführt- Log:

Code:

# AdwCleaner v2.003 - Datei am 09/25/2012 um 19:22:46 erstellt
# Aktualisiert am 23/09/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Jasmin - JASMIN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Jasmin\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0.1 (de)

Profilname : default
Datei : C:\Users\Jasmin\AppData\Roaming\Mozilla\Firefox\Profiles\354o56dh.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Jasmin\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S2].txt - [1079 octets] - [18/09/2012 16:56:34]
AdwCleaner[R4].txt - [16462 octets] - [18/09/2012 22:32:15]
AdwCleaner[R5].txt - [15266 octets] - [18/09/2012 23:13:54]
AdwCleaner[R6].txt - [14488 octets] - [18/09/2012 23:34:12]
AdwCleaner[R7].txt - [1300 octets] - [20/09/2012 04:26:58]
AdwCleaner[R8].txt - [1229 octets] - [25/09/2012 19:22:46]

########## EOF - C:\AdwCleaner[R8].txt - [1289 octets] ##########


cosinus 25.09.2012 19:52

Hätte da mal drei Fragen bevor es weiter geht (wir sind noch nicht fertig!)

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
3.) Die Werbeeinblendungen bzw Weiterleitungen wie zB Incredibar oder Mystart sind nun weg?

BösesM 26.09.2012 20:47

Der normale Modus geht bisher ohne Probleme oder Fehlermeldungen. Auch unter den Programmen scheint alles ok zu sein, mir fällt nichts auf das was fehlt und es sind keine leere Ordner vorhanden. Die Weiterleitung beim neuen Tab öffnen auf searchsafer bzw Chatzum-Meldung taucht nicht mehr auf (war ja schon weg nachdem ich in der Reg alles rausgelöscht hatte).
Hab nur irgendwie das Gefühl das alles ein Ticken langsamer läuft als vorher...

cosinus 27.09.2012 15:41

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT


BösesM 29.09.2012 00:50

Hier der Log:

OTL Logfile:
Code:

OTL logfile created on: 29.09.2012 01:10:51 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Jasmin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,10 Gb Available Physical Memory | 52,64% Memory free
7,99 Gb Paging File | 5,41 Gb Available in Paging File | 67,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582,21 Gb Total Space | 423,36 Gb Free Space | 72,72% Space Free | Partition Type: NTFS
Drive D: | 13,67 Gb Total Space | 2,27 Gb Free Space | 16,59% Space Free | Partition Type: NTFS
Drive E: | 99,34 Mb Total Space | 96,77 Mb Free Space | 97,42% Space Free | Partition Type: FAT32
 
Computer Name: JASMIN-PC | User Name: Jasmin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.28 22:01:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jasmin\Desktop\OTL.exe
PRC - [2012.09.25 11:05:20 | 000,247,728 | ---- | M] (Facebook) -- C:\Users\Jasmin\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.08.31 02:52:22 | 000,021,432 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012.08.31 02:52:14 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012.08.31 02:52:12 | 000,964,024 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
PRC - [2012.08.08 22:59:02 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.16 16:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.07.03 20:52:09 | 001,564,368 | ---- | M] () -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe
PRC - [2012.05.08 20:09:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 20:09:58 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.07.11 23:47:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2011.03.28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010.09.17 11:14:50 | 000,098,304 | ---- | M] (Firebird Project) -- C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
PRC - [2010.09.17 11:14:42 | 003,735,552 | ---- | M] (Firebird Project) -- C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe
PRC - [2009.10.06 23:56:44 | 000,415,016 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
PRC - [2009.09.05 17:29:06 | 000,385,024 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe
PRC - [2009.06.18 15:19:30 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.09.25 11:05:32 | 022,423,984 | ---- | M] () -- C:\Users\Jasmin\AppData\Local\Facebook\Messenger\2.1.4651.0\libcef.dll
MOD - [2012.09.25 11:05:08 | 000,181,680 | ---- | M] () -- C:\Users\Jasmin\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.WinForms.dll
MOD - [2012.09.25 11:05:00 | 000,286,640 | ---- | M] () -- C:\Users\Jasmin\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.dll
MOD - [2012.09.19 10:13:02 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.09.19 10:11:46 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll
MOD - [2012.09.19 01:22:55 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\26e0457a9776a0e9f23e3986686d90a5\System.ServiceProcess.ni.dll
MOD - [2012.09.19 01:15:17 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\7ce183c1bf9fef5fd29cddc5a86878be\System.Runtime.Remoting.ni.dll
MOD - [2012.09.19 01:13:51 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll
MOD - [2012.09.18 20:38:56 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
MOD - [2012.09.18 20:38:51 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.09.18 20:38:50 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012.09.18 20:38:35 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.09.18 20:38:31 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.09.18 20:38:27 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.09.18 20:38:21 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012.09.18 20:33:42 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll
MOD - [2012.09.18 20:33:33 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll
MOD - [2012.09.18 20:33:08 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll
MOD - [2012.09.18 20:33:02 | 018,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll
MOD - [2012.09.18 20:32:44 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll
MOD - [2012.09.18 20:32:33 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll
MOD - [2012.09.18 20:32:26 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll
MOD - [2012.09.18 20:32:22 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a84262e1224189f93e10cd3c403a9527\System.Configuration.ni.dll
MOD - [2012.09.18 20:32:19 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll
MOD - [2012.09.18 20:32:11 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll
MOD - [2012.09.18 20:32:05 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll
MOD - [2012.09.05 00:32:36 | 000,115,137 | ---- | M] () -- C:\Users\Jasmin\AppData\Local\Temp\fbe2808e-2380-4f14-a1fa-3fa9c3a364e8\CliSecureRT.dll
MOD - [2012.08.31 02:52:22 | 000,021,432 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2012.07.03 20:52:09 | 001,564,368 | ---- | M] () -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 03:58:50 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2010.11.05 03:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009.08.20 13:35:48 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2009.08.20 13:35:46 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2009.08.20 13:35:46 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.05.13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010.11.20 15:24:57 | 000,189,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mqtgsvc.exe -- (MSMQTriggers)
SRV:64bit: - [2010.11.20 15:24:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\inetinfo.exe -- (IISADMIN)
SRV:64bit: - [2010.03.23 14:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009.08.05 06:44:56 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 03:39:20 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mqsvc.exe -- (MSMQ)
SRV:64bit: - [2009.03.02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)
SRV - [2012.09.11 22:14:41 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.09.06 03:25:06 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.16 16:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.07.03 20:52:09 | 001,564,368 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe -- (Guard.Mail.ru)
SRV - [2012.07.03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.08 20:09:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 20:09:58 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011.06.21 15:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011.03.28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010.11.20 14:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010.11.20 14:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010.11.20 14:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010.09.17 11:14:50 | 000,098,304 | ---- | M] (Firebird Project) [Auto | Running] -- C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance)
SRV - [2010.09.17 11:14:42 | 003,735,552 | ---- | M] (Firebird Project) [On_Demand | Running] -- C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe -- (FirebirdServerDefaultInstance)
SRV - [2010.03.23 14:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe -- (STacSV)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.18 15:19:30 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.06 02:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009.03.02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)
SRV - [2009.02.22 13:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Stopped] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.07.31 12:42:48 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012.07.31 12:42:48 | 000,102,240 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012.05.08 20:09:59 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 20:09:59 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.22 13:51:38 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.05.13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011.05.13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:49:51 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.03.23 14:53:06 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009.09.21 20:47:14 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.08.05 07:23:00 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.07.24 09:49:00 | 000,119,312 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:26:13 | 000,189,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mqac.sys -- (MQAC)
DRV:64bit: - [2009.06.29 20:17:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.23 08:52:30 | 000,215,040 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.05.05 07:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009.04.29 09:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009.03.09 07:49:08 | 000,036,408 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{04B91443-1094-4E6F-9502-58F3AB55E03C}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-2757323760-757079131-3812645846-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2757323760-757079131-3812645846-1000\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}
IE - HKU\S-1-5-21-2757323760-757079131-3812645846-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-2757323760-757079131-3812645846-1000\..\SearchScopes\{67874597-9748-4BBF-9160-CE8173F1392D}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
IE - HKU\S-1-5-21-2757323760-757079131-3812645846-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledAddons: fmconverter@gmail.com:1.0.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Jasmin\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll (Facebook, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012.09.18 19:32:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.18 21:16:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
 
[2010.08.20 12:50:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jasmin\AppData\Roaming\mozilla\Extensions
[2012.09.14 07:26:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jasmin\AppData\Roaming\mozilla\Firefox\Profiles\354o56dh.default\extensions
[2012.09.25 19:07:40 | 000,000,950 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-1.xml
[2011.09.12 23:14:07 | 000,000,950 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-10.xml
[2011.09.28 18:13:31 | 000,000,950 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-11.xml
[2011.10.06 16:15:06 | 000,000,950 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-12.xml
[2011.11.10 04:39:40 | 000,000,950 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-13.xml
[2011.11.11 17:05:33 | 000,000,950 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-14.xml
[2011.12.03 17:34:34 | 000,000,950 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-15.xml
[2011.12.25 07:07:01 | 000,000,950 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-16.xml
[2012.01.07 13:16:52 | 000,000,950 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-17.xml
[2012.02.03 18:23:17 | 000,000,950 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-18.xml
[2012.02.11 23:52:15 | 000,000,950 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-19.xml
[2011.03.24 18:16:40 | 000,000,950 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-2.xml
[2012.02.19 15:23:27 | 000,000,950 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-20.xml
[2012.03.08 20:41:39 | 000,000,950 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-21.xml
[2012.03.29 14:13:46 | 000,000,950 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-22.xml
[2011.04.30 04:06:56 | 000,000,950 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-3.xml
[2011.05.22 19:02:20 | 000,000,950 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-4.xml
[2011.06.24 05:05:45 | 000,000,950 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-5.xml
[2011.08.01 16:04:13 | 000,000,950 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-6.xml
[2011.08.17 02:32:15 | 000,000,950 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-7.xml
[2011.08.22 21:09:18 | 000,000,950 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-8.xml
[2011.09.06 11:58:57 | 000,000,950 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-9.xml
[2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin.xml
[2012.09.26 23:47:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.26 23:47:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.09.18 19:32:46 | 000,000,000 | ---D | M] (Freemake Video Converter Plugin) -- C:\PROGRAM FILES (X86)\FREEMAKE\FREEMAKE VIDEO CONVERTER\BROWSERPLUGIN\FIREFOX
[2012.09.06 03:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.09.06 04:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.06 04:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.09.06 04:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.06 04:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.06 04:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.06 04:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com
CHR - homepage: hxxp://www.google.com
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-2757323760-757079131-3812645846-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2757323760-757079131-3812645846-1000\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [MsmqIntCert] C:\Windows\SysNative\mqrt.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [Guard.Mail.ru.gui] C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe ()
O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2757323760-757079131-3812645846-1000..\Run: [Facebook Update] C:\Users\Jasmin\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-2757323760-757079131-3812645846-1000..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-2757323760-757079131-3812645846-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Jasmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\Jasmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\Jasmin\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe (Facebook)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-2757323760-757079131-3812645846-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~4\Office10\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~4\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2603F0B0-C40E-4B37-A3C5-35033A78188E}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{342771a8-ef39-11e1-8bd6-c80aa93f9239}\Shell - "" = AutoRun
O33 - MountPoints2\{342771a8-ef39-11e1-8bd6-c80aa93f9239}\Shell\AutoRun\command - "" = G:\MotoCastSetup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
MsConfig:64bit - StartUpReg: HPADVISOR - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
MsConfig:64bit - StartUpReg: SpybotSD TeaTimer - hkey= - key= -  File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.28 22:01:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jasmin\Desktop\OTL.exe
[2012.09.26 23:47:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.09.26 23:46:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.09.26 23:32:14 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
[2012.09.25 01:00:08 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\Desktop\Pier
[2012.09.25 00:59:35 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\Desktop\Deutschrockparty Dragonspeed Gillenfeld
[2012.09.24 21:32:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.09.24 21:32:16 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Jasmin\Desktop\esetsmartinstaller_enu.exe
[2012.09.21 09:18:34 | 000,000,000 | -H-D | C] -- C:\Users\Jasmin\Documents\Freemake_do_not_remove_this_folder634838159143901493
[2012.09.21 04:33:36 | 000,000,000 | -H-D | C] -- C:\Users\Jasmin\Documents\Freemake_do_not_remove_this_folder634837988160371794
[2012.09.20 02:34:58 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\Documents\AVS4YOU
[2012.09.18 21:44:12 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Roaming\ESET
[2012.09.18 21:44:12 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Local\ESET
[2012.09.18 21:16:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.09.18 21:16:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.09.18 19:38:10 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.09.18 17:50:42 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Local\Google
[2012.09.18 17:50:41 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Roaming\SUPERAntiSpyware.com
[2012.09.18 17:50:24 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.09.18 17:34:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.18 17:34:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.09.18 02:21:56 | 000,000,000 | ---D | C] -- C:\Windows\rundll16.exe
[2012.09.18 02:21:56 | 000,000,000 | ---D | C] -- C:\Windows\rundl132.dll
[2012.09.18 02:21:56 | 000,000,000 | ---D | C] -- C:\Windows\logo1_.exe
[2012.09.18 01:24:50 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Roaming\Malwarebytes
[2012.09.18 01:24:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.14 23:26:31 | 000,000,000 | -H-D | C] -- C:\Users\Jasmin\Documents\Freemake_do_not_remove_this_folder634832619913156298
[2012.09.14 07:59:26 | 000,000,000 | -H-D | C] -- C:\Users\Jasmin\Documents\Freemake_do_not_remove_this_folder
[2012.09.14 07:59:09 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\Documents\Freemake
[2012.09.14 07:59:07 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
[2012.09.14 07:59:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
[2012.09.14 07:59:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake
[2012.09.14 07:58:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freemake
[2012.09.14 06:58:20 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Roaming\WinParam
[2012.09.14 06:58:15 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\Documents\Videos
[2012.09.14 06:58:05 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Roaming\KastorTubeToMp3
[2012.09.14 06:51:47 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Local\Abelssoft
[2012.09.12 05:18:52 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Roaming\FreeCDRipper
[2012.09.12 03:18:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2012.09.11 23:28:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Audio Pack
[2012.09.11 23:28:47 | 002,084,864 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudDesign.dll
[2012.09.11 23:28:47 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudFile.dll
[2012.09.11 23:28:47 | 001,212,416 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudioInfos.dll
[2012.09.11 23:28:47 | 000,479,232 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudioVisu.dll
[2012.09.11 23:28:47 | 000,458,752 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudPlayer.dll
[2012.09.11 23:28:47 | 000,454,656 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudioRecord.dll
[2012.09.11 23:28:47 | 000,417,792 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudDisplay.dll
[2012.09.11 23:28:47 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\WMAFile.dll
[2012.09.11 23:28:46 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Roaming\FreeAudioPack
[2012.09.11 23:28:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free mp3 Wma Converter
[2012.09.06 22:15:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tools&More
[2012.09.06 22:15:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tools&More
[2012.09.06 22:14:01 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2012.09.06 00:22:26 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Local\Paint.NET
[2012.09.05 00:31:48 | 000,203,104 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys
[2012.09.05 00:31:48 | 000,102,240 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys
[2012.09.04 16:56:29 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\Desktop\Neu
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.29 01:07:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.28 23:24:02 | 000,001,142 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2757323760-757079131-3812645846-1000UA.job
[2012.09.28 23:24:01 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2757323760-757079131-3812645846-1000Core.job
[2012.09.28 22:01:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jasmin\Desktop\OTL.exe
[2012.09.28 04:07:54 | 001,780,064 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.09.28 04:07:54 | 000,772,498 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.28 04:07:54 | 000,714,846 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.28 04:07:54 | 000,174,590 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.28 04:07:54 | 000,142,228 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.28 04:07:44 | 001,780,064 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.28 03:54:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.27 00:08:19 | 000,092,812 | ---- | M] () -- C:\Users\Jasmin\Desktop\487235_254387538011473_1194500202_n.jpg
[2012.09.26 23:32:18 | 000,001,318 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
[2012.09.26 21:11:08 | 000,098,577 | ---- | M] () -- C:\Users\Jasmin\Desktop\564292_506773879350642_1087471245_n.jpg
[2012.09.26 18:43:18 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.26 18:43:18 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.26 18:33:38 | 3218,235,392 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.25 19:22:17 | 000,513,501 | ---- | M] () -- C:\Users\Jasmin\Desktop\adwcleaner.exe
[2012.09.24 21:32:20 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Jasmin\Desktop\esetsmartinstaller_enu.exe
[2012.09.21 01:09:50 | 000,307,764 | ---- | M] () -- C:\Users\Jasmin\Desktop\titel-deutschrock.jpg
[2012.09.18 21:16:51 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.09.18 19:32:50 | 000,001,320 | ---- | M] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk
[2012.09.18 02:29:11 | 000,357,316 | ---- | M] () -- C:\Users\Jasmin\Documents\pinfect.zip
[2012.09.14 22:31:26 | 001,630,970 | ---- | M] () -- C:\Users\Jasmin\Desktop\Ich wohn jetz nicht mehr hier.mp3
[2012.09.14 07:00:08 | 000,000,898 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2012.09.13 02:02:46 | 000,001,338 | ---- | M] () -- C:\Users\Jasmin\Desktop\My Mucke - Verknüpfung.lnk
[2012.09.11 23:28:49 | 000,001,314 | ---- | M] () -- C:\Users\Jasmin\Desktop\Easy Audio Cutter.lnk
[2012.09.11 23:28:49 | 000,001,296 | ---- | M] () -- C:\Users\Jasmin\Desktop\Free Mp3 Wma Converter.lnk
[2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.09.06 22:15:03 | 000,002,076 | ---- | M] () -- C:\Users\Public\Desktop\Dir-It!.lnk
[2012.09.05 15:17:00 | 004,001,623 | ---- | M] () -- C:\Users\Jasmin\Desktop\Farbe in mein Herz-Demo.mp3
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.27 00:08:18 | 000,092,812 | ---- | C] () -- C:\Users\Jasmin\Desktop\487235_254387538011473_1194500202_n.jpg
[2012.09.26 21:11:06 | 000,098,577 | ---- | C] () -- C:\Users\Jasmin\Desktop\564292_506773879350642_1087471245_n.jpg
[2012.09.25 19:22:10 | 000,513,501 | ---- | C] () -- C:\Users\Jasmin\Desktop\adwcleaner.exe
[2012.09.21 01:09:50 | 000,307,764 | ---- | C] () -- C:\Users\Jasmin\Desktop\titel-deutschrock.jpg
[2012.09.18 21:16:51 | 000,001,142 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.09.18 21:16:51 | 000,001,130 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.09.14 22:31:24 | 001,630,970 | ---- | C] () -- C:\Users\Jasmin\Desktop\Ich wohn jetz nicht mehr hier.mp3
[2012.09.14 07:59:06 | 000,001,320 | ---- | C] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk
[2012.09.14 06:58:39 | 000,000,898 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2012.09.13 01:09:11 | 000,001,338 | ---- | C] () -- C:\Users\Jasmin\Desktop\My Mucke - Verknüpfung.lnk
[2012.09.11 23:28:49 | 000,001,314 | ---- | C] () -- C:\Users\Jasmin\Desktop\Easy Audio Cutter.lnk
[2012.09.11 23:28:49 | 000,001,296 | ---- | C] () -- C:\Users\Jasmin\Desktop\Free Mp3 Wma Converter.lnk
[2012.09.11 23:28:47 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2012.09.11 23:28:47 | 000,116,296 | ---- | C] () -- C:\Windows\SysWow64\NCTWMAProfiles.prx
[2012.09.06 22:15:03 | 000,002,076 | ---- | C] () -- C:\Users\Public\Desktop\Dir-It!.lnk
[2012.09.05 15:16:59 | 004,001,623 | ---- | C] () -- C:\Users\Jasmin\Desktop\Farbe in mein Herz-Demo.mp3
[2012.08.09 03:59:41 | 000,000,196 | ---- | C] () -- C:\Users\Jasmin\AppData\Roaming\default.rss
[2012.06.26 16:02:40 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.06.26 16:02:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.06.26 16:02:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.06.26 16:02:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.06.26 16:02:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.06.12 21:09:43 | 000,776,880 | ---- | C] () -- C:\Users\Jasmin\AppData\Local\tmpJASMIN_GROß (36 VON 36).JPG
[2012.06.12 21:09:14 | 004,833,884 | ---- | C] () -- C:\Users\Jasmin\AppData\Local\tmpJASMIN_GROß (36 VON 36).0
[2011.05.06 01:38:52 | 000,103,398 | ---- | C] () -- C:\Users\Jasmin\AppData\Local\tmp3D_029.JPG
[2011.01.23 17:30:17 | 000,001,854 | ---- | C] () -- C:\Users\Jasmin\AppData\Roaming\GhostObjGAFix.xml
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.07.06 03:54:40 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Amazon
[2010.09.17 11:29:13 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Canon
[2012.05.13 00:31:04 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2012.09.14 07:45:15 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\DVDVideoSoft
[2012.09.18 21:44:12 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\ESET
[2012.09.11 23:28:56 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\FreeAudioPack
[2012.09.12 05:18:55 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\FreeCDRipper
[2012.09.28 22:32:06 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\ICQ
[2012.07.03 20:52:19 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\ICQ Search
[2011.09.18 15:27:58 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\IObit
[2011.07.29 19:30:11 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\IrfanView
[2012.09.14 06:58:15 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\KastorTubeToMp3
[2012.08.02 18:09:24 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\mp3DirectCut
[2011.04.07 19:36:27 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Mumble
[2012.05.25 17:22:32 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Nokia
[2012.02.05 01:45:05 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Nokia Suite
[2012.07.05 15:20:16 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\PC Suite
[2012.07.27 17:09:25 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Samsung
[2010.09.11 12:32:28 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Softland
[2012.09.18 19:16:34 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\streamripper
[2011.10.03 16:43:04 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Thunderbird
[2012.09.26 23:40:20 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\TS3Client
[2010.09.06 12:22:38 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\WildTangent
[2012.09.14 06:58:20 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\WinParam
[2012.06.12 21:12:40 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\XnView
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.05.13 00:30:18 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Adobe
[2012.07.06 03:54:40 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Amazon
[2010.08.20 12:11:41 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\ATI
[2011.10.16 17:54:21 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Avira
[2012.09.18 17:13:33 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\AVS4YOU
[2010.09.17 11:29:13 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Canon
[2012.05.13 00:31:04 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2011.08.18 16:08:14 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\CyberLink
[2010.10.12 23:48:08 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\DivX
[2012.09.14 07:45:15 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\DVDVideoSoft
[2012.09.18 21:44:12 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\ESET
[2012.09.11 23:28:56 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\FreeAudioPack
[2012.09.12 05:18:55 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\FreeCDRipper
[2010.08.20 13:05:12 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Hewlett-Packard
[2010.08.20 12:53:48 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\HP Support Assistant
[2011.01.22 18:31:47 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\hpqlog
[2010.08.20 12:53:48 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\HpUpdate
[2012.09.28 22:32:06 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\ICQ
[2012.07.03 20:52:19 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\ICQ Search
[2010.08.20 12:10:24 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Identities
[2011.09.18 15:27:58 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\IObit
[2011.07.29 19:30:11 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\IrfanView
[2012.09.14 06:58:15 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\KastorTubeToMp3
[2010.08.20 12:50:02 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Macromedia
[2012.09.18 01:24:50 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Malwarebytes
[2010.03.20 11:20:20 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Media Center Programs
[2012.07.18 21:31:53 | 000,000,000 | --SD | M] -- C:\Users\Jasmin\AppData\Roaming\Microsoft
[2010.08.20 12:50:59 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Mozilla
[2012.08.02 18:09:24 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\mp3DirectCut
[2011.04.07 19:36:27 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Mumble
[2010.09.07 14:16:16 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Nero
[2012.05.25 17:22:32 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Nokia
[2012.02.05 01:45:05 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Nokia Suite
[2012.07.05 15:20:16 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\PC Suite
[2012.07.27 17:09:25 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Samsung
[2012.08.31 02:43:19 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Skype
[2010.09.11 12:32:28 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Softland
[2012.09.18 19:16:34 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\streamripper
[2012.09.18 17:50:41 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\SUPERAntiSpyware.com
[2011.08.04 19:57:05 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\teamspeak2
[2011.10.03 16:43:04 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Thunderbird
[2012.09.26 23:40:20 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\TS3Client
[2012.08.21 23:01:32 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\vlc
[2010.09.06 12:22:38 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\WildTangent
[2012.09.28 23:25:18 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Winamp
[2012.09.14 06:58:20 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\WinParam
[2010.08.29 22:19:40 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\WinRAR
[2012.06.12 21:12:40 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\XnView
 
