Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   GVU Trojaner v 2.07 infiziert meinen rechner. Bin ich ihn los? (https://www.trojaner-board.de/124806-gvu-trojaner-v-2-07-infiziert-meinen-rechner-ihn-los.html)

Mahoo 28.09.2012 11:25
GVU Trojaner v 2.07 infiziert meinen rechner. Bin ich ihn los?
 
Hallo Leute habe meinen Rechner gestern mit dem GVU Trojaner 2.07 infiziert. Da ich dachte ist ja nicht so schlimm, bekommt man ja weg, habe ich als Laie versucht das Problem selber zu lösen.
Etwas hier gesucht und da gelöscht. AV und Mawarebytes drüber laufen lassen.
Dann bin zufällig auf eure Seite gestoßen und habe gesehen das ein löschen des Viruses nicht heißen muss, daß mein System nun sauber ist.
So nun meine Frage, Malewarebytes und Antivir zeigen mir keine Schädlinge mehr an. Kann ich mir nun einigermaßen sicher sein das alles weg ist?
Paranoia wollte ich nun nicht bekommen
Hoffe ihr könnt mir weiter helfen.

MFG
Maher


Malwarebytes Anti-Malware (Test) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.28.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Mahoo :: MAHOO-PC [Administrator]

Schutz: Aktiviert

28.09.2012 10:56:06
mbam-log-2012-09-28 (10-56-06).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|K:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 395737
Laufzeit: 1 Stunde(n), 3 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus 28.09.2012 12:19
Zitat:
Malewarebytes und Antivir zeigen mir keine Schädlinge mehr an.
Aus dieser Aussage kann man ableiten, dass Schädlinge in der Vergangenheit gefunden wurden. Warum also präsentierst du uns hier ein Log ohne Funde? Wenn niemand außer dir weiß was wo gefunden wurde lässt sich deine Lage auch nicht beurteilen!

Mahoo 28.09.2012 13:06
Ok, hier die Log von Avira & Malwarebytes mit Fund.
Danke für die Hilfe im Voraus
Mahoo

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Freitag, 28. September 2012 00:49

Es wird nach 4277549 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : Administrator
Computername : MAHOO-PC

Versionsinformationen:
BUILD.DAT : 12.0.0.1199 40869 Bytes 07.09.2012 22:14:00
AVSCAN.EXE : 12.3.0.33 468472 Bytes 09.08.2012 17:45:23
AVSCAN.DLL : 12.3.0.15 66256 Bytes 08.05.2012 19:47:41
LUKE.DLL : 12.3.0.15 68304 Bytes 08.05.2012 19:47:41
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 08.05.2012 19:47:41
AVREG.DLL : 12.3.0.17 232200 Bytes 10.05.2012 19:47:02
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 09:49:21
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 06:56:15
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 06:56:21
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 15:44:27
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 15:45:20
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 13:38:29
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06.09.2012 09:38:32
VBASE007.VDF : 7.11.41.251 2048 Bytes 06.09.2012 09:38:32
VBASE008.VDF : 7.11.41.252 2048 Bytes 06.09.2012 09:38:32
VBASE009.VDF : 7.11.41.253 2048 Bytes 06.09.2012 09:38:32
VBASE010.VDF : 7.11.41.254 2048 Bytes 06.09.2012 09:38:32
VBASE011.VDF : 7.11.41.255 2048 Bytes 06.09.2012 09:38:32
VBASE012.VDF : 7.11.42.0 2048 Bytes 06.09.2012 09:38:32
VBASE013.VDF : 7.11.42.1 2048 Bytes 06.09.2012 09:38:33
VBASE014.VDF : 7.11.42.65 203264 Bytes 09.09.2012 20:37:40
VBASE015.VDF : 7.11.42.125 156672 Bytes 11.09.2012 20:37:43
VBASE016.VDF : 7.11.42.171 187904 Bytes 12.09.2012 18:02:35
VBASE017.VDF : 7.11.42.235 141312 Bytes 13.09.2012 11:58:15
VBASE018.VDF : 7.11.43.35 133632 Bytes 15.09.2012 16:06:23
VBASE019.VDF : 7.11.43.89 129024 Bytes 18.09.2012 16:21:44
VBASE020.VDF : 7.11.43.141 130560 Bytes 19.09.2012 19:47:03
VBASE021.VDF : 7.11.43.187 121856 Bytes 21.09.2012 19:57:29
VBASE022.VDF : 7.11.43.251 147456 Bytes 24.09.2012 19:31:53
VBASE023.VDF : 7.11.44.43 152064 Bytes 25.09.2012 19:31:53
VBASE024.VDF : 7.11.44.103 165888 Bytes 27.09.2012 22:45:03
VBASE025.VDF : 7.11.44.104 2048 Bytes 27.09.2012 22:45:03
VBASE026.VDF : 7.11.44.105 2048 Bytes 27.09.2012 22:45:03
VBASE027.VDF : 7.11.44.106 2048 Bytes 27.09.2012 22:45:03
VBASE028.VDF : 7.11.44.107 2048 Bytes 27.09.2012 22:45:04
VBASE029.VDF : 7.11.44.108 2048 Bytes 27.09.2012 22:45:04
VBASE030.VDF : 7.11.44.109 2048 Bytes 27.09.2012 22:45:04
VBASE031.VDF : 7.11.44.120 20480 Bytes 27.09.2012 22:45:04
Engineversion : 8.2.10.176
AEVDF.DLL : 8.1.2.10 102772 Bytes 10.07.2012 21:17:53
AESCRIPT.DLL : 8.1.4.56 459131 Bytes 25.09.2012 19:32:06
AESCN.DLL : 8.1.9.2 131444 Bytes 26.09.2012 19:30:53
AESBX.DLL : 8.2.5.12 606578 Bytes 14.06.2012 14:22:59
AERDL.DLL : 8.1.9.15 639348 Bytes 31.01.2012 06:55:37
AEPACK.DLL : 8.3.0.36 811382 Bytes 15.09.2012 12:00:51
AEOFFICE.DLL : 8.1.2.48 201082 Bytes 25.09.2012 19:32:06
AEHEUR.DLL : 8.1.4.104 5280119 Bytes 25.09.2012 19:32:05
AEHELP.DLL : 8.1.24.0 258423 Bytes 26.09.2012 19:30:52
AEGEN.DLL : 8.1.5.38 434548 Bytes 26.09.2012 19:30:52
AEEXP.DLL : 8.2.0.2 115060 Bytes 26.09.2012 19:30:53
AEEMU.DLL : 8.1.3.2 393587 Bytes 10.07.2012 21:17:52
AECORE.DLL : 8.1.28.2 201079 Bytes 26.09.2012 19:30:51
AEBB.DLL : 8.1.1.0 53618 Bytes 31.01.2012 06:55:33
AVWINLL.DLL : 12.3.0.15 27344 Bytes 08.05.2012 19:47:41
AVPREF.DLL : 12.3.0.15 51920 Bytes 08.05.2012 19:47:41
AVREP.DLL : 12.3.0.15 179208 Bytes 08.05.2012 19:47:41
AVARKT.DLL : 12.3.0.15 211408 Bytes 08.05.2012 19:47:41
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 08.05.2012 19:47:41
SQLITE3.DLL : 3.7.0.1 398288 Bytes 08.05.2012 19:47:41
AVSMTP.DLL : 12.3.0.32 63480 Bytes 09.08.2012 17:45:23
NETNT.DLL : 12.3.0.15 17104 Bytes 08.05.2012 19:47:41
RCIMAGE.DLL : 12.3.0.31 4444408 Bytes 09.08.2012 17:44:43
RCTEXT.DLL : 12.3.0.31 100088 Bytes 09.08.2012 17:44:43

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Lokale Festplatten
Konfigurationsdatei...................: C:\Program Files\Avira\AntiVir Desktop\alldiscs.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:,
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Freitag, 28. September 2012 00:49

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD1
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD2
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avconfig.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'LCDCountdown.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'LCDPop3.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'LCDMedia.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'LCDClock.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'LCDRSS.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'KHALMNPR.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvtray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'KiesTrayAgent.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SSMMgr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'LCore.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SetPoint.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtHDVCpl.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mqtgsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'PnkBstrA.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mqsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'inetinfo.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'E_S40RP7.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'E_S40ST7.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mounter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvxdsync.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvSCPAPISvr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '1' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '1941' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
C:\Games\World_of_Tanks\Updates\wot_66.103118_65.95961_client_eu.patch
[WARNUNG] Die Komprimierungsmethode wird nicht unterstützt
C:\Games\World_of_Tanks\Updates\wot_67.118076_64.90724_launcher_eu.patch
[WARNUNG] Die Komprimierungsmethode wird nicht unterstützt
C:\Games\World_of_Tanks\Updates\wot_67.141320_launcher_eu.patch
[WARNUNG] Die Komprimierungsmethode wird nicht unterstützt
C:\Games\World_of_Tanks\Updates\wot_71.145341_launcher_eu.patch
[WARNUNG] Die Komprimierungsmethode wird nicht unterstützt
C:\Games\World_of_Tanks\Updates\wot_73.159150_content_de.patch
[WARNUNG] Die Komprimierungsmethode wird nicht unterstützt
C:\Games\World_of_Tanks\Updates\wot_73.772_72.530_client_eu.patch
[WARNUNG] Die Komprimierungsmethode wird nicht unterstützt
C:\Games\World_of_Tanks\Updates\wot_74.170084_content_de.patch
[WARNUNG] Die Komprimierungsmethode wird nicht unterstützt
C:\Games\World_of_Tanks\Updates\wot_74.981_73.772_client_eu.patch
[WARNUNG] Die Komprimierungsmethode wird nicht unterstützt
C:\Games\World_of_Tanks\Updates\wot_74.98_launcher_eu.patch
[WARNUNG] Die Komprimierungsmethode wird nicht unterstützt
C:\Games\World_of_Tanks\Updates\wot_741.1002_74.981_client_eu.patch
[WARNUNG] Die Komprimierungsmethode wird nicht unterstützt
C:\Program Files\Logitech Gaming Software\uninstallhlpr.exe
[WARNUNG] Die Version dieses Archives wird nicht unterstützt
C:\Program Files\WinRAR\rarnew.dat
[WARNUNG] Das Archiv ist unbekannt oder defekt
C:\Users\Mahoo\AppData\Local\Activision\CoDWaW\mods\mp_erm\mp_erm.iwd.tmp
[WARNUNG] Unerwartetes Dateiende erreicht
C:\Users\Mahoo\AppData\Local\Temp\jar_cache4411023437550276592.tmp
[0] Archivtyp: ZIP
--> chcyih.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.AZ
--> vcs.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.AY
C:\Users\Mahoo\AppData\Local\Temp\TGHYID
[0] Archivtyp: ZIP
--> chcyih.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.AZ
--> vcs.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.AY
C:\Users\Mahoo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\55287f84-7e791062
[0] Archivtyp: ZIP
--> la/a2.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/12-0507.BJ.2.C
--> la/C.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/2012-0507.CU
--> la/la.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen
--> la/lc.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/2012-0507.CF
--> la/lb.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/12-0507.BH.2
--> la/tt.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen
C:\Users\Mahoo\Desktop\sgs2\23.4.2012\TitaniumBackup1\com.ebay.kleinanzeigen-20120604-153401.tar.gz
[WARNUNG] Unerwartetes Ende beim Lesen eines Blocks
C:\Users\Mahoo\Magic\Runes_of_Magic_3.0.5.2262\ROMSetup-1.bin
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\Users\Mahoo\Magic\Runes_of_Magic_3.0.5.2262\ROMSetup-2.bin
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\Users\Mahoo\Magic\Runes_of_Magic_3.0.5.2262\ROMSetup-3.bin
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\Users\Mahoo\Magic\Runes_of_Magic_3.0.5.2262\ROMSetup-4.bin
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\Users\Mahoo\Magic\Runes_of_Magic_3.0.5.2262\ROMSetup-5.bin
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\Users\Mahoo\Magic\Runes_of_Magic_3.0.5.2262\ROMSetup-6.bin
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\Users\Mahoo\Magic\Runes_of_Magic_3.0.5.2262\ROMSetup-7.bin
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\Users\Mahoo\Magic\Runes_of_Magic_3.0.5.2262\ROMSetup-8.bin
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\Users\Mahoo\Magic\Runes_of_Magic_3.0.5.2262\ROMSetup.exe
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
Beginne mit der Suche in 'D:\'

Beginne mit der Desinfektion:
C:\Users\Mahoo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\55287f84-7e791062
[FUND] Enthält Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '55124f3d.qua' verschoben!
C:\Users\Mahoo\AppData\Local\Temp\TGHYID
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.AY
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4dbf60b4.qua' verschoben!
C:\Users\Mahoo\AppData\Local\Temp\jar_cache4411023437550276592.tmp
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.AY
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1f9a3a46.qua' verschoben!


Ende des Suchlaufs: Freitag, 28. September 2012 02:17
Benötigte Zeit: 1:26:55 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

25861 Verzeichnisse wurden überprüft
1204448 Dateien wurden geprüft
10 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
3 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
1204438 Dateien ohne Befall
15049 Archive wurden durchsucht
23 Warnungen
3 Hinweise

Malwarebytes Anti-Malware (Test) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.28.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Mahoo :: MAHOO-PC [Administrator]

Schutz: Aktiviert

28.09.2012 10:48:20
mbam-log-2012-09-28 (10-48-20).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 248319
Laufzeit: 4 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Mahoo\AppData\Local\Temp\wgsdgsdgdsgsd.exe (Spyware.Passwords) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

cosinus 28.09.2012 14:29
Code:
C:\Users\Mahoo\Magic\Runes_of_Magic_3.0.5.2262\ROMSetup-1.bin
Aus welcher Quelle stammt das?

Mahoo 28.09.2012 14:34
Ist nen online spiel, hatte ich mir mal runtergeladen von pcgames glaub ich. Sollte aber längst deinstaliert sein.
Grüße
Mahoo

cosinus 28.09.2012 15:28
Bitte erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

Mahoo 28.09.2012 23:09
Hallo Cosinus, Danke für deine Hilfe.
Hier die aktuelle Log von Malware



Code:
Malwarebytes Anti-Malware (Test) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.28.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Mahoo :: MAHOO-PC [Administrator]

Schutz: Aktiviert

28.09.2012 21:04:42
mbam-log-2012-09-28 (21-04-42).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 397173
Laufzeit: 1 Stunde(n), 3 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Hier die aktuelle Log von ESET

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f92e9a17c8306646b9ffd383152f19c5
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-09-28 02:47:43
# local_time=2012-09-28 04:47:43 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 15498786 15498786 0 0
# compatibility_mode=5893 16776573 100 94 13106 100424935 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=164364
# found=3
# cleaned=3
# scan_time=6719
C:\Users\Administrator\AppData\Local\Temp\CDBurnerXP-updates\cdbxp_setup_4.4.2.3442.exe        Win32/OpenCandy Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)        00000000000000000000000000000000        C
C:\Users\Mahoo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk        Win32/Reveton.J Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)        00000000000000000000000000000000        C
C:\Users\Mahoo\AppData\Roaming\Mozilla\Firefox\Profiles\3gn9tca2.default\user.js        JS/SecurityDisabler.A.Gen Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)        00000000000000000000000000000000        C
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f92e9a17c8306646b9ffd383152f19c5
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-28 10:07:44
# local_time=2012-09-29 12:07:44 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 15568299 15568299 0 0
# compatibility_mode=5893 16776573 100 94 2766 100494448 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=157480
# found=0
# cleaned=0
# scan_time=6807
Hoffe das Hilft uns weiter.

cosinus 28.09.2012 23:52
adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

Mahoo 29.09.2012 09:21
Hier die AdwCleaner Log
Code:
# AdwCleaner v2.003 - Datei am 09/29/2012 um 10:19:08 erstellt
# Aktualisiert am 23/09/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Mahoo - MAHOO-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Mahoo\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Datei Gefunden : C:\user.js
Ordner Gefunden : C:\Program Files\Conduit
Ordner Gefunden : C:\Users\Mahoo\AppData\Local\Conduit
Ordner Gefunden : C:\Users\Mahoo\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Mahoo\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\MediaFinder
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{5F970FDE-702B-4EF9-920C-5F2848A5AF26}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\gencrawler_gc.GenCrawler
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\MF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKLM\SOFTWARE\Software
Schlüssel Gefunden : HKU\S-1-5-21-1056468692-1839014824-3167116617-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKU\S-1-5-21-1056468692-1839014824-3167116617-1001\Software\Microsoft\Internet Explorer\SearchScopes\{5F970FDE-702B-4EF9-920C-5F2848A5AF26}
Schlüssel Gefunden : HKU\S-1-5-21-1056468692-1839014824-3167116617-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?babsrc=HP_ss&affID=110482&mntrId=4c2afdcf000000000000001a4d671802
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?babsrc=NT_ss&affID=110482&mntrId=4c2afdcf000000000000001a4d671802

-\\ Mozilla Firefox v15.0.1 (de)

Profilname : default
Datei : C:\Users\Mahoo\AppData\Roaming\Mozilla\Firefox\Profiles\3gn9tca2.default\prefs.js

Gefunden : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Gefunden : user_pref("extensions.BabylonToolbar_i.babExt", "");
Gefunden : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110482");
Gefunden : user_pref("extensions.BabylonToolbar_i.hardId", "4c2afdcf000000000000001a4d671802");
Gefunden : user_pref("extensions.BabylonToolbar_i.id", "4c2afdcf000000000000001a4d671802");
Gefunden : user_pref("extensions.BabylonToolbar_i.instlDay", "15400");
Gefunden : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Gefunden : user_pref("extensions.BabylonToolbar_i.newTab", false);
Gefunden : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Gefunden : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Gefunden : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Gefunden : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Gefunden : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Gefunden : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Gefunden : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1710:48:40");
Gefunden : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");

Profilname : default
Datei : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\x7szjjdq.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Mahoo\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [5571 octets] - [29/09/2012 10:19:08]

########## EOF - C:\AdwCleaner[R1].txt - [5631 octets] ##########

cosinus 01.10.2012 11:19
adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Mahoo 01.10.2012 13:58
Hallo Cosinus schön von dir zu hören,
hier die gewünschte Log.

Code:
# AdwCleaner v2.003 - Datei am 10/01/2012 um 14:49:40 erstellt
# Aktualisiert am 23/09/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Mahoo - MAHOO-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Mahoo\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\user.js
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Users\Mahoo\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Mahoo\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Mahoo\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\MediaFinder
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{5F970FDE-702B-4EF9-920C-5F2848A5AF26}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\gencrawler_gc.GenCrawler
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Software
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-21-1056468692-1839014824-3167116617-1004\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?babsrc=HP_ss&affID=110482&mntrId=4c2afdcf000000000000001a4d671802 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?babsrc=NT_ss&affID=110482&mntrId=4c2afdcf000000000000001a4d671802 --> hxxp://www.google.com

-\\ Mozilla Firefox v15.0.1 (de)

Profilname : default
Datei : C:\Users\Mahoo\AppData\Roaming\Mozilla\Firefox\Profiles\3gn9tca2.default\prefs.js

Gelöscht : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babExt", "");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110482");
Gelöscht : user_pref("extensions.BabylonToolbar_i.hardId", "4c2afdcf000000000000001a4d671802");
Gelöscht : user_pref("extensions.BabylonToolbar_i.id", "4c2afdcf000000000000001a4d671802");
Gelöscht : user_pref("extensions.BabylonToolbar_i.instlDay", "15400");
Gelöscht : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", false);
Gelöscht : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Gelöscht : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Gelöscht : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Gelöscht : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1710:48:40");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");

Profilname : default
Datei : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\x7szjjdq.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Mahoo\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [5700 octets] - [29/09/2012 10:19:08]
AdwCleaner[S1].txt - [5754 octets] - [01/10/2012 14:49:40]

########## EOF - C:\AdwCleaner[S1].txt - [5814 octets] ##########

cosinus 01.10.2012 14:17
Hätte da mal zwei Fragen bevor es weiter geht (wir sind noch nicht fertig!)

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Mahoo 01.10.2012 14:19
Nein alles Ok.
Alles da und funktioniert auch alles soweit ich in der Lage bin das zu beurteilen.

cosinus 01.10.2012 14:20
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Mahoo 01.10.2012 14:29
Hi hab OTL neu runtergeladen und wollte den Scan durchlaufen lassen kommt ne Fehlermeldung:
Access violation at address CCCC0460.Read of addressCCCC0460.
?????

cosinus 01.10.2012 14:32
Hm, ich lese gerade, dass die Fehlermeldung häufger auftritt :wtf:
Evtl. ist da ein Bug in der neuen Version - hast du schon versucht das Log im abgesicherten Modus mit Netzwerktreibern mit erstellen?

Mahoo 01.10.2012 14:42
Ne selbes Problem.
Soll ich Custom Scan probieren?

cosinus 01.10.2012 15:03
Du meinst ohne CustomScan? ;)

Wenn ja, dann mal so probieren:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

Mahoo 01.10.2012 15:11
ok geht auch nicht ;-)

cosinus 01.10.2012 15:20
Hmpf, hast du zufällig noch die Vorgängerversion von OTL? :(
Ich vermute, dass da irgendein Bug drin ist in der jetzt aktuellen Version :balla:

Mahoo 01.10.2012 15:40
Ne leider, nicht hab die andere überschrieben.

Hab da ne OTL über Chip.de gefunden.
Code:
OTL logfile created on: 01.10.2012 19:00:45 - Run 4
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Mahoo\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,50 Gb Total Physical Memory | 2,66 Gb Available Physical Memory | 75,93% Memory free
7,00 Gb Paging File | 5,96 Gb Available in Paging File | 85,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,40 Gb Total Space | 15,46 Gb Free Space | 20,78% Space Free | Partition Type: NTFS
Drive D: | 74,53 Gb Total Space | 33,42 Gb Free Space | 44,85% Space Free | Partition Type: NTFS
 
Computer Name: MAHOO-PC | User Name: Mahoo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Mahoo\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
PRC - C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Dokan\DokanLibrary\mounter.exe ()
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\inetsrv\inetinfo.exe (Microsoft Corporation)
PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\0c2b0d52156447592f33edf4116b7e7d\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\5552b27237c3dbe4f21a10e97adf2edc\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\94b346f2ab12d38efb1331ded5783396\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\199683f6e79076b634ee6cc0a82c0654\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e7dc084827f8df2dbdc819db5c633a0d\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\21f37f9f5162af7efb52169012bd111e\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a5fa2a1cfc6e9fdc39d9a8f2baa57bc9\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll ()
MOD - C:\Users\Mahoo\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll ()
MOD - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MOD - C:\Program Files\WinRAR\rarext.dll ()
MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_5891ae0.dll ()
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (Samsung UPD Service2) -- C:\Windows\System32\SUPDSvc2.exe (Samsung Electronics)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe (Logitech, Inc.)
SRV - (Installer Service) -- C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{07D77970-B205-460C-84E4-263F30455597}\Installer\InstallerService.exe ()
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (DokanMounter) -- C:\Program Files\Dokan\DokanLibrary\mounter.exe ()
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (IISADMIN) -- C:\Windows\System32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (EPSON_EB_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION)
SRV - (EPSON_PM_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (netr28u) -- system32\DRIVERS\netr28u.sys File not found
DRV - (DgiVecp) -- C:\Windows\system32\Drivers\DgiVecp.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (LADF_CaptureOnly) -- C:\Windows\System32\drivers\ladfGSCi386.sys (Logitech)
DRV - (LADF_RenderOnly) -- C:\Windows\System32\drivers\ladfGSRi386.sys (Logitech)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (Dokan) -- C:\Windows\System32\drivers\dokan.sys (Windows (R) Win 7 DDK provider)
DRV - (MQAC) -- C:\Windows\System32\drivers\mqac.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RMCAST) -- C:\Windows\System32\drivers\rmcast.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (LADF_SBVM) -- C:\Windows\System32\drivers\ladfSBVMi386.sys (Logitech)
DRV - (LADF_DHP2) -- C:\Windows\System32\drivers\ladfDHP2i386.sys (Logitech)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell)
DRV - (LGVirHid) -- C:\Windows\System32\drivers\LGVirHid.sys (Logitech Inc.)
DRV - (LGBusEnum) -- C:\Windows\System32\drivers\LGBusEnum.sys (Logitech Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (nmwcdsa) -- C:\Windows\System32\drivers\nmwcdsa.sys (Nokia)
DRV - (nmwcdsacm) -- C:\Windows\System32\drivers\nmwcdsacm.sys (Nokia)
DRV - (nmwcdsacj) -- C:\Windows\System32\drivers\nmwcdsacj.sys (Nokia)
DRV - (nmwcdsac) -- C:\Windows\System32\drivers\nmwcdsac.sys (Nokia)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-1056468692-1839014824-3167116617-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1056468692-1839014824-3167116617-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1056468692-1839014824-3167116617-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1056468692-1839014824-3167116617-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A5 D0 99 56 9A 57 CB 01  [binary data]
IE - HKU\S-1-5-21-1056468692-1839014824-3167116617-1001\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKU\S-1-5-21-1056468692-1839014824-3167116617-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1056468692-1839014824-3167116617-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1056468692-1839014824-3167116617-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1056468692-1839014824-3167116617-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
 