< %APPDATA%\*.exe /s >
[2012.05.13 00:30:04 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Jasmin\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2012.05.13 00:30:02 | 014,852,504 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Jasmin\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airinstaller3x0\airinstaller3x0.exe
[2012.07.16 13:23:56 | 000,975,800 | ---- | M] (Samsung) -- C:\Users\Jasmin\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\Kies.exe
[2012.07.16 13:23:58 | 000,278,968 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\KiesDriverInstaller.exe
[2012.06.26 16:04:30 | 000,320,000 | ---- | M] (Samsung) -- C:\Users\Jasmin\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\KiesLogger.exe
[2012.07.16 13:23:56 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\Jasmin\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\KiesTrayAgent.exe
[2012.06.26 16:03:34 | 000,182,784 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Jasmin\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\ConnectionManager.exe
[2012.06.26 16:03:34 | 000,321,536 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Jasmin\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\DeviceDataService.exe
[2012.07.16 13:19:36 | 000,717,312 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Jasmin\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\DeviceManager.exe
[2012.07.16 13:24:02 | 000,067,512 | ---- | M] (Samsung) -- C:\Users\Jasmin\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\Kies_Tutorial.exe
[2012.06.26 16:03:16 | 000,106,960 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\FirmwareUpdate\AgentInstaller.exe
[2012.06.26 16:03:16 | 000,101,328 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\FirmwareUpdate\AgentUpdate.exe
[2012.07.16 13:24:04 | 000,183,736 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\FirmwareUpdate\BinaryLoaderMgr.exe
[2012.07.16 13:24:06 | 000,021,432 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\FirmwareUpdate\KiesPDLR.exe
[2012.07.16 13:24:06 | 003,742,648 | ---- | M] (Freeware) -- C:\Users\Jasmin\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\MediaModules\MyFreeCodecPack.exe
[2012.07.16 13:24:08 | 000,451,000 | ---- | M] (ml) -- C:\Users\Jasmin\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\Updater\Kies.Update.exe
[2012.06.26 16:02:34 | 024,164,152 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Users\Jasmin\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe
[2012.08.31 02:52:12 | 000,964,024 | ---- | M] (Samsung) -- C:\Users\Jasmin\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\Kies.exe
[2012.08.28 03:06:22 | 000,291,840 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\KiesAgent.exe
[2012.08.31 02:52:14 | 000,278,968 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\KiesDriverInstaller.exe
[2012.08.28 03:06:22 | 000,320,512 | ---- | M] (Samsung) -- C:\Users\Jasmin\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\KiesLogger.exe
[2012.08.31 02:52:14 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\Jasmin\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\KiesTrayAgent.exe
[2012.08.28 03:05:28 | 000,182,784 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Jasmin\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\ConnectionManager.exe
[2012.08.28 03:05:28 | 000,322,048 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Jasmin\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\DeviceDataService.exe
[2012.08.28 03:05:32 | 000,717,312 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Jasmin\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\DeviceManager.exe
[2012.08.31 02:52:18 | 000,067,512 | ---- | M] (Samsung) -- C:\Users\Jasmin\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\Kies_Tutorial.exe
[2012.08.28 03:05:28 | 000,057,344 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\RegisterCOM.exe
[2012.08.28 03:05:14 | 000,106,960 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\FirmwareUpdate\AgentInstaller.exe
[2012.08.28 03:05:14 | 000,101,328 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\FirmwareUpdate\AgentUpdate.exe
[2012.08.31 02:52:20 | 000,183,736 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\FirmwareUpdate\BinaryLoaderMgr.exe
[2012.08.31 02:52:22 | 000,021,432 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\FirmwareUpdate\KiesPDLR.exe
[2012.08.31 02:52:24 | 003,765,256 | ---- | M] (Freeware) -- C:\Users\Jasmin\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\MediaModules\MyFreeCodecPack.exe
[2012.08.31 02:52:26 | 000,593,848 | ---- | M] (ml) -- C:\Users\Jasmin\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\Updater\Kies.Update.exe
[2012.08.28 03:04:28 | 024,177,352 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Users\Jasmin\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe
[2012.07.16 13:24:08 | 000,451,000 | ---- | M] (ml) -- C:\Users\Jasmin\AppData\Roaming\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe
[2012.08.31 02:52:26 | 000,593,848 | ---- | M] (ml) -- C:\Users\Jasmin\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.05.17 22:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< End of report >

--- --- ---

cosinus 01.10.2012 09:04

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL
FF - user.js - File not found
IE - HKU\S-1-5-21-2757323760-757079131-3812645846-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
[2012.09.25 19:07:40 | 000,000,950 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-1.xml
[2011.09.12 23:14:07 | 000,000,950 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-10.xml
[2011.09.28 18:13:31 | 000,000,950 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-11.xml
[2011.10.06 16:15:06 | 000,000,950 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-12.xml
[2011.11.10 04:39:40 | 000,000,950 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-13.xml
[2011.11.11 17:05:33 | 000,000,950 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-14.xml
[2011.12.03 17:34:34 | 000,000,950 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-15.xml
[2011.12.25 07:07:01 | 000,000,950 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-16.xml
[2012.01.07 13:16:52 | 000,000,950 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-17.xml
[2012.02.03 18:23:17 | 000,000,950 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-18.xml
[2012.02.11 23:52:15 | 000,000,950 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-19.xml
[2011.03.24 18:16:40 | 000,000,950 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-2.xml
[2012.02.19 15:23:27 | 000,000,950 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-20.xml
[2012.03.08 20:41:39 | 000,000,950 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-21.xml
[2012.03.29 14:13:46 | 000,000,950 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-22.xml
[2011.04.30 04:06:56 | 000,000,950 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-3.xml
[2011.05.22 19:02:20 | 000,000,950 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-4.xml
[2011.06.24 05:05:45 | 000,000,950 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-5.xml
[2011.08.01 16:04:13 | 000,000,950 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-6.xml
[2011.08.17 02:32:15 | 000,000,950 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-7.xml
[2011.08.22 21:09:18 | 000,000,950 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-8.xml
[2011.09.06 11:58:57 | 000,000,950 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-9.xml
[2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin.xml
O3 - HKU\S-1-5-21-2757323760-757079131-3812645846-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\S-1-5-21-2757323760-757079131-3812645846-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{342771a8-ef39-11e1-8bd6-c80aa93f9239}\Shell - "" = AutoRun
O33 - MountPoints2\{342771a8-ef39-11e1-8bd6-c80aa93f9239}\Shell\AutoRun\command - "" = G:\MotoCastSetup.exe -a
:Files
C:\Users\Jasmin\Documents\pinfect.zip
C:\Users\Jasmin\Downloads\Progs\asc-setup.exe
C:\Windows\rundll16.exe
C:\Windows\rundl132.dll
C:\Windows\logo1_.exe
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

BösesM 01.10.2012 21:09

So hier der Log vom OTL-Fix:

Code:

All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-2757323760-757079131-3812645846-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-10.xml moved successfully.
C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-11.xml moved successfully.
C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-12.xml moved successfully.
C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-13.xml moved successfully.
C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-14.xml moved successfully.
C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-15.xml moved successfully.
C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-16.xml moved successfully.
C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-17.xml moved successfully.
C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-18.xml moved successfully.
C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-19.xml moved successfully.
C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-20.xml moved successfully.
C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-21.xml moved successfully.
C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-22.xml moved successfully.
C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-6.xml moved successfully.
C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-7.xml moved successfully.
C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-8.xml moved successfully.
C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-9.xml moved successfully.
C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin.xml moved successfully.
Registry value HKEY_USERS\S-1-5-21-2757323760-757079131-3812645846-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2757323760-757079131-3812645846-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{342771a8-ef39-11e1-8bd6-c80aa93f9239}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{342771a8-ef39-11e1-8bd6-c80aa93f9239}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{342771a8-ef39-11e1-8bd6-c80aa93f9239}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{342771a8-ef39-11e1-8bd6-c80aa93f9239}\ not found.
File G:\MotoCastSetup.exe -a not found.
========== FILES ==========
C:\Users\Jasmin\Documents\pinfect.zip moved successfully.
C:\Users\Jasmin\Downloads\Progs\asc-setup.exe moved successfully.
C:\Windows\rundll16.exe folder moved successfully.
C:\Windows\rundl132.dll folder moved successfully.
C:\Windows\logo1_.exe folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Jasmin\Desktop\PC\Trojanerboard-prog\cmd.bat deleted successfully.
C:\Users\Jasmin\Desktop\PC\Trojanerboard-prog\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Jasmin
->Temp folder emptied: 242064130 bytes
->Temporary Internet Files folder emptied: 10672444 bytes
->Java cache emptied: 908713 bytes
->FireFox cache emptied: 1110935163 bytes
->Google Chrome cache emptied: 6163291 bytes
->Flash cache emptied: 14918206 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 473077 bytes
%systemroot%\System32 (64bit) .tmp files removed: 2320896 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1515803563 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67698 bytes
RecycleBin emptied: 1490038015 bytes
 
Total Files Cleaned = 4.191,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 10012012_214436

Files\Folders moved on Reboot...
C:\Users\Jasmin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Jasmin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TFJRF15C\300x250iframeintlv2[2].htm moved successfully.
File\Folder C:\Users\Jasmin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TFJRF15C\AdDisplayTrackerServlet[6].htm not found!
C:\Users\Jasmin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TFJRF15C\addons-tracker-v4[1].htm moved successfully.
C:\Users\Jasmin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TFJRF15C\cms-2-frame[2].htm moved successfully.
File\Folder C:\Users\Jasmin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TFJRF15C\pd[3].htm not found!
File\Folder C:\Users\Jasmin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYUMU20E\AdDisplayTrackerServlet[6].htm not found!
File\Folder C:\Users\Jasmin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F88G2A10\AdDisplayTrackerServlet[7].htm not found!
C:\Users\Jasmin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F88G2A10\adTagInfo[1].htm moved successfully.
File\Folder C:\Users\Jasmin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F88G2A10\emily[1].htm not found!
File\Folder C:\Users\Jasmin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F88G2A10\index[1].htm not found!
C:\Users\Jasmin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F88G2A10\Pug[3].gif moved successfully.
C:\Users\Jasmin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RTJUS3D\AdDisplayTrackerServlet[1].htm moved successfully.
C:\Users\Jasmin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RTJUS3D\addons-v4[3].htm moved successfully.
C:\Users\Jasmin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RTJUS3D\dppix[1].htm moved successfully.
File\Folder C:\Users\Jasmin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RTJUS3D\freq[3].htm not found!
C:\Users\Jasmin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RTJUS3D\g_u_if_c[1].htm moved successfully.
File\Folder C:\Users\Jasmin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RTJUS3D\pd[1].htm not found!
C:\Users\Jasmin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RTJUS3D\syncuppixels[2].htm moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


cosinus 02.10.2012 14:40

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtg4nzy0ywy5/settings_2012-09-04.png

BösesM 02.10.2012 16:48

TDSS-Killer- Log:

Code:

17:44:04.0913 6016  TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
17:44:05.0116 6016  ============================================================
17:44:05.0116 6016  Current date / time: 2012/10/02 17:44:05.0116
17:44:05.0116 6016  SystemInfo:
17:44:05.0116 6016 
17:44:05.0116 6016  OS Version: 6.1.7601 ServicePack: 1.0
17:44:05.0116 6016  Product type: Workstation
17:44:05.0116 6016  ComputerName: JASMIN-PC
17:44:05.0116 6016  UserName: Jasmin
17:44:05.0116 6016  Windows directory: C:\Windows
17:44:05.0116 6016  System windows directory: C:\Windows
17:44:05.0116 6016  Running under WOW64
17:44:05.0116 6016  Processor architecture: Intel x64
17:44:05.0116 6016  Number of processors: 2
17:44:05.0116 6016  Page size: 0x1000
17:44:05.0116 6016  Boot type: Normal boot
17:44:05.0116 6016  ============================================================
17:44:06.0410 6016  Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:44:06.0410 6016  ============================================================
17:44:06.0410 6016  \Device\Harddisk0\DR0:
17:44:06.0410 6016  MBR partitions:
17:44:06.0410 6016  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
17:44:06.0410 6016  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x48C6A800
17:44:06.0410 6016  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x48CCE800, BlocksNum 0x1B55800
17:44:06.0410 6016  \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x4A824000, BlocksNum 0x33AB0
17:44:06.0410 6016  ============================================================
17:44:06.0426 6016  C: <-> \Device\Harddisk0\DR0\Partition2
17:44:06.0488 6016  D: <-> \Device\Harddisk0\DR0\Partition3
17:44:06.0504 6016  E: <-> \Device\Harddisk0\DR0\Partition4
17:44:06.0504 6016  ============================================================
17:44:06.0504 6016  Initialize success
17:44:06.0504 6016  ============================================================
17:45:03.0191 3080  ============================================================
17:45:03.0191 3080  Scan started
17:45:03.0191 3080  Mode: Manual; SigCheck; TDLFS;
17:45:03.0191 3080  ============================================================
17:45:04.0626 3080  ================ Scan system memory ========================
17:45:04.0626 3080  System memory - ok
17:45:04.0626 3080  ================ Scan services =============================
17:45:04.0829 3080  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
17:45:04.0954 3080  1394ohci - ok
17:45:05.0001 3080  [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer  C:\Windows\system32\DRIVERS\Accelerometer.sys
17:45:05.0063 3080  Accelerometer - ok
17:45:05.0110 3080  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
17:45:05.0141 3080  ACPI - ok
17:45:05.0188 3080  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi        C:\Windows\system32\drivers\acpipmi.sys
17:45:05.0281 3080  AcpiPmi - ok
17:45:05.0437 3080  [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:45:05.0469 3080  AdobeFlashPlayerUpdateSvc - ok
17:45:05.0531 3080  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx        C:\Windows\system32\DRIVERS\adp94xx.sys
17:45:05.0562 3080  adp94xx - ok
17:45:05.0609 3080  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci        C:\Windows\system32\DRIVERS\adpahci.sys
17:45:05.0625 3080  adpahci - ok
17:45:05.0640 3080  [ E109549C90F62FB570B9540C4B148E54 ] adpu320        C:\Windows\system32\DRIVERS\adpu320.sys
17:45:05.0656 3080  adpu320 - ok
17:45:05.0687 3080  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
17:45:05.0890 3080  AeLookupSvc - ok
17:45:06.0015 3080  [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
17:45:06.0093 3080  AESTFilters - ok
17:45:06.0155 3080  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD            C:\Windows\system32\drivers\afd.sys
17:45:06.0217 3080  AFD - ok
17:45:06.0280 3080  [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem  C:\Windows\system32\DRIVERS\agrsm64.sys
17:45:06.0405 3080  AgereSoftModem - ok
17:45:06.0451 3080  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
17:45:06.0467 3080  agp440 - ok
17:45:06.0498 3080  [ 3290D6946B5E30E70414990574883DDB ] ALG            C:\Windows\System32\alg.exe
17:45:06.0576 3080  ALG - ok
17:45:06.0623 3080  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
17:45:06.0654 3080  aliide - ok
17:45:06.0701 3080  [ BCC32BF5EBB5DFD4380FA053D3651949 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
17:45:06.0748 3080  AMD External Events Utility - ok
17:45:06.0795 3080  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
17:45:06.0810 3080  amdide - ok
17:45:06.0841 3080  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8          C:\Windows\system32\DRIVERS\amdk8.sys
17:45:06.0904 3080  AmdK8 - ok
17:45:06.0951 3080  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
17:45:06.0997 3080  AmdPPM - ok
17:45:07.0029 3080  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata        C:\Windows\system32\drivers\amdsata.sys
17:45:07.0044 3080  amdsata - ok
17:45:07.0091 3080  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
17:45:07.0122 3080  amdsbs - ok
17:45:07.0122 3080  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata        C:\Windows\system32\drivers\amdxata.sys
17:45:07.0138 3080  amdxata - ok
17:45:07.0278 3080  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
17:45:07.0309 3080  AntiVirSchedulerService - ok
17:45:07.0387 3080  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
17:45:07.0387 3080  AntiVirService - ok
17:45:07.0481 3080  [ 59D01FA91962C9C1E9B4022B2D3B46DB ] AppHostSvc      C:\Windows\system32\inetsrv\apphostsvc.dll
17:45:07.0543 3080  AppHostSvc - ok
17:45:07.0590 3080  [ 89A69C3F2F319B43379399547526D952 ] AppID          C:\Windows\system32\drivers\appid.sys
17:45:07.0809 3080  AppID - ok
17:45:07.0840 3080  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
17:45:07.0933 3080  AppIDSvc - ok
17:45:07.0980 3080  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo        C:\Windows\System32\appinfo.dll
17:45:08.0058 3080  Appinfo - ok
17:45:08.0136 3080  [ C484F8CEB1717C540242531DB7845C4E ] arc            C:\Windows\system32\DRIVERS\arc.sys
17:45:08.0167 3080  arc - ok
17:45:08.0167 3080  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
17:45:08.0183 3080  arcsas - ok
17:45:08.0323 3080  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:45:08.0401 3080  aspnet_state - ok
17:45:08.0433 3080  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
17:45:08.0526 3080  AsyncMac - ok
17:45:08.0557 3080  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi          C:\Windows\system32\drivers\atapi.sys
17:45:08.0589 3080  atapi - ok
17:45:08.0667 3080  [ 38562A6A9CB10844759EAF2B01A7FCD3 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
17:45:08.0760 3080  athr - ok
17:45:08.0823 3080  [ 3B9014FB7CE9E20FD726321C7DB7D8B0 ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
17:45:08.0854 3080  AtiHdmiService - ok
17:45:09.0010 3080  [ A29087680A1C3B049E3C05438E8FF2B8 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
17:45:09.0197 3080  atikmdag - ok
17:45:09.0228 3080  [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie        C:\Windows\system32\DRIVERS\AtiPcie.sys
17:45:09.0244 3080  AtiPcie - ok
17:45:09.0306 3080  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:45:09.0415 3080  AudioEndpointBuilder - ok
17:45:09.0447 3080  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
17:45:09.0493 3080  AudioSrv - ok
17:45:09.0540 3080  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
17:45:09.0571 3080  avgntflt - ok
17:45:09.0587 3080  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
17:45:09.0618 3080  avipbb - ok
17:45:09.0634 3080  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
17:45:09.0649 3080  avkmgr - ok
17:45:09.0712 3080  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
17:45:09.0821 3080  AxInstSV - ok
17:45:09.0915 3080  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv        C:\Windows\system32\DRIVERS\bxvbda.sys
17:45:09.0993 3080  b06bdrv - ok
17:45:10.0024 3080  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
17:45:10.0086 3080  b57nd60a - ok
17:45:10.0164 3080  [ 01A24B415926BB5F772DBE12459D97DE ] BBSvc          C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
17:45:10.0211 3080  BBSvc - ok
17:45:10.0273 3080  [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
17:45:10.0305 3080  BBUpdate - ok
17:45:10.0320 3080  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
17:45:10.0351 3080  BDESVC - ok
17:45:10.0398 3080  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
17:45:10.0476 3080  Beep - ok
17:45:10.0554 3080  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE            C:\Windows\System32\bfe.dll
17:45:10.0632 3080  BFE - ok
17:45:10.0710 3080  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
17:45:10.0788 3080  BITS - ok
17:45:10.0835 3080  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
17:45:10.0866 3080  blbdrive - ok
17:45:10.0897 3080  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:45:10.0929 3080  bowser - ok
17:45:10.0960 3080  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:45:11.0038 3080  BrFiltLo - ok
17:45:11.0069 3080  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:45:11.0085 3080  BrFiltUp - ok
17:45:11.0116 3080  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser        C:\Windows\System32\browser.dll
17:45:11.0178 3080  Browser - ok
17:45:11.0209 3080  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid        C:\Windows\System32\Drivers\Brserid.sys
17:45:11.0256 3080  Brserid - ok
17:45:11.0287 3080  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
17:45:11.0334 3080  BrSerWdm - ok
17:45:11.0365 3080  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
17:45:11.0412 3080  BrUsbMdm - ok
17:45:11.0428 3080  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
17:45:11.0459 3080  BrUsbSer - ok
17:45:11.0490 3080  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
17:45:11.0537 3080  BTHMODEM - ok
17:45:11.0568 3080  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv        C:\Windows\system32\bthserv.dll
17:45:11.0631 3080  bthserv - ok
17:45:11.0677 3080  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:45:11.0755 3080  cdfs - ok
17:45:11.0818 3080  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
17:45:11.0865 3080  cdrom - ok
17:45:11.0911 3080  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc    C:\Windows\System32\certprop.dll
17:45:11.0989 3080  CertPropSvc - ok
17:45:12.0036 3080  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
17:45:12.0083 3080  circlass - ok
17:45:12.0130 3080  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
17:45:12.0161 3080  CLFS - ok
17:45:12.0223 3080  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:45:12.0239 3080  clr_optimization_v2.0.50727_32 - ok
17:45:12.0301 3080  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:45:12.0317 3080  clr_optimization_v2.0.50727_64 - ok
17:45:12.0395 3080  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:45:12.0489 3080  clr_optimization_v4.0.30319_32 - ok
17:45:12.0520 3080  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:45:12.0551 3080  clr_optimization_v4.0.30319_64 - ok
17:45:12.0567 3080  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
17:45:12.0598 3080  CmBatt - ok
17:45:12.0629 3080  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
17:45:12.0645 3080  cmdide - ok
17:45:12.0691 3080  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG            C:\Windows\system32\Drivers\cng.sys
17:45:12.0723 3080  CNG - ok
17:45:12.0801 3080  [ C7A0E61D5714AC20DE52D4F66EC773B8 ] Com4QLBEx      C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
17:45:12.0832 3080  Com4QLBEx - ok
17:45:12.0847 3080  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
17:45:12.0863 3080  Compbatt - ok
17:45:12.0910 3080  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
17:45:12.0972 3080  CompositeBus - ok
17:45:12.0988 3080  COMSysApp - ok
17:45:13.0019 3080  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk        C:\Windows\system32\DRIVERS\crcdisk.sys
17:45:13.0019 3080  crcdisk - ok
17:45:13.0081 3080  [ 4F5414602E2544A4554D95517948B705 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
17:45:13.0144 3080  CryptSvc - ok
17:45:13.0206 3080  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
17:45:13.0284 3080  DcomLaunch - ok
17:45:13.0331 3080  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc      C:\Windows\System32\defragsvc.dll
17:45:13.0425 3080  defragsvc - ok
17:45:13.0471 3080  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
17:45:13.0549 3080  DfsC - ok
17:45:13.0627 3080  [ 105373D52E71D2D1355AD3ACD18259C3 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
17:45:13.0659 3080  dg_ssudbus - ok
17:45:13.0721 3080  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
17:45:13.0799 3080  Dhcp - ok
17:45:13.0846 3080  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
17:45:13.0893 3080  discache - ok
17:45:13.0924 3080  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
17:45:13.0939 3080  Disk - ok
17:45:13.0971 3080  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
17:45:14.0033 3080  Dnscache - ok
17:45:14.0080 3080  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc        C:\Windows\System32\dot3svc.dll
17:45:14.0158 3080  dot3svc - ok
17:45:14.0205 3080  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS            C:\Windows\system32\dps.dll
17:45:14.0267 3080  DPS - ok
17:45:14.0314 3080  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
17:45:14.0361 3080  drmkaud - ok
17:45:14.0407 3080  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
17:45:14.0439 3080  DXGKrnl - ok
17:45:14.0470 3080  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost        C:\Windows\System32\eapsvc.dll
17:45:14.0548 3080  EapHost - ok
17:45:14.0657 3080  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv          C:\Windows\system32\DRIVERS\evbda.sys
17:45:14.0813 3080  ebdrv - ok
17:45:14.0860 3080  [ C118A82CD78818C29AB228366EBF81C3 ] EFS            C:\Windows\System32\lsass.exe
17:45:14.0891 3080  EFS - ok
17:45:15.0000 3080  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
17:45:15.0094 3080  ehRecvr - ok
17:45:15.0125 3080  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched        C:\Windows\ehome\ehsched.exe
17:45:15.0172 3080  ehSched - ok
17:45:15.0219 3080  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor        C:\Windows\system32\DRIVERS\elxstor.sys
17:45:15.0250 3080  elxstor - ok
17:45:15.0281 3080  [ 524C79054636D2E5751169005006460B ] enecir          C:\Windows\system32\DRIVERS\enecir.sys
17:45:15.0328 3080  enecir - ok
17:45:15.0375 3080  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
17:45:15.0421 3080  ErrDev - ok
17:45:15.0468 3080  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem    C:\Windows\system32\es.dll
17:45:15.0499 3080  EventSystem - ok
17:45:15.0531 3080  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat          C:\Windows\system32\drivers\exfat.sys
17:45:15.0562 3080  exfat - ok
17:45:15.0593 3080  ezSharedSvc - ok
17:45:15.0609 3080  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat        C:\Windows\system32\drivers\fastfat.sys
17:45:15.0655 3080  fastfat - ok
17:45:15.0733 3080  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax            C:\Windows\system32\fxssvc.exe
17:45:15.0811 3080  Fax - ok
17:45:15.0827 3080  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
17:45:15.0843 3080  fdc - ok
17:45:15.0874 3080  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost        C:\Windows\system32\fdPHost.dll
17:45:15.0967 3080  fdPHost - ok
17:45:15.0983 3080  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
17:45:16.0030 3080  FDResPub - ok
17:45:16.0061 3080  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
17:45:16.0077 3080  FileInfo - ok
17:45:16.0092 3080  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
17:45:16.0123 3080  Filetrace - ok
17:45:16.0233 3080  [ 1A18EBD87AA9FBF6EFE8CFADA08D0275 ] FirebirdGuardianDefaultInstance C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
17:45:16.0233 3080  FirebirdGuardianDefaultInstance ( UnsignedFile.Multi.Generic ) - warning
17:45:16.0233 3080  FirebirdGuardianDefaultInstance - detected UnsignedFile.Multi.Generic (1)
17:45:16.0342 3080  [ 53C740150C082AAF3C7D21C1D6A9FF98 ] FirebirdServerDefaultInstance C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe
17:45:16.0498 3080  FirebirdServerDefaultInstance ( UnsignedFile.Multi.Generic ) - warning
17:45:16.0498 3080  FirebirdServerDefaultInstance - detected UnsignedFile.Multi.Generic (1)
17:45:16.0529 3080  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
17:45:16.0560 3080  flpydisk - ok
17:45:16.0591 3080  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
17:45:16.0607 3080  FltMgr - ok
17:45:16.0669 3080  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache      C:\Windows\system32\FntCache.dll
17:45:16.0779 3080  FontCache - ok
17:45:16.0841 3080  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:45:16.0872 3080  FontCache3.0.0.0 - ok
17:45:16.0888 3080  [ D43703496149971890703B4B1B723EAC ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
17:45:16.0903 3080  FsDepends - ok
17:45:16.0935 3080  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
17:45:16.0966 3080  Fs_Rec - ok
17:45:17.0013 3080  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
17:45:17.0028 3080  fvevol - ok
17:45:17.0075 3080  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
17:45:17.0091 3080  gagp30kx - ok
17:45:17.0153 3080  [ C1BBCE4B30B45410178EE674C818D10C ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
17:45:17.0184 3080  GameConsoleService - ok
17:45:17.0247 3080  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc          C:\Windows\System32\gpsvc.dll
17:45:17.0340 3080  gpsvc - ok
17:45:17.0465 3080  [ E859CA020ED61899F3C74A8D0032D05C ] Guard.Mail.ru  C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe
17:45:17.0527 3080  Guard.Mail.ru - ok
17:45:17.0559 3080  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
17:45:17.0605 3080  hcw85cir - ok
17:45:17.0637 3080  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:45:17.0683 3080  HdAudAddService - ok
17:45:17.0715 3080  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
17:45:17.0746 3080  HDAudBus - ok
17:45:17.0777 3080  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt        C:\Windows\system32\DRIVERS\HidBatt.sys
17:45:17.0808 3080  HidBatt - ok
17:45:17.0855 3080  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
17:45:17.0902 3080  HidBth - ok
17:45:17.0964 3080  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr          C:\Windows\system32\DRIVERS\hidir.sys
17:45:18.0027 3080  HidIr - ok
17:45:18.0073 3080  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv        C:\Windows\system32\hidserv.dll
17:45:18.0167 3080  hidserv - ok
17:45:18.0229 3080  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
17:45:18.0261 3080  HidUsb - ok
17:45:18.0292 3080  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
17:45:18.0370 3080  hkmsvc - ok