IE - HKU\S-1-5-21-1056468692-1839014824-3167116617-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: testpilot@labs.mozilla.com:1.2.2
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.09 17:18:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.09 17:18:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012.03.01 11:48:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mahoo\AppData\Roaming\mozilla\Extensions
[2012.09.28 11:03:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mahoo\AppData\Roaming\mozilla\Firefox\Profiles\3gn9tca2.default\extensions
[2012.09.19 13:13:24 | 000,621,521 | ---- | M] () (No name found) -- C:\Users\Mahoo\AppData\Roaming\mozilla\firefox\profiles\3gn9tca2.default\extensions\testpilot@labs.mozilla.com.xpi
[2012.07.26 09:54:20 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Mahoo\AppData\Roaming\mozilla\firefox\profiles\3gn9tca2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.12.19 21:48:10 | 000,000,933 | ---- | M] () -- C:\Users\Mahoo\AppData\Roaming\mozilla\firefox\profiles\3gn9tca2.default\searchplugins\11-suche.xml
[2012.01.30 17:24:52 | 000,002,059 | ---- | M] () -- C:\Users\Mahoo\AppData\Roaming\mozilla\firefox\profiles\3gn9tca2.default\searchplugins\absearch-search.xml
[2011.12.19 21:48:10 | 000,002,419 | ---- | M] () -- C:\Users\Mahoo\AppData\Roaming\mozilla\firefox\profiles\3gn9tca2.default\searchplugins\englische-ergebnisse.xml
[2011.12.19 21:48:10 | 000,010,525 | ---- | M] () -- C:\Users\Mahoo\AppData\Roaming\mozilla\firefox\profiles\3gn9tca2.default\searchplugins\gmx-suche.xml
[2011.12.19 21:48:10 | 000,002,457 | ---- | M] () -- C:\Users\Mahoo\AppData\Roaming\mozilla\firefox\profiles\3gn9tca2.default\searchplugins\lastminute.xml
[2011.12.19 21:48:10 | 000,005,508 | ---- | M] () -- C:\Users\Mahoo\AppData\Roaming\mozilla\firefox\profiles\3gn9tca2.default\searchplugins\webde-suche.xml
[2012.04.19 19:51:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012.09.09 17:18:50 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.05.03 00:56:29 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.09 17:18:47 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.05.03 00:56:29 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.05.03 00:56:29 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.05.03 00:56:29 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.05.03 00:56:29 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKU\S-1-5-21-1056468692-1839014824-3167116617-1001\..\Toolbar\WebBrowser: (no name) - {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [MsmqIntCert] C:\Windows\System32\mqrt.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1056468692-1839014824-3167116617-1001..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKU\S-1-5-21-1056468692-1839014824-3167116617-1001..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-1056468692-1839014824-3167116617-1001..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1056468692-1839014824-3167116617-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1056468692-1839014824-3167116617-1001\..Trusted Domains: blank ([]about in Computer)
O15 - HKU\S-1-5-21-1056468692-1839014824-3167116617-1001\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA2D2E33-477C-49ED-B1CB-85DBD5256716}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /p \??\G:)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.01 18:59:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mahoo\Desktop\OTL.exe
[2012.10.01 15:51:45 | 000,000,000 | ---D | C] -- C:\Users\Mahoo\AppData\Local\ElevatedDiagnostics
[2012.09.28 22:12:31 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Mahoo\Desktop\esetsmartinstaller_enu.exe
[2012.09.28 12:44:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012.09.28 06:48:37 | 000,000,000 | ---D | C] -- C:\Users\Mahoo\AppData\Roaming\Malwarebytes
[2012.09.28 06:48:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.28 06:48:28 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.28 06:48:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.09.28 06:48:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.28 02:53:08 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.09.24 00:03:30 | 000,000,000 | ---D | C] -- C:\Users\Mahoo\Desktop\Logo
[2012.09.23 22:00:16 | 000,000,000 | ---D | C] -- C:\Users\Mahoo\.thumbnails
[2012.09.23 20:25:01 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2012.09.23 20:14:00 | 000,000,000 | ---D | C] -- C:\Users\Mahoo\AppData\Local\webkit
[2012.09.23 19:33:49 | 000,000,000 | ---D | C] -- C:\Users\Mahoo\AppData\Local\fontconfig
[2012.09.23 19:33:47 | 000,000,000 | ---D | C] -- C:\Users\Mahoo\AppData\Local\gegl-0.2
[2012.09.23 19:33:47 | 000,000,000 | ---D | C] -- C:\Users\Mahoo\.gimp-2.8
[2012.09.02 00:03:28 | 000,000,000 | ---D | C] -- C:\Users\Mahoo\AppData\Roaming\WOT Statistics
[2012.09.02 00:03:07 | 000,000,000 | ---D | C] -- C:\Users\Mahoo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WOT Statistics
[2012.09.02 00:03:03 | 000,000,000 | ---D | C] -- C:\Program Files\WOT Statistics
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.01 18:59:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mahoo\Desktop\OTL.exe
[2012.10.01 18:54:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.01 16:00:14 | 000,013,776 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.01 16:00:14 | 000,013,776 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.01 15:52:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.01 15:52:39 | 2817,384,448 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.29 10:18:24 | 000,513,501 | ---- | M] () -- C:\Users\Mahoo\Desktop\adwcleaner.exe
[2012.09.28 22:12:35 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Mahoo\Desktop\esetsmartinstaller_enu.exe
[2012.09.28 11:01:47 | 002,141,710 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.28 11:01:47 | 001,140,448 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.28 11:01:47 | 000,605,286 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.28 11:01:47 | 000,527,272 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.28 06:48:29 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.28 02:48:03 | 083,023,306 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.09.27 20:52:21 | 000,003,055 | ---- | M] () -- C:\Users\Mahoo\Desktop\WOT Statistics.lnk
[2012.09.24 00:03:44 | 000,003,922 | ---- | M] () -- C:\Users\Mahoo\AppData\Local\recently-used.xbel
[2012.09.23 23:05:42 | 000,476,975 | ---- | M] () -- C:\Users\Mahoo\Documents\test2.xcf
[2012.09.23 22:02:51 | 000,001,049 | ---- | M] () -- C:\Users\Mahoo\Desktop\GIMP 2.lnk
[2012.09.23 22:00:16 | 000,458,498 | ---- | M] () -- C:\Users\Mahoo\Documents\test1.xcf
[2012.09.09 17:23:32 | 000,001,102 | ---- | M] () -- C:\Users\Mahoo\Desktop\wot-xvm-proxy - Verknüpfung.lnk
[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.07 11:28:56 | 000,430,984 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.29 10:18:23 | 000,513,501 | ---- | C] () -- C:\Users\Mahoo\Desktop\adwcleaner.exe
[2012.09.28 06:48:29 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.27 23:14:31 | 083,023,306 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.09.24 00:03:44 | 000,003,922 | ---- | C] () -- C:\Users\Mahoo\AppData\Local\recently-used.xbel
[2012.09.23 23:05:42 | 000,476,975 | ---- | C] () -- C:\Users\Mahoo\Documents\test2.xcf
[2012.09.23 22:02:51 | 000,001,049 | ---- | C] () -- C:\Users\Mahoo\Desktop\GIMP 2.lnk
[2012.09.23 22:00:16 | 000,458,498 | ---- | C] () -- C:\Users\Mahoo\Documents\test1.xcf
[2012.09.23 20:26:32 | 000,001,049 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2012.09.09 17:23:32 | 000,001,102 | ---- | C] () -- C:\Users\Mahoo\Desktop\wot-xvm-proxy - Verknüpfung.lnk
[2012.09.07 11:28:41 | 000,430,984 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.09.02 00:03:07 | 000,003,055 | ---- | C] () -- C:\Users\Mahoo\Desktop\WOT Statistics.lnk
[2012.08.30 10:40:14 | 000,429,416 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2012.07.11 13:18:32 | 001,558,432 | ---- | C] () -- C:\Windows\TotalUninstaller.exe
[2012.07.11 13:17:42 | 000,310,272 | ---- | C] () -- C:\Windows\System32\UPDIO2.dll
[2012.07.11 13:17:41 | 000,254,464 | ---- | C] () -- C:\Windows\System32\SUPDRun.exe
[2012.07.11 13:17:41 | 000,151,552 | ---- | C] () -- C:\Windows\System32\spd__ci.exe
[2012.07.11 13:17:41 | 000,024,064 | ---- | C] () -- C:\Windows\System32\spd__l.dll
[2012.05.23 18:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.05.17 13:20:29 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2012.03.26 17:32:51 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2012.03.10 22:55:29 | 000,484,656 | ---- | C] () -- C:\Windows\ssndii.exe
[2011.11.06 17:21:39 | 000,076,360 | ---- | C] () -- C:\Windows\System32\ladfGSRCoinst_i386.dll
[2011.10.31 12:22:40 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.10.31 12:22:40 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.10.31 12:22:40 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.10.31 12:22:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.06.21 08:42:38 | 000,024,064 | ---- | C] () -- C:\Windows\System32\sst3cl3.dll
[2011.01.16 23:12:01 | 000,682,280 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2011.01.10 14:49:16 | 000,035,840 | ---- | C] () -- C:\Windows\System32\dokan.dll
[2010.10.25 21:56:28 | 000,007,596 | ---- | C] () -- C:\Users\Mahoo\AppData\Local\resmon.resmoncfg
[2010.10.19 20:27:34 | 000,139,488 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.10.19 20:27:10 | 002,601,752 | ---- | C] () -- C:\Windows\System32\pbsvc_moh.exe
[2010.10.02 23:38:51 | 000,022,328 | ---- | C] () -- C:\Users\Mahoo\AppData\Roaming\PnkBstrK.sys
[2010.10.02 23:38:28 | 000,270,776 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010.10.02 23:38:27 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.09.28 00:22:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Canneverbe Limited
[2012.09.27 23:47:26 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Lite
[2010.11.14 00:27:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PC Suite
[2010.11.14 19:54:42 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TS3Client
[2012.06.17 20:05:14 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Canneverbe Limited
[2012.06.17 01:11:27 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\DAEMON Tools Lite
[2012.01.30 15:53:13 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\DAEMON Tools Net
[2012.03.26 17:32:51 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\DesktopIconForAmazon
[2010.09.19 03:51:51 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Leadertech
[2011.05.19 22:47:27 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Nokia
[2010.09.27 18:29:36 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\OpenOffice.org
[2010.12.25 00:30:27 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\PC Suite
[2012.06.04 18:24:58 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Samsung
[2012.06.04 18:51:30 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Temp
[2012.05.01 17:31:50 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\TS3Client
[2011.12.21 00:50:43 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\TuneUp Software
[2011.07.10 23:22:12 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\wargaming.net
[2012.09.02 00:05:33 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\WOT Statistics
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.05.13 22:49:47 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Adobe
[2012.04.01 17:48:12 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Avira
[2012.06.17 20:05:14 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Canneverbe Limited
[2012.06.17 01:11:27 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\DAEMON Tools Lite
[2012.01.30 15:53:13 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\DAEMON Tools Net
[2012.03.26 17:32:51 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\DesktopIconForAmazon
[2012.05.17 13:27:40 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Google Inc
[2012.05.13 22:54:09 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Help
[2012.05.17 14:15:48 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Identities
[2010.09.19 03:51:51 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Leadertech
[2011.12.21 00:20:57 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Logishrd
[2010.09.19 04:11:17 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Logitech
[2010.09.19 03:33:24 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Macromedia
[2012.09.28 06:48:37 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Malwarebytes
[2012.05.13 22:54:19 | 000,000,000 | --SD | M] -- C:\Users\Mahoo\AppData\Roaming\Microsoft
[2010.11.28 22:33:05 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Mozilla
[2011.05.19 22:47:27 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Nokia
[2011.11.14 23:01:02 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\NVIDIA
[2010.09.27 18:29:36 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\OpenOffice.org
[2010.12.25 00:30:27 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\PC Suite
[2012.06.04 18:24:58 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Samsung
[2012.06.04 18:51:30 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Temp
[2012.05.01 17:31:50 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\TS3Client
[2011.12.21 00:50:43 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\TuneUp Software
[2012.05.21 20:35:24 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\vlc
[2011.07.10 23:22:12 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\wargaming.net
[2010.09.20 15:21:58 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\WinRAR
[2012.09.02 00:05:33 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\WOT Statistics
 
< %APPDATA%\*.exe /s >
[2012.03.26 17:32:50 | 000,753,664 | ---- | M] (Microsoft) -- C:\Users\Mahoo\AppData\Roaming\DesktopIconForAmazon\IconForAmazon.exe
[2010.10.04 22:12:25 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Mahoo\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2010.11.20 23:06:50 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\Mahoo\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
[2012.09.27 20:52:21 | 000,332,328 | R--- | M] () -- C:\Users\Mahoo\AppData\Roaming\Microsoft\Installer\{F8A2AB6C-CB98-419C-BC96-95809B455AA7}\_853F67D554F05449430E7E.exe
[2012.09.27 20:52:21 | 000,332,328 | R--- | M] () -- C:\Users\Mahoo\AppData\Roaming\Microsoft\Installer\{F8A2AB6C-CB98-419C-BC96-95809B455AA7}\_AE6D52766A4C6A7E5B422D.exe
[2012.09.27 20:52:21 | 000,332,328 | R--- | M] () -- C:\Users\Mahoo\AppData\Roaming\Microsoft\Installer\{F8A2AB6C-CB98-419C-BC96-95809B455AA7}\_CF295D5069A02809E63991.exe
[2012.05.30 03:17:52 | 000,958,392 | ---- | M] (Samsung) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\Kies.exe
[2012.05.30 03:17:54 | 000,278,968 | ---- | M] () -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\KiesDriverInstaller.exe
[2012.05.23 18:51:18 | 000,318,976 | ---- | M] (Samsung) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\KiesLogger.exe
[2012.05.30 03:17:54 | 003,521,464 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\KiesTrayAgent.exe
[2012.05.23 18:50:32 | 000,180,224 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\ConnectionManager.exe
[2012.05.23 18:50:32 | 000,321,024 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\DeviceDataService.exe
[2012.05.30 02:49:14 | 000,721,920 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\DeviceManager.exe
[2012.05.30 03:18:02 | 000,067,512 | ---- | M] (Samsung) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\Kies_Tutorial.exe
[2012.05.23 18:50:18 | 000,106,960 | ---- | M] () -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\FirmwareUpdate\AgentInstaller.exe
[2012.05.23 18:50:18 | 000,101,328 | ---- | M] () -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\FirmwareUpdate\AgentUpdate.exe
[2012.05.30 03:18:04 | 000,183,736 | ---- | M] () -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\FirmwareUpdate\BinaryLoaderMgr.exe
[2012.05.30 03:18:06 | 000,021,432 | ---- | M] () -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\FirmwareUpdate\KiesPDLR.exe
[2012.05.30 03:18:08 | 003,570,352 | ---- | M] (Freeware) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\MediaModules\MyFreeCodecPack.exe
[2012.05.23 18:50:02 | 000,221,184 | ---- | M] (ENJsoft corp.) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\TransModules\SelfMV.exe
[2012.05.23 18:50:04 | 000,061,440 | ---- | M] (ENJsoft corp.) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\TransModules\SelfMV2.exe
[2012.05.23 18:49:28 | 024,162,120 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe
[2012.07.03 08:16:26 | 000,975,288 | ---- | M] (Samsung) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\Kies.exe
[2012.07.03 08:16:28 | 000,278,968 | ---- | M] () -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\KiesDriverInstaller.exe
[2012.06.26 09:04:30 | 000,320,000 | ---- | M] (Samsung) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\KiesLogger.exe
[2012.07.03 08:16:26 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\KiesTrayAgent.exe
[2012.06.26 09:03:34 | 000,182,784 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\ConnectionManager.exe
[2012.06.26 09:03:34 | 000,321,536 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\DeviceDataService.exe
[2012.06.26 09:03:38 | 000,716,800 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\DeviceManager.exe
[2012.07.03 08:16:32 | 000,067,512 | ---- | M] (Samsung) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\Kies_Tutorial.exe
[2012.06.26 09:03:16 | 000,106,960 | ---- | M] () -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\FirmwareUpdate\AgentInstaller.exe
[2012.06.26 09:03:16 | 000,101,328 | ---- | M] () -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\FirmwareUpdate\AgentUpdate.exe
[2012.07.03 08:16:34 | 000,183,736 | ---- | M] () -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\FirmwareUpdate\BinaryLoaderMgr.exe
[2012.07.03 08:16:36 | 000,021,432 | ---- | M] () -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\FirmwareUpdate\KiesPDLR.exe
[2012.07.03 08:16:36 | 003,742,648 | ---- | M] (Freeware) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\MediaModules\MyFreeCodecPack.exe
[2012.06.26 09:03:02 | 000,262,144 | ---- | M] (ENJsoft corp.) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\TransModules\SelfMV.exe
[2012.06.26 09:03:04 | 000,090,112 | ---- | M] (ENJsoft corp.) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\TransModules\SelfMV2.exe
[2012.06.26 09:02:34 | 024,164,152 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe
[2012.05.30 03:18:10 | 000,371,128 | ---- | M] (ml) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe
[2012.07.03 08:16:38 | 000,450,488 | ---- | M] (ml) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< End of report >

cosinus 02.10.2012 10:37
Version 3.2.70.1 ist draußen - bitte damit nochmal versuchen

Mahoo 02.10.2012 19:06
Hi Cosinus hier die Log mit der neuen Vesion.
Code:
OTL logfile created on: 02.10.2012 19:54:56 - Run 5
OTL by OldTimer - Version 3.2.70.1    Folder = C:\Users\Mahoo\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,50 Gb Total Physical Memory | 2,61 Gb Available Physical Memory | 74,65% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 85,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,40 Gb Total Space | 22,72 Gb Free Space | 30,54% Space Free | Partition Type: NTFS
Drive D: | 74,53 Gb Total Space | 33,42 Gb Free Space | 44,85% Space Free | Partition Type: NTFS
 
Computer Name: MAHOO-PC | User Name: Mahoo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Mahoo\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
PRC - C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Dokan\DokanLibrary\mounter.exe ()
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\inetsrv\inetinfo.exe (Microsoft Corporation)
PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\0c2b0d52156447592f33edf4116b7e7d\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\5552b27237c3dbe4f21a10e97adf2edc\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\94b346f2ab12d38efb1331ded5783396\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\199683f6e79076b634ee6cc0a82c0654\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e7dc084827f8df2dbdc819db5c633a0d\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\21f37f9f5162af7efb52169012bd111e\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a5fa2a1cfc6e9fdc39d9a8f2baa57bc9\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll ()
MOD - C:\Users\Mahoo\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll ()
MOD - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MOD - C:\Program Files\WinRAR\rarext.dll ()
MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_5891ae0.dll ()
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (Samsung UPD Service2) -- C:\Windows\System32\SUPDSvc2.exe (Samsung Electronics)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe (Logitech, Inc.)
SRV - (Installer Service) -- C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{07D77970-B205-460C-84E4-263F30455597}\Installer\InstallerService.exe ()
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (DokanMounter) -- C:\Program Files\Dokan\DokanLibrary\mounter.exe ()
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (IISADMIN) -- C:\Windows\System32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (EPSON_EB_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION)
SRV - (EPSON_PM_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (netr28u) -- system32\DRIVERS\netr28u.sys File not found
DRV - (DgiVecp) -- C:\Windows\system32\Drivers\DgiVecp.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (LADF_CaptureOnly) -- C:\Windows\System32\drivers\ladfGSCi386.sys (Logitech)
DRV - (LADF_RenderOnly) -- C:\Windows\System32\drivers\ladfGSRi386.sys (Logitech)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (Dokan) -- C:\Windows\System32\drivers\dokan.sys (Windows (R) Win 7 DDK provider)
DRV - (MQAC) -- C:\Windows\System32\drivers\mqac.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RMCAST) -- C:\Windows\System32\drivers\rmcast.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (LADF_SBVM) -- C:\Windows\System32\drivers\ladfSBVMi386.sys (Logitech)
DRV - (LADF_DHP2) -- C:\Windows\System32\drivers\ladfDHP2i386.sys (Logitech)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell)
DRV - (LGVirHid) -- C:\Windows\System32\drivers\LGVirHid.sys (Logitech Inc.)
DRV - (LGBusEnum) -- C:\Windows\System32\drivers\LGBusEnum.sys (Logitech Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (nmwcdsa) -- C:\Windows\System32\drivers\nmwcdsa.sys (Nokia)
DRV - (nmwcdsacm) -- C:\Windows\System32\drivers\nmwcdsacm.sys (Nokia)
DRV - (nmwcdsacj) -- C:\Windows\System32\drivers\nmwcdsacj.sys (Nokia)
DRV - (nmwcdsac) -- C:\Windows\System32\drivers\nmwcdsac.sys (Nokia)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-1056468692-1839014824-3167116617-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1056468692-1839014824-3167116617-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1056468692-1839014824-3167116617-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1056468692-1839014824-3167116617-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A5 D0 99 56 9A 57 CB 01  [binary data]
IE - HKU\S-1-5-21-1056468692-1839014824-3167116617-1001\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKU\S-1-5-21-1056468692-1839014824-3167116617-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1056468692-1839014824-3167116617-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1056468692-1839014824-3167116617-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1056468692-1839014824-3167116617-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
 
IE - HKU\S-1-5-21-1056468692-1839014824-3167116617-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: testpilot@labs.mozilla.com:1.2.2
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.09 17:18:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.09 17:18:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012.03.01 11:48:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mahoo\AppData\Roaming\mozilla\Extensions
[2012.09.28 11:03:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mahoo\AppData\Roaming\mozilla\Firefox\Profiles\3gn9tca2.default\extensions
[2012.09.19 13:13:24 | 000,621,521 | ---- | M] () (No name found) -- C:\Users\Mahoo\AppData\Roaming\mozilla\firefox\profiles\3gn9tca2.default\extensions\testpilot@labs.mozilla.com.xpi
[2012.07.26 09:54:20 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Mahoo\AppData\Roaming\mozilla\firefox\profiles\3gn9tca2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.12.19 21:48:10 | 000,000,933 | ---- | M] () -- C:\Users\Mahoo\AppData\Roaming\mozilla\firefox\profiles\3gn9tca2.default\searchplugins\11-suche.xml
[2012.01.30 17:24:52 | 000,002,059 | ---- | M] () -- C:\Users\Mahoo\AppData\Roaming\mozilla\firefox\profiles\3gn9tca2.default\searchplugins\absearch-search.xml
[2011.12.19 21:48:10 | 000,002,419 | ---- | M] () -- C:\Users\Mahoo\AppData\Roaming\mozilla\firefox\profiles\3gn9tca2.default\searchplugins\englische-ergebnisse.xml
[2011.12.19 21:48:10 | 000,010,525 | ---- | M] () -- C:\Users\Mahoo\AppData\Roaming\mozilla\firefox\profiles\3gn9tca2.default\searchplugins\gmx-suche.xml
[2011.12.19 21:48:10 | 000,002,457 | ---- | M] () -- C:\Users\Mahoo\AppData\Roaming\mozilla\firefox\profiles\3gn9tca2.default\searchplugins\lastminute.xml
[2011.12.19 21:48:10 | 000,005,508 | ---- | M] () -- C:\Users\Mahoo\AppData\Roaming\mozilla\firefox\profiles\3gn9tca2.default\searchplugins\webde-suche.xml
[2012.04.19 19:51:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012.09.09 17:18:50 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.05.03 00:56:29 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.09 17:18:47 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.05.03 00:56:29 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.05.03 00:56:29 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.05.03 00:56:29 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.05.03 00:56:29 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKU\S-1-5-21-1056468692-1839014824-3167116617-1001\..\Toolbar\WebBrowser: (no name) - {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [MsmqIntCert] C:\Windows\System32\mqrt.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1056468692-1839014824-3167116617-1001..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKU\S-1-5-21-1056468692-1839014824-3167116617-1001..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-1056468692-1839014824-3167116617-1001..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1056468692-1839014824-3167116617-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1056468692-1839014824-3167116617-1001\..Trusted Domains: blank ([]about in Computer)
O15 - HKU\S-1-5-21-1056468692-1839014824-3167116617-1001\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Unable to open value key)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Unable to open value key)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Unable to open value key)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Unable to open value key)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA2D2E33-477C-49ED-B1CB-85DBD5256716}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /p \??\G:)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.02 19:53:17 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Mahoo\Desktop\OTL.exe
[2012.10.01 15:51:45 | 000,000,000 | ---D | C] -- C:\Users\Mahoo\AppData\Local\ElevatedDiagnostics
[2012.09.28 22:12:31 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Mahoo\Desktop\esetsmartinstaller_enu.exe
[2012.09.28 12:44:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012.09.28 06:48:37 | 000,000,000 | ---D | C] -- C:\Users\Mahoo\AppData\Roaming\Malwarebytes
[2012.09.28 06:48:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.28 06:48:28 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.28 06:48:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.09.28 06:48:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.28 02:53:08 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.09.24 00:03:30 | 000,000,000 | ---D | C] -- C:\Users\Mahoo\Desktop\Logo
[2012.09.23 22:00:16 | 000,000,000 | ---D | C] -- C:\Users\Mahoo\.thumbnails
[2012.09.23 20:25:01 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2012.09.23 20:14:00 | 000,000,000 | ---D | C] -- C:\Users\Mahoo\AppData\Local\webkit
[2012.09.23 19:33:49 | 000,000,000 | ---D | C] -- C:\Users\Mahoo\AppData\Local\fontconfig
[2012.09.23 19:33:47 | 000,000,000 | ---D | C] -- C:\Users\Mahoo\AppData\Local\gegl-0.2
[2012.09.23 19:33:47 | 000,000,000 | ---D | C] -- C:\Users\Mahoo\.gimp-2.8
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.02 19:54:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.02 19:53:18 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Mahoo\Desktop\OTL.exe
[2012.10.02 19:51:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.02 19:50:58 | 2817,384,448 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.02 15:06:57 | 000,013,776 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.02 15:06:57 | 000,013,776 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.29 10:18:24 | 000,513,501 | ---- | M] () -- C:\Users\Mahoo\Desktop\adwcleaner.exe
[2012.09.28 22:12:35 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Mahoo\Desktop\esetsmartinstaller_enu.exe
[2012.09.28 11:01:47 | 002,141,710 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.28 11:01:47 | 001,140,448 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.28 11:01:47 | 000,605,286 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.28 11:01:47 | 000,527,272 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.28 06:48:29 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.28 02:48:03 | 083,023,306 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.09.27 20:52:21 | 000,003,055 | ---- | M] () -- C:\Users\Mahoo\Desktop\WOT Statistics.lnk
[2012.09.24 00:03:44 | 000,003,922 | ---- | M] () -- C:\Users\Mahoo\AppData\Local\recently-used.xbel
[2012.09.23 23:05:42 | 000,476,975 | ---- | M] () -- C:\Users\Mahoo\Documents\test2.xcf
[2012.09.23 22:02:51 | 000,001,049 | ---- | M] () -- C:\Users\Mahoo\Desktop\GIMP 2.lnk
[2012.09.23 22:00:16 | 000,458,498 | ---- | M] () -- C:\Users\Mahoo\Documents\test1.xcf
[2012.09.09 17:23:32 | 000,001,102 | ---- | M] () -- C:\Users\Mahoo\Desktop\wot-xvm-proxy - Verknüpfung.lnk
[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.07 11:28:56 | 000,430,984 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.29 10:18:23 | 000,513,501 | ---- | C] () -- C:\Users\Mahoo\Desktop\adwcleaner.exe
[2012.09.28 06:48:29 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.27 23:14:31 | 083,023,306 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.09.24 00:03:44 | 000,003,922 | ---- | C] () -- C:\Users\Mahoo\AppData\Local\recently-used.xbel
[2012.09.23 23:05:42 | 000,476,975 | ---- | C] () -- C:\Users\Mahoo\Documents\test2.xcf
[2012.09.23 22:02:51 | 000,001,049 | ---- | C] () -- C:\Users\Mahoo\Desktop\GIMP 2.lnk
[2012.09.23 22:00:16 | 000,458,498 | ---- | C] () -- C:\Users\Mahoo\Documents\test1.xcf
[2012.09.23 20:26:32 | 000,001,049 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2012.09.09 17:23:32 | 000,001,102 | ---- | C] () -- C:\Users\Mahoo\Desktop\wot-xvm-proxy - Verknüpfung.lnk
[2012.09.07 11:28:41 | 000,430,984 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.08.30 10:40:14 | 000,429,416 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2012.07.11 13:18:32 | 001,558,432 | ---- | C] () -- C:\Windows\TotalUninstaller.exe
[2012.07.11 13:17:42 | 000,310,272 | ---- | C] () -- C:\Windows\System32\UPDIO2.dll
[2012.07.11 13:17:41 | 000,254,464 | ---- | C] () -- C:\Windows\System32\SUPDRun.exe
[2012.07.11 13:17:41 | 000,151,552 | ---- | C] () -- C:\Windows\System32\spd__ci.exe
[2012.07.11 13:17:41 | 000,024,064 | ---- | C] () -- C:\Windows\System32\spd__l.dll
[2012.05.23 18:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.05.17 13:20:29 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2012.03.26 17:32:51 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2012.03.10 22:55:29 | 000,484,656 | ---- | C] () -- C:\Windows\ssndii.exe
[2011.11.06 17:21:39 | 000,076,360 | ---- | C] () -- C:\Windows\System32\ladfGSRCoinst_i386.dll
[2011.10.31 12:22:40 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.10.31 12:22:40 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.10.31 12:22:40 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.10.31 12:22:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.06.21 08:42:38 | 000,024,064 | ---- | C] () -- C:\Windows\System32\sst3cl3.dll
[2011.01.16 23:12:01 | 000,682,280 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2011.01.10 14:49:16 | 000,035,840 | ---- | C] () -- C:\Windows\System32\dokan.dll
[2010.10.25 21:56:28 | 000,007,596 | ---- | C] () -- C:\Users\Mahoo\AppData\Local\resmon.resmoncfg
[2010.10.19 20:27:34 | 000,139,488 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.10.19 20:27:10 | 002,601,752 | ---- | C] () -- C:\Windows\System32\pbsvc_moh.exe
[2010.10.02 23:38:51 | 000,022,328 | ---- | C] () -- C:\Users\Mahoo\AppData\Roaming\PnkBstrK.sys
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.09.28 00:22:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Canneverbe Limited
[2012.09.27 23:47:26 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Lite
[2010.11.14 00:27:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PC Suite
[2010.11.14 19:54:42 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TS3Client
[2012.06.17 20:05:14 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Canneverbe Limited
[2012.06.17 01:11:27 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\DAEMON Tools Lite
[2012.01.30 15:53:13 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\DAEMON Tools Net
[2012.03.26 17:32:51 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\DesktopIconForAmazon
[2010.09.19 03:51:51 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Leadertech
[2011.05.19 22:47:27 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Nokia
[2010.09.27 18:29:36 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\OpenOffice.org
[2010.12.25 00:30:27 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\PC Suite
[2012.06.04 18:24:58 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Samsung
[2012.06.04 18:51:30 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Temp
[2012.05.01 17:31:50 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\TS3Client
[2011.07.10 23:22:12 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\wargaming.net
[2012.09.02 00:05:33 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\WOT Statistics
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.05.13 22:49:47 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Adobe
[2012.04.01 17:48:12 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Avira
[2012.06.17 20:05:14 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Canneverbe Limited
[2012.06.17 01:11:27 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\DAEMON Tools Lite
[2012.01.30 15:53:13 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\DAEMON Tools Net
[2012.03.26 17:32:51 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\DesktopIconForAmazon
[2012.05.17 13:27:40 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Google Inc
[2012.05.13 22:54:09 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Help
[2012.05.17 14:15:48 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Identities
[2010.09.19 03:51:51 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Leadertech
[2011.12.21 00:20:57 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Logishrd
[2010.09.19 04:11:17 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Logitech
[2010.09.19 03:33:24 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Macromedia
[2012.09.28 06:48:37 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Malwarebytes
[2012.05.13 22:54:19 | 000,000,000 | --SD | M] -- C:\Users\Mahoo\AppData\Roaming\Microsoft
[2010.11.28 22:33:05 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Mozilla
[2011.05.19 22:47:27 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Nokia
[2011.11.14 23:01:02 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\NVIDIA
[2010.09.27 18:29:36 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\OpenOffice.org
[2010.12.25 00:30:27 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\PC Suite
[2012.06.04 18:24:58 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Samsung
[2012.06.04 18:51:30 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Temp
[2012.05.01 17:31:50 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\TS3Client
[2012.05.21 20:35:24 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\vlc
[2011.07.10 23:22:12 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\wargaming.net
[2010.09.20 15:21:58 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\WinRAR
[2012.09.02 00:05:33 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\WOT Statistics
 
< %APPDATA%\*.exe /s >
[2012.03.26 17:32:50 | 000,753,664 | ---- | M] (Microsoft) -- C:\Users\Mahoo\AppData\Roaming\DesktopIconForAmazon\IconForAmazon.exe
[2010.10.04 22:12:25 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Mahoo\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2010.11.20 23:06:50 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\Mahoo\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
[2012.09.27 20:52:21 | 000,332,328 | R--- | M] () -- C:\Users\Mahoo\AppData\Roaming\Microsoft\Installer\{F8A2AB6C-CB98-419C-BC96-95809B455AA7}\_853F67D554F05449430E7E.exe
[2012.09.27 20:52:21 | 000,332,328 | R--- | M] () -- C:\Users\Mahoo\AppData\Roaming\Microsoft\Installer\{F8A2AB6C-CB98-419C-BC96-95809B455AA7}\_AE6D52766A4C6A7E5B422D.exe
[2012.09.27 20:52:21 | 000,332,328 | R--- | M] () -- C:\Users\Mahoo\AppData\Roaming\Microsoft\Installer\{F8A2AB6C-CB98-419C-BC96-95809B455AA7}\_CF295D5069A02809E63991.exe
[2012.05.30 03:17:52 | 000,958,392 | ---- | M] (Samsung) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\Kies.exe
[2012.05.30 03:17:54 | 000,278,968 | ---- | M] () -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\KiesDriverInstaller.exe
[2012.05.23 18:51:18 | 000,318,976 | ---- | M] (Samsung) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\KiesLogger.exe
[2012.05.30 03:17:54 | 003,521,464 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\KiesTrayAgent.exe
[2012.05.23 18:50:32 | 000,180,224 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\ConnectionManager.exe
[2012.05.23 18:50:32 | 000,321,024 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\DeviceDataService.exe
[2012.05.30 02:49:14 | 000,721,920 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\DeviceManager.exe
[2012.05.30 03:18:02 | 000,067,512 | ---- | M] (Samsung) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\Kies_Tutorial.exe
[2012.05.23 18:50:18 | 000,106,960 | ---- | M] () -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\FirmwareUpdate\AgentInstaller.exe
[2012.05.23 18:50:18 | 000,101,328 | ---- | M] () -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\FirmwareUpdate\AgentUpdate.exe
[2012.05.30 03:18:04 | 000,183,736 | ---- | M] () -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\FirmwareUpdate\BinaryLoaderMgr.exe
[2012.05.30 03:18:06 | 000,021,432 | ---- | M] () -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\FirmwareUpdate\KiesPDLR.exe
[2012.05.30 03:18:08 | 003,570,352 | ---- | M] (Freeware) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\MediaModules\MyFreeCodecPack.exe
[2012.05.23 18:50:02 | 000,221,184 | ---- | M] (ENJsoft corp.) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\TransModules\SelfMV.exe
[2012.05.23 18:50:04 | 000,061,440 | ---- | M] (ENJsoft corp.) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\TransModules\SelfMV2.exe
[2012.05.23 18:49:28 | 024,162,120 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe
[2012.07.03 08:16:26 | 000,975,288 | ---- | M] (Samsung) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\Kies.exe
[2012.07.03 08:16:28 | 000,278,968 | ---- | M] () -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\KiesDriverInstaller.exe
[2012.06.26 09:04:30 | 000,320,000 | ---- | M] (Samsung) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\KiesLogger.exe
[2012.07.03 08:16:26 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\KiesTrayAgent.exe
[2012.06.26 09:03:34 | 000,182,784 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\ConnectionManager.exe
[2012.06.26 09:03:34 | 000,321,536 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\DeviceDataService.exe
[2012.06.26 09:03:38 | 000,716,800 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\DeviceManager.exe
[2012.07.03 08:16:32 | 000,067,512 | ---- | M] (Samsung) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\Kies_Tutorial.exe
[2012.06.26 09:03:16 | 000,106,960 | ---- | M] () -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\FirmwareUpdate\AgentInstaller.exe
[2012.06.26 09:03:16 | 000,101,328 | ---- | M] () -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\FirmwareUpdate\AgentUpdate.exe
[2012.07.03 08:16:34 | 000,183,736 | ---- | M] () -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\FirmwareUpdate\BinaryLoaderMgr.exe
[2012.07.03 08:16:36 | 000,021,432 | ---- | M] () -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\FirmwareUpdate\KiesPDLR.exe
[2012.07.03 08:16:36 | 003,742,648 | ---- | M] (Freeware) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\MediaModules\MyFreeCodecPack.exe
[2012.06.26 09:03:02 | 000,262,144 | ---- | M] (ENJsoft corp.) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\TransModules\SelfMV.exe
[2012.06.26 09:03:04 | 000,090,112 | ---- | M] (ENJsoft corp.) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\TransModules\SelfMV2.exe
[2012.06.26 09:02:34 | 024,164,152 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe
[2012.05.30 03:18:10 | 000,371,128 | ---- | M] (ml) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe
[2012.07.03 08:16:38 | 000,450,488 | ---- | M] (ml) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< End of report >

cosinus 02.10.2012 20:35
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
FF - user.js - File not found
IE - HKU\S-1-5-21-1056468692-1839014824-3167116617-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
[2012.01.30 17:24:52 | 000,002,059 | ---- | M] () -- C:\Users\Mahoo\AppData\Roaming\mozilla\firefox\profiles\3gn9tca2.default\searchplugins\absearch-search.xml
O3 - HKU\S-1-5-21-1056468692-1839014824-3167116617-1001\..\Toolbar\WebBrowser: (no name) - {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Mahoo 02.10.2012 20:45
Hi
hier das Log
Code:
All processes killed
========== OTL ==========
HKU\S-1-5-21-1056468692-1839014824-3167116617-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
C:\Users\Mahoo\AppData\Roaming\mozilla\firefox\profiles\3gn9tca2.default\searchplugins\absearch-search.xml moved successfully.
Registry value HKEY_USERS\S-1-5-21-1056468692-1839014824-3167116617-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EFEED92A-A33D-4873-BA8F-32BAA631E54D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EFEED92A-A33D-4873-BA8F-32BAA631E54D}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Mahoo\Desktop\cmd.bat deleted successfully.
C:\Users\Mahoo\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 28419267 bytes
->Temporary Internet Files folder emptied: 3278505 bytes
->FireFox cache emptied: 135376447 bytes
->Flash cache emptied: 57202 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes
 
User: Mahoo
->Temp folder emptied: 108999569 bytes
->Temporary Internet Files folder emptied: 7991158 bytes
->Java cache emptied: 26336327 bytes
->FireFox cache emptied: 159333590 bytes
->Google Chrome cache emptied: 17589113 bytes
->Flash cache emptied: 60404 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 29504 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 573686 bytes
RecycleBin emptied: 128685588 bytes
 
Total Files Cleaned = 588,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.70.1 log created on 10022012_214037

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus 03.10.2012 17:56
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtg4nzy0ywy5/settings_2012-09-04.png