17:45:18.0417 3080  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:45:18.0463 3080  HomeGroupListener - ok
17:45:18.0495 3080  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:45:18.0526 3080  HomeGroupProvider - ok
17:45:18.0604 3080  [ 170233B8D743EFE35F462A5D516B93E3 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
17:45:18.0635 3080  HP Support Assistant Service - ok
17:45:18.0682 3080  [ BCC4A8B2E2E902F52E7F2E7D8E125765 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
17:45:18.0713 3080  HPDrvMntSvc.exe - ok
17:45:18.0744 3080  [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt        C:\Windows\system32\DRIVERS\hpdskflt.sys
17:45:18.0744 3080  hpdskflt - ok
17:45:18.0791 3080  [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr      C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
17:45:18.0853 3080  HpqKbFiltr - ok
17:45:18.0916 3080  [ EC9739A46F1F83C6E52A7A4697F44A65 ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
17:45:18.0947 3080  hpqwmiex - ok
17:45:19.0009 3080  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
17:45:19.0025 3080  HpSAMD - ok
17:45:19.0056 3080  [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv          C:\Windows\system32\Hpservice.exe
17:45:19.0056 3080  hpsrv - ok
17:45:19.0134 3080  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
17:45:19.0228 3080  HTTP - ok
17:45:19.0259 3080  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
17:45:19.0290 3080  hwpolicy - ok
17:45:19.0337 3080  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
17:45:19.0353 3080  i8042prt - ok
17:45:19.0384 3080  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV        C:\Windows\system32\drivers\iaStorV.sys
17:45:19.0415 3080  iaStorV - ok
17:45:19.0493 3080  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc          C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:45:19.0571 3080  idsvc - ok
17:45:19.0743 3080  [ A87261EF1546325B559374F5689CF5BC ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
17:45:19.0945 3080  igfx - ok
17:45:19.0977 3080  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp          C:\Windows\system32\DRIVERS\iirsp.sys
17:45:19.0977 3080  iirsp - ok
17:45:20.0023 3080  [ AB55B8A9B13130F638546881CE4425F8 ] IISADMIN        C:\Windows\system32\inetsrv\inetinfo.exe
17:45:20.0055 3080  IISADMIN - ok
17:45:20.0101 3080  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
17:45:20.0179 3080  IKEEXT - ok
17:45:20.0211 3080  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
17:45:20.0226 3080  intelide - ok
17:45:20.0273 3080  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
17:45:20.0320 3080  intelppm - ok
17:45:20.0335 3080  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
17:45:20.0429 3080  IPBusEnum - ok
17:45:20.0476 3080  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:45:20.0554 3080  IpFilterDriver - ok
17:45:20.0585 3080  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
17:45:20.0647 3080  iphlpsvc - ok
17:45:20.0679 3080  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV        C:\Windows\system32\drivers\IPMIDrv.sys
17:45:20.0710 3080  IPMIDRV - ok
17:45:20.0741 3080  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
17:45:20.0835 3080  IPNAT - ok
17:45:20.0866 3080  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
17:45:20.0944 3080  IRENUM - ok
17:45:20.0975 3080  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
17:45:20.0991 3080  isapnp - ok
17:45:21.0037 3080  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
17:45:21.0069 3080  iScsiPrt - ok
17:45:21.0115 3080  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
17:45:21.0131 3080  kbdclass - ok
17:45:21.0147 3080  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
17:45:21.0178 3080  kbdhid - ok
17:45:21.0193 3080  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
17:45:21.0209 3080  KeyIso - ok
17:45:21.0240 3080  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:45:21.0256 3080  KSecDD - ok
17:45:21.0287 3080  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
17:45:21.0303 3080  KSecPkg - ok
17:45:21.0334 3080  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk        C:\Windows\system32\drivers\ksthunk.sys
17:45:21.0381 3080  ksthunk - ok
17:45:21.0412 3080  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm          C:\Windows\system32\msdtckrm.dll
17:45:21.0459 3080  KtmRm - ok
17:45:21.0521 3080  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
17:45:21.0599 3080  LanmanServer - ok
17:45:21.0661 3080  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:45:21.0739 3080  LanmanWorkstation - ok
17:45:21.0817 3080  [ 2238B91AC1A12CC6CC4C4FED41258B2A ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
17:45:21.0849 3080  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
17:45:21.0849 3080  LightScribeService - detected UnsignedFile.Multi.Generic (1)
17:45:21.0880 3080  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
17:45:21.0973 3080  lltdio - ok
17:45:22.0005 3080  [ C1185803384AB3FEED115F79F109427F ] lltdsvc        C:\Windows\System32\lltdsvc.dll
17:45:22.0067 3080  lltdsvc - ok
17:45:22.0083 3080  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts        C:\Windows\System32\lmhsvc.dll
17:45:22.0129 3080  lmhosts - ok
17:45:22.0161 3080  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
17:45:22.0176 3080  LSI_FC - ok
17:45:22.0207 3080  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS        C:\Windows\system32\DRIVERS\lsi_sas.sys
17:45:22.0239 3080  LSI_SAS - ok
17:45:22.0254 3080  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:45:22.0270 3080  LSI_SAS2 - ok
17:45:22.0285 3080  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:45:22.0301 3080  LSI_SCSI - ok
17:45:22.0332 3080  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv          C:\Windows\system32\drivers\luafv.sys
17:45:22.0395 3080  luafv - ok
17:45:22.0426 3080  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
17:45:22.0473 3080  Mcx2Svc - ok
17:45:22.0519 3080  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas        C:\Windows\system32\DRIVERS\megasas.sys
17:45:22.0535 3080  megasas - ok
17:45:22.0566 3080  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
17:45:22.0597 3080  MegaSR - ok
17:45:22.0629 3080  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS          C:\Windows\system32\mmcss.dll
17:45:22.0707 3080  MMCSS - ok
17:45:22.0738 3080  [ 800BA92F7010378B09F9ED9270F07137 ] Modem          C:\Windows\system32\drivers\modem.sys
17:45:22.0769 3080  Modem - ok
17:45:22.0785 3080  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
17:45:22.0816 3080  monitor - ok
17:45:22.0878 3080  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
17:45:22.0909 3080  mouclass - ok
17:45:22.0941 3080  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
17:45:22.0987 3080  mouhid - ok
17:45:23.0019 3080  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
17:45:23.0034 3080  mountmgr - ok
17:45:23.0081 3080  [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:45:23.0097 3080  MozillaMaintenance - ok
17:45:23.0143 3080  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
17:45:23.0175 3080  mpio - ok
17:45:23.0190 3080  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:45:23.0237 3080  mpsdrv - ok
17:45:23.0284 3080  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
17:45:23.0346 3080  MpsSvc - ok
17:45:23.0377 3080  [ CD22D2563039DDA6793F7624719363A7 ] MQAC            C:\Windows\system32\drivers\mqac.sys
17:45:23.0440 3080  MQAC - ok
17:45:23.0487 3080  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:45:23.0549 3080  MRxDAV - ok
17:45:23.0580 3080  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:45:23.0643 3080  mrxsmb - ok
17:45:23.0689 3080  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:45:23.0721 3080  mrxsmb10 - ok
17:45:23.0752 3080  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:45:23.0783 3080  mrxsmb20 - ok
17:45:23.0814 3080  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
17:45:23.0830 3080  msahci - ok
17:45:23.0861 3080  [ DB801A638D011B9633829EB6F663C900 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
17:45:23.0892 3080  msdsm - ok
17:45:23.0908 3080  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC          C:\Windows\System32\msdtc.exe
17:45:23.0923 3080  MSDTC - ok
17:45:23.0970 3080  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
17:45:24.0017 3080  Msfs - ok
17:45:24.0033 3080  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
17:45:24.0079 3080  mshidkmdf - ok
17:45:24.0095 3080  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
17:45:24.0111 3080  msisadrv - ok
17:45:24.0157 3080  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
17:45:24.0204 3080  MSiSCSI - ok
17:45:24.0204 3080  msiserver - ok
17:45:24.0235 3080  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
17:45:24.0329 3080  MSKSSRV - ok
17:45:24.0360 3080  [ FAAEAEF99E53561BEEE58F946CA56F0D ] MSMQ            C:\Windows\system32\mqsvc.exe
17:45:24.0391 3080  MSMQ - ok
17:45:24.0438 3080  [ 59ED174FD4314B0218DC91F9BFA6CD3D ] MSMQTriggers    C:\Windows\system32\mqtgsvc.exe
17:45:24.0516 3080  MSMQTriggers - ok
17:45:24.0547 3080  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
17:45:24.0610 3080  MSPCLOCK - ok
17:45:24.0625 3080  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
17:45:24.0672 3080  MSPQM - ok
17:45:24.0719 3080  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
17:45:24.0735 3080  MsRPC - ok
17:45:24.0766 3080  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
17:45:24.0781 3080  mssmbios - ok
17:45:24.0813 3080  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
17:45:24.0891 3080  MSTEE - ok
17:45:24.0906 3080  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
17:45:24.0922 3080  MTConfig - ok
17:45:24.0953 3080  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup            C:\Windows\system32\Drivers\mup.sys
17:45:24.0953 3080  Mup - ok
17:45:25.0000 3080  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
17:45:25.0078 3080  napagent - ok
17:45:25.0125 3080  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
17:45:25.0171 3080  NativeWifiP - ok
17:45:25.0234 3080  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
17:45:25.0265 3080  NDIS - ok
17:45:25.0296 3080  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
17:45:25.0327 3080  NdisCap - ok
17:45:25.0374 3080  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:45:25.0405 3080  NdisTapi - ok
17:45:25.0452 3080  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
17:45:25.0530 3080  Ndisuio - ok
17:45:25.0561 3080  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
17:45:25.0639 3080  NdisWan - ok
17:45:25.0686 3080  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
17:45:25.0764 3080  NDProxy - ok
17:45:25.0858 3080  [ B90E093E7A7250906F1054418B5339C0 ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
17:45:25.0905 3080  Nero BackItUp Scheduler 4.0 - ok
17:45:25.0936 3080  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
17:45:26.0014 3080  NetBIOS - ok
17:45:26.0045 3080  [ 09594D1089C523423B32A4229263F068 ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
17:45:26.0076 3080  NetBT - ok
17:45:26.0092 3080  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
17:45:26.0107 3080  Netlogon - ok
17:45:26.0139 3080  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
17:45:26.0201 3080  Netman - ok
17:45:26.0248 3080  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:45:26.0279 3080  NetMsmqActivator - ok
17:45:26.0295 3080  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:45:26.0326 3080  NetPipeActivator - ok
17:45:26.0341 3080  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
17:45:26.0388 3080  netprofm - ok
17:45:26.0404 3080  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:45:26.0404 3080  NetTcpActivator - ok
17:45:26.0404 3080  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:45:26.0419 3080  NetTcpPortSharing - ok
17:45:26.0591 3080  [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64        C:\Windows\system32\DRIVERS\netw5v64.sys
17:45:26.0809 3080  netw5v64 - ok
17:45:26.0841 3080  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960        C:\Windows\system32\DRIVERS\nfrd960.sys
17:45:26.0856 3080  nfrd960 - ok
17:45:26.0919 3080  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
17:45:26.0981 3080  NlaSvc - ok
17:45:27.0012 3080  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
17:45:27.0043 3080  Npfs - ok
17:45:27.0075 3080  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi            C:\Windows\system32\nsisvc.dll
17:45:27.0121 3080  nsi - ok
17:45:27.0137 3080  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:45:27.0168 3080  nsiproxy - ok
17:45:27.0231 3080  [ A2F74975097F52A00745F9637451FDD8 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
17:45:27.0355 3080  Ntfs - ok
17:45:27.0387 3080  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
17:45:27.0418 3080  Null - ok
17:45:27.0449 3080  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
17:45:27.0480 3080  nvraid - ok
17:45:27.0496 3080  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
17:45:27.0511 3080  nvstor - ok
17:45:27.0527 3080  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
17:45:27.0543 3080  nv_agp - ok
17:45:27.0574 3080  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
17:45:27.0621 3080  ohci1394 - ok
17:45:27.0652 3080  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
17:45:27.0730 3080  p2pimsvc - ok
17:45:27.0761 3080  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
17:45:27.0777 3080  p2psvc - ok
17:45:27.0808 3080  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport        C:\Windows\system32\DRIVERS\parport.sys
17:45:27.0823 3080  Parport - ok
17:45:27.0870 3080  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr        C:\Windows\system32\drivers\partmgr.sys
17:45:27.0870 3080  partmgr - ok
17:45:27.0886 3080  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
17:45:27.0917 3080  PcaSvc - ok
17:45:27.0979 3080  [ BC0018C2D29F655188A0ED3FA94FDB24 ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
17:45:28.0042 3080  pccsmcfd - ok
17:45:28.0057 3080  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci            C:\Windows\system32\drivers\pci.sys
17:45:28.0073 3080  pci - ok
17:45:28.0104 3080  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
17:45:28.0120 3080  pciide - ok
17:45:28.0151 3080  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
17:45:28.0167 3080  pcmcia - ok
17:45:28.0198 3080  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw            C:\Windows\system32\drivers\pcw.sys
17:45:28.0213 3080  pcw - ok
17:45:28.0229 3080  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:45:28.0291 3080  PEAUTH - ok
17:45:28.0416 3080  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
17:45:28.0463 3080  PerfHost - ok
17:45:28.0541 3080  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla            C:\Windows\system32\pla.dll
17:45:28.0650 3080  pla - ok
17:45:28.0713 3080  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:45:28.0744 3080  PlugPlay - ok
17:45:28.0775 3080  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
17:45:28.0806 3080  PNRPAutoReg - ok
17:45:28.0822 3080  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
17:45:28.0837 3080  PNRPsvc - ok
17:45:28.0884 3080  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
17:45:28.0962 3080  PolicyAgent - ok
17:45:29.0009 3080  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power          C:\Windows\system32\umpo.dll
17:45:29.0056 3080  Power - ok
17:45:29.0103 3080  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:45:29.0181 3080  PptpMiniport - ok
17:45:29.0212 3080  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor      C:\Windows\system32\DRIVERS\processr.sys
17:45:29.0243 3080  Processor - ok
17:45:29.0274 3080  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc        C:\Windows\system32\profsvc.dll
17:45:29.0321 3080  ProfSvc - ok
17:45:29.0352 3080  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:45:29.0352 3080  ProtectedStorage - ok
17:45:29.0399 3080  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
17:45:29.0461 3080  Psched - ok
17:45:29.0524 3080  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
17:45:29.0617 3080  ql2300 - ok
17:45:29.0633 3080  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
17:45:29.0649 3080  ql40xx - ok
17:45:29.0680 3080  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE          C:\Windows\system32\qwave.dll
17:45:29.0711 3080  QWAVE - ok
17:45:29.0742 3080  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:45:29.0805 3080  QWAVEdrv - ok
17:45:29.0836 3080  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:45:29.0867 3080  RasAcd - ok
17:45:29.0914 3080  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn    C:\Windows\system32\DRIVERS\AgileVpn.sys
17:45:29.0945 3080  RasAgileVpn - ok
17:45:29.0961 3080  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto        C:\Windows\System32\rasauto.dll
17:45:30.0023 3080  RasAuto - ok
17:45:30.0070 3080  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
17:45:30.0179 3080  Rasl2tp - ok
17:45:30.0241 3080  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
17:45:30.0288 3080  RasMan - ok
17:45:30.0335 3080  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:45:30.0397 3080  RasPppoe - ok
17:45:30.0429 3080  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
17:45:30.0475 3080  RasSstp - ok
17:45:30.0522 3080  [ 77F665941019A1594D887A74F301FA2F ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
17:45:30.0600 3080  rdbss - ok
17:45:30.0631 3080  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
17:45:30.0647 3080  rdpbus - ok
17:45:30.0694 3080  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:45:30.0772 3080  RDPCDD - ok
17:45:30.0787 3080  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:45:30.0865 3080  RDPENCDD - ok
17:45:30.0897 3080  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
17:45:30.0928 3080  RDPREFMP - ok
17:45:30.0959 3080  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
17:45:31.0021 3080  RDPWD - ok
17:45:31.0068 3080  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
17:45:31.0099 3080  rdyboost - ok
17:45:31.0131 3080  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:45:31.0193 3080  RemoteAccess - ok
17:45:31.0224 3080  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:45:31.0287 3080  RemoteRegistry - ok
17:45:31.0365 3080  [ 498EB62A160674E793FA40FD65390625 ] RichVideo      C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
17:45:31.0380 3080  RichVideo - ok
17:45:31.0427 3080  [ CAF88D6573D21CD2AA27001DDBFDC74D ] RMCAST          C:\Windows\system32\DRIVERS\RMCAST.sys
17:45:31.0505 3080  RMCAST - ok
17:45:31.0536 3080  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
17:45:31.0567 3080  RpcEptMapper - ok
17:45:31.0583 3080  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
17:45:31.0614 3080  RpcLocator - ok
17:45:31.0677 3080  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs          C:\Windows\system32\rpcss.dll
17:45:31.0723 3080  RpcSs - ok