Mahoo 03.10.2012 18:41
Hallo Cosinus
hat bei mir Threats detected (medium risk) angezeigt mit den optionen skip,copy to quarantäne und Delete. habe Skip ausgewählt.
Hier die Log
Code:
19:35:27.0691 1660  TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
19:35:27.0940 1660  ============================================================
19:35:27.0940 1660  Current date / time: 2012/10/03 19:35:27.0940
19:35:27.0940 1660  SystemInfo:
19:35:27.0940 1660 
19:35:27.0940 1660  OS Version: 6.1.7601 ServicePack: 1.0
19:35:27.0940 1660  Product type: Workstation
19:35:27.0940 1660  ComputerName: MAHOO-PC
19:35:27.0940 1660  UserName: Mahoo
19:35:27.0940 1660  Windows directory: C:\Windows
19:35:27.0940 1660  System windows directory: C:\Windows
19:35:27.0940 1660  Processor architecture: Intel x86
19:35:27.0940 1660  Number of processors: 2
19:35:27.0940 1660  Page size: 0x1000
19:35:27.0940 1660  Boot type: Normal boot
19:35:27.0940 1660  ============================================================
19:35:30.0311 1660  Drive \Device\Harddisk0\DR0 - Size: 0x1299D15400 (74.40 Gb), SectorSize: 0x200, Cylinders: 0x284F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
19:35:30.0311 1660  Drive \Device\Harddisk1\DR1 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:35:30.0311 1660  ============================================================
19:35:30.0311 1660  \Device\Harddisk0\DR0:
19:35:30.0311 1660  MBR partitions:
19:35:30.0311 1660  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x94CE000
19:35:30.0311 1660  \Device\Harddisk1\DR1:
19:35:30.0311 1660  MBR partitions:
19:35:30.0311 1660  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950E800
19:35:30.0311 1660  ============================================================
19:35:30.0327 1660  C: <-> \Device\Harddisk0\DR0\Partition1
19:35:30.0327 1660  D: <-> \Device\Harddisk1\DR1\Partition1
19:35:30.0327 1660  ============================================================
19:35:30.0327 1660  Initialize success
19:35:30.0327 1660  ============================================================
19:36:24.0896 2424  ============================================================
19:36:24.0896 2424  Scan started
19:36:24.0896 2424  Mode: Manual; SigCheck; TDLFS;
19:36:24.0896 2424  ============================================================
19:36:25.0832 2424  ================ Scan system memory ========================
19:36:25.0832 2424  System memory - ok
19:36:25.0832 2424  ================ Scan services =============================
19:36:25.0957 2424  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
19:36:26.0050 2424  1394ohci - ok
19:36:26.0081 2424  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
19:36:26.0081 2424  ACPI - ok
19:36:26.0113 2424  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi        C:\Windows\system32\drivers\acpipmi.sys
19:36:26.0175 2424  AcpiPmi - ok
19:36:26.0315 2424  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
19:36:26.0331 2424  AdobeARMservice - ok
19:36:26.0425 2424  [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:36:26.0440 2424  AdobeFlashPlayerUpdateSvc - ok
19:36:26.0503 2424  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx        C:\Windows\system32\DRIVERS\adp94xx.sys
19:36:26.0534 2424  adp94xx - ok
19:36:26.0549 2424  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci        C:\Windows\system32\DRIVERS\adpahci.sys
19:36:26.0565 2424  adpahci - ok
19:36:26.0581 2424  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320        C:\Windows\system32\DRIVERS\adpu320.sys
19:36:26.0596 2424  adpu320 - ok
19:36:26.0612 2424  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
19:36:26.0659 2424  AeLookupSvc - ok
19:36:26.0705 2424  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD            C:\Windows\system32\drivers\afd.sys
19:36:26.0752 2424  AFD - ok
19:36:26.0799 2424  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
19:36:26.0815 2424  agp440 - ok
19:36:26.0830 2424  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx        C:\Windows\system32\DRIVERS\djsvs.sys
19:36:26.0830 2424  aic78xx - ok
19:36:27.0002 2424  [ 0923671CF87CD511E46D4668B53F5E76 ] Akamai          c:\program files\common files\akamai/netsession_win_5891ae0.dll
19:36:27.0002 2424  Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_5891ae0.dll. md5: 0923671CF87CD511E46D4668B53F5E76
19:36:27.0017 2424  Akamai ( HiddenFile.Multi.Generic ) - warning
19:36:27.0017 2424  Akamai - detected HiddenFile.Multi.Generic (1)
19:36:27.0049 2424  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG            C:\Windows\System32\alg.exe
19:36:27.0111 2424  ALG - ok
19:36:27.0142 2424  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:36:27.0158 2424  aliide - ok
19:36:27.0158 2424  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
19:36:27.0173 2424  amdagp - ok
19:36:27.0189 2424  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
19:36:27.0205 2424  amdide - ok
19:36:27.0220 2424  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8          C:\Windows\system32\DRIVERS\amdk8.sys
19:36:27.0267 2424  AmdK8 - ok
19:36:27.0267 2424  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
19:36:27.0298 2424  AmdPPM - ok
19:36:27.0314 2424  [ D320BF87125326F996D4904FE24300FC ] amdsata        C:\Windows\system32\drivers\amdsata.sys
19:36:27.0329 2424  amdsata - ok
19:36:27.0345 2424  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
19:36:27.0361 2424  amdsbs - ok
19:36:27.0361 2424  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata        C:\Windows\system32\drivers\amdxata.sys
19:36:27.0376 2424  amdxata - ok
19:36:27.0454 2424  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
19:36:27.0454 2424  AntiVirSchedulerService - ok
19:36:27.0501 2424  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
19:36:27.0501 2424  AntiVirService - ok
19:36:27.0579 2424  [ D1AF38FBAC0DC7E6D796B0ED01707EE0 ] AppHostSvc      C:\Windows\system32\inetsrv\apphostsvc.dll
19:36:27.0610 2424  AppHostSvc - ok
19:36:27.0641 2424  [ AEA177F783E20150ACE5383EE368DA19 ] AppID          C:\Windows\system32\drivers\appid.sys
19:36:27.0735 2424  AppID - ok
19:36:27.0766 2424  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:36:27.0813 2424  AppIDSvc - ok
19:36:27.0844 2424  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo        C:\Windows\System32\appinfo.dll
19:36:27.0875 2424  Appinfo - ok
19:36:27.0907 2424  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc            C:\Windows\system32\DRIVERS\arc.sys
19:36:27.0922 2424  arc - ok
19:36:27.0922 2424  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
19:36:27.0938 2424  arcsas - ok
19:36:28.0047 2424  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
19:36:28.0094 2424  aspnet_state - ok
19:36:28.0109 2424  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:36:28.0219 2424  AsyncMac - ok
19:36:28.0234 2424  [ 338C86357871C167A96AB976519BF59E ] atapi          C:\Windows\system32\drivers\atapi.sys
19:36:28.0250 2424  atapi - ok
19:36:28.0297 2424  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:36:28.0328 2424  AudioEndpointBuilder - ok
19:36:28.0343 2424  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
19:36:28.0359 2424  Audiosrv - ok
19:36:28.0406 2424  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
19:36:28.0421 2424  avgntflt - ok
19:36:28.0468 2424  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
19:36:28.0468 2424  avipbb - ok
19:36:28.0499 2424  [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
19:36:28.0515 2424  avkmgr - ok
19:36:28.0531 2424  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:36:28.0593 2424  AxInstSV - ok
19:36:28.0640 2424  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv        C:\Windows\system32\DRIVERS\bxvbdx.sys
19:36:28.0671 2424  b06bdrv - ok
19:36:28.0687 2424  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
19:36:28.0702 2424  b57nd60x - ok
19:36:28.0749 2424  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
19:36:28.0796 2424  BDESVC - ok
19:36:28.0811 2424  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:36:28.0843 2424  Beep - ok
19:36:28.0889 2424  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE            C:\Windows\System32\bfe.dll
19:36:28.0921 2424  BFE - ok
19:36:28.0952 2424  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
19:36:28.0983 2424  BITS - ok
19:36:28.0999 2424  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
19:36:29.0030 2424  blbdrive - ok
19:36:29.0077 2424  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:36:29.0108 2424  bowser - ok
19:36:29.0123 2424  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:36:29.0186 2424  BrFiltLo - ok
19:36:29.0201 2424  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:36:29.0233 2424  BrFiltUp - ok
19:36:29.0264 2424  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser        C:\Windows\System32\browser.dll
19:36:29.0295 2424  Browser - ok
19:36:29.0326 2424  [ 845B8CE732E67F3B4133164868C666EA ] Brserid        C:\Windows\System32\Drivers\Brserid.sys
19:36:29.0373 2424  Brserid - ok
19:36:29.0373 2424  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:36:29.0404 2424  BrSerWdm - ok
19:36:29.0435 2424  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:36:29.0451 2424  BrUsbMdm - ok
19:36:29.0467 2424  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:36:29.0498 2424  BrUsbSer - ok
19:36:29.0498 2424  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
19:36:29.0513 2424  BTHMODEM - ok
19:36:29.0560 2424  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv        C:\Windows\system32\bthserv.dll
19:36:29.0591 2424  bthserv - ok
19:36:29.0623 2424  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:36:29.0654 2424  cdfs - ok
19:36:29.0701 2424  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
19:36:29.0732 2424  cdrom - ok
19:36:29.0779 2424  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc    C:\Windows\System32\certprop.dll
19:36:29.0810 2424  CertPropSvc - ok
19:36:29.0857 2424  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
19:36:29.0872 2424  circlass - ok
19:36:29.0888 2424  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
19:36:29.0888 2424  CLFS - ok
19:36:29.0935 2424  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:36:29.0950 2424  clr_optimization_v2.0.50727_32 - ok
19:36:29.0997 2424  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:36:30.0075 2424  clr_optimization_v4.0.30319_32 - ok
19:36:30.0075 2424  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
19:36:30.0091 2424  CmBatt - ok
19:36:30.0122 2424  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
19:36:30.0122 2424  cmdide - ok
19:36:30.0153 2424  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG            C:\Windows\system32\Drivers\cng.sys
19:36:30.0184 2424  CNG - ok
19:36:30.0184 2424  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
19:36:30.0200 2424  Compbatt - ok
19:36:30.0215 2424  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
19:36:30.0231 2424  CompositeBus - ok
19:36:30.0231 2424  COMSysApp - ok
19:36:30.0247 2424  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk        C:\Windows\system32\DRIVERS\crcdisk.sys
19:36:30.0262 2424  crcdisk - ok
19:36:30.0309 2424  [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:36:30.0356 2424  CryptSvc - ok
19:36:30.0403 2424  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:36:30.0449 2424  DcomLaunch - ok
19:36:30.0481 2424  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc      C:\Windows\System32\defragsvc.dll
19:36:30.0512 2424  defragsvc - ok
19:36:30.0543 2424  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:36:30.0574 2424  DfsC - ok
19:36:30.0605 2424  DgiVecp - ok
19:36:30.0637 2424  [ 7BEF2E2159EDB03105BC7A8BABE04726 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
19:36:30.0652 2424  dg_ssudbus - ok
19:36:30.0683 2424  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:36:30.0730 2424  Dhcp - ok
19:36:30.0746 2424  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
19:36:30.0777 2424  discache - ok
19:36:30.0808 2424  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
19:36:30.0824 2424  Disk - ok
19:36:30.0855 2424  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:36:30.0886 2424  Dnscache - ok
19:36:30.0933 2424  [ 04036AB29BC52A71A70BAA16FA33F8AE ] Dokan          C:\Windows\system32\drivers\dokan.sys
19:36:30.0933 2424  Dokan ( UnsignedFile.Multi.Generic ) - warning
19:36:30.0933 2424  Dokan - detected UnsignedFile.Multi.Generic (1)
19:36:30.0964 2424  [ 8C856E531A1170F53AC6844E89CD0B5F ] DokanMounter    C:\Program Files\Dokan\DokanLibrary\mounter.exe
19:36:30.0980 2424  DokanMounter ( UnsignedFile.Multi.Generic ) - warning
19:36:30.0980 2424  DokanMounter - detected UnsignedFile.Multi.Generic (1)
19:36:30.0995 2424  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc        C:\Windows\System32\dot3svc.dll
19:36:31.0027 2424  dot3svc - ok
19:36:31.0058 2424  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS            C:\Windows\system32\dps.dll
19:36:31.0089 2424  DPS - ok
19:36:31.0136 2424  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
19:36:31.0151 2424  drmkaud - ok
19:36:31.0198 2424  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
19:36:31.0214 2424  DXGKrnl - ok
19:36:31.0229 2424  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost        C:\Windows\System32\eapsvc.dll
19:36:31.0261 2424  EapHost - ok
19:36:31.0354 2424  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv          C:\Windows\system32\DRIVERS\evbdx.sys
19:36:31.0417 2424  ebdrv - ok
19:36:31.0448 2424  [ 81951F51E318AECC2D68559E47485CC4 ] EFS            C:\Windows\System32\lsass.exe
19:36:31.0479 2424  EFS - ok
19:36:31.0526 2424  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
19:36:31.0557 2424  ehRecvr - ok
19:36:31.0573 2424  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched        C:\Windows\ehome\ehsched.exe
19:36:31.0604 2424  ehSched - ok
19:36:31.0666 2424  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor        C:\Windows\system32\DRIVERS\elxstor.sys
19:36:31.0682 2424  elxstor - ok
19:36:31.0775 2424  [ EC6A73CD8413F68655E5E0B99C415A21 ] EPSON_EB_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
19:36:31.0791 2424  EPSON_EB_RPCV4_01 ( UnsignedFile.Multi.Generic ) - warning
19:36:31.0791 2424  EPSON_EB_RPCV4_01 - detected UnsignedFile.Multi.Generic (1)
19:36:31.0807 2424  [ 8FE6AB59CAB8F2C038FEA9522A5EEBA7 ] EPSON_PM_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
19:36:31.0822 2424  EPSON_PM_RPCV4_01 ( UnsignedFile.Multi.Generic ) - warning
19:36:31.0822 2424  EPSON_PM_RPCV4_01 - detected UnsignedFile.Multi.Generic (1)
19:36:31.0838 2424  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
19:36:31.0853 2424  ErrDev - ok
19:36:31.0885 2424  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem    C:\Windows\system32\es.dll
19:36:31.0916 2424  EventSystem - ok
19:36:31.0931 2424  [ 2DC9108D74081149CC8B651D3A26207F ] exfat          C:\Windows\system32\drivers\exfat.sys
19:36:31.0978 2424  exfat - ok
19:36:31.0994 2424  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat        C:\Windows\system32\drivers\fastfat.sys
19:36:32.0041 2424  fastfat - ok
19:36:32.0087 2424  [ 967EA5B213E9984CBE270205DF37755B ] Fax            C:\Windows\system32\fxssvc.exe
19:36:32.0119 2424  Fax - ok
19:36:32.0150 2424  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
19:36:32.0165 2424  fdc - ok
19:36:32.0165 2424  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost        C:\Windows\system32\fdPHost.dll
19:36:32.0197 2424  fdPHost - ok
19:36:32.0212 2424  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
19:36:32.0243 2424  FDResPub - ok
19:36:32.0259 2424  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:36:32.0275 2424  FileInfo - ok
19:36:32.0290 2424  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
19:36:32.0321 2424  Filetrace - ok
19:36:32.0337 2424  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
19:36:32.0353 2424  flpydisk - ok
19:36:32.0368 2424  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:36:32.0384 2424  FltMgr - ok
19:36:32.0431 2424  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache      C:\Windows\system32\FntCache.dll
19:36:32.0462 2424  FontCache - ok
19:36:32.0524 2424  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:36:32.0540 2424  FontCache3.0.0.0 - ok
19:36:32.0555 2424  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
19:36:32.0571 2424  FsDepends - ok
19:36:32.0602 2424  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:36:32.0602 2424  Fs_Rec - ok
19:36:32.0633 2424  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:36:32.0649 2424  fvevol - ok
19:36:32.0680 2424  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
19:36:32.0680 2424  gagp30kx - ok
19:36:32.0727 2424  [ D556CB79967E92B5CC69686D16C1D846 ] gdrv            C:\Windows\gdrv.sys
19:36:32.0743 2424  gdrv - ok
19:36:32.0774 2424  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc          C:\Windows\System32\gpsvc.dll
19:36:32.0821 2424  gpsvc - ok
19:36:32.0836 2424  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
19:36:32.0852 2424  hcw85cir - ok
19:36:32.0899 2424  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:36:32.0930 2424  HdAudAddService - ok
19:36:32.0945 2424  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
19:36:32.0977 2424  HDAudBus - ok
19:36:32.0992 2424  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt        C:\Windows\system32\DRIVERS\HidBatt.sys
19:36:33.0023 2424  HidBatt - ok
19:36:33.0039 2424  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
19:36:33.0070 2424  HidBth - ok
19:36:33.0117 2424  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr          C:\Windows\system32\DRIVERS\hidir.sys
19:36:33.0179 2424  HidIr - ok
19:36:33.0211 2424  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv        C:\Windows\system32\hidserv.dll
19:36:33.0242 2424  hidserv - ok
19:36:33.0304 2424  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
19:36:33.0320 2424  HidUsb - ok
19:36:33.0335 2424  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:36:33.0367 2424  hkmsvc - ok
19:36:33.0398 2424  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:36:33.0460 2424  HomeGroupListener - ok
19:36:33.0491 2424  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:36:33.0507 2424  HomeGroupProvider - ok
19:36:33.0538 2424  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
19:36:33.0538 2424  HpSAMD - ok
19:36:33.0585 2424  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:36:33.0616 2424  HTTP - ok
19:36:33.0632 2424  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:36:33.0647 2424  hwpolicy - ok
19:36:33.0663 2424  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
19:36:33.0679 2424  i8042prt - ok
19:36:33.0710 2424  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV        C:\Windows\system32\drivers\iaStorV.sys
19:36:33.0725 2424  iaStorV - ok
19:36:33.0772 2424  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc          C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:36:33.0788 2424  idsvc - ok
19:36:33.0819 2424  [ 4173FF5708F3236CF25195FECD742915 ] iirsp          C:\Windows\system32\DRIVERS\iirsp.sys
19:36:33.0835 2424  iirsp - ok
19:36:33.0850 2424  [ FC9735B66850CF8AEBBC1E207ECB2AD8 ] IISADMIN        C:\Windows\system32\inetsrv\inetinfo.exe
19:36:33.0897 2424  IISADMIN - ok
19:36:33.0944 2424  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
19:36:33.0975 2424  IKEEXT - ok
19:36:34.0100 2424  [ C3D76557FB27F1DD28A6AD947C1E3E9C ] Installer Service C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{07D77970-B205-460C-84E4-263F30455597}\Installer\InstallerService.exe
19:36:34.0115 2424  Installer Service ( UnsignedFile.Multi.Generic ) - warning
19:36:34.0115 2424  Installer Service - detected UnsignedFile.Multi.Generic (1)
19:36:34.0240 2424  [ B44C0357D1FC7C9E4C0B0983A9E96FF9 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
19:36:34.0287 2424  IntcAzAudAddService - ok
19:36:34.0303 2424  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
19:36:34.0303 2424  intelide - ok
19:36:34.0334 2424  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:36:34.0349 2424  intelppm - ok
19:36:34.0381 2424  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
19:36:34.0412 2424  IPBusEnum - ok
19:36:34.0427 2424  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:36:34.0459 2424  IpFilterDriver - ok
19:36:34.0490 2424  [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:36:34.0537 2424  iphlpsvc - ok
19:36:34.0568 2424  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV        C:\Windows\system32\drivers\IPMIDrv.sys
19:36:34.0583 2424  IPMIDRV - ok
19:36:34.0599 2424  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
19:36:34.0630 2424  IPNAT - ok
19:36:34.0646 2424  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:36:34.0661 2424  IRENUM - ok
19:36:34.0677 2424  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:36:34.0693 2424  isapnp - ok
19:36:34.0708 2424  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
19:36:34.0724 2424  iScsiPrt - ok
19:36:34.0739 2424  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
19:36:34.0755 2424  kbdclass - ok
19:36:34.0771 2424  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
19:36:34.0786 2424  kbdhid - ok
19:36:34.0802 2424  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
19:36:34.0817 2424  KeyIso - ok
19:36:34.0833 2424  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:36:34.0849 2424  KSecDD - ok
19:36:34.0880 2424  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
19:36:34.0895 2424  KSecPkg - ok
19:36:34.0911 2424  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm          C:\Windows\system32\msdtckrm.dll
19:36:34.0958 2424  KtmRm - ok
19:36:35.0005 2424  [ F824476E660DD910E627615C700D2BEC ] LADF_CaptureOnly C:\Windows\system32\DRIVERS\ladfGSCi386.sys
19:36:35.0020 2424  LADF_CaptureOnly - ok
19:36:35.0051 2424  [ AB62392549FF7EEEC3506F6B0030D75C ] LADF_DHP2      C:\Windows\system32\DRIVERS\ladfDHP2i386.sys
19:36:35.0067 2424  LADF_DHP2 - ok
19:36:35.0083 2424  [ 36A5647162101C3497B821FD368EF736 ] LADF_RenderOnly C:\Windows\system32\DRIVERS\ladfGSRi386.sys
19:36:35.0098 2424  LADF_RenderOnly - ok
19:36:35.0114 2424  [ 61A7ADEC7C4B11548CB2C8B2FBB0A498 ] LADF_SBVM      C:\Windows\system32\DRIVERS\ladfSBVMi386.sys
19:36:35.0129 2424  LADF_SBVM - ok
19:36:35.0161 2424  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
19:36:35.0192 2424  LanmanServer - ok
19:36:35.0207 2424  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:36:35.0239 2424  LanmanWorkstation - ok
19:36:35.0332 2424  [ 910344E2A984010435AE84783B25E5EB ] LBTServ        C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
19:36:35.0348 2424  LBTServ - ok
19:36:35.0395 2424  [ 170E7093A77AD586F3A012A3DB651D94 ] LGBusEnum      C:\Windows\system32\drivers\LGBusEnum.sys
19:36:35.0410 2424  LGBusEnum - ok
19:36:35.0410 2424  [ D2DD04D1C8DF65EECD1F2C7FB947D43E ] LGVirHid        C:\Windows\system32\drivers\LGVirHid.sys
19:36:35.0426 2424  LGVirHid - ok
19:36:35.0473 2424  [ 01CC7FB6E790EF044B411377F3A1FF41 ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
19:36:35.0488 2424  LHidFilt - ok
19:36:35.0519 2424  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:36:35.0566 2424  lltdio - ok
19:36:35.0597 2424  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc        C:\Windows\System32\lltdsvc.dll
19:36:35.0613 2424  lltdsvc - ok
19:36:35.0629 2424  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts        C:\Windows\System32\lmhsvc.dll
19:36:35.0660 2424  lmhosts - ok
19:36:35.0691 2424  [ A2E7EAE8898D7B4B8C302B8F4E836BB5 ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
19:36:35.0691 2424  LMouFilt - ok
19:36:35.0722 2424  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
19:36:35.0722 2424  LSI_FC - ok
19:36:35.0738 2424  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS        C:\Windows\system32\DRIVERS\lsi_sas.sys
19:36:35.0753 2424  LSI_SAS - ok
19:36:35.0753 2424  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:36:35.0769 2424  LSI_SAS2 - ok
19:36:35.0785 2424  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:36:35.0800 2424  LSI_SCSI - ok
19:36:35.0816 2424  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv          C:\Windows\system32\drivers\luafv.sys
19:36:35.0831 2424  luafv - ok
19:36:35.0894 2424  [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector  C:\Windows\system32\drivers\mbam.sys
19:36:35.0909 2424  MBAMProtector - ok
19:36:35.0956 2424  [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler  C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
19:36:35.0972 2424  MBAMScheduler - ok
19:36:36.0019 2424  [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
19:36:36.0050 2424  MBAMService - ok
19:36:36.0081 2424  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
19:36:36.0097 2424  Mcx2Svc - ok
19:36:36.0097 2424  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas        C:\Windows\system32\DRIVERS\megasas.sys
19:36:36.0112 2424  megasas - ok
19:36:36.0143 2424  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
19:36:36.0159 2424  MegaSR - ok
19:36:36.0221 2424  Microsoft SharePoint Workspace Audit Service - ok
19:36:36.0237 2424  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS          C:\Windows\system32\mmcss.dll
19:36:36.0268 2424  MMCSS - ok
19:36:36.0284 2424  [ F001861E5700EE84E2D4E52C712F4964 ] Modem          C:\Windows\system32\drivers\modem.sys
19:36:36.0299 2424  Modem - ok
19:36:36.0331 2424  [ 79D10964DE86B292320E9DFE02282A23 ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
19:36:36.0362 2424  monitor - ok
19:36:36.0377 2424  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:36:36.0393 2424  mouclass - ok
19:36:36.0409 2424  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:36:36.0424 2424  mouhid - ok
19:36:36.0455 2424  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:36:36.0455 2424  mountmgr - ok
19:36:36.0518 2424  [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:36:36.0533 2424  MozillaMaintenance - ok
19:36:36.0565 2424  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
19:36:36.0580 2424  mpio - ok
19:36:36.0596 2424  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:36:36.0643 2424  mpsdrv - ok
19:36:36.0674 2424  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:36:36.0721 2424  MpsSvc - ok
19:36:36.0752 2424  [ A5888C609EFCC07B060DD823FA3D474A ] MQAC            C:\Windows\system32\drivers\mqac.sys
19:36:36.0799 2424  MQAC - ok
19:36:36.0814 2424  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:36:36.0845 2424  MRxDAV - ok
19:36:36.0877 2424  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:36:36.0923 2424  mrxsmb - ok
19:36:36.0939 2424  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:36:36.0970 2424  mrxsmb10 - ok
19:36:36.0986 2424  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:36:37.0001 2424  mrxsmb20 - ok
19:36:37.0017 2424  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
19:36:37.0033 2424  msahci - ok
19:36:37.0048 2424  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
19:36:37.0064 2424  msdsm - ok
19:36:37.0079 2424  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC          C:\Windows\System32\msdtc.exe
19:36:37.0095 2424  MSDTC - ok
19:36:37.0126 2424  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:36:37.0142 2424  Msfs - ok
19:36:37.0157 2424  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
19:36:37.0189 2424  mshidkmdf - ok
19:36:37.0204 2424  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:36:37.0220 2424  msisadrv - ok
19:36:37.0251 2424  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
19:36:37.0298 2424  MSiSCSI - ok
19:36:37.0298 2424  msiserver - ok
19:36:37.0329 2424  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
19:36:37.0345 2424  MSKSSRV - ok
19:36:37.0360 2424  [ E582B9E88EF4980C3B76276620FE667B ] MSMQ            C:\Windows\system32\mqsvc.exe
19:36:37.0407 2424  MSMQ - ok
19:36:37.0438 2424  [ 9CCED9B5AD63BECE2F8BC75A5E04CDAB ] MSMQTriggers    C:\Windows\system32\mqtgsvc.exe
19:36:37.0438 2424  MSMQTriggers - ok
19:36:37.0454 2424  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:36:37.0485 2424  MSPCLOCK - ok
19:36:37.0485 2424  [ F456E973590D663B1073E9C463B40932 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
19:36:37.0516 2424  MSPQM - ok
19:36:37.0532 2424  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
19:36:37.0547 2424  MsRPC - ok
19:36:37.0563 2424  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
19:36:37.0579 2424  mssmbios - ok
19:36:37.0579 2424  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
19:36:37.0610 2424  MSTEE - ok
19:36:37.0610 2424  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
19:36:37.0625 2424  MTConfig - ok
19:36:37.0625 2424  [ 159FAD02F64E6381758C990F753BCC80 ] Mup            C:\Windows\system32\Drivers\mup.sys
19:36:37.0641 2424  Mup - ok
19:36:37.0672 2424  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
19:36:37.0703 2424  napagent - ok
19:36:37.0735 2424  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
19:36:37.0750 2424  NativeWifiP - ok
19:36:37.0781 2424  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:36:37.0813 2424  NDIS - ok
19:36:37.0813 2424  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
19:36:37.0859 2424  NdisCap - ok
19:36:37.0875 2424  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:36:37.0906 2424  NdisTapi - ok
19:36:37.0922 2424  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
19:36:37.0953 2424  Ndisuio - ok
19:36:37.0953 2424  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
19:36:38.0000 2424  NdisWan - ok
19:36:38.0015 2424  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
19:36:38.0031 2424  NDProxy - ok
19:36:38.0047 2424  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
19:36:38.0062 2424  NetBIOS - ok
19:36:38.0078 2424  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
19:36:38.0125 2424  NetBT - ok
19:36:38.0140 2424  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
19:36:38.0156 2424  Netlogon - ok
19:36:38.0203 2424  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
19:36:38.0234 2424  Netman - ok
19:36:38.0281 2424  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:36:38.0312 2424  NetMsmqActivator - ok
19:36:38.0327 2424  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:36:38.0327 2424  NetPipeActivator - ok
19:36:38.0343 2424  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
19:36:38.0374 2424  netprofm - ok
19:36:38.0390 2424  netr28u - ok
19:36:38.0405 2424  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:36:38.0421 2424  NetTcpActivator - ok
19:36:38.0421 2424  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:36:38.0437 2424  NetTcpPortSharing - ok
19:36:38.0468 2424  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960        C:\Windows\system32\DRIVERS\nfrd960.sys
19:36:38.0483 2424  nfrd960 - ok
19:36:38.0515 2424  [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:36:38.0546 2424  NlaSvc - ok
19:36:38.0608 2424  [ CFE3462A9E94A57DCD9676F6B7FE7F67 ] nmwcd          C:\Windows\system32\drivers\ccdcmb.sys
19:36:38.0655 2424  nmwcd - ok
19:36:38.0671 2424  [ 8F2A94F991F8C73CEC26B4B5620D1EDC ] nmwcdc          C:\Windows\system32\drivers\ccdcmbo.sys
19:36:38.0686 2424  nmwcdc - ok
19:36:38.0717 2424  [ A579A2CC4768B4B3F7E4F86808EA8206 ] nmwcdsa        C:\Windows\system32\drivers\nmwcdsa.sys
19:36:38.0733 2424  nmwcdsa - ok
19:36:38.0764 2424  [ 0A6436274D5CDB33B6AC2FC304037D82 ] nmwcdsac        C:\Windows\system32\drivers\nmwcdsac.sys
19:36:38.0780 2424  nmwcdsac - ok
19:36:38.0795 2424  [ 23CA32DEC0F1E68448C9C3C1F2E1DEEE ] nmwcdsacj      C:\Windows\system32\drivers\nmwcdsacj.sys
19:36:38.0827 2424  nmwcdsacj - ok
19:36:38.0858 2424  [ 23CA32DEC0F1E68448C9C3C1F2E1DEEE ] nmwcdsacm      C:\Windows\system32\drivers\nmwcdsacm.sys
19:36:38.0858 2424  nmwcdsacm - ok
19:36:38.0889 2424  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:36:38.0920 2424  Npfs - ok
19:36:38.0936 2424  npggsvc - ok
19:36:38.0967 2424  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi            C:\Windows\system32\nsisvc.dll
19:36:38.0983 2424  nsi - ok
19:36:38.0983 2424  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:36:39.0014 2424  nsiproxy - ok
19:36:39.0061 2424  [ 81189C3D7763838E55C397759D49007A ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:36:39.0092 2424  Ntfs - ok
19:36:39.0092 2424  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
19:36:39.0123 2424  Null - ok
19:36:39.0404 2424  [ D3F22DA8F670EFD15D348B5952769CEF ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:36:39.0544 2424  nvlddmkm - ok
19:36:39.0591 2424  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:36:39.0591 2424  nvraid - ok
19:36:39.0607 2424  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:36:39.0622 2424  nvstor - ok
19:36:39.0669 2424  [ A3B80E6B7CDE9660F639658739A5824E ] nvsvc          C:\Windows\system32\nvvsvc.exe
19:36:39.0685 2424  nvsvc - ok
19:36:39.0778 2424  [ 61FF84F865B4414EFDC11856BF5757AD ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:36:39.0809 2424  nvUpdatusService - ok
19:36:39.0841 2424  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:36:39.0841 2424  nv_agp - ok
19:36:39.0856 2424  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
19:36:39.0887 2424  ohci1394 - ok
19:36:39.0934 2424  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose            C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:36:39.0950 2424  ose - ok
19:36:40.0106 2424  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc        C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:36:40.0199 2424  osppsvc - ok
19:36:40.0231 2424  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:36:40.0262 2424  p2pimsvc - ok
19:36:40.0277 2424  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
19:36:40.0309 2424  p2psvc - ok
19:36:40.0340 2424  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport        C:\Windows\system32\DRIVERS\parport.sys
19:36:40.0355 2424  Parport - ok
19:36:40.0387 2424  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr        C:\Windows\system32\drivers\partmgr.sys
19:36:40.0402 2424  partmgr - ok
19:36:40.0418 2424  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
19:36:40.0449 2424  Parvdm - ok
19:36:40.0465 2424  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:36:40.0480 2424  PcaSvc - ok
19:36:40.0527 2424  [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfd.sys
19:36:40.0558 2424  pccsmcfd - ok
19:36:40.0574 2424  [ 673E55C3498EB970088E812EA820AA8F ] pci            C:\Windows\system32\drivers\pci.sys
19:36:40.0589 2424  pci - ok
19:36:40.0605 2424  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
19:36:40.0605 2424  pciide - ok
19:36:40.0636 2424  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
19:36:40.0652 2424  pcmcia - ok
19:36:40.0652 2424  [ 250F6B43D2B613172035C6747AEEB19F ] pcw            C:\Windows\system32\drivers\pcw.sys
19:36:40.0652 2424  pcw - ok
19:36:40.0683 2424  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:36:40.0730 2424  PEAUTH - ok
19:36:40.0792 2424  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla            C:\Windows\system32\pla.dll
19:36:40.0839 2424  pla - ok
19:36:40.0870 2424  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:36:40.0901 2424  PlugPlay - ok
19:36:40.0948 2424  [ 3A2BDD76E7D2A5F40A7174793D1BA794 ] PnkBstrA        C:\Windows\system32\PnkBstrA.exe
19:36:40.0948 2424  PnkBstrA - ok
19:36:40.0979 2424  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
19:36:40.0995 2424  PNRPAutoReg - ok
19:36:41.0011 2424  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
19:36:41.0026 2424  PNRPsvc - ok
19:36:41.0042 2424  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
19:36:41.0089 2424  PolicyAgent - ok
19:36:41.0104 2424  [ F87D30E72E03D579A5199CCB3831D6EA ] Power          C:\Windows\system32\umpo.dll
19:36:41.0135 2424  Power - ok
19:36:41.0167 2424  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:36:41.0213 2424  PptpMiniport - ok
19:36:41.0245 2424  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor      C:\Windows\system32\DRIVERS\processr.sys
19:36:41.0245 2424  Processor - ok
19:36:41.0276 2424  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc        C:\Windows\system32\profsvc.dll
19:36:41.0323 2424  ProfSvc - ok
19:36:41.0354 2424  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:36:41.0369 2424  ProtectedStorage - ok
19:36:41.0385 2424  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:36:41.0416 2424  Psched - ok
19:36:41.0463 2424  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
19:36:41.0494 2424  ql2300 - ok
19:36:41.0510 2424  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
19:36:41.0525 2424  ql40xx - ok
19:36:41.0557 2424  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE          C:\Windows\system32\qwave.dll
19:36:41.0588 2424  QWAVE - ok
19:36:41.0588 2424  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:36:41.0603 2424  QWAVEdrv - ok
19:36:41.0619 2424  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:36:41.0650 2424  RasAcd - ok
19:36:41.0681 2424  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn    C:\Windows\system32\DRIVERS\AgileVpn.sys
19:36:41.0713 2424  RasAgileVpn - ok
19:36:41.0728 2424  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto        C:\Windows\System32\rasauto.dll
19:36:41.0759 2424  RasAuto - ok
19:36:41.0759 2424  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
19:36:41.0791 2424  Rasl2tp - ok
19:36:41.0853 2424  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
19:36:41.0884 2424  RasMan - ok
19:36:41.0915 2424  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:36:41.0947 2424  RasPppoe - ok
19:36:41.0962 2424  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
19:36:41.0993 2424  RasSstp - ok
19:36:42.0025 2424  [ D528BC58A489409BA40334EBF96A311B ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
19:36:42.0056 2424  rdbss - ok
19:36:42.0071 2424  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
19:36:42.0087 2424  rdpbus - ok
19:36:42.0118 2424  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:36:42.0149 2424  RDPCDD - ok
19:36:42.0165 2424  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:36:42.0196 2424  RDPENCDD - ok
19:36:42.0196 2424  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
19:36:42.0227 2424  RDPREFMP - ok
19:36:42.0243 2424  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
19:36:42.0274 2424  RDPWD - ok
19:36:42.0321 2424  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:36:42.0337 2424  rdyboost - ok
19:36:42.0368 2424  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:36:42.0399 2424  RemoteAccess - ok
19:36:42.0415 2424  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:36:42.0461 2424  RemoteRegistry - ok
19:36:42.0477 2424  [ 906DCFC5EBF4EC0433F8D4FFFB0BA334 ] RMCAST          C:\Windows\system32\DRIVERS\RMCAST.sys
19:36:42.0493 2424  RMCAST - ok
19:36:42.0508 2424  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:36:42.0555 2424  RpcEptMapper - ok
19:36:42.0571 2424  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
19:36:42.0602 2424  RpcLocator - ok
19:36:42.0617 2424  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs          C:\Windows\system32\rpcss.dll
19:36:42.0633 2424  RpcSs - ok
19:36:42.0664 2424  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:36:42.0695 2424  rspndr - ok
19:36:42.0695 2424  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs          C:\Windows\system32\lsass.exe
19:36:42.0711 2424  SamSs - ok
19:36:42.0758 2424  [ E17FE33C703FFBE1A0AF66B9DCF49345 ] Samsung UPD Service2 C:\Windows\System32\SUPDSvc2.exe
19:36:42.0773 2424  Samsung UPD Service2 ( UnsignedFile.Multi.Generic ) - warning
19:36:42.0773 2424  Samsung UPD Service2 - detected UnsignedFile.Multi.Generic (1)
19:36:42.0789 2424  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:36:42.0805 2424  sbp2port - ok
19:36:42.0820 2424  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:36:42.0867 2424  SCardSvr - ok
19:36:42.0867 2424  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:36:42.0898 2424  scfilter - ok
19:36:42.0929 2424  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
19:36:42.0992 2424  Schedule - ok
19:36:43.0007 2424  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc    C:\Windows\System32\certprop.dll
19:36:43.0039 2424  SCPolicySvc - ok
19:36:43.0070 2424  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:36:43.0101 2424  SDRSVC - ok
19:36:43.0132 2424  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:36:43.0179 2424  secdrv - ok
19:36:43.0195 2424  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
19:36:43.0226 2424  seclogon - ok
19:36:43.0241 2424  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
19:36:43.0273 2424  SENS - ok
19:36:43.0304 2424  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:36:43.0319 2424  SensrSvc - ok
19:36:43.0351 2424  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum        C:\Windows\system32\DRIVERS\serenum.sys
19:36:43.0382 2424  Serenum - ok
19:36:43.0382 2424  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
19:36:43.0397 2424  Serial - ok
19:36:43.0413 2424  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
19:36:43.0429 2424  sermouse - ok
19:36:43.0507 2424  [ 8C1F87F5FDD92229D1754B98F073913F ] ServiceLayer    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
19:36:43.0522 2424  ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
19:36:43.0522 2424  ServiceLayer - detected UnsignedFile.Multi.Generic (1)
19:36:43.0553 2424  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
19:36:43.0600 2424  SessionEnv - ok
19:36:43.0600 2424  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
19:36:43.0647 2424  sffdisk - ok
19:36:43.0647 2424  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
19:36:43.0678 2424  sffp_mmc - ok
19:36:43.0678 2424  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
19:36:43.0678 2424  sffp_sd - ok
19:36:43.0725 2424  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy        C:\Windows\system32\DRIVERS\sfloppy.sys
19:36:43.0741 2424  sfloppy - ok
19:36:43.0772 2424  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:36:43.0803 2424  SharedAccess - ok
19:36:43.0819 2424  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:36:43.0850 2424  ShellHWDetection - ok
19:36:43.0865 2424  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
19:36:43.0881 2424  sisagp - ok
19:36:43.0897 2424  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:36:43.0897 2424  SiSRaid2 - ok
19:36:43.0912 2424  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
19:36:43.0928 2424  SiSRaid4 - ok
19:36:43.0943 2424  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb            C:\Windows\system32\DRIVERS\smb.sys
19:36:43.0975 2424  Smb - ok
19:36:44.0006 2424  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:36:44.0021 2424  SNMPTRAP - ok
19:36:44.0037 2424  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr          C:\Windows\system32\drivers\spldr.sys
19:36:44.0037 2424  spldr - ok
19:36:44.0068 2424  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler        C:\Windows\System32\spoolsv.exe
19:36:44.0099 2424  Spooler - ok
19:36:44.0177 2424  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
19:36:44.0240 2424  sppsvc - ok
19:36:44.0255 2424  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify    C:\Windows\system32\sppuinotify.dll
19:36:44.0318 2424  sppuinotify - ok
19:36:44.0349 2424  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv            C:\Windows\system32\DRIVERS\srv.sys
19:36:44.0396 2424  srv - ok
19:36:44.0411 2424  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:36:44.0443 2424  srv2 - ok
19:36:44.0458 2424  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:36:44.0474 2424  srvnet - ok
19:36:44.0505 2424  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
19:36:44.0521 2424  SSDPSRV - ok
19:36:44.0567 2424  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
19:36:44.0583 2424  ssmdrv - ok
19:36:44.0630 2424  [ EF3458337D7341A05169CEFC73709264 ] SSPORT          C:\Windows\system32\Drivers\SSPORT.sys
19:36:44.0630 2424  SSPORT ( UnsignedFile.Multi.Generic ) - warning
19:36:44.0630 2424  SSPORT - detected UnsignedFile.Multi.Generic (1)
19:36:44.0645 2424  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc        C:\Windows\system32\sstpsvc.dll
19:36:44.0692 2424  SstpSvc - ok
19:36:44.0739 2424  [ BCB4E273147AFCAFDFC0DA59AF9E6E25 ] ssudmdm        C:\Windows\system32\DRIVERS\ssudmdm.sys
19:36:44.0755 2424  ssudmdm - ok
19:36:44.0801 2424  Steam Client Service - ok
19:36:44.0864 2424  [ A766CCAD980235FF34E7F8089D3175A3 ] Stereo Service  C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
19:36:44.0879 2424  Stereo Service - ok
19:36:44.0895 2424  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
19:36:44.0911 2424  stexstor - ok
19:36:44.0957 2424  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
19:36:45.0004 2424  StiSvc - ok
19:36:45.0020 2424  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
19:36:45.0035 2424  swenum - ok
19:36:45.0067 2424  [ A28BD92DF340E57B024BA433165D34D7 ] swprv          C:\Windows\System32\swprv.dll
19:36:45.0098 2424  swprv - ok
19:36:45.0145 2424  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain        C:\Windows\system32\sysmain.dll
19:36:45.0176 2424  SysMain - ok
19:36:45.0191 2424  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:36:45.0207 2424  TabletInputService - ok
19:36:45.0238 2424  [ FD90A16CEB10D4FDAA00AAF39B8FF58F ] taphss          C:\Windows\system32\DRIVERS\taphss.sys
19:36:45.0254 2424  taphss - ok
19:36:45.0285 2424  [ 613BF4820361543956909043A265C6AC ] TapiSrv        C:\Windows\System32\tapisrv.dll
19:36:45.0301 2424  TapiSrv - ok
19:36:45.0316 2424  [ B799D9FDB26111737F58288D8DC172D9 ] TBS            C:\Windows\System32\tbssvc.dll
19:36:45.0347 2424  TBS - ok
19:36:45.0394 2424  [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
19:36:45.0441 2424  Tcpip - ok
19:36:45.0472 2424  [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:36:45.0488 2424  TCPIP6 - ok
19:36:45.0519 2424  [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:36:45.0550 2424  tcpipreg - ok
19:36:45.0566 2424  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:36:45.0597 2424  TDPIPE - ok
19:36:45.0628 2424  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
19:36:45.0644 2424  TDTCP - ok
19:36:45.0659 2424  [ B459575348C20E8121D6039DA063C704 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
19:36:45.0691 2424  tdx - ok
19:36:45.0706 2424  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
19:36:45.0722 2424  TermDD - ok
19:36:45.0753 2424  [ 382C804C92811BE57829D8E550A900E2 ] TermService    C:\Windows\System32\termsrv.dll
19:36:45.0800 2424  TermService - ok
19:36:45.0831 2424  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
19:36:45.0831 2424  Themes - ok
19:36:45.0847 2424  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER    C:\Windows\system32\mmcss.dll
19:36:45.0878 2424  THREADORDER - ok
19:36:45.0893 2424  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
19:36:45.0925 2424  TrkWks - ok
19:36:45.0956 2424  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:36:45.0987 2424  TrustedInstaller - ok
19:36:46.0003 2424  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:36:46.0034 2424  tssecsrv - ok
19:36:46.0049 2424  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
19:36:46.0096 2424  TsUsbFlt - ok
19:36:46.0127 2424  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:36:46.0159 2424  tunnel - ok
19:36:46.0174 2424  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
19:36:46.0190 2424  uagp35 - ok
19:36:46.0205 2424  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:36:46.0237 2424  udfs - ok
19:36:46.0252 2424  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
19:36:46.0283 2424  UI0Detect - ok
19:36:46.0299 2424  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:36:46.0315 2424  uliagpkx - ok
19:36:46.0330 2424  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus          C:\Windows\system32\drivers\umbus.sys
19:36:46.0346 2424  umbus - ok
19:36:46.0361 2424  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
19:36:46.0393 2424  UmPass - ok
19:36:46.0408 2424  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
19:36:46.0424 2424  upnphost - ok
19:36:46.0486 2424  [ EC01DA44B090D2651FC032C8B9257232 ] upperdev        C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
19:36:46.0517 2424  upperdev - ok
19:36:46.0549 2424  [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
19:36:46.0580 2424  usbaudio - ok
19:36:46.0595 2424  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
19:36:46.0627 2424  usbccgp - ok
19:36:46.0642 2424  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
19:36:46.0658 2424  usbcir - ok
19:36:46.0673 2424  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci        C:\Windows\system32\DRIVERS\usbehci.sys
19:36:46.0673 2424  usbehci - ok
19:36:46.0705 2424  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:36:46.0720 2424  usbhub - ok
19:36:46.0736 2424  [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci        C:\Windows\system32\DRIVERS\usbohci.sys
19:36:46.0751 2424  usbohci - ok
19:36:46.0767 2424  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
19:36:46.0767 2424  usbprint - ok
19:36:46.0798 2424  [ 4ABD37CFBD710E64F01F9DA8710C73F7 ] UsbserFilt      C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
19:36:46.0845 2424  UsbserFilt - ok
19:36:46.0876 2424  [ F991AB9CC6B908DB552166768176896A ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:36:46.0907 2424  USBSTOR - ok
19:36:46.0923 2424  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci        C:\Windows\system32\DRIVERS\usbuhci.sys
19:36:46.0939 2424  usbuhci - ok
19:36:46.0954 2424  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms          C:\Windows\System32\uxsms.dll
19:36:46.0985 2424  UxSms - ok
19:36:47.0001 2424  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
19:36:47.0001 2424  VaultSvc - ok
19:36:47.0032 2424  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
19:36:47.0032 2424  vdrvroot - ok
19:36:47.0063 2424  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds            C:\Windows\System32\vds.exe
19:36:47.0095 2424  vds - ok
19:36:47.0095 2424  [ 17C408214EA61696CEC9C66E388B14F3 ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
19:36:47.0126 2424  vga - ok
19:36:47.0126 2424  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave        C:\Windows\System32\drivers\vga.sys
19:36:47.0157 2424  VgaSave - ok
19:36:47.0173 2424  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp          C:\Windows\system32\drivers\vhdmp.sys
19:36:47.0188 2424  vhdmp - ok
19:36:47.0204 2424  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
19:36:47.0219 2424  viaagp - ok
19:36:47.0235 2424  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7          C:\Windows\system32\DRIVERS\viac7.sys
19:36:47.0251 2424  ViaC7 - ok
19:36:47.0282 2424  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
19:36:47.0282 2424  viaide - ok
19:36:47.0297 2424  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:36:47.0297 2424  volmgr - ok
19:36:47.0313 2424  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
19:36:47.0329 2424  volmgrx - ok
19:36:47.0344 2424  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap        C:\Windows\system32\drivers\volsnap.sys
19:36:47.0344 2424  volsnap - ok
19:36:47.0375 2424  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid        C:\Windows\system32\DRIVERS\vsmraid.sys
19:36:47.0391 2424  vsmraid - ok
19:36:47.0422 2424  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS            C:\Windows\system32\vssvc.exe
19:36:47.0469 2424  VSS - ok
19:36:47.0485 2424  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
19:36:47.0500 2424  vwifibus - ok
19:36:47.0531 2424  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time        C:\Windows\system32\w32time.dll
19:36:47.0563 2424  W32Time - ok
19:36:47.0609 2424  [ 57C8C20BFA5BEF6BD851EBAC67A8CED0 ] W3SVC          C:\Windows\system32\inetsrv\iisw3adm.dll
19:36:47.0625 2424  W3SVC - ok
19:36:47.0625 2424  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
19:36:47.0656 2424  WacomPen - ok
19:36:47.0687 2424  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
19:36:47.0719 2424  WANARP - ok
19:36:47.0719 2424  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:36:47.0734 2424  Wanarpv6 - ok
19:36:47.0765 2424  [ 57C8C20BFA5BEF6BD851EBAC67A8CED0 ] WAS            C:\Windows\system32\inetsrv\iisw3adm.dll
19:36:47.0765 2424  WAS - ok
19:36:47.0843 2424  [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc    C:\Windows\system32\Wat\WatAdminSvc.exe
19:36:47.0890 2424  WatAdminSvc - ok
19:36:47.0921 2424  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
19:36:47.0984 2424  wbengine - ok
19:36:47.0999 2424  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:36:48.0015 2424  WbioSrvc - ok
19:36:48.0046 2424  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc        C:\Windows\System32\wcncsvc.dll
19:36:48.0077 2424  wcncsvc - ok
19:36:48.0093 2424  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:36:48.0124 2424  WcsPlugInService - ok
19:36:48.0140 2424  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
19:36:48.0155 2424  Wd - ok
19:36:48.0171 2424  [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:36:48.0187 2424  Wdf01000 - ok
19:36:48.0202 2424  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:36:48.0233 2424  WdiServiceHost - ok
19:36:48.0233 2424  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost  C:\Windows\system32\wdi.dll
19:36:48.0249 2424  WdiSystemHost - ok
19:36:48.0280 2424  [ A9D880F97530D5B8FEE278923349929D ] WebClient      C:\Windows\System32\webclnt.dll
19:36:48.0296 2424  WebClient - ok
19:36:48.0311 2424  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:36:48.0343 2424  Wecsvc - ok
19:36:48.0358 2424  [ AC804569BB2364FB6017370258A4091B ] wercplsupport  C:\Windows\System32\wercplsupport.dll
19:36:48.0389 2424  wercplsupport - ok
19:36:48.0405 2424  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:36:48.0452 2424  WerSvc - ok
19:36:48.0467 2424  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
19:36:48.0483 2424  WfpLwf - ok
19:36:48.0499 2424  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:36:48.0499 2424  WIMMount - ok
19:36:48.0561 2424  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend      C:\Program Files\Windows Defender\mpsvc.dll
19:36:48.0592 2424  WinDefend - ok
19:36:48.0608 2424  WinHttpAutoProxySvc - ok
19:36:48.0670 2424  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
19:36:48.0717 2424  Winmgmt - ok
19:36:48.0764 2424  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM          C:\Windows\system32\WsmSvc.dll
19:36:48.0826 2424  WinRM - ok
19:36:48.0857 2424  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
19:36:48.0873 2424  WinUsb - ok
19:36:48.0920 2424  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc        C:\Windows\System32\wlansvc.dll
19:36:48.0967 2424  Wlansvc - ok
19:36:48.0982 2424  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi        C:\Windows\system32\drivers\wmiacpi.sys
19:36:49.0013 2424  WmiAcpi - ok
19:36:49.0029 2424  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:36:49.0060 2424  wmiApSrv - ok
19:36:49.0123 2424  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc  C:\Program Files\Windows Media Player\wmpnetwk.exe
19:36:49.0169 2424  WMPNetworkSvc - ok
19:36:49.0201 2424  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:36:49.0232 2424  WPCSvc - ok
19:36:49.0247 2424  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:36:49.0279 2424  WPDBusEnum - ok
19:36:49.0310 2424  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
19:36:49.0341 2424  ws2ifsl - ok
19:36:49.0341 2424  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
19:36:49.0372 2424  wscsvc - ok
19:36:49.0372 2424  WSearch - ok
19:36:49.0450 2424  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
19:36:49.0497 2424  wuauserv - ok
19:36:49.0513 2424  [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:36:49.0544 2424  WudfPf - ok
19:36:49.0559 2424  [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:36:49.0575 2424  WUDFRd - ok
19:36:49.0606 2424  [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
19:36:49.0622 2424  wudfsvc - ok
19:36:49.0653 2424  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc        C:\Windows\System32\wwansvc.dll
19:36:49.0669 2424  WwanSvc - ok
19:36:49.0715 2424  [ E931E624B1A2FBD34A7C95608388C38E ] yukonw7        C:\Windows\system32\DRIVERS\yk62x86.sys
19:36:49.0731 2424  yukonw7 - ok
19:36:49.0731 2424  ================ Scan global ===============================
19:36:49.0747 2424  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
19:36:49.0778 2424  [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
19:36:49.0793 2424  [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
19:36:49.0809 2424  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
19:36:49.0840 2424  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
19:36:49.0840 2424  [Global] - ok
19:36:49.0840 2424  ================ Scan MBR ==================================
19:36:49.0856 2424  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:36:50.0152 2424  \Device\Harddisk0\DR0 - ok
19:36:50.0152 2424  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
19:36:50.0246 2424  \Device\Harddisk1\DR1 - ok
19:36:50.0246 2424  ================ Scan VBR ==================================
19:36:50.0261 2424  [ D6A794010AF187B2D404B858EBCB1B35 ] \Device\Harddisk0\DR0\Partition1
19:36:50.0277 2424  \Device\Harddisk0\DR0\Partition1 - ok
19:36:50.0277 2424  [ A75036C4D6E7B655DFF32AB1F1694483 ] \Device\Harddisk1\DR1\Partition1
19:36:50.0277 2424  \Device\Harddisk1\DR1\Partition1 - ok
19:36:50.0277 2424  ============================================================
19:36:50.0277 2424  Scan finished
19:36:50.0277 2424  ============================================================
19:36:50.0277 3300  Detected object count: 9
19:36:50.0277 3300  Actual detected object count: 9