17:45:31.0770 3080  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:45:31.0848 3080  rspndr - ok
17:45:31.0879 3080  [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167        C:\Windows\system32\DRIVERS\Rt64win7.sys
17:45:31.0926 3080  RTL8167 - ok
17:45:31.0942 3080  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs          C:\Windows\system32\lsass.exe
17:45:31.0957 3080  SamSs - ok
17:45:32.0004 3080  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
17:45:32.0004 3080  sbp2port - ok
17:45:32.0035 3080  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:45:32.0098 3080  SCardSvr - ok
17:45:32.0129 3080  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
17:45:32.0207 3080  scfilter - ok
17:45:32.0269 3080  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
17:45:32.0379 3080  Schedule - ok
17:45:32.0410 3080  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc    C:\Windows\System32\certprop.dll
17:45:32.0441 3080  SCPolicySvc - ok
17:45:32.0488 3080  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus          C:\Windows\system32\drivers\sdbus.sys
17:45:32.0535 3080  sdbus - ok
17:45:32.0566 3080  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:45:32.0644 3080  SDRSVC - ok
17:45:32.0675 3080  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
17:45:32.0722 3080  secdrv - ok
17:45:32.0769 3080  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
17:45:32.0862 3080  seclogon - ok
17:45:32.0893 3080  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
17:45:32.0956 3080  SENS - ok
17:45:32.0987 3080  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
17:45:33.0003 3080  SensrSvc - ok
17:45:33.0034 3080  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum        C:\Windows\system32\DRIVERS\serenum.sys
17:45:33.0034 3080  Serenum - ok
17:45:33.0065 3080  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
17:45:33.0081 3080  Serial - ok
17:45:33.0096 3080  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
17:45:33.0112 3080  sermouse - ok
17:45:33.0159 3080  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
17:45:33.0205 3080  SessionEnv - ok
17:45:33.0252 3080  [ A554811BCD09279536440C964AE35BBF ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
17:45:33.0315 3080  sffdisk - ok
17:45:33.0330 3080  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
17:45:33.0377 3080  sffp_mmc - ok
17:45:33.0393 3080  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
17:45:33.0439 3080  sffp_sd - ok
17:45:33.0471 3080  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy        C:\Windows\system32\DRIVERS\sfloppy.sys
17:45:33.0502 3080  sfloppy - ok
17:45:33.0549 3080  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
17:45:33.0627 3080  SharedAccess - ok
17:45:33.0673 3080  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:45:33.0751 3080  ShellHWDetection - ok
17:45:33.0783 3080  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:45:33.0783 3080  SiSRaid2 - ok
17:45:33.0814 3080  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
17:45:33.0829 3080  SiSRaid4 - ok
17:45:33.0892 3080  [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate    C:\Program Files (x86)\Skype\Updater\Updater.exe
17:45:33.0907 3080  SkypeUpdate - ok
17:45:33.0939 3080  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
17:45:34.0048 3080  Smb - ok
17:45:34.0110 3080  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:45:34.0141 3080  SNMPTRAP - ok
17:45:34.0173 3080  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr          C:\Windows\system32\drivers\spldr.sys
17:45:34.0188 3080  spldr - ok
17:45:34.0235 3080  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler        C:\Windows\System32\spoolsv.exe
17:45:34.0251 3080  Spooler - ok
17:45:34.0360 3080  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
17:45:34.0531 3080  sppsvc - ok
17:45:34.0563 3080  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify    C:\Windows\system32\sppuinotify.dll
17:45:34.0641 3080  sppuinotify - ok
17:45:34.0672 3080  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv            C:\Windows\system32\DRIVERS\srv.sys
17:45:34.0734 3080  srv - ok
17:45:34.0765 3080  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:45:34.0797 3080  srv2 - ok
17:45:34.0843 3080  [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA      C:\Windows\system32\DRIVERS\VSTAZL6.SYS
17:45:34.0890 3080  SrvHsfHDA - ok
17:45:34.0953 3080  [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92      C:\Windows\system32\DRIVERS\VSTDPV6.SYS
17:45:34.0999 3080  SrvHsfV92 - ok
17:45:35.0031 3080  [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac    C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
17:45:35.0062 3080  SrvHsfWinac - ok
17:45:35.0077 3080  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:45:35.0124 3080  srvnet - ok
17:45:35.0171 3080  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
17:45:35.0218 3080  SSDPSRV - ok
17:45:35.0233 3080  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc        C:\Windows\system32\sstpsvc.dll
17:45:35.0280 3080  SstpSvc - ok
17:45:35.0311 3080  [ 74425FFA11C133D045E1C3BE2EAD481D ] ssudmdm        C:\Windows\system32\DRIVERS\ssudmdm.sys
17:45:35.0327 3080  ssudmdm - ok
17:45:35.0452 3080  [ 7595D53EE8E8B0BAA9A2DDDE867EBB0C ] STacSV          C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
17:45:35.0483 3080  STacSV - ok
17:45:35.0514 3080  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
17:45:35.0545 3080  stexstor - ok
17:45:35.0592 3080  [ DFFBC024DFC7BB05B2129E05CBC7A201 ] STHDA          C:\Windows\system32\DRIVERS\stwrt64.sys
17:45:35.0639 3080  STHDA - ok
17:45:35.0686 3080  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
17:45:35.0733 3080  stisvc - ok
17:45:35.0764 3080  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
17:45:35.0795 3080  swenum - ok
17:45:35.0842 3080  [ E08E46FDD841B7184194011CA1955A0B ] swprv          C:\Windows\System32\swprv.dll
17:45:35.0889 3080  swprv - ok
17:45:35.0967 3080  [ AC3CC98B1BDB6540021D3FFB105AC2B9 ] SynTP          C:\Windows\system32\DRIVERS\SynTP.sys
17:45:35.0998 3080  SynTP - ok
17:45:36.0076 3080  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain        C:\Windows\system32\sysmain.dll
17:45:36.0169 3080  SysMain - ok
17:45:36.0201 3080  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:45:36.0216 3080  TabletInputService - ok
17:45:36.0263 3080  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv        C:\Windows\System32\tapisrv.dll
17:45:36.0325 3080  TapiSrv - ok
17:45:36.0372 3080  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS            C:\Windows\System32\tbssvc.dll
17:45:36.0419 3080  TBS - ok
17:45:36.0513 3080  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
17:45:36.0622 3080  Tcpip - ok
17:45:36.0669 3080  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
17:45:36.0715 3080  TCPIP6 - ok
17:45:36.0762 3080  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:45:36.0856 3080  tcpipreg - ok
17:45:36.0887 3080  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:45:36.0949 3080  TDPIPE - ok
17:45:36.0981 3080  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
17:45:37.0027 3080  TDTCP - ok
17:45:37.0059 3080  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
17:45:37.0105 3080  tdx - ok
17:45:37.0293 3080  [ 2BBB318EA9F34FDC508CEA4AAB98D770 ] TeamViewer7    C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
17:45:37.0402 3080  TeamViewer7 - ok
17:45:37.0449 3080  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
17:45:37.0480 3080  TermDD - ok
17:45:37.0527 3080  [ 2E648163254233755035B46DD7B89123 ] TermService    C:\Windows\System32\termsrv.dll
17:45:37.0589 3080  TermService - ok
17:45:37.0620 3080  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
17:45:37.0667 3080  Themes - ok
17:45:37.0714 3080  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER    C:\Windows\system32\mmcss.dll
17:45:37.0745 3080  THREADORDER - ok
17:45:37.0761 3080  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
17:45:37.0792 3080  TrkWks - ok
17:45:37.0854 3080  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:45:37.0917 3080  TrustedInstaller - ok
17:45:37.0963 3080  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:45:37.0995 3080  tssecsrv - ok
17:45:38.0041 3080  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
17:45:38.0073 3080  TsUsbFlt - ok
17:45:38.0135 3080  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:45:38.0197 3080  tunnel - ok
17:45:38.0213 3080  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
17:45:38.0229 3080  uagp35 - ok
17:45:38.0275 3080  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:45:38.0322 3080  udfs - ok
17:45:38.0353 3080  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
17:45:38.0369 3080  UI0Detect - ok
17:45:38.0400 3080  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
17:45:38.0431 3080  uliagpkx - ok
17:45:38.0463 3080  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus          C:\Windows\system32\drivers\umbus.sys
17:45:38.0509 3080  umbus - ok
17:45:38.0541 3080  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
17:45:38.0572 3080  UmPass - ok
17:45:38.0603 3080  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
17:45:38.0681 3080  upnphost - ok
17:45:38.0697 3080  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
17:45:38.0743 3080  usbccgp - ok
17:45:38.0806 3080  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
17:45:38.0837 3080  usbcir - ok
17:45:38.0853 3080  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci        C:\Windows\system32\DRIVERS\usbehci.sys
17:45:38.0884 3080  usbehci - ok
17:45:38.0915 3080  [ 44D9C773FEBFF10593B50DDFC2D6BC27 ] usbfilter      C:\Windows\system32\DRIVERS\usbfilter.sys
17:45:38.0931 3080  usbfilter - ok
17:45:38.0977 3080  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
17:45:39.0024 3080  usbhub - ok
17:45:39.0055 3080  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci        C:\Windows\system32\DRIVERS\usbohci.sys
17:45:39.0087 3080  usbohci - ok
17:45:39.0118 3080  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
17:45:39.0149 3080  usbprint - ok
17:45:39.0196 3080  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan        C:\Windows\system32\DRIVERS\usbscan.sys
17:45:39.0227 3080  usbscan - ok
17:45:39.0258 3080  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:45:39.0305 3080  USBSTOR - ok
17:45:39.0352 3080  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci        C:\Windows\system32\drivers\usbuhci.sys
17:45:39.0383 3080  usbuhci - ok
17:45:39.0430 3080  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
17:45:39.0445 3080  usbvideo - ok
17:45:39.0461 3080  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms          C:\Windows\System32\uxsms.dll
17:45:39.0508 3080  UxSms - ok
17:45:39.0539 3080  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
17:45:39.0539 3080  VaultSvc - ok
17:45:39.0601 3080  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
17:45:39.0601 3080  vdrvroot - ok
17:45:39.0664 3080  [ 8D6B481601D01A456E75C3210F1830BE ] vds            C:\Windows\System32\vds.exe
17:45:39.0757 3080  vds - ok
17:45:39.0804 3080  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
17:45:39.0820 3080  vga - ok
17:45:39.0835 3080  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave        C:\Windows\System32\drivers\vga.sys
17:45:39.0882 3080  VgaSave - ok
17:45:39.0913 3080  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp          C:\Windows\system32\drivers\vhdmp.sys
17:45:39.0929 3080  vhdmp - ok
17:45:39.0960 3080  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
17:45:39.0976 3080  viaide - ok
17:45:39.0991 3080  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
17:45:40.0007 3080  volmgr - ok
17:45:40.0054 3080  [ A255814907C89BE58B79EF2F189B843B ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
17:45:40.0069 3080  volmgrx - ok
17:45:40.0085 3080  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap        C:\Windows\system32\drivers\volsnap.sys
17:45:40.0116 3080  volsnap - ok
17:45:40.0147 3080  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid        C:\Windows\system32\DRIVERS\vsmraid.sys
17:45:40.0179 3080  vsmraid - ok
17:45:40.0241 3080  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS            C:\Windows\system32\vssvc.exe
17:45:40.0350 3080  VSS - ok
17:45:40.0381 3080  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
17:45:40.0428 3080  vwifibus - ok
17:45:40.0459 3080  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
17:45:40.0491 3080  vwififlt - ok
17:45:40.0506 3080  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time        C:\Windows\system32\w32time.dll
17:45:40.0553 3080  W32Time - ok
17:45:40.0647 3080  [ B32009DB1972E7F2C227499289C4384A ] W3SVC          C:\Windows\system32\inetsrv\iisw3adm.dll
17:45:40.0709 3080  W3SVC - ok
17:45:40.0740 3080  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
17:45:40.0787 3080  WacomPen - ok
17:45:40.0849 3080  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
17:45:40.0927 3080  WANARP - ok
17:45:40.0943 3080  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:45:40.0974 3080  Wanarpv6 - ok
17:45:41.0005 3080  [ B32009DB1972E7F2C227499289C4384A ] WAS            C:\Windows\system32\inetsrv\iisw3adm.dll
17:45:41.0021 3080  WAS - ok
17:45:41.0099 3080  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
17:45:41.0177 3080  wbengine - ok
17:45:41.0193 3080  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
17:45:41.0239 3080  WbioSrvc - ok
17:45:41.0271 3080  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc        C:\Windows\System32\wcncsvc.dll
17:45:41.0286 3080  wcncsvc - ok
17:45:41.0317 3080  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:45:41.0333 3080  WcsPlugInService - ok
17:45:41.0364 3080  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
17:45:41.0364 3080  Wd - ok
17:45:41.0395 3080  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:45:41.0427 3080  Wdf01000 - ok
17:45:41.0442 3080  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:45:41.0551 3080  WdiServiceHost - ok
17:45:41.0567 3080  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost  C:\Windows\system32\wdi.dll
17:45:41.0583 3080  WdiSystemHost - ok
17:45:41.0629 3080  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient      C:\Windows\System32\webclnt.dll
17:45:41.0676 3080  WebClient - ok
17:45:41.0723 3080  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:45:41.0817 3080  Wecsvc - ok
17:45:41.0832 3080  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
17:45:41.0879 3080  wercplsupport - ok
17:45:41.0910 3080  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
17:45:41.0941 3080  WerSvc - ok
17:45:41.0973 3080  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
17:45:42.0004 3080  WfpLwf - ok
17:45:42.0019 3080  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
17:45:42.0035 3080  WIMMount - ok
17:45:42.0051 3080  WinDefend - ok
17:45:42.0066 3080  WinHttpAutoProxySvc - ok
17:45:42.0129 3080  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
17:45:42.0222 3080  Winmgmt - ok
17:45:42.0300 3080  [ BCB1310604AA415C4508708975B3931E ] WinRM          C:\Windows\system32\WsmSvc.dll
17:45:42.0394 3080  WinRM - ok
17:45:42.0472 3080  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
17:45:42.0519 3080  WinUsb - ok
17:45:42.0550 3080  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc        C:\Windows\System32\wlansvc.dll
17:45:42.0612 3080  Wlansvc - ok
17:45:42.0659 3080  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi        C:\Windows\system32\drivers\wmiacpi.sys
17:45:42.0690 3080  WmiAcpi - ok
17:45:42.0737 3080  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:45:42.0768 3080  wmiApSrv - ok
17:45:42.0815 3080  WMPNetworkSvc - ok
17:45:42.0846 3080  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
17:45:42.0862 3080  WPCSvc - ok
17:45:42.0909 3080  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:45:42.0940 3080  WPDBusEnum - ok
17:45:42.0987 3080  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
17:45:43.0065 3080  ws2ifsl - ok
17:45:43.0080 3080  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
17:45:43.0111 3080  wscsvc - ok
17:45:43.0127 3080  WSearch - ok
17:45:43.0221 3080  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
17:45:43.0330 3080  wuauserv - ok
17:45:43.0361 3080  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
17:45:43.0439 3080  WudfPf - ok
17:45:43.0501 3080  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
17:45:43.0548 3080  WUDFRd - ok
17:45:43.0579 3080  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
17:45:43.0611 3080  wudfsvc - ok
17:45:43.0642 3080  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc        C:\Windows\System32\wwansvc.dll
17:45:43.0720 3080  WwanSvc - ok
17:45:43.0782 3080  [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7        C:\Windows\system32\DRIVERS\yk62x64.sys
17:45:43.0845 3080  yukonw7 - ok
17:45:43.0860 3080  ================ Scan global ===============================
17:45:43.0876 3080  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:45:43.0907 3080  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
17:45:43.0923 3080  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
17:45:43.0954 3080  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:45:43.0969 3080  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:45:43.0969 3080  [Global] - ok
17:45:43.0985 3080  ================ Scan MBR ==================================
17:45:44.0001 3080  [ 0FAF825560A0C0AF1AA8A7E39F1CF86F ] \Device\Harddisk0\DR0
17:45:44.0422 3080  \Device\Harddisk0\DR0 - ok
17:45:44.0422 3080  ================ Scan VBR ==================================
17:45:44.0437 3080  [ 6B86431A5BBFE3F314FE0636F53E453F ] \Device\Harddisk0\DR0\Partition1
17:45:44.0437 3080  \Device\Harddisk0\DR0\Partition1 - ok
17:45:44.0469 3080  [ 82484B9EB9629406178E3F3CD149DD80 ] \Device\Harddisk0\DR0\Partition2
17:45:44.0469 3080  \Device\Harddisk0\DR0\Partition2 - ok
17:45:44.0515 3080  [ 2F4CD77CEB744BEC4A01C5D17A3C48C2 ] \Device\Harddisk0\DR0\Partition3
17:45:44.0515 3080  \Device\Harddisk0\DR0\Partition3 - ok
17:45:44.0531 3080  [ 3C529C79B509DC2C8BB89D319829E93A ] \Device\Harddisk0\DR0\Partition4
17:45:44.0531 3080  \Device\Harddisk0\DR0\Partition4 - ok
17:45:44.0531 3080  ============================================================
17:45:44.0531 3080  Scan finished
17:45:44.0531 3080  ============================================================
17:45:44.0547 5320  Detected object count: 3
17:45:44.0547 5320  Actual detected object count: 3
17:46:21.0609 5320  FirebirdGuardianDefaultInstance ( UnsignedFile.Multi.Generic ) - skipped by user
17:46:21.0609 5320  FirebirdGuardianDefaultInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:46:21.0609 5320  FirebirdServerDefaultInstance ( UnsignedFile.Multi.Generic ) - skipped by user
17:46:21.0609 5320  FirebirdServerDefaultInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:46:21.0609 5320  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
17:46:21.0609 5320  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip


cosinus 02.10.2012 19:46

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

BösesM 03.10.2012 21:26

Wie weit sind wir mit dem Problem? Ich versteh nicht wirklich was davon...ist der Virus weg und hat die Regestry viel abbekommen durchs manuelle löschen?

ComboFix-Log:

Combofix Logfile:
Code:

ComboFix 12-10-03.03 - Jasmin 03.10.2012  21:33:51.1.2 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.4092.2760 [GMT 2:00]
ausgeführt von:: c:\users\Jasmin\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jasmin\AppData\Local\Temp\fbe2808e-2380-4f14-a1fa-3fa9c3a364e8\CliSecureRT.dll
c:\windows\SysWow64\DEBUG.log
c:\windows\SysWow64\muzapp.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-09-03 bis 2012-10-03  ))))))))))))))))))))))))))))))
.
.
2012-10-03 19:49 . 2012-10-03 19:49        --------        d-----w-        c:\users\DefaultAppPool\AppData\Local\temp
2012-10-03 19:49 . 2012-10-03 19:49        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-10-02 16:00 . 2012-10-02 16:00        --------        d-----w-        c:\program files (x86)\Guard-ICQ
2012-10-02 16:00 . 2012-10-02 16:00        --------        d-----w-        c:\program files (x86)\ICQ7M
2012-10-02 15:55 . 2012-10-02 15:55        --------        d-----w-        c:\program files (x86)\ICQ6Toolbar
2012-10-02 15:29 . 2012-08-30 07:27        9308616        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{5C13C6F4-9C85-4C7E-BDEB-0AA83E6CF3E8}\mpengine.dll
2012-10-01 19:44 . 2012-10-01 19:44        --------        d-----w-        C:\_OTL
2012-09-26 21:47 . 2012-09-26 21:47        --------        d-----w-        c:\program files (x86)\Common Files\Java
2012-09-26 21:46 . 2012-09-26 21:46        --------        d-----w-        c:\program files (x86)\Java
2012-09-26 16:43 . 2012-08-21 21:01        245760        ----a-w-        c:\windows\system32\OxpsConverter.exe
2012-09-24 19:32 . 2012-09-24 19:32        --------        d-----w-        c:\program files (x86)\ESET
2012-09-18 19:44 . 2012-09-18 19:44        --------        d-----w-        c:\users\Jasmin\AppData\Local\ESET
2012-09-18 19:16 . 2012-09-18 19:16        --------        d-----w-        c:\program files (x86)\Mozilla Maintenance Service
2012-09-18 15:50 . 2012-09-18 15:53        --------        d-----w-        c:\users\Jasmin\AppData\Local\Google
2012-09-18 15:50 . 2012-09-18 15:50        --------        d-----w-        c:\users\Jasmin\AppData\Roaming\SUPERAntiSpyware.com
2012-09-18 15:50 . 2012-09-18 15:50        --------        d-----w-        c:\programdata\SUPERAntiSpyware.com
2012-09-17 23:24 . 2012-09-17 23:24        --------        d-----w-        c:\users\Jasmin\AppData\Roaming\Malwarebytes
2012-09-17 23:24 . 2012-09-17 23:24        --------        d-----w-        c:\programdata\Malwarebytes
2012-09-14 05:59 . 2012-09-18 17:33        --------        d-----w-        c:\programdata\Freemake
2012-09-14 05:58 . 2012-09-18 17:15        --------        d-----w-        c:\program files (x86)\Freemake
2012-09-14 04:58 . 2012-09-14 04:58        --------        d-----w-        c:\users\Jasmin\AppData\Roaming\WinParam
2012-09-14 04:58 . 2012-09-14 04:58        --------        d-----w-        c:\users\Jasmin\AppData\Roaming\KastorTubeToMp3
2012-09-14 04:51 . 2012-09-14 04:51        --------        d-----w-        c:\users\Jasmin\AppData\Local\Abelssoft
2012-09-12 03:18 . 2012-09-12 03:18        --------        d-----w-        c:\users\Jasmin\AppData\Roaming\FreeCDRipper
2012-09-12 01:18 . 2012-09-12 01:18        --------        d-----w-        c:\programdata\Battle.net
2012-09-11 21:05 . 2012-08-22 18:12        950128        ----a-w-        c:\windows\system32\drivers\ndis.sys
2012-09-11 21:05 . 2012-07-04 20:26        41472        ----a-w-        c:\windows\system32\drivers\RNDISMP.sys
2012-09-11 21:05 . 2012-08-02 17:58        574464        ----a-w-        c:\windows\system32\d3d10level9.dll
2012-09-11 21:05 . 2012-08-02 16:57        490496        ----a-w-        c:\windows\SysWow64\d3d10level9.dll
2012-09-11 21:05 . 2012-08-22 18:12        1913200        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-09-11 21:05 . 2012-08-22 18:12        376688        ----a-w-        c:\windows\system32\drivers\netio.sys
2012-09-11 21:05 . 2012-08-22 18:12        288624        ----a-w-        c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-06 20:15 . 2012-09-06 20:15        --------        d-----w-        c:\program files (x86)\Tools&More
2012-09-06 20:14 . 2012-09-06 20:14        --------        d-----w-        c:\windows\Downloaded Installations
2012-09-05 22:22 . 2012-09-05 22:25        --------        d-----w-        c:\users\Jasmin\AppData\Local\Paint.NET
2012-09-04 22:31 . 2012-07-31 10:42        203104        ----a-w-        c:\windows\system32\drivers\ssudmdm.sys
2012-09-04 22:31 . 2012-07-31 10:42        102240        ----a-w-        c:\windows\system32\drivers\ssudbus.sys
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-03 19:51 . 2010-08-20 17:22        4194304        ----a-w-        c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2012-09-26 21:46 . 2010-08-20 10:17        473072        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2012-09-12 01:00 . 2010-08-20 11:21        64462936        ----a-w-        c:\windows\system32\MRT.exe
2012-09-11 20:14 . 2012-04-03 16:50        696520        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-11 20:14 . 2011-05-14 16:11        73416        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-28 18:24 . 2012-04-27 16:08        477168        ----a-w-        c:\windows\SysWow64\npdeployJava1.dll
2012-07-18 18:15 . 2012-08-15 12:33        3148800        ----a-w-        c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]
"Facebook Update"="c:\users\Jasmin\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-08-31 964024]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-08-31 21432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-04 98304]
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2009-09-05 385024]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-07-11 74752]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-08-31 3524536]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Guard.Mail.ru.gui"="c:\program files (x86)\Guard-ICQ\GuardICQ.exe" [2012-10-02 1564368]
.
c:\users\Jasmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-8-20 0]
Facebook Messenger.lnk - c:\users\Jasmin\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe [2012-9-25 247728]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-11 250568]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-07-31 102240]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-06 114144]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-07-31 203104]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 27760]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-05 203264]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [2010-09-17 98304]
S2 Guard.Mail.ru;Guard.Mail.ru;c:\program files (x86)\Guard-ICQ\GuardICQ.exe [2012-10-02 1564368]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 2673064]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 70656]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [2010-09-17 3735552]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-03-09 36408]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs        REG_MULTI_SZ          w3svc was
apphost        REG_MULTI_SZ          apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 12:24        451872        ----a-w-        c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 20:14]
.
2012-09-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2757323760-757079131-3812645846-1000Core.job
- c:\users\Jasmin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-30 21:19]
.
2012-10-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2757323760-757079131-3812645846-1000UA.job
- c:\users\Jasmin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-30 21:19]
.
2012-09-30 c:\windows\Tasks\HPCeeScheduleForJasmin.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 03:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-08-25 610872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-14 171520]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424]
"MsmqIntCert"="mqrt.dll" [2010-11-20 247808]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 2184520]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~4\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files (x86)\ICQ7M\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Jasmin\AppData\Roaming\Mozilla\Firefox\Profiles\354o56dh.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.5.1&q=
pref('extensions.shownSelectionUI',true);
pref('extensions.autoDisableScopes',0);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2757323760-757079131-3812645846-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A19CF6D0-C5EC-6383-8179-84B0AA737609}*]
"hapnghmhoncpbkgf"=hex:6a,61,66,66,6e,6a,6b,6f,66,70,69,6a,65,69,62,6f,6b,63,
  6a,6e,00,00
"iaflihdmmnjfjccaaj"=hex:63,61,66,66,6e,6a,00,01
"iajoofkocefpgihiah"=hex:69,61,6b,65,6d,6c,6e,6e,6d,65,62,6d,65,66,6e,6f,63,68,
  00,76
"dbhfdikcecmippbipgplpekaggiebchbkejbjomk"=hex:68,61,6b,6c,6b,69,6c,68,6d,68,
  6e,6b,6a,69,62,66,00,00
"jbhfdikcecmippbipgplodllgdaeenhkmcjopdnoipjbjlmmagja"=hex:68,61,6b,6c,6b,69,
  6c,68,6d,68,6e,6b,6a,69,62,66,00,00
"dbhfdikcecmippbipgplaeppgedkhefoimeiilcm"=hex:62,62,70,70,66,6d,64,66,6c,62,
  6e,66,62,67,66,67,63,6f,66,61,6e,64,70,65,64,6c,6b,68,6a,70,70,61,70,6b,68,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\program files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-10-03  22:14:12 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-10-03 20:14
.
Vor Suchlauf: 11 Verzeichnis(se), 451.963.445.248 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 452.879.486.976 Bytes frei
.
- - End Of File - - 6AD218B2205025E36A345BF3CCB57B21

--- --- ---

cosinus 04.10.2012 09:12

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:

Folder::
c:\program files (x86)\ICQ6Toolbar

Firefox::
FF - ProfilePath - c:\users\Jasmin\AppData\Roaming\Mozilla\Firefox\Profiles\354o56dh.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: keyword.URL - http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.5.1&q=
pref('extensions.shownSelectionUI',true);
pref('extensions.autoDisableScopes',0);

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

BösesM 05.10.2012 05:19

Hier der Log:

Combofix Logfile:
Code:

ComboFix 12-10-04.02 - Jasmin 05.10.2012  5:28.2.2 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.4092.2362 [GMT 2:00]
ausgeführt von:: c:\users\Jasmin\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Jasmin\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\ICQ6Toolbar
c:\program files (x86)\ICQ6Toolbar\config.xml
c:\program files (x86)\ICQ6Toolbar\Icons.bmp
c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe
c:\program files (x86)\ICQ6Toolbar\icq6Toolbar.ico
c:\program files (x86)\ICQ6Toolbar\ICQToolBar.dll
c:\program files (x86)\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files (x86)\ICQ6Toolbar\logo_small.gif
c:\program files (x86)\ICQ6Toolbar\ServiceStarter.exe
c:\program files (x86)\ICQ6Toolbar\short.wav
c:\program files (x86)\ICQ6Toolbar\Version.txt
c:\program files (x86)\ICQ6Toolbar\voucher.bmp
c:\program files (x86)\ICQ6Toolbar\voucher2.bmp
c:\users\Jasmin\AppData\Local\Temp\fbe2808e-2380-4f14-a1fa-3fa9c3a364e8\CliSecureRT.dll
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-09-05 bis 2012-10-05  ))))))))))))))))))))))))))))))
.
.
2012-10-05 03:47 . 2012-10-05 03:47        --------        d-----w-        c:\users\DefaultAppPool\AppData\Local\temp
2012-10-05 03:47 . 2012-10-05 03:47        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-10-02 16:00 . 2012-10-02 16:00        --------        d-----w-        c:\program files (x86)\Guard-ICQ
2012-10-02 16:00 . 2012-10-02 16:00        --------        d-----w-        c:\program files (x86)\ICQ7M
2012-10-02 15:29 . 2012-08-30 07:27        9308616        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{5C13C6F4-9C85-4C7E-BDEB-0AA83E6CF3E8}\mpengine.dll
2012-10-01 19:44 . 2012-10-01 19:44        --------        d-----w-        C:\_OTL
2012-09-26 21:47 . 2012-09-26 21:47        --------        d-----w-        c:\program files (x86)\Common Files\Java
2012-09-26 21:46 . 2012-09-26 21:46        --------        d-----w-        c:\program files (x86)\Java
2012-09-26 16:43 . 2012-08-21 21:01        245760        ----a-w-        c:\windows\system32\OxpsConverter.exe
2012-09-24 19:32 . 2012-09-24 19:32        --------        d-----w-        c:\program files (x86)\ESET
2012-09-18 19:44 . 2012-09-18 19:44        --------        d-----w-        c:\users\Jasmin\AppData\Local\ESET
2012-09-18 19:16 . 2012-09-18 19:16        --------        d-----w-        c:\program files (x86)\Mozilla Maintenance Service
2012-09-18 15:50 . 2012-09-18 15:53        --------        d-----w-        c:\users\Jasmin\AppData\Local\Google
2012-09-18 15:50 . 2012-09-18 15:50        --------        d-----w-        c:\users\Jasmin\AppData\Roaming\SUPERAntiSpyware.com
2012-09-18 15:50 . 2012-09-18 15:50        --------        d-----w-        c:\programdata\SUPERAntiSpyware.com
2012-09-17 23:24 . 2012-09-17 23:24        --------        d-----w-        c:\users\Jasmin\AppData\Roaming\Malwarebytes
2012-09-17 23:24 . 2012-09-17 23:24        --------        d-----w-        c:\programdata\Malwarebytes
2012-09-14 05:59 . 2012-09-18 17:33        --------        d-----w-        c:\programdata\Freemake
2012-09-14 05:58 . 2012-09-18 17:15        --------        d-----w-        c:\program files (x86)\Freemake
2012-09-14 04:58 . 2012-09-14 04:58        --------        d-----w-        c:\users\Jasmin\AppData\Roaming\WinParam
2012-09-14 04:58 . 2012-09-14 04:58        --------        d-----w-        c:\users\Jasmin\AppData\Roaming\KastorTubeToMp3
2012-09-14 04:51 . 2012-09-14 04:51        --------        d-----w-        c:\users\Jasmin\AppData\Local\Abelssoft
2012-09-12 03:18 . 2012-09-12 03:18        --------        d-----w-        c:\users\Jasmin\AppData\Roaming\FreeCDRipper
2012-09-12 01:18 . 2012-09-12 01:18        --------        d-----w-        c:\programdata\Battle.net
2012-09-11 21:05 . 2012-08-22 18:12        950128        ----a-w-        c:\windows\system32\drivers\ndis.sys
2012-09-11 21:05 . 2012-07-04 20:26        41472        ----a-w-        c:\windows\system32\drivers\RNDISMP.sys
2012-09-11 21:05 . 2012-08-02 17:58        574464        ----a-w-        c:\windows\system32\d3d10level9.dll
2012-09-11 21:05 . 2012-08-02 16:57        490496        ----a-w-        c:\windows\SysWow64\d3d10level9.dll
2012-09-11 21:05 . 2012-08-22 18:12        1913200        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-09-11 21:05 . 2012-08-22 18:12        376688        ----a-w-        c:\windows\system32\drivers\netio.sys
2012-09-11 21:05 . 2012-08-22 18:12        288624        ----a-w-        c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-06 20:15 . 2012-09-06 20:15        --------        d-----w-        c:\program files (x86)\Tools&More
2012-09-06 20:14 . 2012-09-06 20:14        --------        d-----w-        c:\windows\Downloaded Installations
2012-09-05 22:22 . 2012-09-05 22:25        --------        d-----w-        c:\users\Jasmin\AppData\Local\Paint.NET
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-05 03:50 . 2010-08-20 17:22        4194304        ----a-w-        c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2012-09-26 21:46 . 2010-08-20 10:17        473072        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2012-09-12 01:00 . 2010-08-20 11:21        64462936        ----a-w-        c:\windows\system32\MRT.exe
2012-09-11 20:14 . 2012-04-03 16:50        696520        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-11 20:14 . 2011-05-14 16:11        73416        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-28 18:24 . 2012-04-27 16:08        477168        ----a-w-        c:\windows\SysWow64\npdeployJava1.dll
2012-07-31 10:42 . 2012-09-04 22:31        203104        ----a-w-        c:\windows\system32\drivers\ssudmdm.sys
2012-07-31 10:42 . 2012-09-04 22:31        102240        ----a-w-        c:\windows\system32\drivers\ssudbus.sys
2012-07-18 18:15 . 2012-08-15 12:33        3148800        ----a-w-        c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]
"Facebook Update"="c:\users\Jasmin\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-08-31 964024]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-08-31 21432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-04 98304]
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2009-09-05 385024]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-07-11 74752]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-08-31 3524536]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Guard.Mail.ru.gui"="c:\program files (x86)\Guard-ICQ\GuardICQ.exe" [2012-10-02 1564368]
.
c:\users\Jasmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-8-20 0]
Facebook Messenger.lnk - c:\users\Jasmin\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe [2012-9-25 247728]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-11 250568]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-07-31 102240]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-06 114144]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-07-31 203104]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 27760]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-05 203264]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [2010-09-17 98304]
S2 Guard.Mail.ru;Guard.Mail.ru;c:\program files (x86)\Guard-ICQ\GuardICQ.exe [2012-10-02 1564368]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 2673064]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 70656]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [2010-09-17 3735552]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-03-09 36408]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs        REG_MULTI_SZ          w3svc was
apphost        REG_MULTI_SZ          apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 12:24        451872        ----a-w-        c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 20:14]
.
2012-10-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2757323760-757079131-3812645846-1000Core.job
- c:\users\Jasmin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-30 21:19]
.
2012-10-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2757323760-757079131-3812645846-1000UA.job
- c:\users\Jasmin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-30 21:19]
.
2012-09-30 c:\windows\Tasks\HPCeeScheduleForJasmin.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 03:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-08-25 610872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-14 171520]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424]
"MsmqIntCert"="mqrt.dll" [2010-11-20 247808]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 2184520]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~4\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files (x86)\ICQ7M\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Jasmin\AppData\Roaming\Mozilla\Firefox\Profiles\354o56dh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
pref('extensions.shownSelectionUI',true);
pref('extensions.autoDisableScopes',0);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2757323760-757079131-3812645846-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A19CF6D0-C5EC-6383-8179-84B0AA737609}*]
"hapnghmhoncpbkgf"=hex:6a,61,66,66,6e,6a,6b,6f,66,70,69,6a,65,69,62,6f,6b,63,
  6a,6e,00,00
"iaflihdmmnjfjccaaj"=hex:63,61,66,66,6e,6a,00,01
"iajoofkocefpgihiah"=hex:69,61,6b,65,6d,6c,6e,6e,6d,65,62,6d,65,66,6e,6f,63,68,
  00,76
"dbhfdikcecmippbipgplpekaggiebchbkejbjomk"=hex:68,61,6b,6c,6b,69,6c,68,6d,68,
  6e,6b,6a,69,62,66,00,00
"jbhfdikcecmippbipgplodllgdaeenhkmcjopdnoipjbjlmmagja"=hex:68,61,6b,6c,6b,69,
  6c,68,6d,68,6e,6b,6a,69,62,66,00,00
"dbhfdikcecmippbipgplaeppgedkhefoimeiilcm"=hex:62,62,70,70,66,6d,64,66,6c,62,
  6e,66,62,67,66,67,63,6f,66,61,6e,64,70,65,64,6c,6b,68,6a,70,70,61,70,6b,68,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-10-05  06:12:43 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-10-05 04:12
ComboFix2.txt  2012-10-03 20:14
.
Vor Suchlauf: 17 Verzeichnis(se), 452.460.789.760 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 453.109.837.824 Bytes frei
.
- - End Of File - - 4ABB03DD89CD1A3F6A11D08AB49ED14B