cosinus 03.10.2012 19:59
Log ist unvollständig, die untere Zusammenfassung fehlt

Mahoo 03.10.2012 20:05
Code:
19:35:27.0691 1660  TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
19:35:27.0940 1660  ============================================================
19:35:27.0940 1660  Current date / time: 2012/10/03 19:35:27.0940
19:35:27.0940 1660  SystemInfo:
19:35:27.0940 1660 
19:35:27.0940 1660  OS Version: 6.1.7601 ServicePack: 1.0
19:35:27.0940 1660  Product type: Workstation
19:35:27.0940 1660  ComputerName: MAHOO-PC
19:35:27.0940 1660  UserName: Mahoo
19:35:27.0940 1660  Windows directory: C:\Windows
19:35:27.0940 1660  System windows directory: C:\Windows
19:35:27.0940 1660  Processor architecture: Intel x86
19:35:27.0940 1660  Number of processors: 2
19:35:27.0940 1660  Page size: 0x1000
19:35:27.0940 1660  Boot type: Normal boot
19:35:27.0940 1660  ============================================================
19:35:30.0311 1660  Drive \Device\Harddisk0\DR0 - Size: 0x1299D15400 (74.40 Gb), SectorSize: 0x200, Cylinders: 0x284F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
19:35:30.0311 1660  Drive \Device\Harddisk1\DR1 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:35:30.0311 1660  ============================================================
19:35:30.0311 1660  \Device\Harddisk0\DR0:
19:35:30.0311 1660  MBR partitions:
19:35:30.0311 1660  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x94CE000
19:35:30.0311 1660  \Device\Harddisk1\DR1:
19:35:30.0311 1660  MBR partitions:
19:35:30.0311 1660  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950E800
19:35:30.0311 1660  ============================================================
19:35:30.0327 1660  C: <-> \Device\Harddisk0\DR0\Partition1
19:35:30.0327 1660  D: <-> \Device\Harddisk1\DR1\Partition1
19:35:30.0327 1660  ============================================================
19:35:30.0327 1660  Initialize success
19:35:30.0327 1660  ============================================================
19:36:24.0896 2424  ============================================================
19:36:24.0896 2424  Scan started
19:36:24.0896 2424  Mode: Manual; SigCheck; TDLFS;
19:36:24.0896 2424  ============================================================
19:36:25.0832 2424  ================ Scan system memory ========================
19:36:25.0832 2424  System memory - ok
19:36:25.0832 2424  ================ Scan services =============================
19:36:25.0957 2424  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
19:36:26.0050 2424  1394ohci - ok
19:36:26.0081 2424  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
19:36:26.0081 2424  ACPI - ok
19:36:26.0113 2424  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi        C:\Windows\system32\drivers\acpipmi.sys
19:36:26.0175 2424  AcpiPmi - ok
19:36:26.0315 2424  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
19:36:26.0331 2424  AdobeARMservice - ok
19:36:26.0425 2424  [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:36:26.0440 2424  AdobeFlashPlayerUpdateSvc - ok
19:36:26.0503 2424  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx        C:\Windows\system32\DRIVERS\adp94xx.sys
19:36:26.0534 2424  adp94xx - ok
19:36:26.0549 2424  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci        C:\Windows\system32\DRIVERS\adpahci.sys
19:36:26.0565 2424  adpahci - ok
19:36:26.0581 2424  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320        C:\Windows\system32\DRIVERS\adpu320.sys
19:36:26.0596 2424  adpu320 - ok
19:36:26.0612 2424  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
19:36:26.0659 2424  AeLookupSvc - ok
19:36:26.0705 2424  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD            C:\Windows\system32\drivers\afd.sys
19:36:26.0752 2424  AFD - ok
19:36:26.0799 2424  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
19:36:26.0815 2424  agp440 - ok
19:36:26.0830 2424  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx        C:\Windows\system32\DRIVERS\djsvs.sys
19:36:26.0830 2424  aic78xx - ok
19:36:27.0002 2424  [ 0923671CF87CD511E46D4668B53F5E76 ] Akamai          c:\program files\common files\akamai/netsession_win_5891ae0.dll
19:36:27.0002 2424  Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_5891ae0.dll. md5: 0923671CF87CD511E46D4668B53F5E76
19:36:27.0017 2424  Akamai ( HiddenFile.Multi.Generic ) - warning
19:36:27.0017 2424  Akamai - detected HiddenFile.Multi.Generic (1)
19:36:27.0049 2424  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG            C:\Windows\System32\alg.exe
19:36:27.0111 2424  ALG - ok
19:36:27.0142 2424  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:36:27.0158 2424  aliide - ok
19:36:27.0158 2424  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
19:36:27.0173 2424  amdagp - ok
19:36:27.0189 2424  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
19:36:27.0205 2424  amdide - ok
19:36:27.0220 2424  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8          C:\Windows\system32\DRIVERS\amdk8.sys
19:36:27.0267 2424  AmdK8 - ok
19:36:27.0267 2424  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
19:36:27.0298 2424  AmdPPM - ok
19:36:27.0314 2424  [ D320BF87125326F996D4904FE24300FC ] amdsata        C:\Windows\system32\drivers\amdsata.sys
19:36:27.0329 2424  amdsata - ok
19:36:27.0345 2424  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
19:36:27.0361 2424  amdsbs - ok
19:36:27.0361 2424  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata        C:\Windows\system32\drivers\amdxata.sys
19:36:27.0376 2424  amdxata - ok
19:36:27.0454 2424  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
19:36:27.0454 2424  AntiVirSchedulerService - ok
19:36:27.0501 2424  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
19:36:27.0501 2424  AntiVirService - ok
19:36:27.0579 2424  [ D1AF38FBAC0DC7E6D796B0ED01707EE0 ] AppHostSvc      C:\Windows\system32\inetsrv\apphostsvc.dll
19:36:27.0610 2424  AppHostSvc - ok
19:36:27.0641 2424  [ AEA177F783E20150ACE5383EE368DA19 ] AppID          C:\Windows\system32\drivers\appid.sys
19:36:27.0735 2424  AppID - ok
19:36:27.0766 2424  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:36:27.0813 2424  AppIDSvc - ok
19:36:27.0844 2424  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo        C:\Windows\System32\appinfo.dll
19:36:27.0875 2424  Appinfo - ok
19:36:27.0907 2424  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc            C:\Windows\system32\DRIVERS\arc.sys
19:36:27.0922 2424  arc - ok
19:36:27.0922 2424  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
19:36:27.0938 2424  arcsas - ok
19:36:28.0047 2424  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
19:36:28.0094 2424  aspnet_state - ok
19:36:28.0109 2424  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:36:28.0219 2424  AsyncMac - ok
19:36:28.0234 2424  [ 338C86357871C167A96AB976519BF59E ] atapi          C:\Windows\system32\drivers\atapi.sys
19:36:28.0250 2424  atapi - ok
19:36:28.0297 2424  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:36:28.0328 2424  AudioEndpointBuilder - ok
19:36:28.0343 2424  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
19:36:28.0359 2424  Audiosrv - ok
19:36:28.0406 2424  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
19:36:28.0421 2424  avgntflt - ok
19:36:28.0468 2424  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
19:36:28.0468 2424  avipbb - ok
19:36:28.0499 2424  [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
19:36:28.0515 2424  avkmgr - ok
19:36:28.0531 2424  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:36:28.0593 2424  AxInstSV - ok
19:36:28.0640 2424  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv        C:\Windows\system32\DRIVERS\bxvbdx.sys
19:36:28.0671 2424  b06bdrv - ok
19:36:28.0687 2424  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
19:36:28.0702 2424  b57nd60x - ok
19:36:28.0749 2424  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
19:36:28.0796 2424  BDESVC - ok
19:36:28.0811 2424  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:36:28.0843 2424  Beep - ok
19:36:28.0889 2424  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE            C:\Windows\System32\bfe.dll
19:36:28.0921 2424  BFE - ok
19:36:28.0952 2424  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
19:36:28.0983 2424  BITS - ok
19:36:28.0999 2424  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
19:36:29.0030 2424  blbdrive - ok
19:36:29.0077 2424  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:36:29.0108 2424  bowser - ok
19:36:29.0123 2424  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:36:29.0186 2424  BrFiltLo - ok
19:36:29.0201 2424  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:36:29.0233 2424  BrFiltUp - ok
19:36:29.0264 2424  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser        C:\Windows\System32\browser.dll
19:36:29.0295 2424  Browser - ok
19:36:29.0326 2424  [ 845B8CE732E67F3B4133164868C666EA ] Brserid        C:\Windows\System32\Drivers\Brserid.sys
19:36:29.0373 2424  Brserid - ok
19:36:29.0373 2424  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:36:29.0404 2424  BrSerWdm - ok
19:36:29.0435 2424  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:36:29.0451 2424  BrUsbMdm - ok
19:36:29.0467 2424  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:36:29.0498 2424  BrUsbSer - ok
19:36:29.0498 2424  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
19:36:29.0513 2424  BTHMODEM - ok
19:36:29.0560 2424  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv        C:\Windows\system32\bthserv.dll
19:36:29.0591 2424  bthserv - ok
19:36:29.0623 2424  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:36:29.0654 2424  cdfs - ok
19:36:29.0701 2424  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
19:36:29.0732 2424  cdrom - ok
19:36:29.0779 2424  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc    C:\Windows\System32\certprop.dll
19:36:29.0810 2424  CertPropSvc - ok
19:36:29.0857 2424  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
19:36:29.0872 2424  circlass - ok
19:36:29.0888 2424  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
19:36:29.0888 2424  CLFS - ok
19:36:29.0935 2424  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:36:29.0950 2424  clr_optimization_v2.0.50727_32 - ok
19:36:29.0997 2424  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:36:30.0075 2424  clr_optimization_v4.0.30319_32 - ok
19:36:30.0075 2424  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
19:36:30.0091 2424  CmBatt - ok
19:36:30.0122 2424  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
19:36:30.0122 2424  cmdide - ok
19:36:30.0153 2424  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG            C:\Windows\system32\Drivers\cng.sys
19:36:30.0184 2424  CNG - ok
19:36:30.0184 2424  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
19:36:30.0200 2424  Compbatt - ok
19:36:30.0215 2424  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
19:36:30.0231 2424  CompositeBus - ok
19:36:30.0231 2424  COMSysApp - ok
19:36:30.0247 2424  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk        C:\Windows\system32\DRIVERS\crcdisk.sys
19:36:30.0262 2424  crcdisk - ok
19:36:30.0309 2424  [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:36:30.0356 2424  CryptSvc - ok
19:36:30.0403 2424  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:36:30.0449 2424  DcomLaunch - ok
19:36:30.0481 2424  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc      C:\Windows\System32\defragsvc.dll
19:36:30.0512 2424  defragsvc - ok
19:36:30.0543 2424  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:36:30.0574 2424  DfsC - ok
19:36:30.0605 2424  DgiVecp - ok
19:36:30.0637 2424  [ 7BEF2E2159EDB03105BC7A8BABE04726 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
19:36:30.0652 2424  dg_ssudbus - ok
19:36:30.0683 2424  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:36:30.0730 2424  Dhcp - ok
19:36:30.0746 2424  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
19:36:30.0777 2424  discache - ok
19:36:30.0808 2424  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
19:36:30.0824 2424  Disk - ok
19:36:30.0855 2424  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:36:30.0886 2424  Dnscache - ok
19:36:30.0933 2424  [ 04036AB29BC52A71A70BAA16FA33F8AE ] Dokan          C:\Windows\system32\drivers\dokan.sys
19:36:30.0933 2424  Dokan ( UnsignedFile.Multi.Generic ) - warning
19:36:30.0933 2424  Dokan - detected UnsignedFile.Multi.Generic (1)
19:36:30.0964 2424  [ 8C856E531A1170F53AC6844E89CD0B5F ] DokanMounter    C:\Program Files\Dokan\DokanLibrary\mounter.exe
19:36:30.0980 2424  DokanMounter ( UnsignedFile.Multi.Generic ) - warning
19:36:30.0980 2424  DokanMounter - detected UnsignedFile.Multi.Generic (1)
19:36:30.0995 2424  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc        C:\Windows\System32\dot3svc.dll
19:36:31.0027 2424  dot3svc - ok
19:36:31.0058 2424  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS            C:\Windows\system32\dps.dll
19:36:31.0089 2424  DPS - ok
19:36:31.0136 2424  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
19:36:31.0151 2424  drmkaud - ok
19:36:31.0198 2424  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
19:36:31.0214 2424  DXGKrnl - ok
19:36:31.0229 2424  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost        C:\Windows\System32\eapsvc.dll
19:36:31.0261 2424  EapHost - ok
19:36:31.0354 2424  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv          C:\Windows\system32\DRIVERS\evbdx.sys
19:36:31.0417 2424  ebdrv - ok
19:36:31.0448 2424  [ 81951F51E318AECC2D68559E47485CC4 ] EFS            C:\Windows\System32\lsass.exe
19:36:31.0479 2424  EFS - ok
19:36:31.0526 2424  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
19:36:31.0557 2424  ehRecvr - ok
19:36:31.0573 2424  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched        C:\Windows\ehome\ehsched.exe
19:36:31.0604 2424  ehSched - ok
19:36:31.0666 2424  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor        C:\Windows\system32\DRIVERS\elxstor.sys
19:36:31.0682 2424  elxstor - ok
19:36:31.0775 2424  [ EC6A73CD8413F68655E5E0B99C415A21 ] EPSON_EB_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
19:36:31.0791 2424  EPSON_EB_RPCV4_01 ( UnsignedFile.Multi.Generic ) - warning
19:36:31.0791 2424  EPSON_EB_RPCV4_01 - detected UnsignedFile.Multi.Generic (1)
19:36:31.0807 2424  [ 8FE6AB59CAB8F2C038FEA9522A5EEBA7 ] EPSON_PM_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
19:36:31.0822 2424  EPSON_PM_RPCV4_01 ( UnsignedFile.Multi.Generic ) - warning
19:36:31.0822 2424  EPSON_PM_RPCV4_01 - detected UnsignedFile.Multi.Generic (1)
19:36:31.0838 2424  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
19:36:31.0853 2424  ErrDev - ok
19:36:31.0885 2424  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem    C:\Windows\system32\es.dll
19:36:31.0916 2424  EventSystem - ok
19:36:31.0931 2424  [ 2DC9108D74081149CC8B651D3A26207F ] exfat          C:\Windows\system32\drivers\exfat.sys
19:36:31.0978 2424  exfat - ok
19:36:31.0994 2424  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat        C:\Windows\system32\drivers\fastfat.sys
19:36:32.0041 2424  fastfat - ok
19:36:32.0087 2424  [ 967EA5B213E9984CBE270205DF37755B ] Fax            C:\Windows\system32\fxssvc.exe
19:36:32.0119 2424  Fax - ok
19:36:32.0150 2424  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
19:36:32.0165 2424  fdc - ok
19:36:32.0165 2424  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost        C:\Windows\system32\fdPHost.dll
19:36:32.0197 2424  fdPHost - ok
19:36:32.0212 2424  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
19:36:32.0243 2424  FDResPub - ok
19:36:32.0259 2424  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:36:32.0275 2424  FileInfo - ok
19:36:32.0290 2424  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
19:36:32.0321 2424  Filetrace - ok
19:36:32.0337 2424  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
19:36:32.0353 2424  flpydisk - ok
19:36:32.0368 2424  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:36:32.0384 2424  FltMgr - ok
19:36:32.0431 2424  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache      C:\Windows\system32\FntCache.dll
19:36:32.0462 2424  FontCache - ok
19:36:32.0524 2424  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:36:32.0540 2424  FontCache3.0.0.0 - ok
19:36:32.0555 2424  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
19:36:32.0571 2424  FsDepends - ok
19:36:32.0602 2424  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:36:32.0602 2424  Fs_Rec - ok
19:36:32.0633 2424  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:36:32.0649 2424  fvevol - ok
19:36:32.0680 2424  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
19:36:32.0680 2424  gagp30kx - ok
19:36:32.0727 2424  [ D556CB79967E92B5CC69686D16C1D846 ] gdrv            C:\Windows\gdrv.sys
19:36:32.0743 2424  gdrv - ok
19:36:32.0774 2424  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc          C:\Windows\System32\gpsvc.dll
19:36:32.0821 2424  gpsvc - ok
19:36:32.0836 2424  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
19:36:32.0852 2424  hcw85cir - ok
19:36:32.0899 2424  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:36:32.0930 2424  HdAudAddService - ok
19:36:32.0945 2424  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
19:36:32.0977 2424  HDAudBus - ok
19:36:32.0992 2424  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt        C:\Windows\system32\DRIVERS\HidBatt.sys
19:36:33.0023 2424  HidBatt - ok
19:36:33.0039 2424  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
19:36:33.0070 2424  HidBth - ok
19:36:33.0117 2424  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr          C:\Windows\system32\DRIVERS\hidir.sys
19:36:33.0179 2424  HidIr - ok
19:36:33.0211 2424  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv        C:\Windows\system32\hidserv.dll
19:36:33.0242 2424  hidserv - ok
19:36:33.0304 2424  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
19:36:33.0320 2424  HidUsb - ok
19:36:33.0335 2424  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:36:33.0367 2424  hkmsvc - ok
19:36:33.0398 2424  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:36:33.0460 2424  HomeGroupListener - ok
19:36:33.0491 2424  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:36:33.0507 2424  HomeGroupProvider - ok
19:36:33.0538 2424  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
19:36:33.0538 2424  HpSAMD - ok
19:36:33.0585 2424  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:36:33.0616 2424  HTTP - ok
19:36:33.0632 2424  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:36:33.0647 2424  hwpolicy - ok
19:36:33.0663 2424  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
19:36:33.0679 2424  i8042prt - ok
19:36:33.0710 2424  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV        C:\Windows\system32\drivers\iaStorV.sys
19:36:33.0725 2424  iaStorV - ok
19:36:33.0772 2424  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc          C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:36:33.0788 2424  idsvc - ok
19:36:33.0819 2424  [ 4173FF5708F3236CF25195FECD742915 ] iirsp          C:\Windows\system32\DRIVERS\iirsp.sys
19:36:33.0835 2424  iirsp - ok
19:36:33.0850 2424  [ FC9735B66850CF8AEBBC1E207ECB2AD8 ] IISADMIN        C:\Windows\system32\inetsrv\inetinfo.exe
19:36:33.0897 2424  IISADMIN - ok
19:36:33.0944 2424  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
19:36:33.0975 2424  IKEEXT - ok
19:36:34.0100 2424  [ C3D76557FB27F1DD28A6AD947C1E3E9C ] Installer Service C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{07D77970-B205-460C-84E4-263F30455597}\Installer\InstallerService.exe
19:36:34.0115 2424  Installer Service ( UnsignedFile.Multi.Generic ) - warning
19:36:34.0115 2424  Installer Service - detected UnsignedFile.Multi.Generic (1)
19:36:34.0240 2424  [ B44C0357D1FC7C9E4C0B0983A9E96FF9 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
19:36:34.0287 2424  IntcAzAudAddService - ok
19:36:34.0303 2424  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
19:36:34.0303 2424  intelide - ok
19:36:34.0334 2424  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:36:34.0349 2424  intelppm - ok
19:36:34.0381 2424  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
19:36:34.0412 2424  IPBusEnum - ok
19:36:34.0427 2424  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:36:34.0459 2424  IpFilterDriver - ok
19:36:34.0490 2424  [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:36:34.0537 2424  iphlpsvc - ok
19:36:34.0568 2424  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV        C:\Windows\system32\drivers\IPMIDrv.sys
19:36:34.0583 2424  IPMIDRV - ok
19:36:34.0599 2424  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
19:36:34.0630 2424  IPNAT - ok
19:36:34.0646 2424  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:36:34.0661 2424  IRENUM - ok
19:36:34.0677 2424  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:36:34.0693 2424  isapnp - ok
19:36:34.0708 2424  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
19:36:34.0724 2424  iScsiPrt - ok
19:36:34.0739 2424  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
19:36:34.0755 2424  kbdclass - ok
19:36:34.0771 2424  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
19:36:34.0786 2424  kbdhid - ok
19:36:34.0802 2424  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
19:36:34.0817 2424  KeyIso - ok
19:36:34.0833 2424  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:36:34.0849 2424  KSecDD - ok
19:36:34.0880 2424  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
19:36:34.0895 2424  KSecPkg - ok
19:36:34.0911 2424  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm          C:\Windows\system32\msdtckrm.dll
19:36:34.0958 2424  KtmRm - ok
19:36:35.0005 2424  [ F824476E660DD910E627615C700D2BEC ] LADF_CaptureOnly C:\Windows\system32\DRIVERS\ladfGSCi386.sys
19:36:35.0020 2424  LADF_CaptureOnly - ok
19:36:35.0051 2424  [ AB62392549FF7EEEC3506F6B0030D75C ] LADF_DHP2      C:\Windows\system32\DRIVERS\ladfDHP2i386.sys
19:36:35.0067 2424  LADF_DHP2 - ok
19:36:35.0083 2424  [ 36A5647162101C3497B821FD368EF736 ] LADF_RenderOnly C:\Windows\system32\DRIVERS\ladfGSRi386.sys
19:36:35.0098 2424  LADF_RenderOnly - ok
19:36:35.0114 2424  [ 61A7ADEC7C4B11548CB2C8B2FBB0A498 ] LADF_SBVM      C:\Windows\system32\DRIVERS\ladfSBVMi386.sys
19:36:35.0129 2424  LADF_SBVM - ok
19:36:35.0161 2424  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
19:36:35.0192 2424  LanmanServer - ok
19:36:35.0207 2424  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:36:35.0239 2424  LanmanWorkstation - ok
19:36:35.0332 2424  [ 910344E2A984010435AE84783B25E5EB ] LBTServ        C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
19:36:35.0348 2424  LBTServ - ok
19:36:35.0395 2424  [ 170E7093A77AD586F3A012A3DB651D94 ] LGBusEnum      C:\Windows\system32\drivers\LGBusEnum.sys
19:36:35.0410 2424  LGBusEnum - ok
19:36:35.0410 2424  [ D2DD04D1C8DF65EECD1F2C7FB947D43E ] LGVirHid        C:\Windows\system32\drivers\LGVirHid.sys
19:36:35.0426 2424  LGVirHid - ok
19:36:35.0473 2424  [ 01CC7FB6E790EF044B411377F3A1FF41 ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
19:36:35.0488 2424  LHidFilt - ok
19:36:35.0519 2424  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:36:35.0566 2424  lltdio - ok
19:36:35.0597 2424  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc        C:\Windows\System32\lltdsvc.dll
19:36:35.0613 2424  lltdsvc - ok
19:36:35.0629 2424  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts        C:\Windows\System32\lmhsvc.dll
19:36:35.0660 2424  lmhosts - ok
19:36:35.0691 2424  [ A2E7EAE8898D7B4B8C302B8F4E836BB5 ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
19:36:35.0691 2424  LMouFilt - ok
19:36:35.0722 2424  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
19:36:35.0722 2424  LSI_FC - ok
19:36:35.0738 2424  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS        C:\Windows\system32\DRIVERS\lsi_sas.sys
19:36:35.0753 2424  LSI_SAS - ok
19:36:35.0753 2424  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:36:35.0769 2424  LSI_SAS2 - ok
19:36:35.0785 2424  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:36:35.0800 2424  LSI_SCSI - ok
19:36:35.0816 2424  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv          C:\Windows\system32\drivers\luafv.sys
19:36:35.0831 2424  luafv - ok
19:36:35.0894 2424  [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector  C:\Windows\system32\drivers\mbam.sys
19:36:35.0909 2424  MBAMProtector - ok
19:36:35.0956 2424  [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler  C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
19:36:35.0972 2424  MBAMScheduler - ok
19:36:36.0019 2424  [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
19:36:36.0050 2424  MBAMService - ok
19:36:36.0081 2424  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
19:36:36.0097 2424  Mcx2Svc - ok
19:36:36.0097 2424  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas        C:\Windows\system32\DRIVERS\megasas.sys
19:36:36.0112 2424  megasas - ok
19:36:36.0143 2424  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
19:36:36.0159 2424  MegaSR - ok
19:36:36.0221 2424  Microsoft SharePoint Workspace Audit Service - ok
19:36:36.0237 2424  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS          C:\Windows\system32\mmcss.dll
19:36:36.0268 2424  MMCSS - ok
19:36:36.0284 2424  [ F001861E5700EE84E2D4E52C712F4964 ] Modem          C:\Windows\system32\drivers\modem.sys
19:36:36.0299 2424  Modem - ok
19:36:36.0331 2424  [ 79D10964DE86B292320E9DFE02282A23 ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
19:36:36.0362 2424  monitor - ok
19:36:36.0377 2424  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:36:36.0393 2424  mouclass - ok
19:36:36.0409 2424  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:36:36.0424 2424  mouhid - ok
19:36:36.0455 2424  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:36:36.0455 2424  mountmgr - ok
19:36:36.0518 2424  [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:36:36.0533 2424  MozillaMaintenance - ok
19:36:36.0565 2424  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
19:36:36.0580 2424  mpio - ok
19:36:36.0596 2424  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:36:36.0643 2424  mpsdrv - ok
19:36:36.0674 2424  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:36:36.0721 2424  MpsSvc - ok
19:36:36.0752 2424  [ A5888C609EFCC07B060DD823FA3D474A ] MQAC            C:\Windows\system32\drivers\mqac.sys
19:36:36.0799 2424  MQAC - ok
19:36:36.0814 2424  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:36:36.0845 2424  MRxDAV - ok
19:36:36.0877 2424  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:36:36.0923 2424  mrxsmb - ok
19:36:36.0939 2424  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:36:36.0970 2424  mrxsmb10 - ok
19:36:36.0986 2424  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:36:37.0001 2424  mrxsmb20 - ok
19:36:37.0017 2424  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
19:36:37.0033 2424  msahci - ok
19:36:37.0048 2424  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
19:36:37.0064 2424  msdsm - ok
19:36:37.0079 2424  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC          C:\Windows\System32\msdtc.exe
19:36:37.0095 2424  MSDTC - ok
19:36:37.0126 2424  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:36:37.0142 2424  Msfs - ok
19:36:37.0157 2424  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
19:36:37.0189 2424  mshidkmdf - ok
19:36:37.0204 2424  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:36:37.0220 2424  msisadrv - ok
19:36:37.0251 2424  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
19:36:37.0298 2424  MSiSCSI - ok
19:36:37.0298 2424  msiserver - ok
19:36:37.0329 2424  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
19:36:37.0345 2424  MSKSSRV - ok
19:36:37.0360 2424  [ E582B9E88EF4980C3B76276620FE667B ] MSMQ            C:\Windows\system32\mqsvc.exe
19:36:37.0407 2424  MSMQ - ok
19:36:37.0438 2424  [ 9CCED9B5AD63BECE2F8BC75A5E04CDAB ] MSMQTriggers    C:\Windows\system32\mqtgsvc.exe
19:36:37.0438 2424  MSMQTriggers - ok
19:36:37.0454 2424  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:36:37.0485 2424  MSPCLOCK - ok
19:36:37.0485 2424  [ F456E973590D663B1073E9C463B40932 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
19:36:37.0516 2424  MSPQM - ok
19:36:37.0532 2424  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
19:36:37.0547 2424  MsRPC - ok
19:36:37.0563 2424  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
19:36:37.0579 2424  mssmbios - ok
19:36:37.0579 2424  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
19:36:37.0610 2424  MSTEE - ok
19:36:37.0610 2424  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
19:36:37.0625 2424  MTConfig - ok
19:36:37.0625 2424  [ 159FAD02F64E6381758C990F753BCC80 ] Mup            C:\Windows\system32\Drivers\mup.sys
19:36:37.0641 2424  Mup - ok
19:36:37.0672 2424  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
19:36:37.0703 2424  napagent - ok
19:36:37.0735 2424  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
19:36:37.0750 2424  NativeWifiP - ok
19:36:37.0781 2424  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:36:37.0813 2424  NDIS - ok
19:36:37.0813 2424  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
19:36:37.0859 2424  NdisCap - ok
19:36:37.0875 2424  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:36:37.0906 2424  NdisTapi - ok
19:36:37.0922 2424  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
19:36:37.0953 2424  Ndisuio - ok
19:36:37.0953 2424  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
19:36:38.0000 2424  NdisWan - ok
19:36:38.0015 2424  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
19:36:38.0031 2424  NDProxy - ok
19:36:38.0047 2424  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
19:36:38.0062 2424  NetBIOS - ok
19:36:38.0078 2424  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
19:36:38.0125 2424  NetBT - ok
19:36:38.0140 2424  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
19:36:38.0156 2424  Netlogon - ok
19:36:38.0203 2424  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
19:36:38.0234 2424  Netman - ok
19:36:38.0281 2424  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:36:38.0312 2424  NetMsmqActivator - ok
19:36:38.0327 2424  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:36:38.0327 2424  NetPipeActivator - ok
19:36:38.0343 2424  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
19:36:38.0374 2424  netprofm - ok
19:36:38.0390 2424  netr28u - ok
19:36:38.0405 2424  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:36:38.0421 2424  NetTcpActivator - ok
19:36:38.0421 2424  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:36:38.0437 2424  NetTcpPortSharing - ok
19:36:38.0468 2424  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960        C:\Windows\system32\DRIVERS\nfrd960.sys
19:36:38.0483 2424  nfrd960 - ok
19:36:38.0515 2424  [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:36:38.0546 2424  NlaSvc - ok
19:36:38.0608 2424  [ CFE3462A9E94A57DCD9676F6B7FE7F67 ] nmwcd          C:\Windows\system32\drivers\ccdcmb.sys
19:36:38.0655 2424  nmwcd - ok
19:36:38.0671 2424  [ 8F2A94F991F8C73CEC26B4B5620D1EDC ] nmwcdc          C:\Windows\system32\drivers\ccdcmbo.sys
19:36:38.0686 2424  nmwcdc - ok
19:36:38.0717 2424  [ A579A2CC4768B4B3F7E4F86808EA8206 ] nmwcdsa        C:\Windows\system32\drivers\nmwcdsa.sys
19:36:38.0733 2424  nmwcdsa - ok
19:36:38.0764 2424  [ 0A6436274D5CDB33B6AC2FC304037D82 ] nmwcdsac        C:\Windows\system32\drivers\nmwcdsac.sys
19:36:38.0780 2424  nmwcdsac - ok
19:36:38.0795 2424  [ 23CA32DEC0F1E68448C9C3C1F2E1DEEE ] nmwcdsacj      C:\Windows\system32\drivers\nmwcdsacj.sys
19:36:38.0827 2424  nmwcdsacj - ok
19:36:38.0858 2424  [ 23CA32DEC0F1E68448C9C3C1F2E1DEEE ] nmwcdsacm      C:\Windows\system32\drivers\nmwcdsacm.sys
19:36:38.0858 2424  nmwcdsacm - ok
19:36:38.0889 2424  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:36:38.0920 2424  Npfs - ok
19:36:38.0936 2424  npggsvc - ok
19:36:38.0967 2424  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi            C:\Windows\system32\nsisvc.dll
19:36:38.0983 2424  nsi - ok
19:36:38.0983 2424  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:36:39.0014 2424  nsiproxy - ok
19:36:39.0061 2424  [ 81189C3D7763838E55C397759D49007A ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:36:39.0092 2424  Ntfs - ok
19:36:39.0092 2424  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
19:36:39.0123 2424  Null - ok
19:36:39.0404 2424  [ D3F22DA8F670EFD15D348B5952769CEF ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:36:39.0544 2424  nvlddmkm - ok
19:36:39.0591 2424  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:36:39.0591 2424  nvraid - ok
19:36:39.0607 2424  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:36:39.0622 2424  nvstor - ok
19:36:39.0669 2424  [ A3B80E6B7CDE9660F639658739A5824E ] nvsvc          C:\Windows\system32\nvvsvc.exe
19:36:39.0685 2424  nvsvc - ok
19:36:39.0778 2424  [ 61FF84F865B4414EFDC11856BF5757AD ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:36:39.0809 2424  nvUpdatusService - ok
19:36:39.0841 2424  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:36:39.0841 2424  nv_agp - ok
19:36:39.0856 2424  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
19:36:39.0887 2424  ohci1394 - ok
19:36:39.0934 2424  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose            C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:36:39.0950 2424  ose - ok
19:36:40.0106 2424  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc        C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:36:40.0199 2424  osppsvc - ok
19:36:40.0231 2424  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:36:40.0262 2424  p2pimsvc - ok
19:36:40.0277 2424  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
19:36:40.0309 2424  p2psvc - ok
19:36:40.0340 2424  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport        C:\Windows\system32\DRIVERS\parport.sys
19:36:40.0355 2424  Parport - ok
19:36:40.0387 2424  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr        C:\Windows\system32\drivers\partmgr.sys
19:36:40.0402 2424  partmgr - ok
19:36:40.0418 2424  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
19:36:40.0449 2424  Parvdm - ok
19:36:40.0465 2424  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:36:40.0480 2424  PcaSvc - ok
19:36:40.0527 2424  [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfd.sys
19:36:40.0558 2424  pccsmcfd - ok
19:36:40.0574 2424  [ 673E55C3498EB970088E812EA820AA8F ] pci            C:\Windows\system32\drivers\pci.sys
19:36:40.0589 2424  pci - ok
19:36:40.0605 2424  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
19:36:40.0605 2424  pciide - ok
19:36:40.0636 2424  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
19:36:40.0652 2424  pcmcia - ok
19:36:40.0652 2424  [ 250F6B43D2B613172035C6747AEEB19F ] pcw            C:\Windows\system32\drivers\pcw.sys
19:36:40.0652 2424  pcw - ok
19:36:40.0683 2424  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:36:40.0730 2424  PEAUTH - ok
19:36:40.0792 2424  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla            C:\Windows\system32\pla.dll
19:36:40.0839 2424  pla - ok
19:36:40.0870 2424  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:36:40.0901 2424  PlugPlay - ok
19:36:40.0948 2424  [ 3A2BDD76E7D2A5F40A7174793D1BA794 ] PnkBstrA        C:\Windows\system32\PnkBstrA.exe
19:36:40.0948 2424  PnkBstrA - ok
19:36:40.0979 2424  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
19:36:40.0995 2424  PNRPAutoReg - ok
19:36:41.0011 2424  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
19:36:41.0026 2424  PNRPsvc - ok
19:36:41.0042 2424  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
19:36:41.0089 2424  PolicyAgent - ok
19:36:41.0104 2424  [ F87D30E72E03D579A5199CCB3831D6EA ] Power          C:\Windows\system32\umpo.dll
19:36:41.0135 2424  Power - ok
19:36:41.0167 2424  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:36:41.0213 2424  PptpMiniport - ok
19:36:41.0245 2424  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor      C:\Windows\system32\DRIVERS\processr.sys
19:36:41.0245 2424  Processor - ok
19:36:41.0276 2424  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc        C:\Windows\system32\profsvc.dll
19:36:41.0323 2424  ProfSvc - ok
19:36:41.0354 2424  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:36:41.0369 2424  ProtectedStorage - ok
19:36:41.0385 2424  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:36:41.0416 2424  Psched - ok
19:36:41.0463 2424  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
19:36:41.0494 2424  ql2300 - ok
19:36:41.0510 2424  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
19:36:41.0525 2424  ql40xx - ok
19:36:41.0557 2424  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE          C:\Windows\system32\qwave.dll
19:36:41.0588 2424  QWAVE - ok
19:36:41.0588 2424  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:36:41.0603 2424  QWAVEdrv - ok
19:36:41.0619 2424  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:36:41.0650 2424  RasAcd - ok
19:36:41.0681 2424  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn    C:\Windows\system32\DRIVERS\AgileVpn.sys
19:36:41.0713 2424  RasAgileVpn - ok
19:36:41.0728 2424  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto        C:\Windows\System32\rasauto.dll
19:36:41.0759 2424  RasAuto - ok
19:36:41.0759 2424  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
19:36:41.0791 2424  Rasl2tp - ok
19:36:41.0853 2424  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
19:36:41.0884 2424  RasMan - ok
19:36:41.0915 2424  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:36:41.0947 2424  RasPppoe - ok
19:36:41.0962 2424  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
19:36:41.0993 2424  RasSstp - ok
19:36:42.0025 2424  [ D528BC58A489409BA40334EBF96A311B ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
19:36:42.0056 2424  rdbss - ok
19:36:42.0071 2424  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
19:36:42.0087 2424  rdpbus - ok
19:36:42.0118 2424  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:36:42.0149 2424  RDPCDD - ok
19:36:42.0165 2424  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:36:42.0196 2424  RDPENCDD - ok
19:36:42.0196 2424  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
19:36:42.0227 2424  RDPREFMP - ok
19:36:42.0243 2424  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
19:36:42.0274 2424  RDPWD - ok
19:36:42.0321 2424  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:36:42.0337 2424  rdyboost - ok
19:36:42.0368 2424  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:36:42.0399 2424  RemoteAccess - ok
19:36:42.0415 2424  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:36:42.0461 2424  RemoteRegistry - ok
19:36:42.0477 2424  [ 906DCFC5EBF4EC0433F8D4FFFB0BA334 ] RMCAST          C:\Windows\system32\DRIVERS\RMCAST.sys
19:36:42.0493 2424  RMCAST - ok
19:36:42.0508 2424  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:36:42.0555 2424  RpcEptMapper - ok
19:36:42.0571 2424  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
19:36:42.0602 2424  RpcLocator - ok
19:36:42.0617 2424  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs          C:\Windows\system32\rpcss.dll
19:36:42.0633 2424  RpcSs - ok
19:36:42.0664 2424  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:36:42.0695 2424  rspndr - ok
19:36:42.0695 2424  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs          C:\Windows\system32\lsass.exe
19:36:42.0711 2424  SamSs - ok
19:36:42.0758 2424  [ E17FE33C703FFBE1A0AF66B9DCF49345 ] Samsung UPD Service2 C:\Windows\System32\SUPDSvc2.exe
19:36:42.0773 2424  Samsung UPD Service2 ( UnsignedFile.Multi.Generic ) - warning
19:36:42.0773 2424  Samsung UPD Service2 - detected UnsignedFile.Multi.Generic (1)
19:36:42.0789 2424  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:36:42.0805 2424  sbp2port - ok
19:36:42.0820 2424  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:36:42.0867 2424  SCardSvr - ok
19:36:42.0867 2424  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:36:42.0898 2424  scfilter - ok
19:36:42.0929 2424  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
19:36:42.0992 2424  Schedule - ok
19:36:43.0007 2424  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc    C:\Windows\System32\certprop.dll
19:36:43.0039 2424  SCPolicySvc - ok
19:36:43.0070 2424  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:36:43.0101 2424  SDRSVC - ok
19:36:43.0132 2424  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:36:43.0179 2424  secdrv - ok
19:36:43.0195 2424  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
19:36:43.0226 2424  seclogon - ok
19:36:43.0241 2424  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
19:36:43.0273 2424  SENS - ok
19:36:43.0304 2424  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:36:43.0319 2424  SensrSvc - ok
19:36:43.0351 2424  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum        C:\Windows\system32\DRIVERS\serenum.sys
19:36:43.0382 2424  Serenum - ok
19:36:43.0382 2424  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
19:36:43.0397 2424  Serial - ok
19:36:43.0413 2424  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
19:36:43.0429 2424  sermouse - ok
19:36:43.0507 2424  [ 8C1F87F5FDD92229D1754B98F073913F ] ServiceLayer    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
19:36:43.0522 2424  ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
19:36:43.0522 2424  ServiceLayer - detected UnsignedFile.Multi.Generic (1)
19:36:43.0553 2424  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
19:36:43.0600 2424  SessionEnv - ok
19:36:43.0600 2424  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
19:36:43.0647 2424  sffdisk - ok
19:36:43.0647 2424  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
19:36:43.0678 2424  sffp_mmc - ok
19:36:43.0678 2424  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
19:36:43.0678 2424  sffp_sd - ok
19:36:43.0725 2424  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy        C:\Windows\system32\DRIVERS\sfloppy.sys
19:36:43.0741 2424  sfloppy - ok
19:36:43.0772 2424  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:36:43.0803 2424  SharedAccess - ok
19:36:43.0819 2424  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:36:43.0850 2424  ShellHWDetection - ok
19:36:43.0865 2424  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
19:36:43.0881 2424  sisagp - ok
19:36:43.0897 2424  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:36:43.0897 2424  SiSRaid2 - ok
19:36:43.0912 2424  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
19:36:43.0928 2424  SiSRaid4 - ok
19:36:43.0943 2424  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb            C:\Windows\system32\DRIVERS\smb.sys
19:36:43.0975 2424  Smb - ok
19:36:44.0006 2424  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:36:44.0021 2424  SNMPTRAP - ok
19:36:44.0037 2424  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr          C:\Windows\system32\drivers\spldr.sys
19:36:44.0037 2424  spldr - ok
19:36:44.0068 2424  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler        C:\Windows\System32\spoolsv.exe
19:36:44.0099 2424  Spooler - ok
19:36:44.0177 2424  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
19:36:44.0240 2424  sppsvc - ok
19:36:44.0255 2424  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify    C:\Windows\system32\sppuinotify.dll
19:36:44.0318 2424  sppuinotify - ok
19:36:44.0349 2424  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv            C:\Windows\system32\DRIVERS\srv.sys
19:36:44.0396 2424  srv - ok
19:36:44.0411 2424  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:36:44.0443 2424  srv2 - ok
19:36:44.0458 2424  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:36:44.0474 2424  srvnet - ok
19:36:44.0505 2424  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
19:36:44.0521 2424  SSDPSRV - ok
19:36:44.0567 2424  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
19:36:44.0583 2424  ssmdrv - ok
19:36:44.0630 2424  [ EF3458337D7341A05169CEFC73709264 ] SSPORT          C:\Windows\system32\Drivers\SSPORT.sys
19:36:44.0630 2424  SSPORT ( UnsignedFile.Multi.Generic ) - warning
19:36:44.0630 2424  SSPORT - detected UnsignedFile.Multi.Generic (1)
19:36:44.0645 2424  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc        C:\Windows\system32\sstpsvc.dll
19:36:44.0692 2424  SstpSvc - ok
19:36:44.0739 2424  [ BCB4E273147AFCAFDFC0DA59AF9E6E25 ] ssudmdm        C:\Windows\system32\DRIVERS\ssudmdm.sys
19:36:44.0755 2424  ssudmdm - ok
19:36:44.0801 2424  Steam Client Service - ok
19:36:44.0864 2424  [ A766CCAD980235FF34E7F8089D3175A3 ] Stereo Service  C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
19:36:44.0879 2424  Stereo Service - ok
19:36:44.0895 2424  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
19:36:44.0911 2424  stexstor - ok
19:36:44.0957 2424  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
19:36:45.0004 2424  StiSvc - ok
19:36:45.0020 2424  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
19:36:45.0035 2424  swenum - ok
19:36:45.0067 2424  [ A28BD92DF340E57B024BA433165D34D7 ] swprv          C:\Windows\System32\swprv.dll
19:36:45.0098 2424  swprv - ok
19:36:45.0145 2424  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain        C:\Windows\system32\sysmain.dll
19:36:45.0176 2424  SysMain - ok
19:36:45.0191 2424  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:36:45.0207 2424  TabletInputService - ok
19:36:45.0238 2424  [ FD90A16CEB10D4FDAA00AAF39B8FF58F ] taphss          C:\Windows\system32\DRIVERS\taphss.sys
19:36:45.0254 2424  taphss - ok
19:36:45.0285 2424  [ 613BF4820361543956909043A265C6AC ] TapiSrv        C:\Windows\System32\tapisrv.dll
19:36:45.0301 2424  TapiSrv - ok
19:36:45.0316 2424  [ B799D9FDB26111737F58288D8DC172D9 ] TBS            C:\Windows\System32\tbssvc.dll
19:36:45.0347 2424  TBS - ok
19:36:45.0394 2424  [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
19:36:45.0441 2424  Tcpip - ok
19:36:45.0472 2424  [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:36:45.0488 2424  TCPIP6 - ok
19:36:45.0519 2424  [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:36:45.0550 2424  tcpipreg - ok
19:36:45.0566 2424  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:36:45.0597 2424  TDPIPE - ok
19:36:45.0628 2424  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
19:36:45.0644 2424  TDTCP - ok
19:36:45.0659 2424  [ B459575348C20E8121D6039DA063C704 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
19:36:45.0691 2424  tdx - ok
19:36:45.0706 2424  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
19:36:45.0722 2424  TermDD - ok
19:36:45.0753 2424  [ 382C804C92811BE57829D8E550A900E2 ] TermService    C:\Windows\System32\termsrv.dll
19:36:45.0800 2424  TermService - ok
19:36:45.0831 2424  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
19:36:45.0831 2424  Themes - ok
19:36:45.0847 2424  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER    C:\Windows\system32\mmcss.dll
19:36:45.0878 2424  THREADORDER - ok
19:36:45.0893 2424  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
19:36:45.0925 2424  TrkWks - ok
19:36:45.0956 2424  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:36:45.0987 2424  TrustedInstaller - ok
19:36:46.0003 2424  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:36:46.0034 2424  tssecsrv - ok
19:36:46.0049 2424  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
19:36:46.0096 2424  TsUsbFlt - ok
19:36:46.0127 2424  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:36:46.0159 2424  tunnel - ok
19:36:46.0174 2424  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
19:36:46.0190 2424  uagp35 - ok
19:36:46.0205 2424  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:36:46.0237 2424  udfs - ok
19:36:46.0252 2424  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
19:36:46.0283 2424  UI0Detect - ok
19:36:46.0299 2424  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:36:46.0315 2424  uliagpkx - ok
19:36:46.0330 2424  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus          C:\Windows\system32\drivers\umbus.sys
19:36:46.0346 2424  umbus - ok
19:36:46.0361 2424  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
19:36:46.0393 2424  UmPass - ok
19:36:46.0408 2424  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
19:36:46.0424 2424  upnphost - ok
19:36:46.0486 2424  [ EC01DA44B090D2651FC032C8B9257232 ] upperdev        C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
19:36:46.0517 2424  upperdev - ok
19:36:46.0549 2424  [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
19:36:46.0580 2424  usbaudio - ok
19:36:46.0595 2424  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
19:36:46.0627 2424  usbccgp - ok
19:36:46.0642 2424  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
19:36:46.0658 2424  usbcir - ok
19:36:46.0673 2424  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci        C:\Windows\system32\DRIVERS\usbehci.sys
19:36:46.0673 2424  usbehci - ok
19:36:46.0705 2424  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:36:46.0720 2424  usbhub - ok
19:36:46.0736 2424  [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci        C:\Windows\system32\DRIVERS\usbohci.sys
19:36:46.0751 2424  usbohci - ok
19:36:46.0767 2424  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
19:36:46.0767 2424  usbprint - ok
19:36:46.0798 2424  [ 4ABD37CFBD710E64F01F9DA8710C73F7 ] UsbserFilt      C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
19:36:46.0845 2424  UsbserFilt - ok
19:36:46.0876 2424  [ F991AB9CC6B908DB552166768176896A ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:36:46.0907 2424  USBSTOR - ok
19:36:46.0923 2424  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci        C:\Windows\system32\DRIVERS\usbuhci.sys
19:36:46.0939 2424  usbuhci - ok
19:36:46.0954 2424  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms          C:\Windows\System32\uxsms.dll
19:36:46.0985 2424  UxSms - ok
19:36:47.0001 2424  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
19:36:47.0001 2424  VaultSvc - ok
19:36:47.0032 2424  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
19:36:47.0032 2424  vdrvroot - ok
19:36:47.0063 2424  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds            C:\Windows\System32\vds.exe
19:36:47.0095 2424  vds - ok
19:36:47.0095 2424  [ 17C408214EA61696CEC9C66E388B14F3 ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
19:36:47.0126 2424  vga - ok
19:36:47.0126 2424  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave        C:\Windows\System32\drivers\vga.sys
19:36:47.0157 2424  VgaSave - ok
19:36:47.0173 2424  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp          C:\Windows\system32\drivers\vhdmp.sys
19:36:47.0188 2424  vhdmp - ok
19:36:47.0204 2424  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
19:36:47.0219 2424  viaagp - ok
19:36:47.0235 2424  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7          C:\Windows\system32\DRIVERS\viac7.sys
19:36:47.0251 2424  ViaC7 - ok
19:36:47.0282 2424  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
19:36:47.0282 2424  viaide - ok
19:36:47.0297 2424  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:36:47.0297 2424  volmgr - ok
19:36:47.0313 2424  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
19:36:47.0329 2424  volmgrx - ok
19:36:47.0344 2424  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap        C:\Windows\system32\drivers\volsnap.sys
19:36:47.0344 2424  volsnap - ok
19:36:47.0375 2424  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid        C:\Windows\system32\DRIVERS\vsmraid.sys
19:36:47.0391 2424  vsmraid - ok
19:36:47.0422 2424  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS            C:\Windows\system32\vssvc.exe
19:36:47.0469 2424  VSS - ok
19:36:47.0485 2424  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
19:36:47.0500 2424  vwifibus - ok
19:36:47.0531 2424  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time        C:\Windows\system32\w32time.dll
19:36:47.0563 2424  W32Time - ok
19:36:47.0609 2424  [ 57C8C20BFA5BEF6BD851EBAC67A8CED0 ] W3SVC          C:\Windows\system32\inetsrv\iisw3adm.dll
19:36:47.0625 2424  W3SVC - ok
19:36:47.0625 2424  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
19:36:47.0656 2424  WacomPen - ok
19:36:47.0687 2424  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
19:36:47.0719 2424  WANARP - ok
19:36:47.0719 2424  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:36:47.0734 2424  Wanarpv6 - ok
19:36:47.0765 2424  [ 57C8C20BFA5BEF6BD851EBAC67A8CED0 ] WAS            C:\Windows\system32\inetsrv\iisw3adm.dll
19:36:47.0765 2424  WAS - ok
19:36:47.0843 2424  [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc    C:\Windows\system32\Wat\WatAdminSvc.exe
19:36:47.0890 2424  WatAdminSvc - ok
19:36:47.0921 2424  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
19:36:47.0984 2424  wbengine - ok
19:36:47.0999 2424  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:36:48.0015 2424  WbioSrvc - ok
19:36:48.0046 2424  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc        C:\Windows\System32\wcncsvc.dll
19:36:48.0077 2424  wcncsvc - ok
19:36:48.0093 2424  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:36:48.0124 2424  WcsPlugInService - ok
19:36:48.0140 2424  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
19:36:48.0155 2424  Wd - ok
19:36:48.0171 2424  [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:36:48.0187 2424  Wdf01000 - ok
19:36:48.0202 2424  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:36:48.0233 2424  WdiServiceHost - ok
19:36:48.0233 2424  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost  C:\Windows\system32\wdi.dll
19:36:48.0249 2424  WdiSystemHost - ok
19:36:48.0280 2424  [ A9D880F97530D5B8FEE278923349929D ] WebClient      C:\Windows\System32\webclnt.dll
19:36:48.0296 2424  WebClient - ok
19:36:48.0311 2424  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:36:48.0343 2424  Wecsvc - ok
19:36:48.0358 2424  [ AC804569BB2364FB6017370258A4091B ] wercplsupport  C:\Windows\System32\wercplsupport.dll
19:36:48.0389 2424  wercplsupport - ok
19:36:48.0405 2424  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:36:48.0452 2424  WerSvc - ok
19:36:48.0467 2424  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
19:36:48.0483 2424  WfpLwf - ok
19:36:48.0499 2424  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:36:48.0499 2424  WIMMount - ok
19:36:48.0561 2424  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend      C:\Program Files\Windows Defender\mpsvc.dll
19:36:48.0592 2424  WinDefend - ok
19:36:48.0608 2424  WinHttpAutoProxySvc - ok
19:36:48.0670 2424  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
19:36:48.0717 2424  Winmgmt - ok
19:36:48.0764 2424  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM          C:\Windows\system32\WsmSvc.dll
19:36:48.0826 2424  WinRM - ok
19:36:48.0857 2424  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
19:36:48.0873 2424  WinUsb - ok
19:36:48.0920 2424  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc        C:\Windows\System32\wlansvc.dll
19:36:48.0967 2424  Wlansvc - ok
19:36:48.0982 2424  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi        C:\Windows\system32\drivers\wmiacpi.sys
19:36:49.0013 2424  WmiAcpi - ok
19:36:49.0029 2424  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:36:49.0060 2424  wmiApSrv - ok
19:36:49.0123 2424  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc  C:\Program Files\Windows Media Player\wmpnetwk.exe
19:36:49.0169 2424  WMPNetworkSvc - ok
19:36:49.0201 2424  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:36:49.0232 2424  WPCSvc - ok
19:36:49.0247 2424  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:36:49.0279 2424  WPDBusEnum - ok
19:36:49.0310 2424  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
19:36:49.0341 2424  ws2ifsl - ok
19:36:49.0341 2424  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
19:36:49.0372 2424  wscsvc - ok
19:36:49.0372 2424  WSearch - ok
19:36:49.0450 2424  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
19:36:49.0497 2424  wuauserv - ok
19:36:49.0513 2424  [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:36:49.0544 2424  WudfPf - ok
19:36:49.0559 2424  [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:36:49.0575 2424  WUDFRd - ok
19:36:49.0606 2424  [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
19:36:49.0622 2424  wudfsvc - ok
19:36:49.0653 2424  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc        C:\Windows\System32\wwansvc.dll
19:36:49.0669 2424  WwanSvc - ok
19:36:49.0715 2424  [ E931E624B1A2FBD34A7C95608388C38E ] yukonw7        C:\Windows\system32\DRIVERS\yk62x86.sys
19:36:49.0731 2424  yukonw7 - ok
19:36:49.0731 2424  ================ Scan global ===============================
19:36:49.0747 2424  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
19:36:49.0778 2424  [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
19:36:49.0793 2424  [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
19:36:49.0809 2424  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
19:36:49.0840 2424  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
19:36:49.0840 2424  [Global] - ok
19:36:49.0840 2424  ================ Scan MBR ==================================
19:36:49.0856 2424  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:36:50.0152 2424  \Device\Harddisk0\DR0 - ok
19:36:50.0152 2424  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
19:36:50.0246 2424  \Device\Harddisk1\DR1 - ok
19:36:50.0246 2424  ================ Scan VBR ==================================
19:36:50.0261 2424  [ D6A794010AF187B2D404B858EBCB1B35 ] \Device\Harddisk0\DR0\Partition1
19:36:50.0277 2424  \Device\Harddisk0\DR0\Partition1 - ok
19:36:50.0277 2424  [ A75036C4D6E7B655DFF32AB1F1694483 ] \Device\Harddisk1\DR1\Partition1
19:36:50.0277 2424  \Device\Harddisk1\DR1\Partition1 - ok
19:36:50.0277 2424  ============================================================
19:36:50.0277 2424  Scan finished
19:36:50.0277 2424  ============================================================
19:36:50.0277 3300  Detected object count: 9
19:36:50.0277 3300  Actual detected object count: 9
Code:
19:53:56.0934 3300  Akamai ( HiddenFile.Multi.Generic ) - skipped by user
19:53:56.0934 3300  Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
19:53:56.0934 3300  Dokan ( UnsignedFile.Multi.Generic ) - skipped by user
19:53:56.0934 3300  Dokan ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:53:56.0934 3300  DokanMounter ( UnsignedFile.Multi.Generic ) - skipped by user
19:53:56.0934 3300  DokanMounter ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:53:56.0934 3300  EPSON_EB_RPCV4_01 ( UnsignedFile.Multi.Generic ) - skipped by user
19:53:56.0934 3300  EPSON_EB_RPCV4_01 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:53:56.0934 3300  EPSON_PM_RPCV4_01 ( UnsignedFile.Multi.Generic ) - skipped by user
19:53:56.0934 3300  EPSON_PM_RPCV4_01 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:53:56.0934 3300  Installer Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:53:56.0934 3300  Installer Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:53:56.0950 3300  Samsung UPD Service2 ( UnsignedFile.Multi.Generic ) - skipped by user
19:53:56.0950 3300  Samsung UPD Service2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:53:56.0950 3300  ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
19:53:56.0950 3300  ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:53:56.0950 3300  SSPORT ( UnsignedFile.Multi.Generic ) - skipped by user
19:53:56.0950 3300  SSPORT ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:45:20.0340 2660  Deinitialize success