--- --- ---

cosinus 05.10.2012 13:28

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

BösesM 06.10.2012 02:02

Ich hoffe das alles so geklappt hat. Gmer und Osam sind bisschen anders verlaufen als in der Beschreibung der Links

Der Gmer-Log:
GMER Logfile:
Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-10-06 01:58:29
Windows 6.1.7601 Service Pack 1
Running: 5ivszzpf.exe


---- Registry - GMER 1.0.15 ----

Reg  HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A19CF6D0-C5EC-6383-8179-84B0AA737609}                                                                                                                                                                                                                   
Reg  HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A19CF6D0-C5EC-6383-8179-84B0AA737609}@hapnghmhoncpbkgf                                                                                                                                                                                                    0x6A 0x61 0x66 0x66 ...
Reg  HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A19CF6D0-C5EC-6383-8179-84B0AA737609}@iaflihdmmnjfjccaaj                                                                                                                                                                                                  0x63 0x61 0x66 0x66 ...
Reg  HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A19CF6D0-C5EC-6383-8179-84B0AA737609}@iajoofkocefpgihiah                                                                                                                                                                                                  0x69 0x61 0x6B 0x65 ...
Reg  HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A19CF6D0-C5EC-6383-8179-84B0AA737609}@dbhfdikcecmippbipgplpekaggiebchbkejbjomk                                                                                                                                                                            0x68 0x61 0x6B 0x6C ...
Reg  HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A19CF6D0-C5EC-6383-8179-84B0AA737609}@jbhfdikcecmippbipgplodllgdaeenhkmcjopdnoipjbjlmmagja                                                                                                                                                                0x68 0x61 0x6B 0x6C ...
Reg  HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A19CF6D0-C5EC-6383-8179-84B0AA737609}@dbhfdikcecmippbipgplaeppgedkhefoimeiilcm                                                                                                                                                                            0x62 0x62 0x70 0x70 ...

---- Files - GMER 1.0.15 ----

File  C:\Users\Jasmin\Music\My Mucke\Deutschrock, Oi Punk, Ska etc\Deutschrock; Streetcore, Rock´n´Roll, (Trash-) Metal, Hardcore\Böhse Onkelz\Böhse Onkelz - Vaya Con Tioz - Lausitzring 15.06.2005 - 18.06.2005\01_Vaya Con Tioz - Lausitzring 15.06.05-18.06.05, Part 1 1980-1992\08 Mexico Böhse Onkelz.mp3                          8241256 bytes
File  C:\Users\Jasmin\Music\My Mucke\Deutschrock, Oi Punk, Ska etc\Deutschrock; Streetcore, Rock´n´Roll, (Trash-) Metal, Hardcore\Böhse Onkelz\Böhse Onkelz - Vaya Con Tioz - Lausitzring 15.06.2005 - 18.06.2005\01_Vaya Con Tioz - Lausitzring 15.06.05-18.06.05, Part 1 1980-1992\01 Ich lieb Mich Böhse Onkelz.mp3                    6604264 bytes
File  C:\Users\Jasmin\Music\My Mucke\Deutschrock, Oi Punk, Ska etc\Deutschrock; Streetcore, Rock´n´Roll, (Trash-) Metal, Hardcore\Böhse Onkelz\Böhse Onkelz - Vaya Con Tioz - Lausitzring 15.06.2005 - 18.06.2005\01_Vaya Con Tioz - Lausitzring 15.06.05-18.06.05, Part 1 1980-1992\02 Nur die Besten sterben jung Böhse Onkelz.mp3      10333432 bytes
File  C:\Users\Jasmin\Music\My Mucke\Deutschrock, Oi Punk, Ska etc\Deutschrock; Streetcore, Rock´n´Roll, (Trash-) Metal, Hardcore\Böhse Onkelz\Böhse Onkelz - Vaya Con Tioz - Lausitzring 15.06.2005 - 18.06.2005\01_Vaya Con Tioz - Lausitzring 15.06.05-18.06.05, Part 1 1980-1992\03 Keine ist wie Du Böhse Onkelz.mp3                12979972 bytes
File  C:\Users\Jasmin\Music\My Mucke\Deutschrock, Oi Punk, Ska etc\Deutschrock; Streetcore, Rock´n´Roll, (Trash-) Metal, Hardcore\Böhse Onkelz\Böhse Onkelz - Vaya Con Tioz - Lausitzring 15.06.2005 - 18.06.2005\01_Vaya Con Tioz - Lausitzring 15.06.05-18.06.05, Part 1 1980-1992\04 Wieder mal`nen Tag verschenkt Böhse Onkelz.mp3    10360576 bytes
File  C:\Users\Jasmin\Music\My Mucke\Deutschrock, Oi Punk, Ska etc\Deutschrock; Streetcore, Rock´n´Roll, (Trash-) Metal, Hardcore\Böhse Onkelz\Böhse Onkelz - Vaya Con Tioz - Lausitzring 15.06.2005 - 18.06.2005\01_Vaya Con Tioz - Lausitzring 15.06.05-18.06.05, Part 1 1980-1992\05 Heilige Lieder Böhse Onkelz.mp3                  11847232 bytes
File  C:\Users\Jasmin\Music\My Mucke\Deutschrock, Oi Punk, Ska etc\Deutschrock; Streetcore, Rock´n´Roll, (Trash-) Metal, Hardcore\Böhse Onkelz\Böhse Onkelz - Vaya Con Tioz - Lausitzring 15.06.2005 - 18.06.2005\01_Vaya Con Tioz - Lausitzring 15.06.05-18.06.05, Part 1 1980-1992\06 Wir ham noch lange nicht genug Böhse Onkelz.mp3  9766540 bytes
File  C:\Users\Jasmin\Music\My Mucke\Deutschrock, Oi Punk, Ska etc\Deutschrock; Streetcore, Rock´n´Roll, (Trash-) Metal, Hardcore\Böhse Onkelz\Böhse Onkelz - Vaya Con Tioz - Lausitzring 15.06.2005 - 18.06.2005\01_Vaya Con Tioz - Lausitzring 15.06.05-18.06.05, Part 1 1980-1992\07 Stunde des Siegers Böhse Onkelz.mp3              12629188 bytes
File  C:\Users\Jasmin\Music\My Mucke\Deutschrock, Oi Punk, Ska etc\Deutschrock; Streetcore, Rock´n´Roll, (Trash-) Metal, Hardcore\Böhse Onkelz\Böhse Onkelz - Vaya Con Tioz - Lausitzring 15.06.2005 - 18.06.2005\01_Vaya Con Tioz - Lausitzring 15.06.05-18.06.05, Part 1 1980-1992\09 Der Fuckin´ Metal Mann Böhse Onkelz.mp3          11953720 bytes
File  C:\Users\Jasmin\Music\My Mucke\Deutschrock, Oi Punk, Ska etc\Deutschrock; Streetcore, Rock´n´Roll, (Trash-) Metal, Hardcore\Böhse Onkelz\Böhse Onkelz - Vaya Con Tioz - Lausitzring 15.06.2005 - 18.06.2005\01_Vaya Con Tioz - Lausitzring 15.06.05-18.06.05, Part 1 1980-1992\10 Erinnerung Böhse Onkelz.mp3                      14068864 bytes
File  C:\Users\Jasmin\Music\My Mucke\Deutschrock, Oi Punk, Ska etc\Deutschrock; Streetcore, Rock´n´Roll, (Trash-) Metal, Hardcore\Böhse Onkelz\Böhse Onkelz - Vaya Con Tioz - Lausitzring 15.06.2005 - 18.06.2005\01_Vaya Con Tioz - Lausitzring 15.06.05-18.06.05, Part 1 1980-1992\11 Das erste Blut Böhse Onkelz.mp3                  11763712 bytes
File  C:\Users\Jasmin\Music\My Mucke\Deutschrock, Oi Punk, Ska etc\Deutschrock; Streetcore, Rock´n´Roll, (Trash-) Metal, Hardcore\Böhse Onkelz\Böhse Onkelz - Vaya Con Tioz - Lausitzring 15.06.2005 - 18.06.2005\01_Vaya Con Tioz - Lausitzring 15.06.05-18.06.05, Part 1 1980-1992\12 Es ist soweit Böhse Onkelz.mp3                    7465564 bytes
File  C:\Users\Jasmin\Music\My Mucke\Deutschrock, Oi Punk, Ska etc\Deutschrock; Streetcore, Rock´n´Roll, (Trash-) Metal, Hardcore\Böhse Onkelz\Böhse Onkelz - Vaya Con Tioz - Lausitzring 15.06.2005 - 18.06.2005\01_Vaya Con Tioz - Lausitzring 15.06.05-18.06.05, Part 1 1980-1992\13 Eine dieser Nächte Böhse Onkelz.mp3              11626948 bytes
File  C:\Users\Jasmin\Music\My Mucke\Deutschrock, Oi Punk, Ska etc\Deutschrock; Streetcore, Rock´n´Roll, (Trash-) Metal, Hardcore\Böhse Onkelz\Böhse Onkelz - Vaya Con Tioz - Lausitzring 15.06.2005 - 18.06.2005\01_Vaya Con Tioz - Lausitzring 15.06.05-18.06.05, Part 1 1980-1992\14 Lügenmarsch Böhse Onkelz.mp3                      10054684 bytes
File  C:\Users\Jasmin\Music\My Mucke\Deutschrock, Oi Punk, Ska etc\Deutschrock; Streetcore, Rock´n´Roll, (Trash-) Metal, Hardcore\Böhse Onkelz\Böhse Onkelz - Vaya Con Tioz - Lausitzring 15.06.2005 - 18.06.2005\01_Vaya Con Tioz - Lausitzring 15.06.05-18.06.05, Part 1 1980-1992\15 Könge für einen Tag Böhse Onkelz.mp3              10847080 bytes
File  C:\Users\Jasmin\Music\My Mucke\Deutschrock, Oi Punk, Ska etc\Deutschrock; Streetcore, Rock´n´Roll, (Trash-) Metal, Hardcore\Böhse Onkelz\Böhse Onkelz - Vaya Con Tioz - Lausitzring 15.06.2005 - 18.06.2005\01_Vaya Con Tioz - Lausitzring 15.06.05-18.06.05, Part 1 1980-1992\16 Mädchen Böhse Onkelz2.mp3                        2190996 bytes
File  C:\Users\Jasmin\Music\My Mucke\Deutschrock, Oi Punk, Ska etc\Deutschrock; Streetcore, Rock´n´Roll, (Trash-) Metal, Hardcore\Böhse Onkelz\Böhse Onkelz - Vaya Con Tioz - Lausitzring 15.06.2005 - 18.06.2005\01_Vaya Con Tioz - Lausitzring 15.06.05-18.06.05, Part 1 1980-1992\17 Keiner wusste wie´s geschah.mp3                  7738048 bytes
File  C:\Users\Jasmin\Music\My Mucke\Deutschrock, Oi Punk, Ska etc\Deutschrock; Streetcore, Rock´n´Roll, (Trash-) Metal, Hardcore\Böhse Onkelz\Böhse Onkelz - Vaya Con Tioz - Lausitzring 15.06.2005 - 18.06.2005\01_Vaya Con Tioz - Lausitzring 15.06.05-18.06.05, Part 1 1980-1992\18 Nenn mich Gott.mp3                                7823656 bytes
File  C:\Users\Jasmin\Music\My Mucke\Deutschrock, Oi Punk, Ska etc\Deutschrock; Streetcore, Rock´n´Roll, (Trash-) Metal, Hardcore\Böhse Onkelz\Böhse Onkelz - Vaya Con Tioz - Lausitzring 15.06.2005 - 18.06.2005\01_Vaya Con Tioz - Lausitzring 15.06.05-18.06.05, Part 1 1980-1992\19 Hässlich brutal und gewahltätig Böhse Onkelz.mp3  8473024 bytes

---- EOF - GMER 1.0.15 ----

--- --- ---



Hier der Osam-Log:
Ich konnte den Online-Scan nicht überspringen und nur 2 mal "next" klicken. Danach kam schon das "finish"-Fenster und danach hab ich den Log gespeichert. Oder sollte ich da sonst noch was machen?
OSAM Logfile:
Code:

Report of OSAM: Autorun Manager v5.0.11926.0
Online Solutions. Complex Protection for Information Systems
Saved at 02:07:43 on 06.10.2012

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit
Default Browser: Mozilla Corporation Firefox 15.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"HPCeeScheduleForJasmin.job" - "Hewlett-Packard" - C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
"FacebookUpdateTaskUserS-1-5-21-2757323760-757079131-3812645846-1000Core.job" - "Facebook Inc." - C:\Users\Jasmin\AppData\Local\Facebook\Update\FacebookUpdate.exe
"FacebookUpdateTaskUserS-1-5-21-2757323760-757079131-3812645846-1000UA.job" - "Facebook Inc." - C:\Users\Jasmin\AppData\Local\Facebook\Update\FacebookUpdate.exe
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"HP 3D DriveGuard" - ? - C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\hpaccelerometercp.CPL  (File not found)
"Nero BurnRights" - "Nero AG" - C:\Program Files (x86)\Nero\Nero 9\Nero BurnRights\NeroBurnRights_cpl.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{C9E60ED7-FEAE-477b-B6A6-7D62103A0C6B} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files (x86)\Common Files\Nero\SMC\NeroDigitalExt.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office10\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files (x86)\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll
{C9E60ED7-FEAE-477b-B6A6-7D62103A0C6B} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files (x86)\Common Files\Nero\SMC\NeroDigitalExt.dll
{1CA6BBC9-E9FA-4021-822B-075DF1837B63} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Program Files (x86)\Common Files\Nero\SMC\NeroDigitalExt.dll
{4FBFFA8D-F390-471a-AE46-FEB93623AD63} "NeroDigitalInfoHandler Class" - "Nero AG" - C:\Program Files (x86)\Common Files\Nero\SMC\NeroDigitalExt.dll
{846083A4-BFC6-4447-985C-6578B466A7D7} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Program Files (x86)\Common Files\Nero\SMC\NeroDigitalExt.dll
{EDCC595A-F0EE-4d81-B554-D5D01C7AFB87} "NeroDigitalThumbnailHandler Class" - "Nero AG" - C:\Program Files (x86)\Common Files\Nero\SMC\NeroDigitalExt.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office10\OLKFSTUB.DLL
{BD88A479-9623-4897-8546-BC62B9628F44} "SPTHandler" - ? -  (File not found | COM-object registry key not found)
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - ? -  (File not found | COM-object registry key not found)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )-----
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - ? -  (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{21347690-EC41-4F9A-8887-1F4AEE672439} "Canon Easy-WebPrint EX" - "CANON INC." - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Canon Easy-WebPrint EX" - "CANON INC." - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_35" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} "Java Plug-in 1.6.0_35" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_35" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_35.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"ICQ7M" - "ICQ, LLC." - C:\Program Files (x86)\ICQ7M\ICQ.exe
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{8dcb7100-df86-4384-8842-8fa844297b3f} "Bing Bar" - "Microsoft Corporation." - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} "Canon Easy-WebPrint EX" - "CANON INC." - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} "Bing Bar Helper" - "Microsoft Corporation." - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
{3785D0AD-BFFF-47F6-BF5B-A587C162FED9} "Canon Easy-WebPrint EX BHO" - "CANON INC." - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Jasmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Facebook Messenger.lnk" - "Facebook" - C:\Users\Jasmin\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe  (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Microsoft Office.lnk" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Facebook Update" - "Facebook Inc." - "C:\Users\Jasmin\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
"KiesPDLR" - ? - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
"KiesPreload" - "Samsung" - C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
"LightScribe Control Panel" - "Hewlett-Packard Company" - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
"FreePDF Assistant" - "shbox.de" - C:\Program Files (x86)\FreePDF_XP\fpassist.exe
"Guard.Mail.ru.gui" - ? - "C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe" /gui
"HP Software Update" - "Hewlett-Packard" - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
"HPCam_Menu" - "CyberLink Corp." - "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
"KiesTrayAgent" - "Samsung Electronics Co., Ltd." - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
"QlbCtrl.exe" - " Hewlett-Packard Development Company, L.P." - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"WinampAgent" - "Nullsoft, Inc." - "C:\Program Files (x86)\Winamp\winampa.exe"
"WirelessAssistant" - "Hewlett-Packard" - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Redirected Port" - ? - C:\Windows\system32\redmonnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll  (File not found)
"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"  (File not found)
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
"BBUpdate" (BBUpdate) - "Microsoft Corporation." - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
"BingBar Service" (BBSvc) - "Microsoft Corporation." - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
"Com4QLBEx" (Com4QLBEx) - "Hewlett-Packard Development Company, L.P." - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
"Easybits Shared Services for Windows" (ezSharedSvc) - ? - C:\Windows\System32\ezsvc7.dll  (File not found)
"Firebird Guardian - DefaultInstance" (FirebirdGuardianDefaultInstance) - "Firebird Project" - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
"Firebird Server - DefaultInstance" (FirebirdServerDefaultInstance) - "Firebird Project" - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe
"GameConsoleService" (GameConsoleService) - "WildTangent, Inc." - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
"Guard.Mail.ru" (Guard.Mail.ru) - ? - C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe
"HP Quick Synchronization Service" (HPDrvMntSvc.exe) - "Hewlett-Packard Company" - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
"HP Software Framework Service" (hpqwmiex) - "Hewlett-Packard Company" - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
"HP Support Assistant Service" (HP Support Assistant Service) - "Hewlett-Packard Company" - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
"Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"Nero BackItUp Scheduler 4.0" (Nero BackItUp Scheduler 4.0) - "Nero AG" - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files (x86)\Skype\Updater\Updater.exe
"TeamViewer 7" (TeamViewer7) - "TeamViewer GmbH" - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---
If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru [/code]

Und hier der Log von aswMBR:
Code:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-06 02:12:48
-----------------------------
02:12:48.568    OS Version: Windows x64 6.1.7601 Service Pack 1
02:12:48.568    Number of processors: 2 586 0x602
02:12:48.569    ComputerName: JASMIN-PC  UserName: Jasmin
02:12:51.294    Initialize success
02:14:45.304    AVAST engine defs: 12100502
02:15:01.751    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
02:15:01.756    Disk 0 Vendor: WDC_WD6400BEVT-60A0RT0 01.01A01 Size: 610480MB BusType: 11
02:15:01.774    Disk 0 MBR read successfully
02:15:01.781    Disk 0 MBR scan
02:15:01.791    Disk 0 unknown MBR code
02:15:01.799    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          199 MB offset 2048
02:15:01.820    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      596181 MB offset 409600
02:15:01.856    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS        13995 MB offset 1221388288
02:15:01.880    Disk 0 Partition 4 00    0C    FAT32 LBA MSDOS5.0      103 MB offset 1250050048
02:15:01.945    Disk 0 scanning C:\Windows\system32\drivers
02:15:15.391    Service scanning
02:15:51.918    Modules scanning
02:15:51.932    Disk 0 trace - called modules:
02:15:52.317    ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
02:15:52.328    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800467e790]
02:15:52.340    3 CLASSPNP.SYS[fffff8800110e43f] -> nt!IofCallDriver -> [0xfffffa800467d2e0]
02:15:52.353    5 hpdskflt.sys[fffff8800200b189] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80045fc060]
02:15:55.526    AVAST engine scan C:\Windows
02:16:02.004    AVAST engine scan C:\Windows\system32
02:18:52.781    AVAST engine scan C:\Windows\system32\drivers
02:19:13.847    AVAST engine scan C:\Users\Jasmin
02:41:46.051    AVAST engine scan C:\ProgramData
02:44:40.000    Scan finished successfully
02:57:46.169    Disk 0 MBR has been saved successfully to "C:\Users\Jasmin\Desktop\MBR.dat"
02:57:46.175    The log file has been saved successfully to "C:\Users\Jasmin\Desktop\aswMBR.txt"


cosinus 07.10.2012 05:43

Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.
Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast


Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Anschließend Windows neu starten und ein neues Log mit aswMBR machen.

BösesM 07.10.2012 18:28

Ich hab zur Zeit meine externe Festplatte nicht zuhause....Verschlüsselung dürfte ich nicht haben denke ich.... Wie verbleiben wir jetzt erstmal? Fix ohne Sicherung? Verlust darf ich nicht haben- das wäre schlecht....

cosinus 07.10.2012 20:15

Normalerweise geht der Fix einfach so durch...also es wäre schon unwahrscheinlich, dass du dann alle Daten nicht mehr hast. Aber ich weise bei solchen Eingriffen lieber nochmal drauf hin um hinterher böses Blut zu vermeiden :pfeiff:

Mach den Fix ohne Datensicherung auf eigene Gefahr

BösesM 09.10.2012 01:59

So hatte doch ma vorsichtshalber die externe wieder geholt und alles gesichert ^^ Hier der Log:

Code:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-09 01:10:48
-----------------------------
01:10:48.089    OS Version: Windows x64 6.1.7601 Service Pack 1
01:10:48.089    Number of processors: 2 586 0x602
01:10:48.089    ComputerName: JASMIN-PC  UserName: Jasmin
01:10:53.533    Initialize success
01:11:08.026    AVAST engine defs: 12100801
01:11:33.017    The log file has been saved successfully to "C:\Users\Jasmin\Desktop\aswMBR2.txt"
01:14:09.458    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
01:14:09.474    Disk 0 Vendor: WDC_WD6400BEVT-60A0RT0 01.01A01 Size: 610480MB BusType: 11
01:14:09.474    Disk 0 MBR read successfully
01:14:09.490    Disk 0 MBR scan
01:14:09.505    Disk 0 Windows 7 default MBR code
01:14:09.505    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          199 MB offset 2048
01:14:09.599    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      596181 MB offset 409600
01:14:09.646    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS        13995 MB offset 1221388288
01:14:09.708    Disk 0 Partition 4 00    0C    FAT32 LBA MSDOS5.0      103 MB offset 1250050048
01:14:09.802    Disk 0 scanning C:\Windows\system32\drivers
01:14:46.041    Service scanning
01:15:37.864    Modules scanning
01:15:37.879    Disk 0 trace - called modules:
01:15:37.895    ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
01:15:37.911    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800437d060]
01:15:37.911    3 CLASSPNP.SYS[fffff880010fc43f] -> nt!IofCallDriver -> [0xfffffa800437c260]
01:15:37.926    5 hpdskflt.sys[fffff88002188189] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004302680]
01:15:40.563    AVAST engine scan C:\Windows
01:15:51.171    AVAST engine scan C:\Windows\system32
01:22:48.830    AVAST engine scan C:\Windows\system32\drivers
01:23:09.391    AVAST engine scan C:\Users\Jasmin
02:17:08.754    AVAST engine scan C:\ProgramData
02:23:09.505    Scan finished successfully
02:55:45.203    Disk 0 MBR has been saved successfully to "C:\Users\Jasmin\Desktop\MBR.dat"
02:55:45.219    The log file has been saved successfully to "C:\Users\Jasmin\Desktop\aswMBR3.txt"


cosinus 09.10.2012 14:33

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

BösesM 10.10.2012 16:04

Hier die Logs von Maleware:

Code:

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.09.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jasmin :: JASMIN-PC [Administrator]

09.10.2012 22:06:05
mbam-log-2012-10-09 (22-06-05).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 527590
Laufzeit: 2 Stunde(n), 52 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


Die Logs von SuperAntiSpyware:

Code:

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 10/10/2012 at 03:31 AM

Application Version : 5.6.1008

Core Rules Database Version : 9372
Trace Rules Database Version: 7184

Scan type      : Complete Scan
Total Scan Time : 02:19:29

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator

Memory items scanned      : 862
Memory threats detected  : 0
Registry items scanned    : 74189
Registry threats detected : 0
File items scanned        : 117349
File threats detected    : 470

Adware.Tracking Cookie
        C:\Users\Jasmin\AppData\Roaming\Microsoft\Windows\Cookies\5M3VW63V.txt [ /adxpose.com ]
        C:\Users\Jasmin\AppData\Roaming\Microsoft\Windows\Cookies\R0DR3J61.txt [ /ad.yieldmanager.com ]
        C:\Users\Jasmin\AppData\Roaming\Microsoft\Windows\Cookies\ZGI337W5.txt [ /adserver.adtechus.com ]
        C:\Users\Jasmin\AppData\Roaming\Microsoft\Windows\Cookies\7ZOE9D97.txt [ /zanox.com ]
        C:\Users\Jasmin\AppData\Roaming\Microsoft\Windows\Cookies\I4PF88TT.txt [ /lucidmedia.com ]
        C:\Users\Jasmin\AppData\Roaming\Microsoft\Windows\Cookies\YXG4WBU5.txt [ /ad.zanox.com ]
        C:\Users\Jasmin\AppData\Roaming\Microsoft\Windows\Cookies\YYZCV54S.txt [ /invitemedia.com ]
        C:\Users\Jasmin\AppData\Roaming\Microsoft\Windows\Cookies\Z0XGK1U5.txt [ /ads.pubmatic.com ]
        C:\USERS\JASMIN\Cookies\5M3VW63V.txt [ Cookie:jasmin@adxpose.com/ ]
        C:\USERS\JASMIN\Cookies\ZGI337W5.txt [ Cookie:jasmin@adserver.adtechus.com/ ]
        C:\USERS\JASMIN\Cookies\I4PF88TT.txt [ Cookie:jasmin@lucidmedia.com/ ]
        C:\USERS\JASMIN\Cookies\YXG4WBU5.txt [ Cookie:jasmin@ad.zanox.com/ ]
        C:\USERS\JASMIN\Cookies\YYZCV54S.txt [ Cookie:jasmin@invitemedia.com/ ]
        a.banner.t-online.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\UCGG4FGR ]
        account.goodgamestudios.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\UCGG4FGR ]
        aka-cdn-ns.adtech.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\UCGG4FGR ]
        video.unrulymedia.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\UCGG4FGR ]
        .serving-sys.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .ads20.wwe-media.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .zanox.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .stats.paypal.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        www.elitepvpers.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        www.elitepvpers.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .elitepvpers.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        www.elitepvpers.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        www.elitepvpers.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        www.elitepvpers.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        www.elitepvpers.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .questionmarket.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        wmedia.rotator.hadj7.adjuggler.net [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        wmedia.rotator.hadj7.adjuggler.net [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .histats.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .histats.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        7.rotator.wigetmedia.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        7.rotator.wigetmedia.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        rts.pgmediaserve.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        rts.pgmediaserve.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        rts.pgmediaserve.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .bwincom.122.2o7.net [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        7.rotator.wigetmedia.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .1click-downloader.net [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .1click-downloader.net [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .1click-downloader.net [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        www.1click-downloader.net [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        www.zanox-affiliate.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .zieltrack.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        54.zieltrack.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        findfreemediaonline.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        findfreemediaonline.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        findfreemediaonline.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        findfreemediaonline.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        findfreemediaonline.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        adserver.adreactor.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adxpose.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        track.adform.net [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .a.revenuemax.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        www.active-tracking.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        www.active-tracking.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        www.active-tracking.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .xiti.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .quartermedia.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .quartermedia.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .specificclick.net [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adviva.net [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .gostats.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .gostats.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .gostats.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .www.multicounter.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .ero-advertising.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .yadro.ru [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        wmedia.rotator.hadj7.adjuggler.net [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .liveperson.net [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        server.lon.liveperson.net [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .liveperson.net [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .ero-advertising.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .click202.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .mmotraffic.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .mmotraffic.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adservr.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adservr.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adservr.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .bubblesmedia.ru [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        images1.trackitdown.net [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .flagcounter.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .mycounter.counterstation.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .mediafire.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .lucidmedia.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        zbox.zanox.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adultfriendfinder.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adultfriendfinder.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adultfriendfinder.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adultfriendfinder.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adultfriendfinder.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adultfriendfinder.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adultfriendfinder.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adultfriendfinder.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        edates.traffective-tracking.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        edates.traffective-tracking.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        edates.traffective-tracking.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        edates.traffective-tracking.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        aa.adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .tradetracker.net [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        tracking.affiliates.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .tradetracker.net [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .tradetracker.net [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .tradetracker.net [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .mmotraffic.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .horyzon-media.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .horyzon-media.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .horyzon-media.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .horyzon-media.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .horyzon-media.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .ru4.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adlegend.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .www.burstnet.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .bs.serving-sys.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        media.neodau.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        media.neodau.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        media.neodau.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .tradetracker.net [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .tradetracker.net [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .tradetracker.net [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        tracking.affiliates.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        www.usenext.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        www.usenext.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        www.usenext.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        www.usenext.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        www.usenext.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .www.usenext.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .www.usenext.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .www.usenext.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .tradetracker.net [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .tedi-discount.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .tedi-discount.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .tedi-discount.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        www.blogcounter.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .tribalfusion.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .at.atwola.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .ru4.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .unrulymedia.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .webstats4u.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .toplist.cz [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        ads.proxy1.adservr.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        intermediafilesearch.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        intermediafilesearch.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        intermediafilesearch.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        intermediafilesearch.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        intermediafilesearch.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        intermediafilesearch.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        intermediafilesearch.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        intermediafilesearch.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        intermediafilesearch.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        intermediafilesearch.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        intermediafilesearch.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .mmotraffic.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .mmotraffic.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .mmotraffic.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .mmotraffic.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        fidelity.rotator.hadj7.adjuggler.net [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        fidelity.rotator.hadj7.adjuggler.net [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        fidelity.rotator.hadj7.adjuggler.net [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        findfreemediaonline.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        findfreemediaonline.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        findfreemediaonline.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        findfreemediaonline.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        findfreemediaonline.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        findfreemediaonline.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .mediafire.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .mediafire.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .mediafire.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        www.mediafire.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        www.mediafire.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        www.mediafire.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .top4serials.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .top4serials.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .top4serials.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        tracking.hostgator.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        tracking.hostgator.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        partners.webmasterplan.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .tracker.vinsight.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .statcounter.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .rambler.ru [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .tns-counter.ru [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        counters.gigya.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .mediaplaynow.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .mediaplaynow.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .mediaplaynow.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .mp3elite.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .mp3elite.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .mp3elite.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .mm.chitika.net [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        mp3elite.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        click202.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .click202.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .click202.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        ad.dyntracker.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .harrenmedianetwork.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .fastclick.net [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        ad1.adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        www.elitepvpers.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .elitepvpers.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .elitepvpers.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .elitepvpers.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        www.counter-go.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        ad3.adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .traffictrack.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .zanox-affiliate.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        www.zanox-affiliate.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        track.adform.net [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adform.net [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .unitymedia.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .unitymedia.de [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        ww251.smartadserver.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .zanox.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        ad2.adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        ad4.adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\JASMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\354O56DH.DEFAULT\COOKIES.SQLITE ]


War nun eigentlich viel infiziert, kaputt?

cosinus 10.10.2012 16:41

Sieht ok aus, da wurden nur Cookies gefunden, die können alle weg.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )


Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

BösesM 10.10.2012 23:20

Ok. Im SuperAntiSpyware stecken die in Quarantäne- soll ich die da rauslöschen?

Was genau meinst du damit? : "Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat."

Ich versteh die Seite nicht ganz :(

Wie kann ich denn diese Cockies blocken oder manuell abwehren? Bei den meisten Seiten geht ja irgendne Werbung auf oder so- das sind doch dann die die gespeichert werden oder? Das überall neu einloggen würde ich nicht unbedingt haben wollen da es doch durch mein Hobby einige Seiten sind... Aber ich möchte mich schon ein wenig mehr absichern jetzt...

Bzw wie speicher ich die die ich möchte und lehne die anderen ab?
Wie weiß ich denn welche Cookies evtl schädlich sind bzw welche ich speichern soll? Bei hxxp://www.chip.de/downloads/Cookie-Culler_16654622.html kann man welche schützen und welche nicht....

cosinus 11.10.2012 13:48

Zitat:

stecken die in Quarantäne- soll ich die da rauslöschen?
Was habt ihr alle immer nur mit der Quarantäne? :wtf:
Überleg doch mal was eine Quarantäne ist. Ob da die schädliche Datei drinbleibt oder nicht, das hat keine Auswirkungen. Schädlinge in der Quarantäne können nichts mehr anrichten, sie sind dort isoliert. Du solltest grundsätzlich mit der Quarantäne arbeiten, denn falls der Virenscanner durch einen Fehlalarm was wichtiges löscht, kannst Du notfalls noch über die Quarantäne an die Datei ran.

Zitat:

Ich versteh die Seite nicht ganz
ja und? Was soll ich darauf jetzt anworten, kannst du mal schreiben was du nicht verstehst?
Gelesen hast du alles oder verstehst du kein Englisch?

BösesM 11.10.2012 16:45

Du schreibst "die cookies können alle weg"- also geht man davon aus das man sie löschen soll und es war eine ganz normale frage da diese in Quarantäne verschoben worden sind, aber naja gut....
Was die Seite betrifft, ich habe alle gelesen und was ich nicht verstand übersetzt... und auch das prog von chip.de angeschaut- aber ich bin kein spezi was cookies, host, etc betrifft ganz einfach....
Danke für die Hilfe was "searchsafer" betrifft. Scheint ja alles ok zu sein nun.

cosinus 11.10.2012 18:54

Ganz einfach - wenn du MVPS Hostsdatei nutzt, kann dein Rechner die ganzen Ad-Domains garnicht mehr aufrufen und somit kommen auch keine Trackingcookies auf deine Rechner - jedenfalls nicht von den über die Hostsdatei blockierten Seiten.

Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.


Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks => Adobe Flash Player Distribution | Adobe

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

BösesM 12.10.2012 00:03

Vielen lieben Danke für deine Mühen....


Alle Zeitangaben in WEZ +1. Es ist jetzt 12:15 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131