cosinus 03.10.2012 21:09
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Mahoo 03.10.2012 21:43
Code:
ComboFix 12-10-03.03 - Mahoo 03.10.2012  22:32:18.1.2 - x86
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3582.2669 [GMT 2:00]
ausgeführt von:: c:\users\Mahoo\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\dsgsdgdsgdsgw.pad
c:\users\Mahoo\4.0
c:\users\Mahoo\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll
c:\users\Mahoo\AppData\Roaming\Help\coredb\storage
c:\windows\system32\ladfGSRCoinst_i386.dll
c:\windows\system32\muzapp.exe
c:\windows\system32\System32\MASetupCleaner.exe
c:\windows\system32\System32\muzapp.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-09-03 bis 2012-10-03  ))))))))))))))))))))))))))))))
.
.
2012-10-03 20:37 . 2012-10-03 20:39        --------        d-----w-        c:\users\Mahoo\AppData\Local\temp
2012-10-03 20:37 . 2012-10-03 20:37        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2012-10-03 20:37 . 2012-10-03 20:37        --------        d-----w-        c:\users\DefaultAppPool\AppData\Local\temp
2012-10-02 19:40 . 2012-10-02 19:40        --------        d-----w-        C:\_OTL
2012-10-02 06:09 . 2012-08-30 08:17        6980552        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{0F720654-8CF1-4EEC-84EF-9B39E62DBB22}\mpengine.dll
2012-10-01 13:51 . 2012-10-01 13:51        --------        d-----w-        c:\users\Mahoo\AppData\Local\ElevatedDiagnostics
2012-09-28 10:40 . 2012-08-30 19:13        888168        ----a-w-        c:\windows\system32\nvdispgenco32.dll
2012-09-28 10:40 . 2012-08-30 19:13        6109032        ----a-w-        c:\windows\system32\nvopencl.dll
2012-09-28 10:40 . 2012-08-30 19:13        19828584        ----a-w-        c:\windows\system32\nvoglv32.dll
2012-09-28 10:40 . 2012-08-30 19:13        10790760        ----a-w-        c:\windows\system32\drivers\nvlddmkm.sys
2012-09-28 10:39 . 2012-08-30 19:13        7626088        ----a-w-        c:\windows\system32\nvcuda.dll
2012-09-28 10:39 . 2012-08-30 19:13        2573672        ----a-w-        c:\windows\system32\nvcuvid.dll
2012-09-28 10:39 . 2012-08-30 19:13        1866088        ----a-w-        c:\windows\system32\nvcuvenc.dll
2012-09-28 10:39 . 2012-08-30 19:13        17559912        ----a-w-        c:\windows\system32\nvcompiler.dll
2012-09-28 04:48 . 2012-09-28 04:48        --------        d-----w-        c:\users\Mahoo\AppData\Roaming\Malwarebytes
2012-09-28 04:48 . 2012-09-28 04:48        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-09-28 04:48 . 2012-09-28 04:48        --------        d-----w-        c:\programdata\Malwarebytes
2012-09-28 04:48 . 2012-09-07 15:04        22856        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-09-28 00:53 . 2012-09-28 00:53        --------        d-----w-        c:\program files\ESET
2012-09-27 22:22 . 2012-09-27 22:22        --------        d-----w-        c:\users\Administrator\AppData\Roaming\Canneverbe Limited
2012-09-27 22:21 . 2012-09-27 22:21        --------        d-----w-        c:\users\Administrator\AppData\Local\Adobe
2012-09-27 21:47 . 2012-09-27 21:47        --------        d-----w-        c:\users\Administrator\AppData\Roaming\DAEMON Tools Lite
2012-09-27 21:29 . 2012-09-27 21:29        --------        d-----w-        c:\users\Administrator\AppData\Local\Macromedia
2012-09-27 21:26 . 2012-09-27 21:26        --------        d-----w-        c:\users\Administrator\AppData\Local\Mozilla
2012-09-27 21:22 . 2012-09-27 21:22        --------        d-----w-        c:\users\Administrator\AppData\Roaming\Avira
2012-09-25 19:31 . 2012-08-21 20:12        245760        ----a-w-        c:\windows\system32\OxpsConverter.exe
2012-09-23 20:00 . 2012-09-23 20:00        --------        d-----w-        c:\users\Mahoo\.thumbnails
2012-09-23 18:25 . 2012-09-23 18:26        --------        d-----w-        c:\program files\GIMP 2
2012-09-23 18:14 . 2012-09-23 18:14        --------        d-----w-        c:\users\Mahoo\AppData\Local\webkit
2012-09-23 17:33 . 2012-09-23 17:33        --------        d-----w-        c:\users\Mahoo\AppData\Local\fontconfig
2012-09-23 17:33 . 2012-09-23 22:03        --------        d-----w-        c:\users\Mahoo\.gimp-2.8
2012-09-23 17:33 . 2012-09-23 17:33        --------        d-----w-        c:\users\Mahoo\AppData\Local\gegl-0.2
2012-09-13 18:04 . 2012-08-22 17:16        712048        ----a-w-        c:\windows\system32\drivers\ndis.sys
2012-09-13 18:04 . 2012-07-04 19:45        33280        ----a-w-        c:\windows\system32\drivers\RNDISMP.sys
2012-09-13 18:04 . 2012-08-22 17:16        1292144        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-09-13 18:04 . 2012-08-22 17:16        240496        ----a-w-        c:\windows\system32\drivers\netio.sys
2012-09-13 18:04 . 2012-08-22 17:16        187760        ----a-w-        c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-13 18:04 . 2012-08-02 16:57        490496        ----a-w-        c:\windows\system32\d3d10level9.dll
2012-09-09 15:18 . 2012-09-09 15:18        73696        ----a-w-        c:\program files\Mozilla Firefox\breakpadinjector.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-03 20:38 . 2011-02-24 20:20        4194304        ----a-w-        c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2012-09-28 08:58 . 2012-04-15 16:02        696240        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-09-28 08:58 . 2011-06-08 15:31        73136        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-30 19:13 . 2011-11-14 19:02        1009512        ----a-w-        c:\windows\system32\nvdispco32.dll
2012-08-30 19:13 . 2011-05-21 05:01        15291752        ----a-w-        c:\windows\system32\nvd3dum.dll
2012-08-30 19:13 . 2010-09-19 01:58        2422120        ----a-w-        c:\windows\system32\nvapi.dll
2012-08-30 19:13 . 2009-07-13 22:09        12465512        ----a-w-        c:\windows\system32\nvwgf2um.dll
2012-08-30 15:57 . 2011-01-07 20:06        645992        ----a-w-        c:\windows\system32\nvvsvc.exe
2012-08-30 15:57 . 2011-01-07 20:06        2557288        ----a-w-        c:\windows\system32\nvsvcr.dll
2012-08-30 15:57 . 2011-01-07 20:06        108392        ----a-w-        c:\windows\system32\nvmctray.dll
2012-08-30 15:57 . 2010-07-09 14:20        62312        ----a-w-        c:\windows\system32\nvshext.dll
2012-08-30 15:57 . 2011-01-07 20:06        3963240        ----a-w-        c:\windows\system32\nvcpl.dll
2012-08-30 15:57 . 2011-01-07 20:06        2836840        ----a-w-        c:\windows\system32\nvsvc.dll
2012-08-30 08:40 . 2012-08-30 08:40        429416        ----a-w-        c:\windows\system32\nvStreaming.exe
2012-07-30 11:32 . 2012-07-30 11:32        83168        ----a-w-        c:\windows\system32\drivers\ssudbus.sys
2012-07-30 11:32 . 2012-07-30 11:32        181344        ----a-w-        c:\windows\system32\drivers\ssudmdm.sys
2012-07-18 17:47 . 2012-08-16 18:27        2345984        ----a-w-        c:\windows\system32\win32k.sys
2012-09-09 15:18 . 2011-12-20 19:11        266720        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2012-07-03 975288]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-07-03 21432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
"MsmqIntCert"="mqrt.dll" [2010-11-20 152064]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-07-24 5115192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03        66328        ----a-w-        c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk /p \??\G:\0autocheck autochk *
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 Installer Service;Installer Service;c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{07D77970-B205-460C-84E4-263F30455597}\Installer\InstallerService.exe [x]
R3 LADF_DHP2;G35 DHP2 Filter Driver;c:\windows\system32\DRIVERS\ladfDHP2i386.sys [x]
R3 LADF_SBVM;G35 SBVM Filter Driver;c:\windows\system32\DRIVERS\ladfSBVMi386.sys [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 netr28u;GW-USMicroN Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [x]
R3 nmwcdsa;Samsung USB Phone Parent;c:\windows\system32\drivers\nmwcdsa.sys [x]
R3 nmwcdsac;Samsung USB Generic;c:\windows\system32\drivers\nmwcdsac.sys [x]
R3 nmwcdsacj;Samsung USB Port;c:\windows\system32\drivers\nmwcdsacj.sys [x]
R3 nmwcdsacm;Samsung USB Modem;c:\windows\system32\drivers\nmwcdsacm.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 Samsung UPD Service2;Samsung UPD Service2;c:\windows\System32\SUPDSvc2.exe [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [x]
S2 DokanMounter;DokanMounter;c:\program files\Dokan\DokanLibrary\mounter.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCi386.sys [x]
S3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRi386.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs        REG_MULTI_SZ          w3svc was
apphost        REG_MULTI_SZ          apphostsvc
Akamai        REG_MULTI_SZ          Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 08:58]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: samsungsetup.com\www
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Mahoo\AppData\Roaming\Mozilla\Firefox\Profiles\3gn9tca2.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
HKCU-Run-KiesAirMessage - c:\program files\Samsung\Kies\KiesAirMessage.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_5891ae0.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\programdata\EPSON\EPW!3 SSRP\E_S40ST7.EXE
c:\programdata\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\windows\system32\inetsrv\inetinfo.exe
c:\windows\system32\mqsvc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\mqtgsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\system32\conhost.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-10-03  22:42:04 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-10-03 20:42
.
Vor Suchlauf: 15 Verzeichnis(se), 24.314.724.352 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 23.883.182.080 Bytes frei
.
- - End Of File - - D521F141A258E5C215903B46E957A6E5
Gmer Log
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-10-04 00:42:55
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP5T0L0-1 SAMSUNG_HD080HJ rev.ZH100-47
Running: zygu08np.exe; Driver: C:\Users\Mahoo\AppData\Local\Temp\ugloypog.sys


---- System - GMER 1.0.15 ----

SSDT            93853D66                                                                                                                                  ZwCreateSection
SSDT            93853D70                                                                                                                                  ZwRequestWaitReplyPort
SSDT            93853D6B                                                                                                                                  ZwSetContextThread
SSDT            93853D75                                                                                                                                  ZwSetSecurityObject
SSDT            93853D7A                                                                                                                                  ZwSystemDebugControl
SSDT            93853D07                                                                                                                                  ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                                                                  8308C3C9 1 Byte  [06]
.text          ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                                    830C5D52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text          ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                                                                        830CCEAC 4 Bytes  [66, 3D, 85, 93] {CMP AX, 0x9385}
.text          ntkrnlpa.exe!KeRemoveQueueEx + 1553                                                                                                        830CD208 4 Bytes  [70, 3D, 85, 93]
.text          ntkrnlpa.exe!KeRemoveQueueEx + 1597                                                                                                        830CD24C 4 Bytes  [6B, 3D, 85, 93]
.text          ntkrnlpa.exe!KeRemoveQueueEx + 1613                                                                                                        830CD2C8 4 Bytes  [75, 3D, 85, 93]
.text          ntkrnlpa.exe!KeRemoveQueueEx + 1667                                                                                                        830CD31C 4 Bytes  [7A, 3D, 85, 93]
.text          ...                                                                                                                                       
?              C:\Windows\system32\Drivers\PROCEXP113.SYS                                                                                                Das System kann die angegebene Datei nicht finden. !

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1196] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]    [7598FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1196] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]    [7598FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1196] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]  [7598FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1196] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]  [7598FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1196] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress]  [7598FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1196] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]  [7598FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                                    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                                    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004a                                                                                                          halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
Log Osam
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 00:51:00 on 04.10.2012

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 32-bit
Default Browser: Mozilla Corporation Firefox 15.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\MLCFG32.CPL

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\Users\Mahoo\AppData\Local\Temp\catchme.sys  (File not found)
"DgiVecp" (DgiVecp) - ? - C:\Windows\system32\Drivers\DgiVecp.sys  (File not found)
"Dokan" (Dokan) - "Windows (R) Win 7 DDK provider" - C:\Windows\system32\drivers\dokan.sys
"G35 DHP2 Filter Driver" (LADF_DHP2) - "Logitech" - C:\Windows\System32\DRIVERS\ladfDHP2i386.sys
"G35 SBVM Filter Driver" (LADF_SBVM) - "Logitech" - C:\Windows\System32\DRIVERS\ladfSBVMi386.sys
"gdrv" (gdrv) - "Windows (R) 2000 DDK provider" - C:\Windows\gdrv.sys
"GW-USMicroN Driver for Vista" (netr28u) - ? - C:\Windows\System32\DRIVERS\netr28u.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"SSPORT" (SSPORT) - "Samsung Electronics" - C:\Windows\system32\Drivers\SSPORT.sys
"ugloypog" (ugloypog) - ? - C:\Users\Mahoo\AppData\Local\Temp\ugloypog.sys  (Hidden registry entry, rootkit activity | File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{5F327514-6C5E-4d60-8F16-D07FA08A78ED} "Auto Update Property Sheet Extension" - ? - C:\Windows\system32\wuaucpl.cpl  (File not found)
{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\Display\nvui.dll
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL
{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech, Inc." - C:\Program Files\Logitech\SetPointP\kbcplext.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\MLSHEXT.DLL
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
{3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} "Workspaces" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
Logitech Setpoint Extension "{B9B9F083-2B04-452A-8691-83694AC1037B}" - ? -  (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10l.ocx / hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "{8AD9C840-044E-11D1-B3E9-00805F499D93}" - ? -  (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}" - ? -  (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} "{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}" - ? -  (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" - ? -  (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
{FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Mahoo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"KiesPDLR" - ? - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
"KiesPreload" - "Samsung" - C:\Program Files\Samsung\Kies\Kies.exe /preload
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"Launch LCore" - "Logitech Inc." - C:\Program Files\Logitech Gaming Software\LCore.exe /minimized

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"EPSON S21 Series 32MonitorBE" - "SEIKO EPSON CORPORATION" - C:\Windows\system32\E_FLBFAE.DLL

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"Akamai NetSession Interface" (Akamai) - "Akamai Technologies, Inc." - c:\program files\common files\akamai\netsession_win_5891ae0.dll
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"DokanMounter" (DokanMounter) - ? - C:\Program Files\Dokan\DokanLibrary\mounter.exe  (File found, but it contains no detailed information)
"EPSON V3 Service4(01)" (EPSON_PM_RPCV4_01) - "SEIKO EPSON CORPORATION" - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
"EPSON V5 Service4(01)" (EPSON_EB_RPCV4_01) - "SEIKO EPSON CORPORATION" - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
"Installer Service" (Installer Service) - ? - C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{07D77970-B205-460C-84E4-263F30455597}\Installer\InstallerService.exe  (File found, but it contains no detailed information)
"Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
"MBAMScheduler" (MBAMScheduler) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft SharePoint Workspace Audit Service" (Microsoft SharePoint Workspace Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
"nProtect GameGuard Service" (npggsvc) - "INCA Internet Co., Ltd." - C:\Windows\system32\GameMon.des
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
"NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe  (File found, but it contains no detailed information)
"Samsung UPD Service2" (Samsung UPD Service2) - "Samsung Electronics" - C:\Windows\System32\SUPDSvc2.exe
"ServiceLayer" (ServiceLayer) - "Nokia" - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"LBTWlgn" - "Logitech, Inc." - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

cosinus 04.10.2012 09:40
Warum postest du nicht angeforderte Logs? :(

Mahoo 04.10.2012 10:15
Combofix log ist doch dabei?

cosinus 04.10.2012 10:46
Ja aber darum geht es doch garnicht! Du hast zusätzliche Logs gepostet, ich wollte nur das CF-Log sehen - da frag ich mich warum du noch andere Logs erstellt hast

Mahoo 04.10.2012 11:07
Dachte würde dir zuarbeiten;)
Überlies die anderen logs doch einfach dezent.

cosinus 04.10.2012 11:54
Ist ja nett gemeint aber nicht unbedingt zielführend. Nach CF gebe ich gerne OSAM, GMER und aswMBR auf, aber wenn ich mit CF noch was machen muss sprich also noch irgendwelchen Zwischenschritte gemacht werden müssen ist das Zeitverschwendung :( also bitte auch nur die Logs erstellen und posten, die angefordert wurden

Da wir nun keine Zwischenschritte mehr machen müssen aus meiner Sicht und du auch schon OSAM und GMER gepostet hast fehlt nur nach aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Mahoo 04.10.2012 15:37
Hallo Cosinus hier die Log mit none auswahl weil mehrfach abgestürzt.
Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-04 16:35:31
-----------------------------
16:35:31.627    OS Version: Windows 6.1.7601 Service Pack 1
16:35:31.627    Number of processors: 2 586 0xF06
16:35:31.627    ComputerName: MAHOO-PC  UserName: Mahoo
16:35:32.314    Initialize success
16:35:37.821    AVAST engine defs: 12100302
16:35:40.987    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP5T0L0-1
16:35:40.987    Disk 0 Vendor: SAMSUNG_HD080HJ ZH100-47 Size: 76189MB BusType: 3
16:35:40.987    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP5T1L0-5
16:35:40.987    Disk 1 Vendor: SAMSUNG_HD080HJ ZH100-47 Size: 76319MB BusType: 3
16:35:41.003    Disk 0 MBR read successfully
16:35:41.019    Disk 0 MBR scan
16:35:41.019    Disk 0 Windows 7 default MBR code
16:35:41.019    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        76188 MB offset 63
16:35:41.034    Disk 0 scanning sectors +156033087
16:35:41.065    Disk 0 scanning C:\Windows\system32\drivers
16:35:48.631    Service scanning
16:36:09.145    Modules scanning
16:36:12.811    Disk 0 trace - called modules:
16:36:12.843    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
16:36:12.843    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8690c030]
16:36:12.843    3 CLASSPNP.SYS[8cb8959e] -> nt!IofCallDriver -> [0x868447e0]
16:36:12.843    5 ACPI.sys[8c6553d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP5T0L0-1[0x868228b0]
16:36:12.858    Scan finished successfully
16:37:03.824    Disk 0 MBR has been saved successfully to "C:\Users\Mahoo\Desktop\MBR.dat"
16:37:03.824    The log file has been saved successfully to "C:\Users\Mahoo\Desktop\aswMBR.txt"

cosinus 04.10.2012 15:54
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Mahoo 04.10.2012 17:17
Hier das erste Log
Code:
  SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 10/04/2012 at 06:16 PM

Application Version : 5.5.1022

Core Rules Database Version : 9339
Trace Rules Database Version: 7151

Scan type      : Complete Scan
Total Scan Time : 01:14:15

Operating System Information
Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator

Memory items scanned      : 765
Memory threats detected  : 0
Registry items scanned    : 36994
Registry threats detected : 0
File items scanned        : 152687
File threats detected    : 835

Adware.Tracking Cookie
        C:\Users\Mahoo\AppData\Roaming\Microsoft\Windows\Cookies\1B6JQ11C.txt [ /ad.zanox.com ]
        C:\Users\Mahoo\AppData\Roaming\Microsoft\Windows\Cookies\AOCM7WV4.txt [ /c.atdmt.com ]
        C:\Users\Mahoo\AppData\Roaming\Microsoft\Windows\Cookies\KTO5P8TC.txt [ /apmebf.com ]
        C:\Users\Mahoo\AppData\Roaming\Microsoft\Windows\Cookies\27W39FQ7.txt [ /imrworldwide.com ]
        C:\Users\Mahoo\AppData\Roaming\Microsoft\Windows\Cookies\U64EGI2R.txt [ /mediaplex.com ]
        C:\Users\Mahoo\AppData\Roaming\Microsoft\Windows\Cookies\GFLER7M1.txt [ /doubleclick.net ]
        C:\Users\Mahoo\AppData\Roaming\Microsoft\Windows\Cookies\16Q7YWP2.txt [ /openstat.net ]
        C:\Users\Mahoo\AppData\Roaming\Microsoft\Windows\Cookies\CDNYDOOJ.txt [ /adfarm1.adition.com ]
        C:\Users\Mahoo\AppData\Roaming\Microsoft\Windows\Cookies\WYOM34UL.txt [ /ad1.adfarm1.adition.com ]
        C:\Users\Mahoo\AppData\Roaming\Microsoft\Windows\Cookies\KBOEGX4T.txt [ /atdmt.com ]
        C:\Users\Mahoo\AppData\Roaming\Microsoft\Windows\Cookies\1TIEAGNN.txt [ /zanox.com ]
        C:\Users\Mahoo\AppData\Roaming\Microsoft\Windows\Cookies\UL5FHU93.txt [ /fastclick.net ]
        C:\Users\Mahoo\AppData\Roaming\Microsoft\Windows\Cookies\QWLKQLSL.txt [ /ad2.adfarm1.adition.com ]
        C:\Users\Mahoo\AppData\Roaming\Microsoft\Windows\Cookies\CLO0QZ2Y.txt [ /msnportal.112.2o7.net ]
        C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\0K9RFTPV.txt [ Cookie:administrator@apmebf.com/ ]
        C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\4OP185CL.txt [ Cookie:administrator@atdmt.com/ ]
        C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\UOHEXKIS.txt [ Cookie:administrator@mediaplex.com/ ]
        C:\USERS\ADMINISTRATOR\Cookies\0K9RFTPV.txt [ Cookie:administrator@apmebf.com/ ]
        C:\USERS\ADMINISTRATOR\Cookies\4OP185CL.txt [ Cookie:administrator@atdmt.com/ ]
        C:\USERS\ADMINISTRATOR\Cookies\UOHEXKIS.txt [ Cookie:administrator@mediaplex.com/ ]
        C:\USERS\MAHOO\Cookies\1B6JQ11C.txt [ Cookie:mahoo@ad.zanox.com/ ]
        C:\USERS\MAHOO\Cookies\AOCM7WV4.txt [ Cookie:mahoo@c.atdmt.com/ ]
        C:\USERS\MAHOO\Cookies\KTO5P8TC.txt [ Cookie:mahoo@apmebf.com/ ]
        C:\USERS\MAHOO\Cookies\27W39FQ7.txt [ Cookie:mahoo@imrworldwide.com/cgi-bin ]
        C:\USERS\MAHOO\Cookies\U64EGI2R.txt [ Cookie:mahoo@mediaplex.com/ ]
        C:\USERS\MAHOO\Cookies\GFLER7M1.txt [ Cookie:mahoo@doubleclick.net/ ]
        C:\USERS\MAHOO\Cookies\CDNYDOOJ.txt [ Cookie:mahoo@adfarm1.adition.com/ ]
        C:\USERS\MAHOO\Cookies\KBOEGX4T.txt [ Cookie:mahoo@atdmt.com/ ]
        C:\USERS\MAHOO\Cookies\1TIEAGNN.txt [ Cookie:mahoo@zanox.com/ ]
        C:\USERS\MAHOO\Cookies\UL5FHU93.txt [ Cookie:mahoo@fastclick.net/ ]
        C:\USERS\MAHOO\Cookies\CLO0QZ2Y.txt [ Cookie:mahoo@msnportal.112.2o7.net/ ]
        .revsci.net [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7SZJJDQ.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7SZJJDQ.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7SZJJDQ.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7SZJJDQ.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7SZJJDQ.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7SZJJDQ.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7SZJJDQ.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7SZJJDQ.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7SZJJDQ.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7SZJJDQ.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7SZJJDQ.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7SZJJDQ.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7SZJJDQ.DEFAULT\COOKIES.SQLITE ]
        .zanox.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7SZJJDQ.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7SZJJDQ.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7SZJJDQ.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7SZJJDQ.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7SZJJDQ.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7SZJJDQ.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7SZJJDQ.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7SZJJDQ.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7SZJJDQ.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7SZJJDQ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7SZJJDQ.DEFAULT\COOKIES.SQLITE ]
        .zanox-affiliate.de [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7SZJJDQ.DEFAULT\COOKIES.SQLITE ]
        .zanox-affiliate.de [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7SZJJDQ.DEFAULT\COOKIES.SQLITE ]
        ad.dyntracker.de [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7SZJJDQ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7SZJJDQ.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7SZJJDQ.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7SZJJDQ.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7SZJJDQ.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7SZJJDQ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7SZJJDQ.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7SZJJDQ.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7SZJJDQ.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7SZJJDQ.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7SZJJDQ.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7SZJJDQ.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7SZJJDQ.DEFAULT\COOKIES.SQLITE ]
        adfarm1.adition.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7SZJJDQ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7SZJJDQ.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7SZJJDQ.DEFAULT\COOKIES.SQLITE ]
        .zanox.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7SZJJDQ.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7SZJJDQ.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7SZJJDQ.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7SZJJDQ.DEFAULT\COOKIES.SQLITE ]
        ad2.adfarm1.adition.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7SZJJDQ.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7SZJJDQ.DEFAULT\COOKIES.SQLITE ]
        adx2.chip.de [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7SZJJDQ.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7SZJJDQ.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7SZJJDQ.DEFAULT\COOKIES.SQLITE ]
        .downloads.netmediaeurope.de [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7SZJJDQ.DEFAULT\COOKIES.SQLITE ]
        .downloads.netmediaeurope.de [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7SZJJDQ.DEFAULT\COOKIES.SQLITE ]
        .downloads.netmediaeurope.de [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7SZJJDQ.DEFAULT\COOKIES.SQLITE ]
        .netmediaeurope.de [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7SZJJDQ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7SZJJDQ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7SZJJDQ.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7SZJJDQ.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7SZJJDQ.DEFAULT\COOKIES.SQLITE ]
        track.adform.net [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7SZJJDQ.DEFAULT\COOKIES.SQLITE ]
        track.adform.net [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7SZJJDQ.DEFAULT\COOKIES.SQLITE ]
        .adform.net [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7SZJJDQ.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7SZJJDQ.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7SZJJDQ.DEFAULT\COOKIES.SQLITE ]
        .tracker.vinsight.de [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7SZJJDQ.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7SZJJDQ.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7SZJJDQ.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7SZJJDQ.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7SZJJDQ.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7SZJJDQ.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7SZJJDQ.DEFAULT\COOKIES.SQLITE ]
        statse.webtrendslive.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7SZJJDQ.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .im.banner.t-online.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adtech.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        track.effiliation.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .stat.youku.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .collective-media.net [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .mediaplex.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        rgadvert.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .apmebf.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .track.awesomefreegames.net [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .track.awesomefreegames.net [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .partypoker.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        in.getclicky.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        de.sitestat.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        de.sitestat.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        de.sitestat.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        de.sitestat.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .doubleclick.net [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.googleadservices.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .generaltracking.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .generaltracking.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .generaltracking.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .generaltracking.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .generaltracking.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .generaltracking.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .generaltracking.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .generaltracking.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .generaltracking.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        de.sitestat.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .hansenet.122.2o7.net [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .smartadserver.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .generaltracking.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .generaltracking.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        track.adform.net [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .collective-media.net [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .collective-media.net [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .revsci.net [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .stats4free.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .imrworldwide.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .imrworldwide.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        adserver.anschlusstor.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .atdmt.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        eas.apm.emediate.eu [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .invitemedia.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .ads.quartermedia.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adbrite.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        adt.traffictrack.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .himedia.individuad.net [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        fl01.ct2.comclick.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        fl01.ct2.comclick.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        fl01.ct2.comclick.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .tracking.quisma.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        rotator.adjuggler.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .ad.adnet.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .liveperson.net [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        de.sitestat.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .revsci.net [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        adserver.traffictrack.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .www.multicounter.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        count.asnetworks.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        count.asnetworks.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        count.asnetworks.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .ru4.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .ru4.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        user.lucidmedia.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .ads.quartermedia.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .usenext.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .vinvest.122.2o7.net [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        go.dynamic-tracking.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.googleadservices.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.googleadservices.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .tribalfusion.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .revenue.net [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.discounto.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .discounto.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .src.discounto.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .src.discounto.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .src.discounto.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .discounto.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .discounto.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad.discounto.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .advertising.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .de.at.atwola.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.googleadservices.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.etracker.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .tracking.quisma.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        tracking.quisma.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        tracking.quisma.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        tracking.quisma.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        tracking.quisma.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .rionordgmbh.122.2o7.net [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adviva.net [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        tracking.quisma.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.tldadserv.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad.yieldmanager.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .seth.avazutracking.net [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .avazutracking.net [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .seth.avazutracking.net [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .avazutracking.net [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .youporn.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .youporn.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .ero-advertising.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adultfriendfinder.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .deutschepostag.112.2o7.net [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .revsci.net [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .liveperson.net [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        server.lon.liveperson.net [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .eyewonder.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .invitemedia.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .tracking.quisma.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.googleadservices.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .ads.quartermedia.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .ads.quartermedia.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .revsci.net [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .msnportal.112.2o7.net [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.usenext.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.usenext.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adserver.adtechus.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .microsoftgamestudio.112.2o7.net [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        sega.missioncontrol.global-media.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        track.webtrekk.net [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        track.webtrekk.net [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .smartadserver.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .smartadserver.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .tracking.quisma.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .traffictrack.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .invitemedia.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        rotator.adjuggler.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        adsrv.admediate.net [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adbrite.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adbrite.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adbrite.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adbrite.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adbrite.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adbrite.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adbrite.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adecn.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .revsci.net [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        de.sitestat.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        de.sitestat.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        banner.publisher.to [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        adserver2.clipkit.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .advertising.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .advertising.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .casalemedia.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .casalemedia.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .casalemedia.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .casalemedia.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .casalemedia.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .casalemedia.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .mediaplex.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .unitymedia.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .unitymedia.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .tracking.quisma.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.burstnet.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .www.burstnet.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .burstnet.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .burstnet.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .chitika.net [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad.yieldmanager.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .eyewonder.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.googleadservices.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        stat.vattenfall.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .traffictrack.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .traffictrack.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .www.traffictrack.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .advertising.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .advertising.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .microsoftsto.112.2o7.net [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .fastclick.net [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .tracking.quisma.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ww251.smartadserver.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .tracking.hannoversche.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        de.sitestat.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        track.adform.net [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adform.net [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .2o7.net [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        adx.chip.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        zbox.zanox.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        spenden.wikimedia.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .xiti.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.googleadservices.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .mediaplex.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .collective-media.net [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .collective-media.net [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .collective-media.net [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .collective-media.net [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .questionmarket.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .questionmarket.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        adsrv.admediate.net [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.zanox-affiliate.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        statse.webtrendslive.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .bizrate.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .bizrate.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .bizrate.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.googleadservices.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .2o7.net [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad.zanox.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .revsci.net [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .revsci.net [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .revsci.net [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .revsci.net [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .revsci.net [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        uk.sitestat.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        uk.sitestat.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        eas.apm.emediate.eu [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        eas.apm.emediate.eu [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad.yieldmanager.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.etracker.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.etracker.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .ad.adnet.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        adserver2.traffictrack.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.etracker.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.etracker.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .tradedoubler.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.active-tracking.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .www.active-tracking.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .www.active-tracking.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.etracker.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .tradedoubler.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad.adserver01.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .tracking.quisma.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .gametracker.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad3.adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        adserver.anschlusstor.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        tracking.adjug.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        tracking.adjug.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .fastclick.net [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .fastclick.net [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        track.effiliation.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        track.effiliation.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        track.effiliation.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        track.effiliation.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adtech.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adtech.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        eas.apm.emediate.eu [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        adserver.twitpic.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .media6degrees.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .media6degrees.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .media6degrees.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .interclick.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .interclick.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .interclick.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .tracking.mindshare.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .serving-sys.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad4.adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .media.photobucket.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adserver1.mokono.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adserver1.mokono.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adserver1.mokono.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        adserver1.mokono.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .mediaplex.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ads1.eol.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad1.adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.counter.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        rts.pgmediaserve.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        rts.pgmediaserve.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        rts.pgmediaserve.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .partypoker.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .partypoker.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .statcounter.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .youporn.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .youporn.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ads.crakmedia.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ads.crakmedia.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .youporn.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .youporn.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ads.youporn.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .girlsteachsex.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adultfriendfinder.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adultfriendfinder.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adultfriendfinder.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adultfriendfinder.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adultfriendfinder.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adultfriendfinder.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adultfriendfinder.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .serving-sys.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .serving-sys.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .serving-sys.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .serving-sys.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .serving-sys.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .serving-sys.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .serving-sys.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .bs.serving-sys.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .zanox-affiliate.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad.zanox.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .apmebf.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adviva.net [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adtech.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adtech.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .specificclick.net [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .specificclick.net [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .specificclick.net [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .specificclick.net [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .specificclick.net [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .specificclick.net [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ww251.smartadserver.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .smartadserver.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .smartadserver.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad2.adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .content.yieldmanager.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad.yieldmanager.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .tradedoubler.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .tradedoubler.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .zanox.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .traffictrack.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .traffictrack.de [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .smartadserver.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad.yieldmanager.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad.yieldmanager.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad.yieldmanager.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad.yieldmanager.com [ C:\USERS\MAHOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .tracking.quisma.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .amazon-adsystem.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .amazon-adsystem.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        clicks.pangora.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        clicks.pangora.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        clicks.pangora.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        clicks.pangora.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        clicks.pangora.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        clicks.oxid-efire.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        tomtailor.dyntracker.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        accounts.youtube.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        accounts.youtube.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        7.rotator.wigetmedia.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        7.rotator.wigetmedia.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        server.adform.net [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .unister-adservices.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        track.adform.net [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        track.adform.net [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .yieldmanager.net [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        ad.dyntracker.de [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        7.rotator.trafficbee.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        7.rotator.trafficbee.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        rotator.hadj7.adjuggler.net [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        track.webtrekk.net [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        insight.torbit.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .xiti.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .pro-market.net [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .pro-market.net [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .pro-market.net [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .server.cpmstar.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .retrogamer.dl.mywebsearch.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .mywebsearch.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .server.cpmstar.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .server.cpmstar.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .server.cpmstar.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        banners.victor.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        banners.victor.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .banners.victor.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .zanox.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .specificclick.net [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adviva.net [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adserver.adtechus.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .zanox-affiliate.de [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .c1.atdmt.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .sexad.net [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .sexad.net [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .exoclick.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .exoclick.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        7.rotator.trafficbee.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .gametracker.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .hlstatsx.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .ad.adnet.de [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        www.layermedia-adserver.de [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .tradetracker.net [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        ad.dyntracker.de [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        counter.sharelook.de [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .deutschepostag.112.2o7.net [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        ww251.smartadserver.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        adserver.anschlusstor.de [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        track.adform.net [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        accounts.youtube.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        accounts.google.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        accounts.youtube.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .accounts.google.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .accounts.google.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .accounts.google.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        accounts.youtube.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        7.rotator.trafficbee.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        7.rotator.wigetmedia.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        rts.pgmediaserve.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        rts.pgmediaserve.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        rts.pgmediaserve.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .bwincom.122.2o7.net [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        7.rotator.wigetmedia.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .rambler.ru [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .rambler.ru [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .yadro.ru [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .openstat.net [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .a.revenuemax.de [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .mediafire.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .ad.mlnadvertising.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .partypoker.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .liveperson.net [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .partypoker.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .partypoker.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .questionmarket.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .questionmarket.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        fidelity.rotator.hadj7.adjuggler.net [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        fidelity.rotator.hadj7.adjuggler.net [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        fidelity.rotator.hadj7.adjuggler.net [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .ru4.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        fidelity.rotator.hadj7.adjuggler.net [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .lucidmedia.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adxpose.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .tns-counter.ru [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .gs-media.de [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .mediafire.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .mediafire.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .mediafire.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        www.mediafire.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        www.mediafire.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        www.mediafire.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        adx2.chip.de [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .fastclick.net [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .tribalfusion.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .ru4.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        eas5.emediate.eu [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        eas5.emediate.eu [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        www.usenext.de [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        ad.dyntracker.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .zanox-affiliate.de [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .unitymedia.de [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .unitymedia.de [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        www.zanox-affiliate.de [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        ad.dyntracker.de [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        ad3.adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        ad1.adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .bs.serving-sys.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .tracker.vinsight.de [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .interclick.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .interclick.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .interclick.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        ad2.adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        statse.webtrendslive.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .stats.paypal.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        server.adform.net [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        track.adform.net [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adform.net [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        ad4.adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .zanox.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\MAHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GN9TCA2.DEFAULT\COOKIES.SQLITE ]

Trojan.Agent/Gen-MSFake
        C:\USERS\MAHOO\APPDATA\ROAMING\DESKTOPICONFORAMAZON\ICONFORAMAZON.EXE
Malware Log
Code:
Malwarebytes Anti-Malware (Test) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.04.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Mahoo :: MAHOO-PC [Administrator]

Schutz: Deaktiviert

04.10.2012 18:21:08
mbam-log-2012-10-04 (18-21-08).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 400066
Laufzeit: 48 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus 04.10.2012 19:20
Sieht ok aus, da wurden nur Cookies gefunden, der angebliche andere Fund ist ein Fehlalarm.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )


Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Mahoo 04.10.2012 20:08
So dann möchte ich mich mal rechtherzlich bei dir Bedanken für deine Zeit und Hilfe.
2 Fragen hätte ich da noch.
1. Die Programme die ich zum reinigen runtergeladen habe, sollte ich die löschen inkl. der Logs?
2. CCleaner da hätte ich gerne deine meinung zu. Anwendung handhabung.

cosinus 05.10.2012 09:32
Zitat:
2. CCleaner da hätte ich gerne deine meinung zu. Anwendung handhabung.
Zum CCleaner gibt es hier extra eine Anleitung - Finger von der Registry-Bereinigungsfunktion!


Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.


Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks => Adobe Flash Player Distribution | Adobe

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

Mahoo 05.10.2012 21:02
Ok Dann noch mal Danke an das Super Board :dankeschoen: und dir Cosinus auch noch mal DANKE!!!! :abklatsch:


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:52 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58